Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6703)

Data Privacy Day is on January 28. But isn't all hope lost when it comes to the P-word? Interestingly, Daniel Solove is one key expert who doesn't think so: His recent Year in Privacy roundup sounds a number of positive notes, largely having to do with regulatory pressure driven by public pressure. In the age of the customer, we really can see "water wear away stone" when ordinary people demand change. 

...

http://blogs.forrester.com/eve_maler/14-01-09-privacy_and_business_differentiator_must_get_cozier_why_and_how

CIO — Outlook connection problems? Salesforce.com system crashing repeatedly? Trouble connecting to internal human resources systems? You're not alone.

According to a recent study from Compuware, of the more than 300 business executives surveyed, 48 percent reported they experience tech performance issues daily, and three out of four of those executives say the frequency and severity of these issues isn't improving.

It's not that executives and IT leaders don't want to fix these problems, says Bharath Gowda, director of technology performance, Compuware. It's that they're pressured to focus on what are seen as larger, more pressing issues instead of these day-to-day headaches, he says.

...

http://www.cio.com/article/745780/Tech_Performance_Issues_Plague_IT_and_Businesses

CIO — McAfee's comprehensive 2014 security report, released at the end of December, goes beyond rehashing the same set of threats in ever-increasing volume to instead reflect the impact of digital currencies, NSA leaks and social media. Going through the report, one thing becomes eminently clear: We are in no way prepared for what's coming in 2014.

I'll cover the report's main elements, but I suggest you read it thoroughly yourself — perhaps after a couple glasses of good brandy.

...

http://www.cio.com/article/745773/McAfee_Security_Report_Suggests_2014_Will_Be_a_Rough_Year

According to AMI’s study, 2014 North America SMB Mobility Landscape, Opportunity Assessment & Outlook, small to midsize businesses will help the mobility market grow to a predicted $71.5 billion by 2018. The report says that small businesses account for almost eight of every 10 dollars spent on mobility services and products in the U.S. and Canada, while midsize businesses account for 20 percent of mobile-related investments.

...

http://www.itbusinessedge.com/blogs/smb-tech/smbs-to-drive-mobility-spending-upward-through-2018.html

A recent Canadian Medical Association Journal article shows how data specialists in Ontario are using integration and analytics to reinvent health systems.

Data-integration innovations are refashioning the health systems from supporting acute care to “total patient data capture,” according to the article.

I’ll say this much for it: It’s stunning in scope. These health care data projects are pushing beyond integrating health care data to create the revolutionary, 360-degree vision of people that makes marketing leaders salivate.

...

http://www.itbusinessedge.com/blogs/integration/for-better-or-worse-ontario-projects-show-whats-possible-with-big-data-and-integration.html

CSO — The Internet of Things (IoT) is a mass of billions of connected devices from cars to wireless wearable products. Cisco's Internet Business Solutions Group estimated 12.5 billion connected devices in existence globally as of 2010 with that number doubling to 25 billion by 2015.

In light of this burgeoning market, CSO identifies five categories of IoT devices at risk in the coming year. CSOs who are aware of the threats and potential damage to their organizations can prepare accordingly.

...

http://www.cio.com/article/745740/The_Internet_of_Things_Top_5_Threats_to_IoT_Devices

Weather damage never goes out of season. According to a new report from the Insurance Information Institute (I.I.I.), winter storms are historically the third-largest cause of catastrophe losses, behind only hurricanes and tornadoes.

“Winter storms accounted for 7.1 percent of all insured catastrophe losses between 1993 and 2012, placing it third behind hurricanes and tropical storms (40 percent) and tornadoes (36 percent) as the costliest natural disasters,” said I.I.I. President Robert Hartwig.

Insured Catastrophe Losses

Between 1993 and 2012, winter storms resulted in about $27.8 billion in insured losses—or $1.4 billion per year, on average, according to Property Claims Service for Verisk Insurance Solutions.

...

http://www.riskmanagementmonitor.com/winter-weather-third-largest-cause-of-cat-losses

Certification Ensures xMatters’ IT Alerting and Communications Platform is Fully Integrated with Leading SaaS IT Management Solution

SAN RAMON, Calif.  – xMatters, inc., a global leader in enabling business processes with communications, announced today that its leading cloud-based, automated messaging and communications platform is now certified for integration with ServiceNow, the enterprise IT cloud company. With this integration, companies who are currently using ServiceNow’s industry-leading IT management solutions will be able to utilize xMatters’ for incident management, creating a single consolidated platform to manage all communications throughout the enterprise. 

“ServiceNow’s leadership as a transformational SaaS IT provider combined with xMatters’ cloud based communications platform enables large organizations to stop overwhelming staff with too many alerts that don’t matter,” said Troy McAlpin, CEO of xMatters. “Organizations can now target the right person, deliver content in any language to any device, enabling a quicker resolution time.  Our mutual clients can now take advantage of the certified integration, which assures rapid value and interoperability.”

With this certified integration, the accessibility of xMatters’ communications technology allows customers to design processes and workflows, reducing mean time to restore critical services and enable proactive communications to key stakeholders. Automated conference calls, increase in the signal to noise ratio of IT notifications, and mobile-enabled workflows are the hallmarks of successful joint ServiceNow and xMatters customers.

“Our ServiceNow implementation was the first step in becoming a more automated IT shop meeting the needs of a rapidly innovating broader organization,” said Anoop Malkani, Head of Enterprise Service Management, British Sky. “We added automated incident creation and updates via an integration with HP OpenView.  xMatters extends that automation by ensuring when IT incidents occur, communications are delivered to appropriate audiences with the most relevant messages and dramatically reduce Incident Response Time. This could be a response-required SMS to a resolution team member or an ‘FYI’ email to a manager. xMatters gives us the flexibility to align our communications with the type of incident we are dealing with, to customize messages to cater to the individual recipients and with the assurance that we can focus on resolving incidents - not worrying about internal message delivery.”

xMatters’ IT management solution is now accessible through  ServiceNow’s Certified Partner Integrations.

About xMatters, inc.

xMatters enables any business process or application to trigger two-way communications (text, voice, email, SMS, etc.) throughout the extended enterprise. The company’s cloud-based solution allows for enterprise-grade scaling and delivery during time-sensitive events. More than 1,000 leading global firms use xMatters to ensure business operations run smoothly and effectively during incidents such as IT failures, product recalls, natural disasters, dynamic staffing, service outages, medical emergencies and supply-chain disruption. Founded in 2000 as AlarmPoint Systems, xMatters is headquartered in San Ramon, CA with European operations based in London. More information is available at www.xMatters.com Follow us on Twitter and Facebook.

Thursday, 09 January 2014 17:44

2013 Nat Cat Losses Below Average

Of the five costliest natural catastrophes for the insurance industry in 2013, only two were U.S. events, though neither ranked first or second, according to Munich Re.

In its 2013 Natural Catastrophe Year-in-Review Webinar jointly presented with the I.I.I., Munich Re noted that hailstorms in Germany in July actually caused the highest insured losses of the year. This was also the insurance industry’s most expensive hail event in German history, costing $4.8 billion in overall economic losses, of which $3.7 billion was insured.

Flooding in Europe in June was the second most costly natural catastrophe for the insurance industry in 2013, causing insured losses of $3 billion, though overall economic losses from this event totaled $15.2 billion, making it the costliest natural catastrophe of the year in terms of economic losses.

...

http://www.iii.org/insuranceindustryblog/?p=3507

Thursday, 09 January 2014 17:43

How secure is your rack?

By Jason Preston

Data centre / center security is a big issue: especially for co-location centres hosting multiple racks for multiple, often competing, clients. Yet whilst security to access the data centre can often be impressive, individual rack level security is often sadly limited. Given the number of in-house staff and external engineers, from cable engineers to storage and server providers, passing through a data centre on a near daily basis, poor rack level security creates unnecessary risk.

Security is about far more than putting cages into the data centre. Organizations need a robust process that combines network accessed rack level security with change controls to create a complete, rack level access audit.

Without real-time, rack level access control, organizations cannot deliver the level of data centre protection increasingly demanded by governments and banks to prevent unauthorised access and criminal activity.

...

http://www.continuitycentral.com/feature1138.html

ENISA, the EU’s cyber security agency, has issued a new report studying network outages caused by power cuts. It provides recommendations to the electronic communications sector on how to withstand and act efficiently after power cuts, a key point being to establish better exchange of situational awareness and improved cooperation mechanisms within the sector and with the energy sector.

The Agency makes eight recommendations to National Regulatory Authorities (NRA) and providers within the electronic communications sector to reduce the risk of network and service outages caused by power supply failures.

...

http://www.continuitycentral.com/news07064.html

Thursday, 09 January 2014 17:42

Is 2014 the Year of the 'Big Data Stack'?

CIO — Will 2014 see the emergence of a big data equivalent of the LAMP stack?

Richard Daley, one of the founders and chief strategy officer of analytics and business intelligence specialist Pentaho, believes that such a stack will begin to come together this year as consensus begins to develop around certain big data reference architectures—though the upper layers of the stack may have more proprietary elements than LAMP does.

...

http://www.cio.com/article/745718/Is_2014_the_Year_of_the_Big_Data_Stack_

Perpetual motion, like the alchemist’s stone, makes a great legend. The idea of something that keeps going indefinitely with no external source of energy is highly seductive, but also highly impractical. Friction or resistance of some kind will always intervene to eventually bring the system to a halt. However, almost-perpetual motion that just needs a teeny bit of energy to keep going is a much more realistic proposition. This is the big difference between new sales and loyalty sales for a company, where sales costs can diminish in favour of the repeat customer by a factor of up to 10. What is the secret sauce that lets companies strengthen their sales and their business continuity by so much, and for so little?

...

http://www.opscentre.com.au/blog/a-perpetual-motion-machine-for-sales-and-business-continuity/

The BYOD movement in the enterprise is already taking some unusual twists. In addition to the variety of cell phones and smart devices IT must contend with, many users are utilizing personal cloud-based infrastructure. And that is leading to a host of integration, compatibility and security issues.

The personal cloud is nothing new. Consumers have been using on-line storage and synchronization for music, video and a range of other applications for several years now. According to ABI Research, the personal cloud market nearly doubled to $1 billion over the past year and is on pace to top $3.5 billion by 2018. In terms of raw capacity, personal clouds held about 685 petabytes in 2013 and will rise to 3,520 in 2018.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-personal-cloud-just-the-tip-of-the-byos-iceberg.html

Network World — Last September customers of storage provider Nirvanix got what could be worst-case scenario news for a cloud user: The company was going out of business and they had to get data out, fast.

Customers scrambled to transfer data from Nirvanix's facilities to other cloud providers or back on to their own premises. "Some folks made it, others didn't," says Kent Christensen, a consultant at Datalink, which helped a handful of clients move data out of the now-defunct cloud provider.

Nirvanix wasn't the first, and it likely will not be the last cloud provider to go belly up. Megacloud, a provider of free and paid online storage without warning or explanation suddenly went dark two months after Nirvanix's bombshell dropped. Other companies have phased out products they once offered customers for cloud storage: Symantec's Backup Exec.cloud, for example is no longer being sold by the company.

...

http://www.cio.com/article/745716/Cloud_s_Worst_Case_Scenario_What_to_Do_if_Your_Provider_Goes_Belly_Up

Thursday, 09 January 2014 17:30

The 7 Best Habits of Effective Security Pros

CSO — Today's information security professionals need to learn more swiftly, communicate more effectively, know more about the business, and match the capabilities of an ever-improving set of adversaries. But, it doesn't seem too long ago that all it took to survive in the field was a dose of strong technical acumen and a shot of creativity to protect the network, solve most problems, and fend off attacks.

Not so today. The role of the security professional has evolved beyond that of mere technical savvy, and now includes consultant, educator, investigator, and defender of the data.

To understand the traits and habits that matter the most, we reached out to a number of security professionals by phone, email, and social media, who are successful in their respective areas in the field.

If there's one thing that screamed out from the interviews it was this: security knowledge alone is only the beginning of the skills and habits one needs to succeed.

...

http://www.cio.com/article/745694/The_7_Best_Habits_of_Effective_Security_Pros

One of the more public and ongoing corruption scandals in the world right now seems to be happening in Turkey. To say the events and facts are confused is an understatement. At this point there are not any international players who have been implicated but given the breadth and scope of what has come out of that country over the past month or so, it would only appear to be only a matter of time. It began in December when, according to the BBC, “The arrests were carried out as part of an inquiry into alleged bribery involving public tenders, which included controversial building projects in Istanbul. Those detained in the 17 December raids included more than 50 public officials and businessmen – all allies of the prime minister. The sons of two ex-ministers and the chief executive of the state-owned bank, Halkbank, are still in police custody.”

The Prime Minister claims that all of these arrests were simply political theater, generated by supporters of Fethullah Gulen, an influential Islamic scholar living in self-imposed exile in the US. Members of Mr. Gulen’s Hizmet movement are said to hold influential positions in institutions such as the police and the judiciary and the AK Party itself. Many believe the arrests and dismissals reflect a feud within Turkey’s ruling AK Party between those who back the Prime Minister, Recep Tayyip Erdogan. On Tuesday the Prime Minister and his supporters struck back at the police by removing approximately 350 police officers from their positions in the capital, Ankara. The Prime Minister and his supporters have also attacked the judiciary leading the investigation, claiming that it is all politically motivated.

...

http://tfoxlaw.wordpress.com/2014/01/08/corruption-in-turkey-and-integrating-your-risk-assessment/

Wednesday, 08 January 2014 15:58

Data Gravity and the Distributed Enterprise

As data becomes more fungible, that is, less engaged with the physical infrastructure that supports higher level virtual and cloud architectures, the overall data environment starts to exhibit new characteristics, some of which will dramatically alter the way in which those environments are built and operated.

Of late, the concept of data gravity has been showing up in tech conferences and discussion groups. Coined by VMware’s Dave McCrory about four years ago, it describes the way data behaves in highly distributed architectures. Rather than becoming evenly distributed across a flattened fabric, data tends to collect in pockets, with smaller bits of data gravitating toward larger sets the same way that particles coalesced into galaxies after the Big Bang. Part of this is due to the nature of distributed architectures where the farther away storage is from processing centers and endpoints, the greater the cost, complexity and latency. But it is also a function of the data itself, particularly now that all information must be “contextualized” with reams of metadata for it to be useful.

...

http://www.itbusinessedge.com/blogs/infrastructure/data-gravity-and-the-distributed-enterprise.html

What should you consider before using the cloud for disaster recovery? Martin Welsh and Patricia Palacio provide some guidance.

Recovery challenges

Whatever the company size or industry, the truth is that your business can't afford downtime but traditional DR strategy investments have been difficult to justify. The majority of organizations attempt to protect only mission critical applications, leaving second-tier, but still valuable, systems vulnerable to extended outages. It's hard to justify improving your disaster recovery capabilities when you're under pressure to cut IT costs and when DR is seen as an expensive insurance policy.

The major challenges faced when planning your disaster recovery strategies are:

...

http://www.continuitycentral.com/feature1137.html

Ian Kilpatrick describes six emerging technology trends that will need consideration during 2014:

Security
Thanks to the NSA and GCHQ, (coupled with ongoing allegations against the Chinese), security, corporate privacy and encryption have moved swiftly up the corporate agenda. Identity management, which has often been seen as a ‘nice to have’, will become even more of a ‘must have.’

For many years, wireless security was an afterthought to wireless deployment. However, in 2014, with the ratification of multi GBPS 802.11ac, wireless security will become ever more important as organizations move from wired networks to wireless ones.

As one example, the majority of wireless access point deployments in SMEs are connected to the trusted network, effectively bypassing the gateway security controls and policies. This isn’t sustainable, as wireless becomes the core of the network. There will be a rise in the deployment of both 802.11ac wireless and associated access point security.

...

http://www.continuitycentral.com/feature1136.html

Although the dust hasn’t yet settled on the Edward Snowden revelations about the activities of the US National Security Agency, the consequences already extend beyond the purely technical. While the immediate reaction was to think of better ways in which to encrypt data, it also dawned on foreign organisations that they might want to review certain business relationships. The idea that the NSA could have direct backdoors into many US companies dampened the enthusiasm of certain international entities to continue trading with them. But will American enterprises alone have to increase their efforts to maintain business continuity, or are companies in other countries affected too?

...

http://www.opscentre.com.au/blog/what-the-nsa-revelations-mean-for-business-continuity/

Wednesday, 08 January 2014 15:54

Jan. 1 Reinsurance Renewal Rates Drop

New capacity, rate reductions and competition are a few factors contributing to a softer market and an 11% drop in reinsurance rate on line—a calculation of reinsurance premium divided by reinsurance limit—almost across the board, according to Guy Carpenter.

Much of this was driven by a decline of 15% in the United States, while property catastrophe pricing in Continental Europe and the United Kingdom fell by 10% and 15%, respectively, Guy Carpenter said.

Willis Re said in its “1st View” report that soft market conditions are not unique to the property catastrophe market. The report found that “with few exceptions rates are down on most lines at Jan. 1.”

...

http://www.riskmanagementmonitor.com/jan-1-reinsurance-renewal-rates-drop

Wednesday, 08 January 2014 15:53

Lessons from the Target Breach

One of the last things I wrote about in 2013 was the Target breach. I suspect that breach is going to linger for a while, not only for customers but for businesses that (I hope) are now thinking a lot more about the security of their credit card systems and their computer networks overall. I know one small business owner is, because she asked me the types of questions she should ask regarding the security of her system. (And those questions may be a blog post for another day.)

Right before I went on holiday break, I had an email conversation with some folks from Guidance Software regarding the Target breach and the forensic investigation into what happened. One of the first things I was told was that we shouldn’t have been surprised that this breach happened because it was inevitable. As Jason Fredrickson, senior director of application development at Guidance Software, told me:

...

http://www.itbusinessedge.com/blogs/data-security/lessons-from-the-target-breach.html

CIO — In the world of IT, things can and will go wrong. Failure can come from a number of things such as rushing to get too much done in a single project instead of breaking it down into smaller, more manageable projects. It can come from not allowing enough lead time for developers to do their part on the back-end or even from a consultant or vendor that led you down the wrong path.

Whatever the case, failure does happen; it's to be expected and as the saying goes life is "10 percent what happens to you 90 percent how you react to it." Failure doesn't have to be a negative. With the right attitudes and processes in place it can be educational, informative and sometimes transformative.

You know from a logical perspective that you should learn from your mistakes. That is drilled into many of us beginning in childhood. The problem, according to experts, is that in the corporate world, a lot of companies don't handle failure well. They don't have adequate processes in place to examine why something failed, but that is a huge necessary part of the learning process.

...

http://www.cio.com/article/745363/IT_Leadership_Lessons_You_Can_Learn_From_Failure

Wednesday, 08 January 2014 15:40

7 CRM Trends for 2014

Mobile CRM, which has been gaining momentum for quite some time, is a trend that will only get hotter in 2014, experts predict. Among other trends they expect to take root or accelerate in 2014: social CRM, more integration and smarter CRM.

Mobile CRM

Most industry observers agree that the adoption of mobile will be a dominant CRM theme in 2014 as companies look for ways to extend CRM capabilities to give employees convenient, always-on access to sales content, allowing them to address customer needs and collaborate with sales teams in real-time.

"CRM capabilities will be integrated into mobile tools to generate leads and opportunities both in-store and on the road," said Chris O'Connor, founder and CEO of Taptera. "We see companies that are using CRM continue to invest in out-of-the-box solutions through extension into mobile channels and customization to monitor, manage and drive leads, conversions, shorten sales cycles and improve customer support."

...

http://www.itbusinessedge.com/articles/7-crm-trends-for-2014.html

Friday, 03 January 2014 15:37

Winter Storms Are Major Cause of Cat Losses

The arrival of the first major winter storm of 2014 just two days into the new year makes this a good time to take stock of the insurance implications.


The Insurance Information Institute (I.I.I.) reports
that winter storms are historically very expensive and are the third-largest cause of catastrophe losses, behind only hurricanes and tornadoes.

From 1993 to 2012, winter storms resulted in about $27.8 billion in insured losses—or $1.4 billion per year, on average, according to Property Claims Service for Verisk Insurance Solutions (see chart below).

...

http://www.iii.org/insuranceindustryblog/?p=3491

Some of the best Big Data and sensor uses come from the manufacturing and logistics world. But while supply chains and manufacturing floors can generate plenty of important business data, those functions aren’t always the best equipped to use that data.

Operations, supply chains and manufacturing are due for a technology overhaul, according to IDC Manufacturing Insights and other analysts who research these B2B functions.

The problem: Supply chain technologies and processes lag behind the highly digital world of the business side.

...

http://www.itbusinessedge.com/blogs/integration/cios-modernize-data-capabilities-in-manufacturing-supply-chains-in-2014.html

Before we embrace a new year, I want to share my personal picks for the best data success stories from 2013:

Feds Stop $47 Billion in Fraud, Overpayment. We often think in terms of technology solutions. For example, we ask “How much can master data management save this company?” or “Will Big Data projects pay off?” Sometimes, you can define savings by the project, but often the best results come when you combine multiple data technologies. Together, they add up to better information management and analysis.

...

http://www.itbusinessedge.com/blogs/integration/picks-for-best-data-success-stories-from-2013.html

With the New Year comes added awareness of the hazards social media can present to corporations, the risks of data exchange between business systems and other challenges inherent with technology. Here is a look at the top trends of last year and predictions for the year ahead.

2013 Key Trends

1.      Growing Convergence between IT, Security and the Business

Evolving risk challenges require that internal and external stakeholders are on the same risk page. For many organizations, however, internal audit, security, compliance and the business have different views of risk and what it takes to build a risk-aware and resilient business. Effective risk management starts with good communications. This includes a common taxonomy for dealing with risk, and a collaborative discussion framework to facilitate the cross-functional sharing of ideas and best practices.

...

http://www.riskmanagementmonitor.com/tech-trends-in-2013-and-new-year-predictions/

If 2013 was the year that most organizations discovered what Big Data platforms such as Hadoop were all about, then the coming year will be the one in which they discover the applications that turn all that data into something of business value.

Brett Sheppard, director of Big Data marketing for Splunk, says that in terms of Big Data, 2013 was pretty much defined by investments in plumbing. Organizations largely experimented with Big Data platforms only to discover that the cost of acquiring the platform was nothing compared to the cost of the expertise required to actually develop an application that could make sense of all that data.

...

http://www.itbusinessedge.com/blogs/it-unmasked/splunk-digs-into-the-year-of-the-big-data-application.html

Thursday, 02 January 2014 16:11

The Best Advice from Big Data 2014 Predictions

Just ask anybody—2014 is going to be an even bigger year for Big Data.

“In 2014, we will see Big Data funding only grow, and at least one significant IPO possibly from a player like Cloudera,” writes Concurrent CEO Gary Nakamura.

Inhi Suh, IBM vice president of Big Data, integration, and governance, told Information Week that she foresees more organizational spending on Big Data as companies invest in a wider range of analytics, such as reporting, dashboards and planning, predictive analytics, recommendations and new cognitive capabilities.

...

http://www.itbusinessedge.com/blogs/integration/the-best-advice-from-big-data-2014-predictions.html

Thursday, 02 January 2014 16:10

Is Rapid Detection the New Prevention?

Network World — There's a trend underway in the information security field to shift from a prevention mentality -- in which organizations try to make the perimeter impenetrable and avoid breaches -- to a focus on rapid detection, where they can quickly identify and mitigate threats.

Some vendors are already addressing this shift, and some security executives say it's the best way to approach security in today's environment. But there are potential pitfalls with putting too much emphasis on detection if it means cutting back on prevention efforts and resources.

Clearly, rapid detection is gaining traction. Research firm IDC has designated a new category for products that can detect stealthy malware-based attacks designed for cyber-espionage ("Specialized Threat Analysis and Protection") and expects the market to grow from about $200 million worldwide in 2012 to $1.17 billion by 2017.

...

http://www.cio.com/article/745205/Is_Rapid_Detection_the_New_Prevention_

There are different ways of looking at IT security involving end-user equipment such as PCs and mobile computing devices. One is to batten down the hatches at a corporate level, repel all viral boarders and let end-users fend for themselves. Another is to extend security to all end-user devices and take responsibility for maintaining data integrity and confidentiality from beginning to end. Whether or not your organisation has a choice in the matter may come down to the nature of your business.  How then will you know which approach you should consider?

...

http://www.opscentre.com.au/blog/business-continuity-and-it-security-give-up-or-give-in/

CIO — In our 13 years of conducting our annual State of the CIO survey, we've never seen anything quite like this year's results. Our profession has become a house divided, with traditional service-provider CIOs on one side and business-focused, digital-strategist CIOs on the other.

"As we plow through this period of digital disruption, where established rules for competing may no longer apply, some CIOs now question what they want for themselves," Managing Editor Kim S. Nash writes in our cover story ("State of the CIO 2014: The Great Schism"). "The profession is changing fast in an atmosphere where colleagues sometimes look upon a traditional IT group as a hindrance to corporate success."

...

http://www.cio.com/article/744618/Traditional_vs._Digital_CIOs_Survey_Reveals_a_Growing_Divide

What words spring to mind to describe the business world today – remote control, automation, speed, renewal? These concepts can all help with business continuity and competitiveness, but so can their ‘yesteryear’ counterparts. Although new technology lets organisations improve different areas of operations, it doesn’t mean that it is a panacea to be applied universally and indiscriminately. Face to face work styles, manual procedures, and re-use of old systems all still have a role to play. Here’s a quick tour of three pre-Internet methods that enterprises and their managers could continue to keep in mind.

Virtual Teams Still Need Face to Face Time

Despite the solutions available for remote working, such as video conferencing, collaboration software and even social networks, nothing replaces face to face interactions. The wealth of information in body language alone makes the difference between the two modes. Management by walking around may have given up ground in the shift to virtual team working, but it hasn’t gone away.

...

http://www.opscentre.com.au/blog/business-continuity-and-why-the-new-age-still-needs-the-old/

What good is history if we refuse to learn from it? Taking a few minutes to look back on crisis communications in 2013, I first wondered if there were any really big things that happened. I mean we didn’t have a Gulf Spill, we didn’t have a tsunami-radiation disaster, we didn’t even have a superstorm–unless you were in the Philippines. Then I saw the Bloomberg list of the top 10 reputation crises of 2013 and had to agree it was indeed a scandalous year.

And there’s my first observation: when high-flying careers (like Paula Deen), impeccable business leaders (like Jamie Dimon) and the world’s most powerful government legislative body (US Congress) have reputation crises at the level we have seen this year, and it doesn’t even seem like any major disasters happened, well, you kind of have to wonder what is going on.

...

http://ww2.crisisblogger.com/2013/12/what-the-top-10-crises-of-2013-can-teach-us-for-tomorrow/

Monday, 30 December 2013 16:04

What Do You Want the Enterprise to Do?

This is the time of year when CIOs shore up their infrastructure deployment and development plans for the next 12 months. Naturally, this is guided by at least a rudimentary vision of what you want your data environment to look like, not just next year but in the decade ahead.

But while most plans center on hardware, software and, now, services – in essence, what you want the enterprise to be – it wouldn’t hurt to shift the focus a little toward what, exactly, you want the enterprise to do. Viewing infrastructure through the lens of functionality can often lead to innovative solutions to problems that hamper data flow and productivity.

...

http://www.itbusinessedge.com/blogs/infrastructure/what-do-you-want-the-enterprise-to-do.html

In my previous post, I shared the three business drivers for re-evaluating Ye Old Integration Strategy: Integration costs too much, it’s too complex, and you’re too slow at it, which annoys the business.

But how are you supposed to fix those problems? In its recent Integration 2014 Trends-to-Watch report, Ovum predicts four technology strategies that will play a key role in resolving these business problems. Let’s look at each and see which ones can help you with your integration challenges.

IPaaS. Ovum predicts iPaaS solutions will evolve more in 2014. That’s a safe bet since we’re already seeing it: Silicon Angle reports that MuleSoft upgraded its iPaaS this month to offer more enterprise support.

...

http://www.itbusinessedge.com/blogs/integration/how-it-will-solve-modern-integration-challenges-in-2014.html

SPRINGFIELD, Ill.—Take advantage of a new year to make your family safer in the face of future disasters.

The Federal Emergency Management Agency encourages Illinois residents to resolve to rebuild stronger and smarter, reducing the risk of potential devastation caused by events like the Nov. 17 tornadoes.

Through New Year’s Day, FEMA will offer simple tips and ideas to construct and maintain a home that can better withstand weather risks your community faces. This information will be posted and updated on FEMA’s Illinois recovery website FEMA.gov/Disaster/4157 as well as Facebook.com/FEMA and Twitter.com/FEMAregion5. Learn about rebuilding techniques and tips such as:                                                                                                                   

  • Reinforcing your Residence. Retrofitting your home can provide structural updates that didn’t exist when it was constructed. For instance, a homeowner can install straps to their roof’s structural beams to make it strong enough to resist the "uplift" effect of high winds that can cause it to lift and collapse back down on the house.
  • Fortify those Floors. Homeowners can secure their structure to its foundation by using anchors or straps. This can minimize the chances of a home moving off its foundation during events like tornadoes and earthquakes.
  • Trim & Tighten. Consider cutting away any dangling tree branches that pose a threat to your home and securing outdoor furniture and fuel tanks that can serve as projectiles during high wind events.
  • Elevation is a Smart Renovation. Flooding is a real risk in Illinois and elevating your home and its critical utilities can significantly reduce the risk of water damage. Contact your local floodplain manager to learn your flood risk and elevation requirements for your residence.
  • Assure You’re Fully Insured. Take the time to review your insurance coverage. Are you adequately insured for the risks your community faces? Are you covered for wind, flood or sewer back-up coverage? Has your policy been updated to reflect the value of your home? Contact your insurance agent to get these questions answered and ensure your home is financially protected.                                                                                                  

Survivors can apply online at DisasterAssistance.gov or with a smartphone or tablet by visiting m.fema.gov. They can also register and get questions answered over the phone by calling FEMA’s helpline, 800-621-FEMA (3362). Survivors who use a TTY can call 800-462-7585. The toll-free telephone numbers operate from 7 a.m. to 10 p.m. (local time) seven days a week until further notice.                                         

For the latest information on Illinois’ recovery from the Nov. 17 storms, visit FEMA.gov/Disaster/4157. Follow FEMA online at twitter.com/femaregion5, facebook.com/fema and youtube.com/fema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

With the steady rise of new cloud services, plus rapidly increasing solid-state deployment and advanced near-line and on-server solutions, storage had a pretty big year in 2013. The question for 2014, though, is whether we will see even more advanced technologies coming to the fore or whether this will be a year for capitalizing on the gains that are already in the channel. Or both?

For Instrumental CEO Henry Newman, 2014 looks to be a transitional year as the continued acceptance of solid state in the enterprise leads to greater consolidation in the industry, and possibly a few bankruptcies. As well, long-time storage solutions like native Fibre Channel and SATA will give ground to the improved performance and steadily declining costs of more advanced technologies. And if you have your heart set on finally putting PCIe 4.0 into play, well, think again. He expects the format to be delayed again until 2015.

...

http://www.itbusinessedge.com/blogs/infrastructure/storage-in-2014-a-big-year-ahead-or-more-of-the-same.html

IDG News Service (Boston Bureau) — Target has confirmed that hackers obtained customer debit card PINs (personal identification numbers) in the massive data breach suffered by the retailer during the busy holiday shopping season, but says customers should be safe, as the numbers were encrypted.

Some 40 million customer debit and credit cards were affected by the breach, but until now it wasn't clear that PINs were part of the hackers' massive haul.

"While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed," Target said in a statement on its website Friday. "We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."

...

http://www.cio.com/article/745098/Target_Confirms_Customer_PINs_Were_Taken_in_Breach_but_Says_Data_is_Safe

Monday, 30 December 2013 15:59

Are You Ready for BYOI?

By now nearly everyone is familiar with bring your own device (BYOD). Some people out there still aren’t sure whether BYOD was nothing more than a buzzword in 2013 or if it really was a popular movement with serious security implications. (My personal thought is that the trendiness of the acronym downplayed the very real security concerns that the concept brought upon the enterprise.)

But no matter what you think of it, BYOD is, as Art Coviello, executive chairman of RSA, told me in an email, “so 2013.” According to Coviello, we should get ready for BYOI, bring your own identity. BYOI, Coviello added, is the next step in the trend that began with BYOD:

The next evolution will be the consumerization of ID or identity as employees increasingly push for a simpler, more integrated system of identification for all of the ways they use their devices.  Identity will be less entrusted to third parties and increasingly be something closely held and managed by individuals – as closely as they hold their own devices....

http://www.itbusinessedge.com/blogs/data-security/are-you-ready-for-byoi.html

As small businesses prepare for 2014, they shouldn't focus solely on increasing their bottom lines.

Paychex, a provider of payroll, human resource and benefits outsourcing solutions, says it's equally as important for small businesses to be aware of the legislative issues that could affect their operations in the year to come.

"Navigating all of the legislative and regulatory changes that occur throughout the course of the year can be challenging, taking business owners away from other important aspects of running their businesses," said Martin Mucci, Paychex president and CEO. 

...

http://www.businessnewsdaily.com/5673-small-business-laws-in-2014.html?cmpid=556170

Thursday, 26 December 2013 16:00

3 Ways Enterprise IT Will Change in 2014

CIO — The holiday season is a great time to look back at the year, with an eye toward what we in the ever-changing world of information technology can expect in 2014. These three trends warrant your close attention in the new year.

In Light of NSA Revelations, Companies Will Be Wary of the Cloud

For most businesses, 2013 was the year of the cloud. Companies that still hosted their email in house would in large part move that expense and aggravation to someone else. Microsoft SharePoint and other knowledge management solutions could be run in someone else's datacenter, using someone else's resources and time to administer, thus freeing your own people to improve other services or, gasp, work directly on enhancing the business.

But then Edward Snowden came around in June and started to release a series of damning leaks about the United States National Security Agency's capability to eavesdrop on communications. At first, most folks weren't terribly alarmed. But as the year wore on, the depth of the NSA's alleged capabilities to tap into communications — both with and without service provider knowledge — started to shake the faith of many CIOs in the risk/benefit tradeoff for moving to cloud services.

...

http://www.cio.com/article/745010/3_Ways_Enterprise_IT_Will_Change_in_2014

Data center infrastructure will undergo dramatic change across the board in the coming year, but while much of the focus will be on software-defined architectures and cloud computing, bare metal changes are on tap as well.

This is actually quite a heady time for servers in particular, given that the pressure to revamp data-handling capabilities is mounting as the enterprise struggles to meet the challenges of mobility, Big Data, collaboration and other macro forces.

For InterWorx’ Graeme Caldwell, the rise of high-volume/small packet data traffic will lead directly to the ARM architecture finally breaking the “x86 monoculture” that has gripped the enterprise for so long. ARMs thrive in the chaotic universe of mobile data, so if the enterprise wishes to scale resources up and down to suit ever-changing load volumes, they would be better off with legions of low-power ARM units at their disposal than highly virtualized x86 machines. And while Intel currently holds a slight edge with its 64-bit Avoton SoC, the coming year will see 64-bit ARMs from Caldexa, Applied Micro and others.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-role-of-servers-in-an-increasingly-cloudy-universe.html

Thursday, 26 December 2013 15:58

Welcome to the New Enterprise Data Center

The coming year will be a pivotal one for a wide range of data center components including everything from servers and storage to the virtual layer and cloud architectures. But before I get to all of those, I thought it would be a good idea to see what is likely to happen to the data center itself. After all, with enterprise infrastructure poised for some truly wide-scale distribution, the data center is increasingly being viewed as a single component of perhaps a global data environment.

And while some may argue that the data center will diminish in importance as responsibility for actual physical layer infrastructure falls to the cloud provider, the fact remains that for the coming year, at least, enterprises of all sizes will rely on their own data facilities to a higher degree than in years past.

...

http://www.itbusinessedge.com/blogs/infrastructure/welcome-to-the-new-enterprise-data-center.html

If you can see what will happen in the future, you can take steps to prepare for it – or avoid it, or even change it. That’s the promise of predictive analytics, a topic that naturally interests business continuity managers. While there’s no guarantee of exact predictions, predictive analytics can indicate change patterns and emerging trends. Sensibly constructed models can show areas of combined high uncertainty and influence, where particular attention should be paid in preparing to ensure continuity. However, predictive analytics as such fall short in two areas related to business continuity: one of them can be ‘fixed’ by using a similar approach, whereas the other cannot.

...

http://www.opscentre.com.au/blog/how-much-can-predictive-analytics-help-business-continuity/

Many folks take the days between Christmas and New Year’s off. Others, of course, have to work, despite the consumption of too much egg nog.

If you do have to work, it makes sense to be as productive as possible. This year, keep in mind that the late fall has been characterized by winter-like weather. It is not a good sign that suddenly the people who are in charge of this sort of thing have decided to name the storms that seem to be meandering from west to east on a regular basis.

So why not focus on a business continuity plan? These templates are vital, and may come in handy very quickly.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/use-holiday-down-time-to-create-a-business-continuity-plan.html

Thursday, 26 December 2013 15:55

BCM / DR Scheduling

Nothing happens without good planning and implementation strategies and this is required when planning out the development of the Business Continuity Management (BCM) / Disaster Recovery (DR) program. It’s impossible to just start something without having any idea when you’ll be finished or what you need to reach along the way to be able to take the next step.

Often, to get proper buy-in from executives, a BCM/DR practitioner has to provide a timeline alongside the goals and deliverables the project will provide. Its one thing to provide the reasons why you need a program and if those are accepted by executives as valid reasons (let’s hope they think so…), the next question will be, “When will it be done?” So, a draft timeline must be mapped out; from how long a BIA will take and when the findings will be delivered to when the 1st test will occur.

Of course, it will all be built upon assumptions such as resource availability for example, but a high-level timeline must be provided to executives. Below are ten considerations a practitioner must keep in mind when building the BCM/DR program:

...

http://stoneroad.wordpress.com/2013/12/23/bcm-dr-scheduling/

Thursday, 26 December 2013 15:55

Saas Predictions for 2014

IDG News Service (Boston Bureau) — While the bulk of enterprise software is still deployed on-premises, SaaS (software as a service) continues to undergo rapid growth. Gartner has said the total market will top $22 billion through 2015, up from more than $14 billion in 2012.

The SaaS market will likely see significant changes and new trends in 2014 as vendors jockey for competitive position and customers continue shifting their IT strategies toward the deployment model. Here's a look at some of the possibilities.

...

http://www.cio.com/article/745032/Saas_Predictions_for_2014

A storm that left at least nine people dead and more than 400,000 without power this weekend was pushing its way into Canada on Sunday, but holiday travelers may still face slick roads as the system douses the Southeast with heavy rainfall.

The storm that brought high winds, ice, snow and rain to a wide swath of the Southeast before roaring north will affect sections of the USA through Monday night, said Frank Strait, senior meteorologist with AccuWeather.

"The main part of the storm is pulling away into Canada now and taking some of the snow with it,'' Strait said. But a lingering cold front could stretch from Virginia to Pensacola, Fla., causing heavy downpours before the system finally begins to weaken.

...

http://www.usatoday.com/story/news/nation/2013/12/22/storm-ice-wind-power/4164761

Monday, 23 December 2013 14:33

The Changing Trends of DDoS Attacks

Distributed denial-of-service (DDoS) attacks certainly aren’t new. I’ve been talking about them for years. However, they have been changing. The traditional style of attack, the flood-the-target type that crashes a website, is still going strong. But now we are seeing an increase in application-layer attacks that have the same goal: Systems go down, resources are unavailable and the victim is scrambling to fix everything.

Recently, Vann Abernethy, senior product manager for NSFOCUS, talked to me about the changing DDoS landscape. Something he has noticed is how DDoS attacks are being used as smokescreens to cover up other criminal activity. He said:

In fact, the FBI warned of one such attack type back in November of 2011, which relies upon the insertion of some form of malware. When the attacker is ready to activate the malware, a DDoS attack is launched to occupy defenders. In this case, the DDoS attack is really nothing more than a smokescreen used to confuse the defenses and allow the real attack to go unnoticed – at least initially.  Considering that most malware goes undetected for long periods of time, even a small DDoS attack should be a huge red flag that something else may be going on.

...

http://www.itbusinessedge.com/blogs/data-security/the-changing-trends-of-ddos-attacks.html

Monday, 23 December 2013 14:32

Target Sees Massive Customer Data Hack

It couldn’t have happened at a worse time for a retailer. Target informed shoppers that if they charged an item at Target stores between Nov. 27 and Dec. 15, their credit and debit card accounts may have been compromised—as much as 40 million cards in all.

While online shoppers typically have been the victims, this time hackers went through the physical checkout systems inside every Target store—about 2,000 stores, 1,797 in the United States and 124 in Canada. It’s possible that every shopper who swiped a credit card or entered a pin number at the point of sale had their information stolen.

Barbara Endicott-Popovsky, director of the Center for Information Assurance and Cybersecurity at the University of Washington told TIME Magazine that hacking “is a business. The general public would be shocked and amazed by the size of the problem.”

...

http://www.riskmanagementmonitor.com/target-sees-massive-customer-data-hack-2

Give the IT industry credit for facing up to the challenge of energy consumption over the past few years. Once it entered the popular consciousness that data infrastructure consumes a significant portion of total energy capacity, industry leaders across the board set to work building more efficient infrastructure.

Part of this was simple economics, of course – less energy means lower operating costs. And to be sure, virtualization came along at just the right time to slim down hardware footprints without sacrificing data processing capabilities.

And now it seems some planners are moving onto the next goal, and a rather ambitious one at that: the zero-carbon data center. A colocation firm in Iceland is nearing completion on a facility that relies entirely on hydroelectric and geothermal sources to power its fully modular data infrastructure. The company recently installed a free air cooling system from Eaton-Williams that operates without chillers or mechanical cooling of any kind, instead taking advantage of arctic winds brought in by the Gulf Stream. The Tier-3 facility measures about 23,000 square meters and is backed by redundant UPS supplies for critical systems, with power densities ranging from 4 kW to 16 kW per rack.

...

http://www.itbusinessedge.com/blogs/infrastructure/next-stop-in-green-it-the-zero-carbon-data-center.html

Monday, 23 December 2013 14:30

FEMA Blog

By Dan Watson, Public Affairs

At the end of each week, we post a "What We’re Watching" blog as we look ahead to the weekend and recap events from the week. We encourage you to share it with your friends and family, and have a safe weekend.

A Potentially Stormy Holiday 

According to our friends at the National Weather Service, a storm system is set to track across the nation this weekend, impacting states in a variety of ways and potentially disrupting holiday travel. Here’s the latest forecast from the NWS:

  • Heavy rain is forecast from the lower Mississippi River Valley to the Ohio Valley this weekend with a risk for flash flooding.
  • A wintry mix, including freezing rain and snow, is possible from the central Great Plains, through the Great Lakes and to northern New England this weekend.
  • The NWS Storm Prediction Center (SPC) has indicated a Moderate Risk of severe thunderstorms on Saturday, with possible tornadoes, for portions of the Lower Mississippi Valley.
  • Severe thunderstorms are possible from the Central Gulf Coast/Lower Mississippi Valley into the Ohio Valley Saturday.

As you travel to visit friends and loved ones for the holidays, we encourage you to exercise caution and monitor weather conditions as they change. Stay up-to-date on weather conditions in your area by visit weather.gov or mobile.weather.gov on your mobile device.  Also, visit Ready.gov for more winter weather safety tips and other great resources!

Be Prepared in 2014!

 This year's Resolve to be Ready campaign focuses on 'Family Connection' to reinforce the importance of parents including their children in preparedness conversations in advance of potential disasters. The Ready campaign makes an emergency preparedness resolution easy to keep by recommending families consider these three ideas when making a plan: who to call, where to meet and what to pack. User this image as your Facebook and Twitter cover photo graphics to get your community prepared in 2014.

With the New Year around the corner, it’s time to make our resolutions. Why not Resolve to be Ready for an emergency?

This year, we’re continuing our Resolve to be Ready campaign with an emphasis on 'Family Connections' – reinforcing the importance of getting kids involved in preparedness conversations in advance of an emergency. We’re making your emergency preparedness resolution easy to keep this year with three simple tips when making a plan: who to call, where to meet and what to pack.
Here’s what you can do:

  • Make a family communication plan that answers – who to call, where to meet and what to pack.
  • Join our Thunderclap on Facebook and Twitter and share a New Year's resolution of preparedness with your followers. How does Thunderclap work? Once you sign up, Thunderclap will sync your social media accounts to release an automatic Facebook post, Tweet or both on January, 1, 2014 at 12:30 PM reminding your friends and followers to make a family emergency plan.
  • Use #Prepared2014 in your social media messaging throughout 2014 to remind your friends and followers to be prepared for emergencies all year long.
  • Share preparedness messages from the Ready Facebook and Twitter feeds.

Visit ready.gov/prepared2014 for more information on how you can Resolve to be Ready in 2014!

Photos of the Week

Here are a few of our favorite photos that came into our Photo Library this week.

Forest Hills, N.Y., December 17, 2013 -- United States Marine Sgt. Nail, from the 6th Communications Battalion, is greeted by Federal Coordinating Officer Willie Nunn. The Marines came to FEMA's Joint Field Office in Queens to pick up toys donated by FEMA workers for the "Toys for Tots" charity. K.C.Wilsey/FEMA

East Peoria, Ill., December 17, 2013 -- FEMA Public Information Officer Art Alejandre, does an interview in Spanish with Univision at a local Disaster Recovery Center to encourage local residents impacted by the November tornadoes to apply for FEMA assistance. Local residents who suffered damages or losses are encouraged to apply to FEMA for disaster assistance by calling (800) 621-3362, (TTY) (800) 462-7585, or by applying online at www.DisasterAssistance.gov. Jocelyn Augustino/FEMA

Santa Clara, N.M., December 16, 2013 -- Deputy Tribal Coordinating Officer Michael Chavarria is charged with a project on restoration of the Santa Clara Pueblo’s ancient tribal lands, which were damaged after recent fires. Adam DuBrowa/ FEMA

New Topics on Our Online Collaboration Tool

We’ve recently launched a few new topics on our online collaboration tool and as always, we want to hear your thoughts and ideas. Head on over and share your ideas, comment on others ideas, and vote for your favorite.

That’s it for today’s What We’re Watching. On behalf of everyone at FEMA, we wish you and your family a wonderful and safe holiday!

Monday, 23 December 2013 14:29

Colorado Flooding – 100 Days Later

(Editor: Cuts of disaster response and recovery are available at www.flickr.com/photos/coemergency or www.go.usa.gov/DeK9.)

DENVER – In the 100 days following the catastrophic floods that hit much of Colorado, more than $204 million has gone to individuals and households in recovery assistance, flood insurance payments and low-interest disaster loans.

In addition, more than $28 million has been obligated to begin to repair and rebuild critical infrastructure and restore vital services.

Initially, the State, federal and local objectives were to save lives, bring aid to the affected areas, provide temporary safe housing, clear debris and to make immediate repairs to damaged infrastructure to put communities on the path to recovery.

President Obama signed a major-disaster declaration for Colorado Sept. 14 after severe and unremitting rains that began on Sept. 11 inundated much of the northeast portion of the state. The flooding killed 10 people, forced more than 18,000 from their homes, destroyed 1,882 structures and damaged at least 16,000 others.

Progress by the Numbers:

  • Under the Individuals and Households Program, FEMA has granted $53,816,716 for housing needs and $4,572,871 to help survivors who suffered damage to their homes. Under the Public Assistance Program, FEMA has obligated $28,338,878 to publicly owned entities and certain nonprofits that provide vital services. (See below for county-by-county breakdowns.)
  • The U.S. Small Business Administration has approved 2,274 low-interest disaster loans for over $90 million to Colorado homeowners, renters, businesses of all sizes and private nonprofit organizations. Of that amount, $73 million was in loans to repair and rebuild homes and replace personal property and $17 million was in business and economic-injury loans. Approved loan amounts for some of the most impacted areas include $55.2 million to Boulder County, $14 million for Larimer County and $9.4 million for Weld County.
  • More than 50 national, State and local volunteer organizations pitched in to help in the recovery efforts, involving the work of 28,664 people giving their time and energy to both short- and long-term healing and to address any unmet needs. Volunteers provided donations-coordination, home repair, child and pet care, counseling services, removal of muck and mud from homes and much more. In-kind donations amounted to $3,187,564. Valuing a volunteer hour at $22.43, the 275,860 hours of time represents a contribution of $6,162,725.
  • The National Flood Insurance Program approved more than $55.7 million to settle 1,910 claims.
  • More than 28,348 survivors registered for disaster assistance.
  • FEMA housing inspectors in the field have looked at nearly 26,000 properties in the 11 counties designated for Individual Assistance in the president’s major-disaster declaration.
  • FEMA Disaster Survivor Assistance teams canvassed hundreds of neighborhoods, visiting more than 62,000 homes and 2,741 businesses to provide information on a vast array of services and resources available to eligible applicants and made follow-up contacts in hundreds of cases.
  • More than 21,500 survivors were able to visit 26 State/federal Disaster Recovery Centers to get one-on-one briefings on available assistance, low-interest loans and other information.

Housing

  • Since Transitional Sheltering Assistance was activated Sept. 22, a total of 1,067 households have stayed in 177 participating hotels. The Transitional Sheltering Assistance deadline was extended five times to Dec. 14, with checkout Dec. 15. To date, 55 manufactured housing units are either in place or being placed in Boulder, Larimer and Weld counties for families unable to secure other housing resources. FEMA has ordered a total of 66 manufactured housing units.

Infrastructure

  • In the 18 counties designated for FEMA’s Public Assistance program, 236 meetings were held to discuss the details of the program and the amounts involved in each recovery project. This component of federal assistance provides at least 75 percent of the costs of repairing and rebuilding public infrastructure, reimbursement for emergency measures, helping critical services conducted by governments and certain nonprofits get back to normal, and in some cases implementing mitigation against future damage and losses. FEMA and the State fielded 238 eligible Requests for Public Assistance. The amount obligated so far: $28,338,878.

Communicating

  • FEMA and the State supplied disaster-assistance information to 33 chambers of commerce, six economic-development centers and 38 schools of higher education.
  • FEMA’s Speakers Bureau received 85 requests from officials and other interested parties and 443 State/federal specialists have spoken at meetings and other venues. Thus more than 8,300 attendees were able to get information on assistance programs, flood insurance and low-interest loans.
  • FEMA mitigation specialists counseled 15,250 survivors during outreach efforts at area big-box hardware and building-supply stores and counseled more than 4,700 at Disaster Recovery Centers.
  • At , the dedicated Colorado-disaster website, there have been more than 103,000 hits – an average of 1,300 daily. The FEMA Region VIII Twitter feed has fielded more than 600 tweets and has increased the number of followers to 9,100. In the last 100 days, the State has sent out 1,025 tweets, has increased to 21,500 @COemergency followers and the COemergency Facebook page garnered 2,182 “likes.” The coemergency.com page has had 234,757 page views.
  • FEMA Corps teams were instrumental in spreading the word about assistance throughout the affected areas and worked alongside FEMA regulars in the Joint Field Office in Centennial. More than 300 FEMA Corps members helped survivors in responding to and recovering from the disaster.

http://www.fema.gov/news-release/2013/12/20/colorado-flooding-100-days-later

Avere Systems has released the findings of a cloud adoption study conducted at AWS re:Invent 2013. The overwhelming majority of attendees surveyed indicated that they currently or plan to use cloud for compute, storage, or application purposes within the next two to five years. Cost savings and disaster recovery / business continuity were found to be the factors most heavily driving cloud storage adoption, indicating that organizations believe cloud storage has the potential to increase efficiency, productivity, and the bottom line for their business.

Despite the majority of participants reporting cloud use within the next few years, attendees surveyed indicated security, performance, and organizational resistance as the largest barriers to cloud adoption. In addition, more than a third of attendees surveyed reported that their primary providers of traditional on-premises storage equipment are not helping with their adoption of cloud storage.

...

http://www.continuitycentral.com/news07058.html

Here’s what I see coming in the new year:

  1. Enlightened CIOs will regain a key role in the acquisition and implementation of enterprise Cloud solutions, including Software-as-a-Service (SaaS) applications and Infrastructure-as-a-Service (IaaS) computing resources. They will not only put policies in place that will encourage end-users and business units to include IT in the procurement and deployment processes, but will also enable IT to play a more proactive role in the evaluation and selection process.
  2. Corporate end-users and business units will be forced to enlist greater IT involvement and support in the acquisition and implementation of enterprise Cloud solutions because they will face greater challenges integrating them into their existing systems, software and data sources, and ensuring their security and performance.
  3. IT professionals will become more receptive to acquiring Cloud-based IT management solutions that enable them to more easily and economically perform their day-to-day duties so they can dedicate more time to strategic corporate initiatives.

...

http://blog.cutter.com/2013/12/20/it-to-secure-its-role-in-selectingimplementing-cloud-solutions

CIO — Around this time last year, CIO.com and its outsourcing experts made some plucky predictions for IT services in 2013 We said this would be the year that outsourcing governance finally grew up. (Hardly.) We said outsourcing customers would take matters into their own hands with more do-it-yourself deals. (They did.) And we predicted that customers would value domestic presence as a key differentiator among service providers. (It was just one of many factors.)

We revisited all of our prognostications from last year and found that three of them were right on target, four of them were off base and the other two were just beginning to take shape at year's end. As we pull together our 2014 forecast, here's how those 2013 predictions turned out:

...

http://www.cio.com/article/744941/2013_IT_Outsourcing_Year_in_Review_Grading_Our_Predictions

A number of big changes will start to impact IT in 2014 — but you should likely be thinking about them over the holiday break. Here are three trends I'm watching and what they will mean as we all get ready for the New Year.

First, robotics will move very rapidly now that Google is chasing the robot market. The question: Who will buy and maintain these robots, which will be increasingly used for anything from manufacturing to security? They'll need software updates, for one, and eventually they'll need to be managed like PCs, but the jobs robots replace or supplement will reside in other functions. Like all emerging technologies that enter at the bottom line, managers will initially be making the decisions without input from IT.

...

http://www.cio.com/article/744885/3_Trends_That_Will_Make_Life_Harder_for_CIOs_in_2014

If one of your goals in the New Year is to move toward using Big Data, then it’s time to move beyond the theoretical discussion to the nitty-gritty of implementations.

That doesn’t mean you should ignore your strategic goals, of course: It just means filling in the integration blanks between having Big Data and using Big Data.

TechTarget recently published a good starting point by excerpting chapter 10 from “Data Warehousing in the Age of Big Data,” written by Krish Krishnan, who is a Chicago-based executive consultant with Daugherty Business Solutions and a TDWI faculty member.

...

http://www.itbusinessedge.com/blogs/integration/two-steps-to-designing-your-own-big-data-architecture.html

Conventional Big Data wisdom holds that in order to derive any value from technologies such as Hadoop, organizations need to invest in a cadre of data scientists to build complex analytics applications. The problem with that thinking is that by the time an organization assembles all the software and hardware expertise needed to launch a Big Data application, multiple years will have gone by.

Datameer is one of a handful of application providers that are challenging Hadoop conventional wisdom. Fresh off garnering an additional $19 million in funding this week, Datameer is making the case that what organizations really want is access to Big Data analytics applications that are about as complicated to use as a Microsoft Excel spreadsheet.

...

http://www.itbusinessedge.com/blogs/it-unmasked/datameer-raises-19-million-to-challenge-hadoop-conventional-wisdom.html

Friday, 20 December 2013 15:20

Disaster Losses Down From 2012

Windstorm Xaver: Model shows a large area of high winds in the lower atmosphere pushing waters of the North Sea into the coasts around western Europe. Courtesy WeatherBELL Analytics.

Natural catastrophes and man-made disasters worldwide reached $44 billion in insured losses in 2013—down from $81 billion in 2012, according to a Sigma preliminary report by Swiss Re.

The study found that total economic losses from disasters in 2013 totaled $130 billion and 25,000 lives were lost. Hurricane Haiyan alone, which hit the Philippines in November with record-breaking winds, claimed more than 7,000 lives. In 2012 total economic losses were $196 billion and 14,000 lives were lost.

...

http://www.riskmanagementmonitor.com/2013-disaster-losses-down-from-2012/

Friday, 20 December 2013 15:13

The three roles of social media in crises

We all (most anyway) know that social media and digital communications play a primary role in creating, expanding and responding to crises today. But it all seems sort of a mishmash, so I found these comments from Dallas Lawrence very helpful in distinguishing the three roles that social and digital media play:

First, social media is an instigator. Were there not a social platform that allows us to send out our every thought, or record every stupid thing that happens, the crisis wouldn’t have occurred.

The next role is that of accelerant. A similar crisis may have happened 20 years ago, but it would not have metastasized so quickly without social media. So Lawrence stresses we must be prepared to act immediately instead of waiting and seeing.

...

http://ww2.crisisblogger.com/2013/12/the-three-roles-of-social-media-in-crises/

Thursday, 19 December 2013 14:30

Man-made Disasters and 2013

Just $6 billion of the $44 billion in estimated insured global losses arising from catastrophes in 2013 were generated by man-made disasters, little changed from 2012, according to Swiss Re sigma preliminary estimates.

But as an article on the Lloyd’s website reports, even though natural catastrophes may have dominated the news headlines in 2013, a series of man-made disasters have had a significant impact on a number of communities.

In fact around 5,000 lives were lost as a result of man-made disasters in 2013, according to Swiss Re sigma estimates.

...

http://www.iii.org/insuranceindustryblog/?p=3477

IDG News Service (Bangalore Bureau) — Target has confirmed that data from about 40 million credit and debit cards was stolen at its stores between Nov. 27 and Dec. 15.

The statement from the retailer Thursday follows reports that thieves had accessed data stored on the magnetic stripe on the back of credit and debit cards during the Black Friday weekend through card swiping machines that could have been tampered with at the retailer's stores, a practice known as card skimming.

The data could have been used to create counterfeit cards that could even be used to withdraw money at an ATM, according to the reports.

...

http://www.cio.com/article/744865/Target_says_40_million_cards_likely_skimmed_in_security_breach

Lists, kits, packs… they often exhibit order and completeness, two dimensions that are also important for effective business continuity. They are also the underlying principles of the ‘battle box’, a repository for vital information to allow an organisation to carry on operating in adverse conditions. Just like first aid kits and motorists’ emergency packs, a battle box should focus on the essentials. It should also be accessible and ‘grabable’ so that it can be made readily available to those responding to an incident.  However, there’s more a viable battle box than just ticking off items to be put in it.

...

http://www.opscentre.com.au/blog/unthinkable-business-continuity-without-a-battle-box/

Privacy is on trial in the United States. Legal activist Larry Klayman asked U.S. District Judge Richard J. Leonto require the NSA to stop collecting phone data and immediately delete the data they already have. Their argument was that US citizens have a right to privacy and this is a violation of the 4th Amendment of the Constitution protecting you from illegal search and seizure. Monday' ruling that this practice is unconstitutional has privacy activists cheering in the streets, but it will not be a lasting victory.

In the United States, there is not a single privacy law on the books. (You can argue that HIPAA is a privacy law, but nuances exists that can lessen its impact.) What is protected has come from judgments based on the application of the 4th Amendment regarding search and seizure. US citizens were given "privileges”, thanks to Richard Nixon, which say we have an expectation of privacy when using a phone, which basically means that the government has to get a warrant for a wiretap. (It’s worth noting that in the UK, they don’t get that privilege.)

Data is up for grabs. And everyone is grabbing.

...

http://blogs.forrester.com/renee_murphy/13-12-18-privacy_activists_are_cheering_for_the_nsa_ruling_but_it_wont_be_a_lasting_victory

Thursday, 19 December 2013 14:26

5 Strategies for Post-Holiday BYOD Problems

CSO — Christmas is fast approaching. Now, and after the office is back to normal after the first of the year, employees are going to return with several shiny new gadgets, along with the expectation that they'll "just work" in the corporate environment. Security will be a distant afterthought, because it's still viewed as a process that hinders productivity.

The back and forth between security helping or hurting productivity is a battle that has existed before the mobile device boom, and it will exist long after the next big technological thing arrives. But the fact remains security is an essential aspect to operations.

Analysts from Frost & Sullivan have estimated that mobile endpoint protection market will reach one billion dollars in earned revenue by 2017, a rather large number given that last year the market was worth about $430 million. The reason for the large projection is simple; mobile is the new endpoint, and everyone has one.

...

http://www.cio.com/article/744843/5_Strategies_for_Post_Holiday_BYOD_Problems

CIO - Superstorm Sandy, the Fukushima Daiichi nuclear plant near-meltdown and ongoing regional natural disasters such as Typhoon Haiyan all wreak havoc with the capability of many affected companies - thousands, if not more - to continue business operations.

We define business risk as any event or activity that threatens the capability of a company to concentrate on its primary goal of generating revenue. There's also business risk from unexpected or unbudgeted costs to a company owing to improper management or monitoring of the software running in an enterprise. Do you recognize that there may be significant business risks to your company lurking in your IT operations, even as you take the time to read this article?

Business risk is what organizations continually work to mitigate via disaster recovery or business continuity plans - and rightfully so. But a company may also be exposed to elevated business risks owing to two frequently overlooked issues: Software asset management (SAM) and software license management (SLM). Let's take a look at the how your organization can mitigate business risk using SAM and SLM.

...

http://www.computerworld.com/s/article/9244876/How_to_Mitigate_Business_Risk_Using_SAM_and_SLM_Tools

Thursday, 19 December 2013 14:24

The 8 Hottest Security Stories of 2013

CSO — Data loss, privacy violations, stolen source code, malware development, and more. In hindsight, 2013 was busy year for security professionals, as well as a costly one for the organizations and individuals targeted by criminals.

As mentioned, 2013 was a busy year with regard to security incidents. While there's still a month left, the fact remains that one-hundred million plus records have been compromised during the past eleven months. The source of this loss has been blamed on everything from nation state attacks and activists, to hackers with an agenda.

...

http://www.cio.com/article/744852/The_8_Hottest_Security_Stories_of_2013

Wednesday, 18 December 2013 16:17

Four enterprise IT predictions for 2014

What challenges threaten to impact on the integrity of enterprise IT systems during the year ahead? David Gibson, VP at Varonis Systems, gives his predictions:

Knowing where your enterprise’s data is stored is no longer optional.

Privacy and other laws vary from nation to nation. Businesses and their remote offices need to know which laws they must comply with, and those laws are in a state of flux in a number of large countries. In particular, US companies doing business in Europe face the prospect of new challenges that will require more accurate knowledge of where their data – and their customers’ data – reside than most of them have today.

The proliferation of personal cloud services and mobile device capability continues to put critical data in flight, beyond not only the walls but also the awareness of the enterprise. Making this even more urgent is the realization that some governments can (legally, it appears) access data stored in cloud services.

...

http://www.continuitycentral.com/feature1133.html

It’s the CIO’s version of Groundhog Day: Business units want a solution, but do not want to wait on IT. So the division leaders bypass IT by funding the solution from their own budget. Eventually, it all comes out and IT has to solve the ensuing integration problems.

The cloud has only multiplied the problem and added one more complication: Now, business users aren’t willing to put up with IT taking its sweet time on solving the integration problem, even if the business caused it, Gartner VP and Research Fellow Massimo Pezzini told Information Age.

And yet, as InformationWeek’s State of Cloud Computing Survey revealed, many companies are still trying to solve integration with manual coding.

...

http://www.itbusinessedge.com/blogs/integration/its-groundhog-day-dont-make-the-same-integration-mistakes-in-the-cloud.html

Here are my predictions for 2014:

  1. 2014 will bring exponential expansion and evolution of the Internet of Things (IoT).
    This will also bring new opportunities for information security trailblazers unlike any we’ve seen before. The potential benefits of the IoT will be huge, but just as large will be the new and constantly evolving information security and privacy risks. We will see some significant privacy breaches resulting from the use of IoT devices as a result. New IoT risks, and resulting security incidents and privacy breaches, will bring a significant need for technology information security pros to also understand privacy concepts so they can implement privacy protections within all these new devices, and into the processes and environments where the devices are used. Even though basic information security and privacy concepts will still apply, very little has been done to actually implement security or privacy controls in these new technologies. We will need more information security and privacy professionals who can recognize new information security and privacy risks. There is no textbook to look to for these answers as risks evolve.

...

http://blog.cutter.com/2013/12/17/iot-big-data-mobile-apps-drones-to-impact-privacy-security

Wednesday, 18 December 2013 16:13

Cloud Storage Cozies Up to the Enterprise

Cloud storage providers want your business, and they are actively exploring numerous strategies to get it.

However, catering to professional organizations is much different than catering to individuals, even if those individuals use their personal clouds to house business data. And the provider, or providers, who can establish robust, enterprise-friendly storage environments will reap a substantial reward as organizations look to scale infrastructure in order to take on Big Data and other challenges.

This is why so many cloud providers are introducing a wide range of top-tier storage features in their platforms. Box, for example, recently added a new administration console that aims to extend visibility and control into its hosted environment. The system includes protections for personal data like credit card numbers and Social Security information, as well as data and traffic analysis tools to help organizations better manage resource consumption and red-flag unusual usage patterns. There are also new automation and content management suites with improved workflow and search functions.

...

http://www.itbusinessedge.com/blogs/infrastructure/cloud-storage-cozies-up-to-the-enterprise.html

When is the last time you personally experienced a hard drive failure?

A few years ago, thieves broke into our RV and stole the laptops, hard drives, and basically anything not nailed down.

At the time, I had a backup strategy - but pushed the backup and swap by two days (after the weekend). As a result of that fateful decision, I lost a few weeks of work and a few gigabytes of pictures. I recreated the work, but the pictures are gone.

I learned the importance of sticking to the backup plan, having multiple backups (in different locations), and never leaving a phone with a laptop. Never.

Last summer, as the hard drive on my roughly four year old laptop signaled it was failing, I was ready. I had a backup. And to be safe, I had a backup of my backup.

- See more at: http://blogs.csoonline.com/security-leadership/2874/using-evidence-hard-drive-failure-backblaze-increase-value-security#sthash.DUEc8wMl.dpuf

When is the last time you personally experienced a hard drive failure?

A few years ago, thieves broke into our RV and stole the laptops, hard drives, and basically anything not nailed down.

At the time, I had a backup strategy - but pushed the backup and swap by two days (after the weekend). As a result of that fateful decision, I lost a few weeks of work and a few gigabytes of pictures. I recreated the work, but the pictures are gone.

I learned the importance of sticking to the backup plan, having multiple backups (in different locations), and never leaving a phone with a laptop. Never.

Last summer, as the hard drive on my roughly four year old laptop signaled it was failing, I was ready. I had a backup. And to be safe, I had a backup of my backup.

- See more at: http://blogs.csoonline.com/security-leadership/2874/using-evidence-hard-drive-failure-backblaze-increase-value-security#sthash.DUEc8wMl.dpuf
Wednesday, 18 December 2013 16:11

History is a great teacher

 

By Rev. David L. Myers, Director, DHS Center for Faith-based and Neighborhood Partnerships meeting with tornado survivor



History is a great teacher.

Associate Pastor Ben Davidson of Bethany Community Church learned a valuable lesson during Hurricane Katrina in 2005 that benefitted him and his congregation the morning of Nov. 17, 2013, when a powerful tornado tore through Washington IL.

His quick thinking reminds me when disasters occur; having a plan can save lives and help pivot a community toward a strong recovery. I have learned this lesson many times through the faith leaders I’ve engaged as director of the DHS Center for Faith-based & Neighborhood Partnerships.

On Sunday morning Pastor Davidson was preparing to begin his adult Sunday school class, when he received an emergency phone call.  A tornado had touched down and their church was in its path.
Immediately he and the staff worked to move the congregation --particularly the children -- to their designated shelter in the church location and they began to pray together as the storm passed through their community.

The entire congregation comforted one another through what Pastor Davidson recalls as "the longest 45 minutes of my life." Once all congregants were accounted for and that families could leave the sheltered location Pastor Davidson immediately went home to confirm the safety of his children who were at home sick that morning.

Immediately following the disaster, Bethany Community Church joined its fellow members of the Washington Ministerial Association, AmeriCorps and the Illinois Voluntary Organizations Active in Disaster to help coordinate the community’s recovery efforts.

meeting with pastor in washington illinois

Since the devastating event, more than 4,000 community volunteers have registered with Bethany Community Church to help their loved ones and neighbors during disasters.  Their effort and commitment will help to increase the community’s resilience and ensure they are better prepared for emergencies.

The story of Washington, IL, and Bethany Community Church is a reminder of the care and compassion that faith-based organizations can provide all survivors in times of disaster. Their story reinforces the power of a whole community, “survivor centric” approach and the important role and responsibility of faith leaders in preparing their communities before disasters strike.

I encourage you know what to do before disaster strikes by joining the thousands of faith-based and community members on the National Preparedness Coalition faith-based community of practice and connecting with faith leaders across the country working on preparedness.

Being prepared contributes to our national security, our nation’s resilience, and our personal readiness.

Wednesday, 18 December 2013 16:01

10 Cloud Computing Predictions for 2014

CIO — It's the time of year when darkness comes early and people begin to sum up how this year has gone and next year will unfold. It's also the time of year that predictions about developments in the technology industry over the next 12 months are in fashion. I've published cloud computing predictions over the past several years, and they are always among the most popular pieces I write.

Looking back on my predictions, I'm struck not so much by any specific prediction or even the general accuracy (or inaccuracy) of the predictions as a whole. What really comes into focus is how the very topic of cloud computing has been transformed.

Four or five years ago, cloud computing was very much a controversial and unproven concept. I became a strong advocate of it after writing Virtualization for Dummies and being exposed to Amazon Web Services in its early days. I concluded that the benefits of cloud computing would result in it becoming the default IT platform in the near future.

...

http://www.cio.com/article/744751/10_Cloud_Computing_Predictions_for_2014

Tuesday, 17 December 2013 16:12

Emerging IT continuity challenges

What issues and new technologies have disrupted the IT continuity landscape in 2013 and how are these likely to develop in 2014?

By Patrick Hubbard and Lawrence Garvin, SolarWinds.

We have spent the past year speaking with hundreds of techies at every major networking trade event in 2013 and from these discussions have drawn a number of predictions for the coming year, as well as insights into how the industry has evolved and developed over the past twelve months. Below, we share our thoughts on the past year and our predictions for 2014.

2013 has been the year of vendor-led hype on buzz technologies such as SDN and cloud, but in practice very few notable advances in technologies or vendor offerings in these areas have come into fruition.

Cross-product support, and a noticeable increase in budget, has accelerated the advance of virtualization. Products such as Cisco Unified Computing System (UCS) have made it possible to integrate with VMware V-block, boosting the desktop virtualization trend and widened its reach into mid-market networks. Similarly, with the launch of Hyper V, 2013 was the year that Microsoft finally became a genuine player in the virtualization space.

...

http://www.continuitycentral.com/feature1131.html

New research from Corero Network Security has found that many businesses are failing to take adequate measures to protect themselves against the threat of a DDoS attack. A survey of 100 companies revealed that in spite of the reports about the cost of downtime and the potential for DDoS attacks to mask greater threats, businesses are failing to put in place effective defenses/defences or plans to mitigate the impact of a DDoS attack against their organization. More than half of companies lack adequate DDoS defense technology, and 44 percent of respondents have no formal DDoS attack response plan.

The survey asked respondents about the effectiveness of their plans to prevent, detect and mitigate the damage of a cyber attack including examining their incident response plans from the standpoint of infrastructure, roles and responsibilities, technology, maintenance, and testing. The findings revealed a lack of planning on multiple levels: whilst nearly half of businesses lacked a formal DDoS response plan, the problem was compounded by out of date network visibility as more than 54 percent of respondents have outdated or non-existent network maps. Furthermore, approximately one in three businesses lacked any clear idea of their normal network traffic volume, making it more difficult to discern between routine traffic peaks or high traffic volumes that could signal a DDoS attack.

...

http://www.continuitycentral.com/news07055.html

While the web has opened wide the doors of opportunity for entrepreneurs around the world, others have shown evidence of creativity as well. Ingenious use of technologies has led to hacktivism, identity theft, distributed denial of service (DDoS) and swatting, to name but a few. Perpetrators use both the latest cyber-techniques and also old-fashioned approaches such as social engineering (a new term for the classic tactics of confidence tricksters). Business continuity and personal security both need to be safeguarded against threats like these. But what is driving the proliferation of such Internet incidents?

...

http://www.opscentre.com.au/blog/business-continuity-and-creative-cyber-criminals/

Risk certainly marked the year of 2013, with knock-on effects on business continuity thinking. However, in a year picking up the pieces after different disasters, the real message was a reminder that while we collectively now know a great deal about risk, we don’t always prepare or take action appropriately. The devastation caused by rainfall in the Uttarakhand state of India was one example. Environmentalists blamed what they considered to be haphazard preceding development projects of roads, resorts and hydroelectric stations for the subsequent high level of damage and deaths. Meanwhile in the US and for much of 2013, New York was applying lessons learned the hard way following Hurricane Sandy back in 2012 to produce an improved city resilience plan.

...

http://www.opscentre.com.au/blog/risk-business-continuity-and-it-dr-the-year-of-2013-in-review/

Tuesday, 17 December 2013 16:08

BYOD Has Not Won

Bring your own device (BYOD) has a lot going for it. The simplicity of the approach of letting Jane and Joe use their own devices at work and compensating them in some manner is so simple and so rooted in common sense that the case against it is lost in the shuffle.

Or was lost in the shuffle. The reality is that significant downsides and obstacles to BYOD do exist. That reality may finally be dawning on corporate managers. Strategy Analytics released interesting worldwide research that revealed that everything is growing: the number of BYOD devices, the number of company-owned devices issued to employees, and the total number of devices shipped.

The percentage that deserves the most attention is the portion of corporate-liable devices:

...

http://www.itbusinessedge.com/blogs/data-and-telecom/byod-has-not-won.html

A new study finds that in Seattle more than 10,000 buildings — many of them homes — are at high risk from earthquake-triggered landslides.

 

By Sandi Doughton

Seattle Times science reporter

With its coastal bluffs, roller-coaster hills and soggy weather, Seattle is primed for landslides even when the ground isn’t shaking. Jolt the city with a major earthquake, and a new study from the University of Washington suggests many more slopes could collapse than previously estimated.

A powerful earthquake on the fault that slices under the city’s heart could trigger more than 30,000 landslides if it strikes when the ground is saturated, the analysis finds. More than 10,000 buildings, many of them upscale homes with water views, sit in areas at high risk of landslide damage in such a worst-case scenario.

“Our results indicate that landsliding triggered by a large Seattle fault earthquake will be extensive and potentially devastating,” says the report published this month in the Bulletin of the Seismological Society of America.

...

http://seattletimes.com/html/localnews/2022463967_quakeslidexml.html

Monday, 16 December 2013 16:23

5 Tips to Keep Your Data Secure on the Cloud

How can you be sure the information you store on the cloud is safe? The short answer is you can't. However, you can take some protective measures. Here five data privacy protection tips to help you tackle the issue of cloud privacy.

 

CIO — The number of personal cloud users increases every year and is not about to slow down. Back in 2012 Gartner predicted the complete shift from offline PC work to mostly on-cloud by 2014. And it's happening.

Today, we rarely choose to send a bunch of photos by email, we no longer use USB flash drives to carry docs. The cloud has become a place where everyone meets and exchanges information. Moreover, it has become a place where data is being kept permanently.

...

http://www.cio.com/article/744688/5_Tips_to_Keep_Your_Data_Secure_on_the_Cloud

After years of false starts, virtual desktop infrastructure (VDI) products are here. They work, and if implemented correctly they can deliver substantial cost savings to enterprise IT shops. What are the risks and rewards involved in embarking on a VDI implementation for your organization?

By Ed Tittel and Kim Lindros

CIO — Virtual desktop infrastructure (VDI) is designed to deliver virtual desktops to client computers over a network from a centralized source. With traditional VDI, you create a master image (reference computer, or core) to use for all clients, then personalize images as needed.

The process of distributing patches and updates is simplified because you only have to update images, not every physical desktop. Plus, you can push desktops across a variety of platforms and devices, from desktop PCs to thin clients and mobile devices.

...

http://www.cio.com/article/744687/Virtual_Desktop_Infrastructure_Offers_Risks_and_Rewards

About this time every year, journalists covering the InfoSec beat start seeing prediction lists being pitched. Sadly, we will see the same pitch, from the same vendor, several times, often because we're on multiple blast lists. Thus, our inbox is clogged with pitches and follow-up emails asking if we've seen the pitches, plus the follow-ups to the follow-ups.

Not everyone is a fan of prediction lists. (Other than the vendors who make them.) For example, Martin McKeay, who works at Akamai as a Security Evangelist, holds an opinion shared by many security professionals when it comes to the vendor-driven prediction lists:

- See more at: http://blogs.csoonline.com/pandemic-preparedness/2869/magical-list-security-predictions-2014#sthash.zMOGpHaa.dpuf

About this time every year, journalists covering the InfoSec beat start seeing prediction lists being pitched. Sadly, we will see the same pitch, from the same vendor, several times, often because we're on multiple blast lists. Thus, our inbox is clogged with pitches and follow-up emails asking if we've seen the pitches, plus the follow-ups to the follow-ups.

Not everyone is a fan of prediction lists. (Other than the vendors who make them.) For example, Martin McKeay, who works at Akamai as a Security Evangelist, holds an opinion shared by many security professionals when it comes to the vendor-driven prediction lists:

"Really, the amazingly stupid part of these annual lists is that they’re not predictive in the least. With rare exceptions, the authors are looking at what they’ve seen happening in the last three months of the year and try to draw some sort of causal line to what will happen next year. The exceptions are either simply repeating the same drivel they reported the year before or writing wildly outrageous fantasies just to see if anyone is actually reading..."

Dave Lewis, fellow CSO blogger and Security Advocate for Akamai, pointed out that many of the prediction lists from years gone by could just as easily apply to the here and now. In fact, in his blog post on the topic, he proved it. His list comes form the year 2000.

- See more at: http://blogs.csoonline.com/pandemic-preparedness/2869/magical-list-security-predictions-2014#sthash.zMOGpHaa.dpuf

The data integration market is growing faster than security and virtualization, according to Margaret Breya, executive vice president and CMO, Informatica Business Solutions.

Why?

Not surprisingly, Breya credits Big Data, machine data and the Internet of Things.

But it’s not just because organizations need to integrate these new forms of data into enterprise systems: A large market for embeddable data management engines is available, both for applications and devices, she said.

“The addressable market is huge, comprising 52 thousand large enterprises and 60 million medium and small enterprises,” Breya told CIOL, an India-based IT publication. “The opportunity is quite huge in the devices space, if you take into account the prediction of 50 billion connected devices by the year 2020.”

...

http://www.itbusinessedge.com/blogs/integration/are-embeddable-data-management-engines-the-next-big-thing-for-integration.html

Now that a good number of enterprises have gained a modicum of experience with public cloud architectures, attention is turning in earnest toward replicating those environments on internal infrastructure.

The private cloud, in fact, is expected to be one of the chief growth areas for both enterprise-class hardware and software as organizations seek to first build the broad scalability needed to support a functioning cloud, and then the virtual and software layers to make it happen.

Indeed, the private cloud has emerged as a top priority within the enterprise vendor community as it provides a unique opportunity to remake the entire data infrastructure stack from the ground up. Dell, for example, has zeroed in on the private cloud now that its lengthy privatization process is complete, teaming up with Red Hat to integrate the OpenStack-friendly RHEL 6.5 across Dell’s data center portfolio. Dell will also take on RHEL service and support functions, even if the system is deployed on non-Dell hardware, a testament to the company’s desire to function within what is likely to be a broad, multi-vendor environment.

...

http://www.itbusinessedge.com/blogs/infrastructure/public-and-private-clouds-similar-but-not-the-same.html

There is a 14-dog race going on, with a goal to win the wallets of the enterprise for mobile security spend. When lined up in the starting blocks, the racers may all seem to have equal chances, but a few are better poised to cross the finish line first and bask in the glory of the winners' circle. Three of these technologies are the odds-on favorites to lead from start to finish, with the rest of the racers struggling to remain relevant.

Coming off the starting block with the "holeshot" are the mobile device management vendors. With huge engines of revenue, large customer counts, and first-mover advantage, this dog is the odds-on favorite to take the championship trophy. Mobile device management vendors are already expanding their technologies and products into security platforms to diversify their rapidly commoditized product offerings. The move is paying off for the biggest and toughest MDM participants in the race, giving them the early, and potentially insurmountable, lead.
...

CIO — Infrastructure and Operations (I&O) staffing is both your organization's greatest asset and greatest monetary investment, says John Rivard, research director for Infrastructure and Operations at Gartner.

It's on the shoulders of these folks that the future of your organization rests, and if you're not doing everything you can to recruit and retain the best of the best, you could be at a competitive disadvantage, he says.

"I believe there's going to be a battle over the future of your organization, and I&O is at the crossroads," Rivard said. "Your best employees have a greater, more positive impact on your organization than your best customers," he says.

...

http://www.cio.com/article/744599/How_to_Win_the_IT_Infrastructure_and_Operations_Talent_War

Achieving certifications within the IT field is almost a rite of passage. Most IT workers have a degree, but specialize in a certain technology and may become certified in that area to help prove their mastery of that skill or technology.

However, some professionals are still leery of certifications. Is all that studying and testing really worth it? Do employers really pay attention to certifications on resumes? Which certification would be right for the job? And will you need to keep up the certification after you achieve it?

In our IT Downloads section, you will find an excerpt from the book “The Basics of Achieving Professional Certification: Enhancing Your Credentials.” The download features Chapter 5: Maintaining Professional Certifications.

This chapter discusses the need for keeping certifications current and up to date. According to the chapter:

...

http://www.itbusinessedge.com/blogs/it-tools/the-importance-of-achieving-and-retaining-certifications.html

SPRINGFIELD, Ill. — Federal Emergency Management Agency (FEMA) officials, along with partners from the U.S. Small Business Administration (SBA) are encouraging homeowners, renters and businesses to apply for low-interest disaster loans to help fund their losses.

If Illinois residents apply for assistance with FEMA and are referred to the SBA, it’s important for them to submit a loan application to assure that the federal disaster recovery process continues and they keep their options open:

  • Many survivors who register with FEMA will be contacted by the SBA. Survivors can submit their SBA disaster loan applications one of three ways: by mail, in person at a Disaster Recovery Center or online at DisasterLoan.SBA.gov/ela.
  • It is important for survivors to complete and return the application as soon as possible. Filing the loan application does not obligate people to accept an SBA loan and failure to complete and submit an SBA loan application may stop the FEMA grant process. However, homeowners and renters who submit an SBA application and are declined a loan may be considered for certain other FEMA grants and programs that could include assistance for disaster-related car repairs, clothing and household items.
  • Next to insurance, an SBA loan is the primary funding source for real estate property repairs and replacing lost contents following a disaster like a tornado. Homeowners may be eligible for low interest loans up to $200,000 for repairs.
  • SBA can help renters replace their essential items. Homeowners and renters may be eligible to borrow up to $40,000 to repair or replace personal property, including automobiles damaged or destroyed in the disaster.
  • Loans for businesses and private non-profit organizations. Loans are available up to $2 million to repair or replace disaster damaged real estate, and other business assets.  Eligible small businesses and non-profits can apply for Economic Injury Disaster Loans (EIDL) to help meet working capital needs caused by the disaster. 
  • Do not wait on an insurance settlement before returning an application. Insurance may not pay for any or all of the storm-related damage. Survivors can begin their recovery immediately with an SBA disaster loan.  The loan balance will be reduced by their insurance settlement.
     

For additional information about SBA low-interest disaster loans, contact the SBA Disaster Assistance Customer Service Center by calling 800-659-2955 or TTY 800-877-8339, emailing disastercustomerservice@sba.gov or visiting sba.gov/disaster. SBA customer service representatives are available at all disaster recovery centers. Centers can be found online at fema.gov/DRC.

For the latest information on Illinois’ recovery from the Nov. 17 storms, visit FEMA.gov/Disaster/4157. Follow FEMA online at twitter.com/femaregion5, facebook.com/fema and youtube.com/fema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

SBA provides low-interest, long term disaster loans for homeowners, renters and businesses of all sizes. For more information, visit SBA’s website at www.sba.gov/disaster.

Friday, 13 December 2013 17:29

Companies Unprepared for DDoS Attacks

What is your plan in case your company is hit by a distributed denial of service (DDoS) attack? Do you have a plan?

If you are like many of the companies surveyed in Corero Network Security’s most recent poll, the answer would be no, you probably don’t have a plan in place, despite knowing what the risks are. The survey of 100 companies discovered that 44 percent have no formal response plan. Worse yet, more than half don’t have the tools in place to defend against a DDoS attack.

Part of the problem, Corero discovered, is that companies tend to under-invest in security for their network infrastructure. And even when they do have security tools in place, no one is ensuring that they work when needed. It’s like having a jack and a spare tire in the trunk of your car but never checking to make sure the jack works or whether there is air in the tire. You might think you are prepared in case of a flat, but when the time actually comes, you are in no better shape than you would be if the jack and tire were at home in the garage.

...

http://www.itbusinessedge.com/blogs/data-security/companies-unprepared-for-ddos-attacks.html

Friday, 13 December 2013 17:22

Executives Explore Strategic Risk

Quickly made business decisions and innovations in technology—such as big data and social media—can throw a curve to a company’s strategic risk management, according to a survey by Deloitte. As a result, risk managers need to be prepared to act quickly to avoid disruptions that can follow.

The study, Exploring Strategic Risk: 300 Executives around the World Say Their View of Strategic Risk is Changing, found that 81% of companies surveyed manage strategic risk explicitly, focusing on major risks that could impact the long-term performance of their organization.

Strategic risk management is also more of a board level priority, with 67% saying the CEO and board have oversight in managing strategic risk. They also say reputation risk is now their biggest risk concern. Much of this concern is due to the instantaneous aspects of social media globally, which can impact a company’s perception in the marketplace.

...

http://www.riskmanagementmonitor.com/executives-explore-strategic-risk

The proverbial stitch in time may save nine, but IT operations predicting problems before they occur saves more than just the budget.

TeamQuest, a provider of IT management software, has made available a predictive analytics offering that can be used to identify the root causes of likely future performance issues.

According to TeamQuest product advocate Dave Wagner, TeamQuest Risk Prediction helps IT organizations address the complexity of IT environments where multiple application workloads now routinely run on top of virtual machines that compete for a limited amount of physical resources. By applying predictive analytics to that complexity, Wagner says TeamQuest Risk Prediction can be used to analyze the data it collects as often as every 15 minutes.

...

http://www.itbusinessedge.com/blogs/it-unmasked/teamquest-applies-predictive-analytics-to-it-operations.html

Ray Abide looks at the concepts of detail complexity and dynamic complexity in the context of business continuity planning.

Over an extended period of time, I believe that a conventional instinct is to add more specifics and detail to our business continuity plans. This may be guided by increasing complexity in the subject business or by our improved understanding and planning maturity brought about by plan exercises or experience gained by plan activation during a crisis.

While this increasing detail and texture in the plan may seem to be an improvement or an enhancement, it is only true if the incremental planning addresses the type of complexity that can be reduced or eliminated, in advance.

...

http://www.continuitycentral.com/feature1130.html

Health care organizations are facing a much more challenging directors and officers (D&O) liability insurance market as they adapt to changes arising from the Affordable Care Act (ACA), according to a new report from Marsh.

It reveals that average primary D&O rates for midsize and large health systems increased by 9.6 percent in the third quarter of 2013, while total program D&O rates renewed with 7.9 percent increases on average.

Nearly all organizations – 91 percent – renewed with rate increases, according to its findings.

...

http://www.iii.org/insuranceindustryblog/?p=3469

Computerworld UK — CFOs are frustrated with "excessive IT costs" and limited insights into their business despite IT investments, acccording to joint research from Oxford Economics and consulting firm AlixPartners.

The two organisations initially brought in CFO Research to survey senior finance executives at large and mid-size North American companies to examine their views on the value of their investments in IT.

Recently they added a further 50 CFOs across four European countries, including the UK, to the research. They found that senior finance executives across both continents were frustated about the same aspects of IT investment.

...

http://www.cio.com/article/744593/CFOs_Frustrated_About_IT_Costs_and_Lack_of_Insight_into_Their_Business

Thursday, 12 December 2013 17:09

How Much Can You Outsource a Risk?

A common corporate credo nowadays is: ‘make only what you cannot buy’. The idea is that if a supplier is already making an affordable, quality component or product, there is no sense in re-inventing the wheel. The company would be better off using its internal resources to develop more strategic advantages related to its core differentiating competences. Similarly, corporate activities such as accounting, logistics and procurement can also be handled by third parties offering different benefits to the purchaser – sometimes, but not always, in terms of cost reduction. But in such cases, does the purchasing company’s risk go down or up? And to what extent is it still responsible for the outsourced activity?

...

http://www.opscentre.com.au/blog/how-much-can-you-outsource-a-risk/

One of the major challenges with Big Data, I think, is figuring out your options. It is such a new space, so it’s a bit tricky to identify what type of tools you’ll even need, much less figure out which vendors actually offer them.

A large number of lists about Big Data are available: The Big Data 100, the Hot Start-Ups, the Most-Powerful Big Data Companies, and so on. All of these sites are informative, but they don’t necessarily help you piece together a basic Big Data architecture or list of solutions you must have, particularly when it comes to Big Data integration.

Organizations need to realize that not everything changes just because they’re dealing with Big Data.

...

http://www.itbusinessedge.com/blogs/integration/10-options-for-prepping-moving-and-integrating-data-sets-for-big-data.html

What links a brand's reputation, a railway sleeper and a telecommunications network? While these things may seem very different, according to experts working on a new International Standard they can all be seen as assets creating value for a company and can therefore be managed in similar ways.

The new International Standard ISO 55001 on asset management systems is set to be published in early 2014 and we asked Rhys Davies, the chairman of the committee developing the standard (PC 251) to give us his lowdown on the document.

So, Rhys what is an asset and why would someone need to manage it?

Well, in this new standard we have defined an asset as an item, thing or entity that has potential or actual value for an organization. This is vague, but in fact purposefully so. We wanted to make it clear to everyone that an asset can be anything from tangible and physical items such as rails, trains and vehicles to the more intangible such as the reputation of a company.

All of these things can bring value to a company and need to be well managed in order to make the most of that value.

These are quite diverse things, is managing rails really the same as managing a brand?

There are many similarities yes, and the fundamental principles are the same. If you do nothing with things, and this applies to both a brand and rails, they deteriorate. Their value, or potential value, decreases. All assets need maintaining so although the actions we take to maintain them might be different (e.g. for rails this might be renewing them, whereas for brands it might be choosing to sponsor new events), both will benefit from long term plans and strategies.

Asset management is about knowing what we want to achieve with an asset and how to make it happen, in addition to assessing risks associated with that asset. It is about having a long term strategy.

Most successful organizations and companies have long term strategies, complete with yearly objectives and so on. Why do we need a strategic asset management plan as well?

One of the key things with assets is that their life span can be much longer, or much shorter, than the average strategic plan. A brand's reputation will (hopefully!) outlast a five year plan, as will the physical infrastructure of a railway for example, so the long term strategic asset management plan has to take this longer life span into account and plan for it.

This longer term approach also forces us to get to know our assets much better. We may not always be aware of everything that has value or has the potential to create value for our organization. Identifying assets, what we want to achieve with them and how to get there, requires in-depth knowledge of the asset in question, which can help in operational decision making and an organization’s performance overall.

What are the benefits of using this standard?

The major benefit is of course being able to realize value from your assets, and one of the great things about this approach is that there are many quick wins early on in the process. Some are related to the improved knowledge of assets, as I have already mentioned. In addition, the approach can help improve the relationship with stakeholders. Value doesn't necessarily mean monetary gain and defining what the value is for an asset is often a conversation that happens with people outside the company or organization.

For example, there has been a lot of interest from cities in this standard. The notion of value from a public park will not be expressed in monetary terms and defining it will mean getting closer to those using the public park. This is very beneficial for many organizations.

Who is this standard for?

This standard can be used by many types of organizations and companies, public or private. Everything from a city or local service provider to a supermarket chain can benefit from good asset management.

You have been the chairman of the committee for the past 3 years. What is the most exciting thing about its development?

That the standard is soon finished and will soon be available for use. I was involved in the development of BSI PAS 55 (a British standard concentrating on physical assets) and I have seen that grow up and be adopted in lots of different industries. The ISO route and the inclusion of non-physical assets will open up new markets for that story, where previously companies and organizations wouldn't have used that document. This means we are able to get a good story out to more places - more industries and countries can benefit and we can get more feedback to improve the approach even further.

ISO 55001 (and two others in the family ISO 55000 and ISO 55002) will be published in January 2014. Watch this space for more information!

http://www.iso.org/iso/home.htm

Wednesday, 11 December 2013 16:15

Lessons from the future?

In this op ed thought experiment, David Lindstedt looks back from the year 2027 and highlights some pitfalls that the resilience road could lead to.

We should have been more careful, more disciplined.

But the idea of ‘resilience’ was so alluring.

Not like all the other stuff. IT DR was boring in the details, and it was all about the details. BCP could never get the proper sponsorship from executives. Life safety was tolerated, but never engaging in the corporate space.

But resilience? Now that showed promise.

...

http://www.continuitycentral.com/feature1129.html

Three quarters of the world’s 250 largest companies (G250) researched by KPMG acknowledge risks to their business from environmental and social ‘megaforces’, such as resource scarcity and climate change, in corporate responsibility (CR) reports. Yet only one in ten that reports on CR clearly links CR performance to remuneration, suggesting that many companies are failing to incentivise their executives to manage these risks effectively.

The findings from the eighth KPMG Survey of Corporate Responsibility Reporting, published recently, also reveal that only 5 percent of G250 reporting companies quantify and report the potential impact of environmental and social risks on financial performance.

“Environmental and social risks can impact the supply chain, productivity, financial performance, reputation and brand value. So it is disappointing to see that so many companies still shy away from quantifying these risks in financial terms and few factor in the management of these risks into executive remuneration,” said Yvo de Boer, KPMG’s Global Chairman, Climate Change & Sustainability Services.

...

http://www.continuitycentral.com/news07048.html

The European Parliament has voted to adopt new legislation on EU Civil Protection which paves the way for a stronger European cooperation in responding to disasters.

Welcoming the vote, Kristalina Georgieva, the EU Commissioner for International Cooperation, Humanitarian Aid and Crisis Response said: "A rising trend in natural and man-made disasters over the past decade has demonstrated that coherent, efficient and effective policies on disaster risk management are needed now more than ever. This vote brings us a step closer to a predictable and reliable civil protection system at the European level. This can mean the difference between life and death when a disaster strikes. Equally important, the revised legislative proposal includes measures that will help to prevent and prepare better for the upcoming disasters. Successful disaster risk management is first and foremost about providing security to our citizens. I would like to thank the European Parliament for its strong support."

The revised legislation on the EU Civil Protection Mechanism is designed to better protect and respond to natural and man-made disasters. To ensure better prevention, the Member States will regularly share a summary of their risk assessments, share best practices, and help each other identify where additional efforts are needed to reduce the disaster risks. A better understanding of risks is also the departure point for planning an effective response to major disasters.

...

http://www.continuitycentral.com/news07047.html

Wednesday, 11 December 2013 16:12

Collaboration and Social Tools in 2014

For 2014, I predict …

1. The browser becomes the OS. More and more is being added to Google’s Chrome browser; so much so that it is starting to look much like an operating system. You have all of these plug-ins (like applications), you can customize and configure your device or the look and feel of the browser. Nowhere is Chrome more an OS than with Chromebooks, where it is the OS. And it is a very web-oriented OS (thin client), with just the browser, media player and file manager as its only native applications. The question is: will IE or Firefox follow suit? Or are they pursuing different directions?

...

http://blog.cutter.com/2013/12/11/collaboration-and-social-tools-in-2014/

Wednesday, 11 December 2013 16:11

Survey Shows SMBs Take Compliance, Risk Seriously

Nexia, a London-based consulting company, surveyed small to midsize businesses (SMBs) about compliance and operational risks in its Global Risk Management Report. It found that nearly two-thirds of respondents already have a formal process in place for risk assessment.

Those surveyed identified operational risks and compliance as the top risks facing their companies to date. Glenn Davis, a partner with CohnReznick LLP, explained:

Risk management has become critically important as businesses are challenged to remain competitive while grappling with uncertain operational and financial conditions… Regardless of the size of the entity, the risks are broadly the same, but the ramifications are much greater for small and mid-sized organizations.

...

http://www.itbusinessedge.com/blogs/smb-tech/survey-shows-smbs-take-compliance-risk-seriously.html

CIO — Is the complexity of your company's data making it difficult to make effective IT decisions? If so, you're not alone. Keeping the lights on and systems running while still finding the resources to innovate is a challenge for most IT organizations, and the growing complexity of data about IT environments is making that challenge nearly insurmountable for many.

According to a new study by Forrester Research, commissioned by Data as a Service (DaaS) company BDNA (creator of the Technopedia repository of information on enterprise hardware and software), 73 percent of high-level IT decision makers cite the complexity of data as the largest challenge in making effective IT decisions in the next 12 months.

...

http://www.cio.com/article/744464/Is_Data_Complexity_Blinding_Your_IT_Decision_Making_

CSO — No matter how valiant the efforts of chief security officers, or how much businesses say they focus on securing their systems, or the amount of money spent on IT defenses -- many of the same IT security challenges persist.

Enterprises lag in their ability to swiftly detect breaches -- an important measure of security maturity. According to the 2013 Verizon Data Breach Investigations Report, 62 percent of organizations didn't detect breaches for months, or longer -- and partners and customers, or others identified about 70 percent of those breaches.

There's clearly much room for improvement, but as the number, duration, and costs of attacks reveal, as well as our interviews in recent weeks, there certainly won't any quick fixes. However, according to the experts we've spoke there are a handful of areas that, if dramatically improved, would significantly shorten today's chasm between defender and attacker.

...

http://www.cio.com/article/744489/A_Fistful_of_Security_Fixes_to_Help_CSOs_Stay_Ahead_of_Risks

There can be a variety of reasons why bad decisions get made in the corporate world. Last week I wrote about psychopaths in the C-Suite and Boardroom. Today I want to look at some less flamboyant, more mundane ways that a company might get into compliance hot water through poor decision making. In an article in the November issue of the Harvard Business Review, entitled “Deciding How to Decide”, authors Hugh Courtney, Dan Lovallo and Carmina Clarke reviewed how senior decision makers in a company might go about strategic decision making. One of the areas that they explored was how systemic roadblocks might get in the way of making a valid decision.

I found their discussion very interesting from the compliance perspective. The FCPA Guidance emphasized the need for companies to have a robust pre-acquisition due diligence process, in addition to a vigorous post-acquisition integration. The FCPA Guidance stated, “In the context of the FCPA, mergers and acquisitions present both risks and opportunities. A company that does not perform adequate FCPA due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps most commonly, inadequate due diligence can allow a course of bribery to continue—with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability.” But what are some of the biases which might prevent a company from making a good strategic decision even with adequate pre-acquisition due diligence. The authors set out five which I will explore in more detail.

...

http://tfoxlaw.wordpress.com/2013/12/10/expanding-your-compliance-decision-making-tool-kit/

Tuesday, 10 December 2013 17:35

The Worst IT Project Disasters of 2013

IDG News Service (Boston Bureau) — Trends come and go in the technology industry but some things, such as IT system failures, bloom eternal.

"Nothing has changed," said analyst Michael Krigsman of consulting firm Asuret, an expert on why IT projects go off the rails. "Not a damn thing."

"These are hard problems," he added. "People mistakenly believe that IT failures are due to a technical problem or a software problem, and in fact it has its roots into the culture, how people work together, how they share knowledge, the politics of an organization. The worse the politics, the more likely the failure."

Here's a look at some of this year's highest-profile IT disasters.

...

http://www.cio.com/article/744455/The_Worst_IT_Project_Disasters_of_2013

CIO — Growth is normally a boon for any business. Servers hum faster when an ecommerce site attracts more customers (and more credit card transactions). When storage requirements for a new business that handles documentation for large companies suddenly escalate, executives high-five each other.

Scaling can be so costly, though, that fast growth isn't always a positive. Fortunately, new technologies can help a company ramp up quickly and efficiently, removing some of the pain of having to expand a data center. Instead of being faced with a major capital outlay that offsets new revenue, these innovations make the impact of scaling up a data center to meet demand less of a drain.

...

http://www.cio.com/article/744452/4_Tech_Innovations_That_Improve_Data_Center_Scalability

Vendors supplying you with components or services for your infrastructure need to feel confident about working with your organisation. That way they’ll be motivated to give off their best. It could be argued that stressing a vendor with unannounced tests might have a negative impact on their relationship with you. After all, they have a business to run too and your test is a business disruption for them. However, real disasters often arrive unannounced and in order to be realistic tests should be unannounced too. Is there a way out of this conundrum, and if so what is it?

...

http://www.opscentre.com.au/blog/should-you-warn-vendors-about-impromptu-disaster-recovery-tests/

No doubt you’ve heard about a shortage of data analytics specialists.

The data’s getting a bit long in the tooth, but a 2011 McKinsey Global Institute study predicted a shortfall of about 150,000 people with the needed analytic skills to manage Big Data analytics.

That may not be the biggest problem facing analytics, however. An equally important, but less cited, finding in that study was the predicted shortfall of 1.5 million business people who could leverage that data, notes a recent Harvard Business Review blog post.

...

http://www.itbusinessedge.com/blogs/integration/an-alternative-to-centralizing-or-embedding-data-scientists.html

The hard disk drive’s utility in enterprise settings has been under question since the first enterprise-class, solid-state solutions were introduced nearly five years ago. But now it seems a new challenge is on the horizon, not from advanced technologies like Flash, but from a perceived lower order of storage: consumer disk drives.

A recent blog post from cloud backup provider BackBlaze details the company’s use of both consumer and enterprise-class drives for its Storage Pod service and its own administrative and transactional applications. Over the past two years, the company reports that it has racked up 368 drive years with the enterprise systems—primarily Dell PowerVault and various EMC solutions—and 14,719 drive years with consumer-grade technology. In that time, it reported 17 enterprise-class failures and 613 consumer failures, which produces an annual failure rate of 4.6 percent and 4.2 percent, respectively. So with lower costs and better reliability, why bother with an enterprise drive?

...

http://www.itbusinessedge.com/blogs/infrastructure/consumer-disk-drives-in-the-enterprise-change-from-the-bottom-up.html

TEKsystems, a company that provides IT staffing and services, recently did a study that essentially took the temperature of IT departments – what they think trends are, where budgets are focusing dollars and the like. One of the areas the survey focused on was security.

Most of the predictions and trend reports I see are from security experts. While I think these predictions are essential for anyone in charge of enterprise network security – it really does help to have an idea of what threats to protect against – it is good to hear about security concerns and predictions from the IT point of view.

What TEKsystems discovered is that security is a rising concern for IT departments. When asked, “Which of the following trends or technology will have the biggest impact on your organization in 2014,” big data came in first, but security moved from third place in 2013 to second place in 2014. Mobile computing also moved up a spot, from fourth to third. It is fitting that security and mobile move together because the two issues are so intertwined. An IT department can’t have a good mobile policy without having a solid security plan built into it.

...

http://www.itbusinessedge.com/blogs/data-security/security-focus-trends-upward-for-it-departments.html

male student walking to university buildingBy Thomas Clark, MD, MPH

This time last year public health officials were grappling with a meningitis outbreak linked to fungus found in tainted medication.  Now officials are trying to rein in a different outbreak of meningitis, more specifically meningococcal disease, popping up on a college campus, including Princeton University.

Most college freshmen are instructed to get a series of vaccinations before starting school in the fall, including one for meningococcal disease which can spread quickly in close quarters, such as dorms. The meningococcal vaccine routinely given to rising freshman protects against four different serogroups, or types, of meningococcal bacteria – A, C, Y, and W-135. Unfortunately, the cases of meningococcal disease that have been appearing at Princeton University are from a different strain of these bacteria not covered by the vaccine.

male scientist working in labTaking Action

Because meningococcal disease can be deadly or lead to long-term disabilities [LINK], affecting the linings of the brain and spinal cord or the bloodstream, and can spread more easily on college campuses, it’s important that school and health officials take immediate action to stem the spread of disease. Princeton University and the New Jersey Department of Health have launched an aggressive awareness campaign to educate students and the University community about the disease and how to help prevent spreading it.  Individuals who were in close contact with patients diagnosed with meningococcal disease have also been recommended antibiotic treatment as a precautionary measure. But because giving antibiotics to everyone isn’t an effective strategy, CDC has recommended that a vaccine approved in Europe and Australia be imported to try and halt the spread of this outbreak. FDA has given the OK for use of the vaccine at Princeton University under an Investigational New Drug application. This is a term FDA uses to describe a vaccine that’s not licensed (approved) in the US, but which is made available in certain situations. FDA has concluded that the benefits of using the vaccine to prevent meningococcal disease at Princeton University outweigh the risks of possible adverse events. Clinical trials in other countries have shown the vaccine to meet safety and efficacy standards to allow licensure in the European Union and Australia in January and August 2013, respectively.  This is the first time CDC has had the chance to consider using this newly licensed vaccine in response to a serogroup B meningococcal disease outbreak.

female patient receiving vaccination from nurseWhy Vaccinate?

Since students have become ill over the course of two school years, officials believe there will be more cases. And because predicting who meningococcal bacteria will strike next isn’t possible – many people carry the bacteria in their throats without actually get sick – vaccination is the most effective way of controlling future spread of the disease. Unlike antibiotics, a vaccine would protect people for a longer period of time, and could help decrease or stop the spread of the bacteria, which would help protect the University community as a whole. It also avoids some of the complications of antibiotics, such as antibiotic resistance and side effects. The vaccine is recommended for all Princeton University undergraduate (regardless of where they live) and graduate students living in dormitories. Certain other individuals associated with the University may be evaluated for vaccination if they have specific medical conditions. Getting vaccinated would be voluntary and funded by the University. You can get more information on the vaccine at http://www.cdc.gov/meningococcal/vaccine-serogroupB.html

Staying Safe at School

Meningococcal disease can spread from person to person, through saliva (think coughing or kissing) or through lengthy contact (think living in the same dorm room or apartment). Symptoms of meningococcal disease include rapid onset of fever, headache, body aches, and feeling very tired. Individuals may also experience a stiff neck, increased sensitivity to light, feel nauseated or confused, and have a rash. Students should be aware of how they are feeling and look for possible signs or symptoms. If you feel you might be getting sick, seek medical attention immediately and avoid contact with others (don’t go to class or work until you’ve talked to a doctor about how you’re feeling). The same basic health practices that you should normally follow for preventing infection from the flu or colds are also recommended. They include:

  • Covering your mouth and nose when you cough or sneeze,
  • Washing your hands often with soap and warm water, and
  • Practicing good health habits like not sharing utensils, water bottles, or other items that might be contaminated with someone else’s saliva (this means beer pong too!)

***Stay Tuned!  Dr. Clark, Branch Chief of CDC’s Meningitis and Vaccine Preventable Diseases Branch is currently in New Jersey working with Princeton University on their vaccination campaign.***

http://blogs.cdc.gov/publichealthmatters/2013/12/meningitis-overseas-for-help/

Monday, 09 December 2013 16:16

Measles Still Threatens Health Security

On 50th Anniversary of Measles Vaccine, Spike in Imported Measles Cases

 

Fifty years after the approval of an extremely effective vaccine against measles, one of the world’s most contagious diseases, the virus still poses a threat to domestic and global health security.

On an average day, 430 children – 18 every hour – die of measles worldwide. In 2011, there were an estimated 158,000 measles deaths.

In an article published on December 5 by JAMA Pediatrics, CDC’s Mark J. Papania, M.D., M.P.H., and colleagues report that United States measles elimination, announced in 2000, has been sustained through 2011. Elimination is defined as absence of continuous disease transmission for greater than 12 months. Dr. Papania and colleagues warn, however, that international importation continues, and that American doctors should suspect measles in children with high fever and rash, “especially when associated with international travel or international visitors,” and should report suspected cases to the local health department. Before the U.S. vaccination program started in 1963, measles was a year-round threat in this country. Nearly every child became infected; each year 450 to 500 people died each year, 48,000 were hospitalized, 7,000 had seizures, and about 1,000 suffered permanent brain damage or deafness.

People infected abroad continue to spark outbreaks among pockets of unvaccinated people, including infants and young children. It is still a serious illness: 1 in 5 children with measles is hospitalized. Usually there are about 60 cases per year, but 2013 saw a spike in American communities – some 175 cases and counting – virtually all linked to people who brought the infection home after foreign travel.

“A measles outbreak anywhere is a risk everywhere,” said CDC Director Tom Frieden, M.D., M.P.H. “The steady arrival of measles in the United States is a constant reminder that deadly diseases are testing our health security every day. Someday, it won’t be only measles at the international arrival gate; so, detecting diseases before they arrive is a wise investment in U.S. health security.

Eliminating measles worldwide has benefits beyond the lives saved each year. Actions taken to stop measles can also help us stop other diseases in their tracks. CDC and its partners are building a global health security infrastructure that can be scaled up to deal with multiple emerging health threats.

Currently, only 1 in 5 countries can rapidly detect, respond to, or prevent global health threats caused by emerging infections. Improvements overseas, such as strengthening surveillance and lab systems, training disease detectives, and building facilities to investigate disease outbreaks make the world -- and the United States -- more secure.

“There may be a misconception that infectious diseases are over in the industrialized world. But in fact, infectious diseases continue to be, and will always be, with us. Global health and protecting our country go hand in hand,” Dr. Frieden said.

Today’s health security threats come from at least five sources:

  • The emergence and spread of new microbes
  • The globalization of travel and food supply
  • The rise of drug-resistant pathogens
  • The acceleration of biological science capabilities and the risk that these capabilities may cause the inadvertent or intentional release of pathogens
  • Continued concerns about terrorist acquisition, development, and use of biological agents.

“With patterns of global travel and trade, disease can spread nearly anywhere within 24 hours,” Dr. Frieden said. “That’s why the ability to detect, fight, and prevent these diseases must be developed and strengthened overseas, and not just here in the United States.”

The threat from measles would be far greater were it not for the vaccine and the man who played a major role in creating it, Samuel L. Katz, M.D., emeritus professor of medicine at Duke University. Today, CDC is honoring Dr. Katz 50 years after his historic achievement. During the ceremony, global leaders in public health are highlighting the domestic importance of global health security, how far we have come in reducing the burden of measles, and the prospects for eliminating the disease worldwide.

Measles, like smallpox, can be eliminated. However, measles is so contagious that the vast majority of a population must be vaccinated to prevent sustained outbreaks. Major strides already have been made. Since 2001, a global partnership that includes the CDC has vaccinated 1.1 billion children. Over the last decade, these vaccinations averted 10 million deaths – one fifth of all deaths prevented by modern medicine.

“The challenge is not whether we shall see a world without measles, but when,” Dr. Katz said.

“No vaccine is the work of a single person, but no single person had more to do with the creation of the measles vaccine than Dr. Katz,” said Alan Hinman, M.D., M.P.H., Director for Programs, Center for Vaccine Equity, Task Force for Global Health. “Although the measles virus had been isolated by others, it was Dr. Katz’s painstaking work passing the virus from one culture to another that finally resulted in a safe form of the virus that could be used as a vaccine.”


U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES

“A doctor walks into a room…” It sounds like the start of joke, but it’s part of a reality that speaks volumes about compliance. Here’s how this true story begins.

A pharmaceutical sales representative (sales rep) is conducting a typical lunchtime informational session at a doctor’s office. The sales rep’s manager is with the sales rep that day. It just so happens there is another doctor within the same office who – according to the company’s policy – is not permitted to participate in the session since said doctor, based on his specialty, should not (in theory) be prescribing the drug the sales rep is detailing. Note: I say “in theory,” since according to state law, doctors can prescribe any drug they want regardless of their specialty and whether or not the drug is indicated for the condition. But I digress.

The sales rep is engaged in a conversation with the “appropriate” physician when the “not allowed” physician walks into the room, signs the attendance sheet that is required in these sessions, and obtains a drink of water from the office cooler. He then promptly exits the room without talking to the sales rep or partaking of the lunch the sales rep provided. The sales rep’s manager asks the sales rep who the physician is and at this point the sales rep and the manager determine this is a “not allowed” physician.

...

http://www.corporatecomplianceinsights.com/ensuring-compliance-where-has-all-the-logic-gone/

Monday, 09 December 2013 16:14

You Can’t Outsource Accountability

Needless to say, Indian service providers pioneered and developed the outsourced software development space; currently, they generate a combined $3.2 billion of revenue annually. Although Indian software service providers claim high standards, it is apparent that there are still weaknesses in their delivery. I just published a report that highlights the main culprits for this: a lack of executive commitment, poor application coding, and the industrialization of software development:

...

http://blogs.forrester.com/manatosh_das/13-12-08-you_cant_outsource_accountability

WASHINGTON — Seven minutes after the authorities in Sparks, Nev., received a call one day in October that a gunman was on the loose at a local middle school, a paramedic wearing a bulletproof vest and a helmet arrived at the scene.

Instead of following long-established protocols that call for medical personnel to take cover in ambulances until a threat is over, the paramedic took a far riskier approach: He ran inside to join law enforcement officers scouring the school for the gunman and his victims.

“He met the officers right near the front door, and they said: ‘Let’s go. There are victims outside near the basketball court,’ ” said Todd Kerfoot, the emergency medical supervisor at the shooting. “He found two patients who had been shot and got them right out to ambulances.”

Federal officials and medical experts who have studied the Boston Marathon bombing and mass shootings like the one in Newtown, Conn., have concluded that this kind of aggressive medical response could be critical in saving lives. In response to their findings, the Obama administration has formally recommended that medical personnel be sent into “warm zones” before they are secured, when gunmen are still on the loose or bombs have not yet been disarmed.

...

http://www.nytimes.com/2013/12/08/us/in-mass-attacks-new-advice-lets-medics-rush-in.html

Springfield, Ill. – In the aftermath of a disaster, misconceptions about disaster assistance can often prevent survivors from applying for help from the Federal Emergency Management Agency and the U.S. Small Business Administration. A good rule of thumb: register, even if you’re unsure whether you’ll be eligible for assistance.

Registering with FEMA is simple. You can apply online at DisasterAssistance.gov or with a mobile device by downloading the FEMA app or by visiting m.fema.gov. You can also register over the phone by calling FEMA’s helpline, 800-621-FEMA (3362). Survivors who are deaf or hard of hearing and use a TTY can call 800-462-7585. The toll-free telephone numbers operate from 7 a.m. to 10 p.m. (local time) seven days a week until further notice.

Clarification on some common misunderstandings:

  • MYTH: I've already cleaned up the damage to my home and had the repairs made. Isn’t it too late to register once the work is done?
    FACT: You may be eligible for reimbursement of your clean up and repair costs, even if repairs are complete.
  • MYTH: I believe FEMA only makes loans so I didn’t apply for help because I don’t want a loan.    
    FACT: FEMA only provides grants that do not have to be paid back. The grants may cover expenses for temporary housing, home repairs, replacement of damaged personal property and other disaster-related needs such as medical, dental or transportation costs not covered by insurance or other programs.    

The U.S. Small Business Administration provides low-interest disaster loans to renters, homeowners and businesses of all sizes. Some applicants may be contacted by SBA after registering with FEMA. You are not obligated to take out a loan, but if you don’t complete the application, you may not be considered for other federal grant programs. You can apply online using the Electronic Loan Application (ELA) via SBA's secure website at https://disasterloan.sba.gov/ela. For more information on SBAs Disaster Loan Program, visit SBA.gov/Disaster, call the SBA Customer Service Center at 800-659-2955 (TTY 800-877-8339 for the deaf and hard-of-hearing) or send an email to DisasterCustomerService@sba.gov.

  • MYTH: I don’t want to apply for help because others had more damage than I had; they need the help more than I did.        
    FACT: FEMA has enough funding to assist all eligible survivors with their disaster-related needs. 
  • MYTH: I'm a renter. I thought FEMA assistance was only for homeowners for home repairs.
    FACT: FEMA assistance is not just for homeowners. FEMA may provide assistance to help renters who lost personal property or who were displaced.
  • MYTH: FEMA assistance could affect my Social Security benefits, taxes, food stamps or Medicaid.
    FACT: FEMA assistance does not affect benefits from other federal programs and is not considered taxable income.
  • MYTH: I heard registration involves a lot of red tape and paperwork.
    FACT: There is no paperwork to register with FEMA. The process is very easy and normally takes between 15 and 20 minutes.
  • MYTH: Since I received disaster assistance last year, I’m sure I can’t get it again this year.
    FACT: Assistance may be available if you suffered damages from a new federally-declared disaster.
  • MYTH: My income is probably too high for me to qualify for FEMA disaster assistance.
    FACT: Income is not a consideration for FEMA grant assistance. However you will be asked financial questions during registration to help determine eligibility for SBA low-interest disaster loans.

For the latest information on Illinois’ recovery from the Nov. 17 storms, visit FEMA.gov/Disaster/4157. Follow FEMA online at twitter.com/femaregion5, facebook.com/fema and youtube.com/fema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

SBA is the federal government’s primary source of funding for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts, and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover uninsured and uncompensated losses and do not duplicate benefits of other agencies or organizations. For information about SBA programs, applicants may call 800-659-2955 (TTY 800-877-8339).

The man who called himself “Mo” had dark hair, a foreign accent and — if the pictures he e-mailed to federal investigators could be believed — an Iranian military uniform. When he made a series of threats to detonate bombs at universities and airports across a wide swath of the United States last year, police had to scramble every time.

Mo remained elusive for months, communicating via ­e-mail, video chat and an ­Internet-based phone service without revealing his true identity or location, court documents show. So with no house to search or telephone to tap, investigators turned to a new kind of surveillance tool delivered over the Internet.

...

http://www.washingtonpost.com/business/technology/fbis-search-for-mo-suspect-in-bomb-threats-highlights-use-of-malware-for-surveillance/2013/12/06/352ba174-5397-11e3-9e2c-e1d01116fd98_story.html

It is a sad fact, that getting people or organizations to discuss disaster preparedness topics is easier to do just after they have experienced a disaster.  Call it human nature, procrastination or avoidance — but, this remains a constant challenge for nearly all emergency management and disaster response professional teams.

In a rather recent posting, however, we are directed to a rather unique approach submitted by one of the neighborhood group organizations of Boston, MA called the Jamaica Plain Neighborhood Development Corporation (JPNDC).  This group encourages people to host a “Preparedness Pie Party” — in order to better engage neighbors to talk about preparedness.

Monday, 09 December 2013 16:08

Big Data Keeps on Truckin'

Many of the early success stories with Big Data came from logistics companies.

For example, UPS used sensor data to improve maintenance and fuel efficiency back in 2010. In 2011, CIO.com ran a story about U.S. Xpress, which used Big Data and sensors to save about $6 million a year across its fleet.

So it really shouldn’t be surprising that an intriguing new Big Data business intelligence platform would be unveiled at a recent American Trucking Associations’ executive summit.

...

http://www.itbusinessedge.com/blogs/integration/big-data-keeps-on-truckin.html

Monday, 09 December 2013 16:07

Train Disaster Calls for Safety Action

At 7:20 a.m., Dec. 1, four people died and more than 68 were injured, 11 critically, when a speeding passenger train headed for Grand Central Terminal derailed on a steep curve.

Brake failure was cited as a possible reason for the crash, but inspections determined that the brakes were in good condition. The train’s operator, who recently had been switched to an early shift, later said he may have dozed off, failing to apply the brakes in time to avoid the crash.

The derailment is of special interest to me. The Hudson line is the one I take to work every day and is the same line that suspended service in July when 10 CSX garbage cars derailed near the same location, just north of the Spuyten Duyvil train station.

...

http://www.riskmanagementmonitor.com/train-disaster-calls-for-safety-action

As a recent graduate now working in a business continuity role within a leading investment firm, I’ve been looking for a good mentor; someone I could shadow; who I could learn from; and who would help me develop to become the best I could be in the business continuity profession. Looking back it’s not been the easiest process. The most notable advice I have received thus far is as follows.

  • "Always look busy."
  • "Always know more than the person in front of you."

My first mentor was a really great bloke who you would undoubtedly grab a beer with any day. He was considered a subject matter expert for BCM but when asked to develop a business continuity policy his words to me were: "Here is my pal's policy - just change the name and we're good". It was after 120 pages of sifting that I realised two things:

...

http://www.continuitycentral.com/feature1127.html

By Paul Clark, AlgoSec.

Security is always walking a fine line between enabling the business, and acting as a brake on agility and productivity.  Unfortunately for many organizations, it seems that their security infrastructure has stepped over the line and is holding them back.  When we surveyed 240 infosecurity, network operations and application professionals in autumn 2013, we found they were struggling with managing their critical business applications effectively, because of the sheer complexity involved.

Over half of the survey respondents reported that they had over 100 critical business applications in their data center /centre.  This means a heavy workload of application connectivity change requests for IT teams, to enable those applications to keep up with the evolving needs of the business.  45 percent of respondents said they have to manage over 11 requests every week, and 21 percent have more than 20 changes per week. 

A majority of respondents (59 percent) said each request takes more than 8 hours to process, with nearly a third saying that each change takes more than one business day.  And the typical time needed to deploy a new data center application was over 5 weeks, and in some cases more than 11 weeks. 

...

http://www.continuitycentral.com/feature1128.html

This document builds upon the current practice of CERTs with responsibilities for ICS networks, and also on the earlier work of ENISA on a baseline capabilities scheme for national/ governmental (n/g) CERTs (make an internal link to the main 'baseline capability' page). The document is an initial attempt to provide a good practice guide for the entities that have been tasked to provide ICS Computer Emergency Response Capabilities (ICS-CERC). On the other hand, this guide does not have the ambition to prescribe to the EU Member States which entities should be entrusted with provision of ICS-CERC services.

Dec 04, 2013

http://www.enisa.europa.eu/activities/cert/support/baseline-capabilities/ics-cerc/good-practice-guide-for-certs-in-the-area-of-industrial-control-systems

When end users circumvent the IT department and start using software-as-a-service (SaaS) applications without permission, the IT pros complain about the plague they call "shadow IT." But it would seem the professionals are also operating in the shadows, according to a survey out today.

The report entitled "The Hidden Truth behind Shadow IT," was a collaboration of consultancy Frost & Sullivan and McAfee. The survey asked 300 IT pros and 300 line-of-business employees whether they used SaaS applications in their jobs without official approval. Eighty percent admitted they did, with only 19% of the business employees and 17% of IT claiming to be innocent.

...

http://www.cio.com/article/744143/IT_Pros_Share_Blame_for_Shadow_IT_Problem_Survey_Shows

Wednesday, 04 December 2013 16:31

A Mini-FAQ on Combining MDM and Big Data

I’m starting to see more pieces about using master data management (MDM) with Big Data.

If the very idea gives you a headache, you’re in good company — but stick with me. I’ve been juicing vegetables, and feel energetic enough to tackle some questions about the topic.

Do people really combine MDM and Big Data, or are vendors just piling hype on top of hype?

...

http://www.itbusinessedge.com/blogs/integration/a-mini-faq-on-combining-mdm-and-big-data.html

A recently released study by IBM that involved more than 4,000 C-suite leaders from 70 countries, including hundreds of midmarket leaders, gave interesting insight into digital strategies employed by various companies. Among the results are some compelling facts about how small to midsize businesses (SMBs) view their digital influence on their customers.

Of those SMBs who responded, 43 percent believe their company has an integrated physical and digital strategy already in place. The study identified that digitization of information is changing the way businesses relate with customers:

...

http://www.itbusinessedge.com/blogs/smb-tech/ibm-study-shows-smbs-need-to-focus-on-digital-strategy.html

Wednesday, 04 December 2013 16:16

Beware of Disaster-Related Fraud

CHICAGO, IL -- The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) and Illinois Emergency Management Agency (IEMA) urge Illinois residents affected by recent severe storms, straight-line winds and tornadoes to be alert for potential fraud and to keep these points in mind:

  • A FEMA inspector will first contact you by phone to arrange a visit to your damaged home or apartment to determine if you have uninsured, eligible losses. A FEMA inspector will always have an official badge visible during the inspection. Ask to see the badge before allowing him/her to enter your home.
  • FEMA will not contact you requesting your personal information to process a prepaid credit card.
  • FEMA does not charge for information that it gives out. Apply free online at www.DisasterAssistance.gov or call 1-800-621-3362 (TTY 1-800-462-7585).
  • FEMA does not send out text messages asking recipients to call fee-based telephone numbers. The toll-free numbers above are used for all contact with FEMA, including applying and follow-up.
  • FEMA and the U.S. Small Business Administration do not charge fees for information regarding filling out the SBA loan applications. Free assistance is available by calling SBA’s toll-free number, 1-800-659-2955 (TTY 1-800-877-8339).

Anyone with knowledge of fraud, waste or abuse may call the FEMA Fraud Hotline at 1-800-323-8603. You may also send an email to DHSOIGHotline@dhs.gov. Complaints may also be made via the FEMA Helpline at 1-800-621-3362 (TTY 1-800-462-7585) or with state or local law enforcement officials or consumer agencies.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

http://www.fema.gov/news-release/2013/12/01/beware-disaster-related-fraud

Tuesday, 03 December 2013 16:32

The Complete Picture of Embedding Agile

If you visit an Agile conference these days, it’s hard not to hear talks like “Scrum within a RUP project” or “Agile in a Traditional Organization.” From a dogmatic Agile point of view, this reminds me a little bit of a veggie-stuffed beef recipe promoted as vegetarian food. From a management perspective, it means that you are only exploiting about 10% or 20% of the potential of Agile . Many consultants would consider such an implementation as failed, and I’m sure you will find a lot of “Scrumbut” practices in these organizations.

But does that necessarily mean such an approach is bad? I don’t think so. To the contrary, a fast judgment of these approaches often mirrors the arrogance of the judge rather than his or her capability to carefully consider the circumstances. I know this is a provoking statement within the Agile community, so let’s dig into it.

...

http://blog.cutter.com/2013/12/03/the-complete-picture-of-embedding-agile/

In the 20th century, companies waited until their industries and competitors fully vetted technologies before investing in even the most tried and true ones.  Technophobes believed that investing too early was indulgent and reckless.  Executives wore their late technology adoption strategies as badges of corporate honor.  Today, emerging technologies are ready for immediate deployment:  iPads are ready; Dropbox is ready; Skype is ready; ListenLogic is ready; Foursquare is ready; YouTube is ready.

I predict that these and many other hardware and software technologies will be adopted without clear (or “validated”) requirements models, without the venerable SDLC, and even without rapid prototyping. I predict that technology adoption will turbo-charge into instant deployments

The figure below summarizes defined and ready technology adoption and the implications of ready technology adoption.  It also provides some examples.

...

http://blog.cutter.com/2013/12/03/defined-vs-ready-technology-adoption-the-future-is-now-and-forever/

According to new research conducted by the UK Department for Business, Innovation & Skills (BIS) with MI5 and GCHQ, only 14 percent of directors responsible for audit at the FTSE 350 firms regularly consider cyber threats, with a significant number receiving no intelligence at all about cyber criminals.

Espion, a company that specialises in information risk management, believes this research should serve as a wakeup call to those charged with governance and compliance to apply the same rules to information risk that are in place for other forms of corporate risk.

Espion’s head of consultancy, Stephen O’Boyle says: “Whether attacks from data thieves, spies or saboteurs who steal from, gain unfair advantage over or damage companies, the cyber crime threat facing UK organizations is increasing.

...

http://www.continuitycentral.com/news07035.html

‘Trends in extreme weather events in Europe: implications for national and European Union adaptation strategies,’ a new report from the European Academies Science Advisory Council (EASAC), looks at how climate based disasters have changed in frequency and what can be expected in the future.

Key points in the report include:

  • Weather-related catastrophes recorded worldwide have increased from an annual average of 335 events from 1980 to 1989, to 545 events in the 1990s and to 716 events for 2002–2011.
  • Compared with other continents, the increase in loss-relevant natural extreme events in Europe has been moderate, with an increase of about 60 percent over the past three decades. The highest increases have occurred in North America, Asia and Australia/Oceania with today about 3.5 times as many events as at the beginning of the 1980s.

...

http://www.continuitycentral.com/news07037.html

Tuesday, 03 December 2013 16:28

The Top Five Emerging Risks in 2013

Most companies have experienced (or will experience) significant financial damage in their lifetime due to an unforeseen risk event. Companies that fail to proactively identify and prepare for these risks can easily be caught off guard, often exacerbating the financial impact and lengthening the time required to address and mitigate the risk. As part of the quarterly surveys CEB conducts with risk officers at Fortune 500 companies and other organizations around the globe, we have identified the top five emerging risks companies are seeing today. Based on these findings, we are able to capture the impact a risk event has on traditional risk categories regularly tracked by companies, how these risks have changed over time and which risks will likely have greater impact in months to come.

...

http://www.corporatecomplianceinsights.com/the-top-5-emerging-risks-in-2013/

CIO — The latest Bureau of Labor Statistics data reveals that over the last 12 months, only 77,600 IT jobs were added, as CIOs and hiring managers remain cautious about the slow economic recovery, says Victor Janulaitis, CEO of Janco Associates, a management consulting firm that specializes in IT.

According to the BLS data, September's IT jobs number was adjusted down from a gain of 2,500 jobs to a loss of 3,600 jobs. At the same time, the number of jobs reported as gained in October was only 5,200. But amid these dismal numbers, Janulaitis says, there's a bright spot  companies are increasing thier budgets for hiring skilled IT contractors.

...

http://www.cio.com/article/743993/CIOs_Opting_for_IT_Contractors_Over_Hiring_Full_Time_Staff

Tuesday, 03 December 2013 16:18

Weather Risks Often Overlooked

Unpredictable weather is a risk that can’t be put off or ignored. In fact, insurer payouts for weather-related catastrophes rose from $15 billion a year between 1980 and 1989 to a staggering $70 billion annually between 2010 and 2013, a study found.

While major weather events are a focus of businesses, small events can still have a big impact, according to The Weather Business: How Companies Can Protect Against Increasing Weather Volatility by Allianz Global Corporate & Specialty.

Even though weather volatility is shown to be rising globally, organizations are still failing to protect their revenue from the risks of changes in temperature, snowfall, wind levels, rainfall and too much sun, the report found. Changes in weather can also impact a number of industries including construction, energy, retail, tourism, food, distribution and transport.

...

http://www.riskmanagementmonitor.com/weather-risks-often-overlooked/

Companies that emphasize strong health and safety environments outperform their peers in the market, suggests a new report. It provides evidence that health, wellness, and safety programs not only reduce workers' comp and other health-related costs but may actually lead to better financial performance.

 

Add to Facebook Add to Twitter Add to LinkedIn Write to the Editor Reprints

"Evidence seems to support that building cultures of health and safety provides a competitive advantage in the marketplace," says the report. "A portfolio of companies recognized as award winning for their approach to the health and safety of their workforce outperformed the market."

The research was published in the September issue of the Journal of Occupational and Environmental Medicine. While the study does not conclude that a health and safety culture is the cause of better financial outcomes, "results consistently and significantly suggest that companies focusing on the health and safety of their workforce are yielding greater value for their investors as well," the report says.

...

http://www.riskandinsurance.com/story.jsp?storyId=533355357&topic=Main

Cyber attacks have become a top concern for businesses in 2013, with 85 percent of corporate executives naming it their greatest risk – but surprisingly, less than 20 percent of companies purchase cyber insurance for protection against this increasingly common cause of loss.[1] As cybercriminals begin employing more sophisticated tactics, cyber insurance is becoming a necessity; companies hit by hackers could be held accountable with class actions in court for large-scale data breaches.

Cyber insurance is available to everyone and is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage and cyber extortion. The Department of Commerce has deemed cyber insurance an “effective, market-driven way of increasing cybersecurity” because it may help reduce the number of successful cyber attacks by promoting widespread adoption of preventative measures, encourage the implementation of best practices by basing premiums on an insured’s level of self-protection and limit the level of losses that companies face following a cyber attack[2].

...

http://www.corporatecomplianceinsights.com/cyber-coverage-a-must-coverage-lapse-costing-big-bucks-in-data-breaches/

By Brian McNoldy

It was a hurricane season almost without hurricanes. There were just two, Humberto and Ingrid, and both were relatively wimpy, Category 1 storms. That made the 2013 Atlantic hurricane season, which ended Saturday, the least active in more than 30 years — for reasons that remain puzzling.

The season, from June through November, has an average of 12 tropical storms, of which six to seven grow to hurricane strength with sustained winds of 74 mph or greater. Typically, two storms become “major” hurricanes, Category 3 or stronger, with sustained winds of at least 111 mph.

...

http://www.washingtonpost.com/national/health-science/wimpy-hurricane-season-a-surprise--and-a-puzzle/2013/12/01/a3267f1c-57a9-11e3-835d-e7173847c7cc_story.html

Monday, 02 December 2013 17:10

Obsolescence as risk

I don't usually consider obsolescence as a risk.

We usually know when things start to reach the end of their useful life. After all, when we make a Major Purchase (and "major" depends on the budget) we look for a Use By date or MTTF information. Warranties and extended warranties also give us a clue to a product's useful life.

Today, as I tried to enter the gated community in which I reside I - like Froggy the Gremlin - tried to plunk my magic twanger, a/k/a gate clicker, and it once again failed to raise the barrier.
The gate mechanism recently was replaced and the residents were told we would need to buy, at more than $50 each, new clickers. Turns out that the new mechanism could be programmed to receive signals from the old clickers. (Some of the residents suspect shenanigans on the part of the board, but that's another matter.)

...

http://johnglennmbci.blogspot.com/2013/12/erm-bc-coop-obsolescence-as-risk.html

During the week (26 November to be exact), The Times (UK) distributed a special  supplement published by Raconteur, entitled “The Agile Business”. This is something I probably would have missed as I don’t live in the UK and even when I am visiting I don’t generally read The Times.

Fortunately I know people who contributed one of the articles and were gleefully engaged in blatant self-promotion on social media – pointing at you Charley Newnham!

...

http://www.blog.vrg.net.au/informed/resilience-thinking/resilience-agility-and-the-times-supplement/

Monday, 02 December 2013 17:08

Next Up for the Enterprise: Wearable Gadgets

Most enterprises are still getting used to the idea of employee-owned data access devices and all the architecture-, infrastructure- and policy-related challenges that go with them.

But like virtualization, the cloud and everything else affecting the data center, the Bring Your Own Device (BYOD) phenomenon is only just beginning, and the ultimate ramifications are open to wide interpretation at this point.

Already, the movement is passing by such workaday devices as tablets and smartphones to entirely new classes of hardware that may or may not even require the user’s active participation in order to engage enterprise resources. A case in point is the new lines of wearable devices, spearheaded by Google Glass but potentially encompassing all manner of gadgets like wristbands, lapel pins and even hats and shoes (if someone tries to get me to wear smart-underwear, that may be the day I decide to check out of the human race and go live on a mountain somewhere).

...

http://www.itbusinessedge.com/blogs/infrastructure/next-up-for-the-enterprise-wearable-gadgets.html

Monday, 02 December 2013 17:05

2013 Atlantic Hurricane Season Roundup

As the 2013 Atlantic hurricane season comes to a close, it may be easy to dismiss the significance of this year’s season.

While it’s true that this year had the fewest number of hurricanes since 1982, the 2013 hurricane season was only the third below-normal season in the last 19 years, since 1995, when the current high-activity era for Atlantic hurricanes began, according to forecasters.

A NOAA press release quotes Gerry Bell, lead seasonal hurricane forecaster at NOAA’s Climate Prediction Center, a division of the National Weather Service:

A combination of conditions acted to offset several climate patterns that historically have produced active hurricane seasons. As a result, we did not see the large numbers of hurricanes that typically accompany these climate patterns.”

http://www.iii.org/insuranceindustryblog/?p=3450

Johannesburg – The earth tremor that occurred in Johannesburg earlier on Monday measured a four on the magnitude scale, said the Geo-science Counsel. The tremor was “quite a big guy”, the seismology unit manager, Michelle Grobelaar told News24. He added that the city should expect a similar tremor to occur again, but was unable to say when it could be expected. The tremor’s epicenter was near the University of Johannesburg and struck just before 10am. The quake did not last more than six seconds. “We have not received any reports of damage or injury and are consulting with other regions in Johannesburg Divisional,” said chief for disaster risk management, Tshepo Mothlale. Some people took to popular social networking site, Twitter to describe their experiences. “There was a tremor in JHB about 20mins ago. Building shook for about a minute. I’m still shaking,” said one user. ... http://za.news.yahoo.com/joburg-experiences-magnitude-4-earthquake-another-expected-104017946.html
Search-and-recovery operations are underway today after severe storms and tornadoes wreaked havoc on the Midwest, killing at least six people and injuring dozens more with powerful winds that flattened homes and decimated much of the town of Washington, Ill. A sixth death was confirmed late Sunday night after 81 reports of tornadoes ripped through at least five states in the Midwest earlier in the day. One of the tornadoes in New Minden, Ill., was estimated to have winds up to 200 mph. Jonathon Monken, the director of the Illinois Emergency Management Agency, said a third person was confirmed dead Sunday night in Massac County. An elderly couple was killed in Nashville, Ill., and another person was killed in Washington. ... http://gma.yahoo.com/least-6-dead-illinois-tornadoes-storms-damage-homes-061534702--abc-news-topstories.html
Monday, 18 November 2013 15:00

CDC accredited for emergency management

The Centers for Disease Control and Prevention received accreditation from the Emergency Management Accreditation Program (EMAP)External Web Site Icon for its excellence in emergency management. CDC is the first federal agency to attain full accreditation of its emergency management program. “CDC’s emergency management program has seen the nation through flu emergencies, multistate foodborne outbreaks, hurricanes and more,” said CDC Director Tom Frieden, M.D., M.P.H. “CDC is the first federal agency to attain full accreditation of its emergency management program.” Accreditation means a program has completed the six step EMAP processExternal Web Site Icon, including a self-assessment, an on-site appraisal, and a committee review. The on-site assessment and follow up report includes a summary of compliance against 64 EMAP standards set out in the Emergency Management StandardExternal Web Site Icon. Included in the EMAP standards are program management; administration and finance; laws and authorities; operational planning; exercises, evaluations and corrective action; and crisis communication, public education and information. “Accreditation is a serious accomplishment for CDC and the emergency management community we support,” said Ali S. Khan, M.D., M.P.H., director of the Office of Public Health Preparedness and Response. “Preparing for and responding to emergencies of any kind – natural disasters, bioterrorism events, chemical terrorism or pandemics – is a core function of public health. Everyone at CDC has a hand, at one point in time, in emergency management and execution.” Since 1997, EMAP’s independent assessors and program review committee evaluates local, state and national emergency management programs to ensure they meet nationally set standards for emergency management and promote consistent quality of in emergency management programs. The cost of accreditation is $50,000 and is valid for five years. Thirty one states, the District of Columbia, and 14 cities and counties in the United States are accredited. CDC is hosting a recognition ceremony today. For more information, please visit http://www.cdc.gov/about/newsevents/events.htm.
Computerworld — A high-potential millennial told the CIO at a big-name pharmaceutical company during her exit interview that she found the work environment toxic. Her main complaint was that the enterprise did not allow use of the modern consumer technologies and applications that she perceives as comprising her personal and professional identity. This is mobility's rock: People want the interface, the ease of use, the "cool" factor, the freedom and the functionality of consumer technology in the workplace. Recently, about 100 CIOs sat mesmerized as two clean-cut, well-groomed and impressively articulate young men demonstrated an exploit that breached two smartphones (iOS and Android). This is mobility's hard place: Smartphones don't meet enterprise security requirements. All CIOs today find themselves caught between the two. ... http://www.cio.com/article/743361/Caught_Between_Mobility_s_Rock_and_Hard_Place
CIO — If you want to learn how to succeed with predictive analytics at your business, CIO.com can help. These three CIOs say it takes a lot of front-end data work and angst about cultural change. Expect Culture Shock Chris Coye, Senior Vice President & CIO, Disney ABC Television Group: We've implemented three predictive analytics tools this year: One analyzes what-if ad sales scenarios, another is a promotional media-optimization tool, and a third will help our executives decide which pilots to pick up. We created a small data analytics team in IT, but the models are built by Disney's revenue sciences group. The biggest technical challenge was getting the right source data. We have multiple divisions, and that data had to be standardized. We built our own extract, transform and load tool, but we're migrating to a commercial tool to speed the process. ... http://www.cio.com/article/742867/3_CIOs_Reveal_How_They_Got_Started_With_Predictive_Analytics
WASHINGTON – The Federal Emergency Management Agency (FEMA), through its regional offices in Chicago and Kansas City, is monitoring severe weather, including strong tornadoes, that continues to impact the Midwest and staying in close coordination with officials in affected and potentially affected states. Earlier today, FEMA elevated its National Watch Center in Washington, D.C. to a 24/7 enhanced watch, and has deployed liaisons to support state emergency operation centers in a number of impacted states. "Residents should continue to monitor weather conditions as they develop and follow the direction of local officials,” said FEMA Administrator Craig Fugate. "Be prepared for power outages and dangerous road conditions as a result of downed power lines and flooding – remember if you encounter a flooded road while driving, turn around, don't drown." Since before the storm system developed, FEMA has been in close coordination with state and local partners through its regional offices. FEMA's Region V Administrator, Andrew Velasquez III, has been in close contact with the Ohio Emergency Management Agency, the Wisconsin Emergency Management Agency, the Michigan Homeland Security and Emergency Management Division, the Illinois Emergency Management Agency, and the Indiana Department of Homeland Security regarding the potential impacts in those states. FEMA has deployed an Incident Management Assistance Team (IMAT) to support the State of Illinois. FEMA also has deployed liaison officers to emergency operations centers in Illinois, Indiana, and Ohio, and additional liaison officers are on standby and ready to deploy, if requested. FEMA is in continued contact with its emergency management partners in Illinois, Indiana, Michigan, Ohio, and Wisconsin. According to the National Weather Service, numerous fast-moving thunderstorms, capable of producing strong tornadoes along with widespread damaging winds and large hail, will move across portions of the middle Mississippi and Ohio Valley region and the southern Great Lakes region for the remainder of today into this evening. Visit www.ready.gov to learn more about what to do before, during, and after severe weather. Here are a few safety tips to keep in mind should severe weather occur in your area: Familiarize yourself with the terms that are used to identify a tornado hazard. A tornado watch means a tornado is possible in your area. A tornado warning is when a tornado is actually occurring, take shelter immediately. Ensure your family preparedness plan and contacts are up to date and exercise your plan. If you haven’t already, now is the time to get prepared for tornadoes and other disasters. Determine in advance where you will take shelter in case of a tornado warning: Storm cellars or basements provide the best protection. If underground shelter is not available, go into an interior room or hallway on the lowest floor possible. In a high-rise building, go to a small interior room or hallway on the lowest floor possible. Stay away from windows, doors and outside walls. Go to the center of the room. Stay away from corners because they attract debris. Vehicles, trailers and mobile homes are not good locations to ride out a tornado. Plan to go quickly to a building with a strong foundation, if possible. If shelter is not available, lie flat in a ditch or other low-lying area. Do not get under an overpass or bridge. You are safer in a low, flat location. Follow FEMA online at blog.fema.gov, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.
As far as pissing matches go, the emerging dispute over public vs. private cloud is right up there with Microsoft vs. Apple, Ford vs. Chevy and Pepsi vs. Coke. And the funny thing is, no controversy really exists at all, except in the minds of service providers and vendors who have product lines to protect. Amazon’s Andy Jassy was at it again this week, telling the audience at the company’s Reinvent conference that private clouds are simply a rouse on the part of “old-guard” companies like IBM to keep the enterprise in thrall to yesterday’s hardware and software platforms. The public cloud, he argued, is not only cheaper and more agile but more reliable and, yes, more secure than any internal infrastructure you care to name. And even though AWS provides tools like VPNs and access management to help the enterprise with its hybrid infrastructure, this is merely the first step in porting the entire enterprise data center to the public cloud. ... http://www.itbusinessedge.com/blogs/infrastructure/private-vs.-public-for-the-enterprise-its-mostly-irrelevant.html
Continuity Central has launched its annual business continuity trends survey which looks at the changes the profession can expect to see in the year ahead. One week into the survey the results are looking interesting. So far, responses show that most respondents expect to see some changes in the way their organization manages business continuity during 2014. Just over half (51 percent) expect to see small changes and almost a quarter (23 percent) expect to see large changes. Trends that are emerging in terms of the changes that business continuity professionals expect to see include: 10 percent are anticipating changes in incident / crisis management processes; 8 percent expect to see greater integration with the wider business; 5 percent expect ISO 22301 implementation projects to drive change in 2014. Business continuity budgets The majority (53 percent) of respondents state that their 2014 spending will be the same as 2013. However more than a third say that their business continuity budgets will be increased: 22 percent state that spending will be higher in 2014 compared to 2013; and 15 percent state that it will be much higher. Recruitment Three quarters (77 percent) of respondents believe that their organization’s business continuity team will remain the same size in 2014. However a fifth (21 percent) expect the team to grow with new additions being made. Only 2.5 percent of respondents expect their business continuity team to shrink. Please take part in the survey: go to https://www.surveymonkey.com/s/businesscontinuityin2014 To read the results of last year’s survey click here.

Natural and manmade disasters underscore the challenges of seamless disaster recovery in the real world. Having a comprehensive business continuity plan isn't just an IT concern; though. Nothing less than the survival of your company is at stake.

 
By Ed Tittel and Kim Lindros
 

CIO — We rarely get a head's up that a disaster is ready to strike. Even with some lead time, though, multiple things can go wrong; every incident is unique and unfolds in unexpected ways.

This is where a business continuity plan comes into play. To give your organization the best shot at success during a disaster, you need to put a current, tested plan in the hands of all personnel responsible for carrying out any part of that plan. The lack of a plan doesn't just mean your organization will take longer than necessary to recover from an event or incident. You could go out of business for good.

...

http://www.cio.com/article/742974/How_to_Create_an_Effective_Business_Continuity_Plan

Cloud services whether PaaS (platform), SaaS (software), DraaS (disaster recovery) or another ‘as a service’ option are part of the business landscape now. However, in the vast majority of cases, using them means that your data is stored outside your organisation. No matter what the cloud vendor’s reputation, security must be evaluated, confirmed and applied. Here’s a list of ten security questions to help you safeguard your data, your confidentiality and quite possibly your business.

...

http://www.opscentre.com.au/blog/eight-security-questions-to-ask-a-cloud-vendor-before-you-sign-up/

Thursday, 14 November 2013 15:32

FEMA to Evaluate Readiness of Pennsylvania

PHILADELPHIA – The Department of Homeland Security’s Federal Emergency Management Agency will evaluate a Biennial Emergency Preparedness Exercise at the Limerick Generating Station.  The exercise will take place during the week of November 18, 2013 to test the ability of the Commonwealth of Pennsylvania to respond to an emergency at the nuclear facility.

“These drills are held every other year to assess government’s ability to protect public health and safety,” said MaryAnn Tierney, Regional Administrator for FEMA Region III.  “We will evaluate state and local emergency response capabilities within the 10-mile emergency-planning zone of the nuclear facility.”

Within 90 days, FEMA will send their evaluation to the Nuclear Regulatory Commission (NRC) for use in licensing decisions.  The final report will be available to the public approximately 120 days after the exercise.

FEMA will present preliminary findings of the exercise in a public meeting at 11:30 a.m. on November 22, 2013 at the Hilton Garden Inn Valley Forge/Oaks, 500 Cresson Blvd, Phoenixville, PA 19460.  Scheduled speakers include representatives from FEMA, NRC, and the Commonwealth of Pennsylvania.

At the public meeting, FEMA may request that questions or comments be submitted in writing for review and response.  Written comments may also be submitted after the meeting by emailing FEMAR3NewsDesk@fema.dhs.gov or by mail to:

MaryAnn Tierney
Regional Administrator
FEMA Region III
615 Chestnut Street, 6th Floor
Philadelphia, PA 19106
                                                               

FEMA created the Radiological Emergency Preparedness (REP) Program to (1) ensure the health and safety of citizens living around commercial nuclear power plants would be adequately protected in the event of a nuclear power plant accident and (2) inform and educate the public about radiological emergency preparedness.

REP Program responsibilities cover only “offsite” activities, that is, state and local government emergency planning and preparedness activities that take place beyond the nuclear power plant boundaries. Onsite activities continue to be the responsibility of the NRC.

Additional information on FEMA’s REP Program is available online at fema.gov/radiological-emergency-preparedness-program.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Follow us on Twitter at twitter.com/femaregion3.

http://www.fema.gov/news-release/2013/11/13/fema-evaluate-readiness-pennsylvania

By Ali S. Khan

Waives battering wooden pier and houses

Seeing images of the devastation in the Philippines reminded me of my own experiences with Hurricane Katrina and the Asian Tsunami. During both of those events, I had the honor to join CDC (and WHO in the case of Indonesia) teams to help re-establish crucial public health services and support the impacted communities. Disaster recovery isn’t just about rebuilding damaged homes and businesses; it has everything to do with health.

When something as devastating as Typhoon Haiyan occurs, it can be daunting to consider what a recovery effort might look like. Providing for basic needs and preventing potential injuries and outbreaks are usually at the forefront of any recovery plan. Despite the widespread devastation and lack of infrastructure people still need access to food and water. Groups with special needs, such as pregnant women or the elderly, still need care. These basic needs can present a host of health problems in the face of disaster. And as people begin to get their lives back in order, injuries from cleanup efforts and potential outbreaks due to contaminated food or water sources are a constant concern.

Men and women in a makeshift clinic wearing face masks

Clinic set up in Haiti following the cholera outbreak. Photo by Kendra Helmer/USAID

Stabilizing and Surveillance

The initial health response usually centers on setting up field hospitals, to take care of those who need immediate medical attention. We then turn our attention to disease monitoring efforts to understand the needs within the community and provide critical public health services. These services initially focus on environmental health concerns such as food and (especially) water safety, worker safety, and injury prevention.  

Following an event such as a hurricane or typhoon – where you have excess flood waters – communities must be vigilant about preventing the spread of water borne illness (think E. coli or cholera), which often cause diarrhea and severe dehydration. Although these are two seemingly treatable symptoms, they can be difficult to manage when infrastructure is down and basic supplies (such as clean water) are hard to come by. Crowded and unsanitary conditions can also lead to the spread of disease. Following Hurricane Sandy, several recovery centers had to act quickly to halt the spread of norovirus, a common “stomach bug” that can spread quickly in close quarters. We’ve also learned about the risk of spread of communicable diseases within shelters and the need to provide select immunizations.

building and cars destroyed by a tornado

broken glass, metal, and other debris can pose a serious risk of infection following a disaster.

Cleanup can be a mess

Aside from possible disease outbreaks, one of the most common health problems we saw post-Katrina were injuries related to cleanup, people falling from ladders, carbon monoxide poisoning from generators, and cuts and lacerations people got moving through the rubble. Following a disaster health officials are often on the lookout for cases of tetanus or other wound infections. In 2011, after the F5 tornado struck Joplin, Missouri, a deadly fungal outbreak was discovered among those who had sustained wounds from the cleanup effort. Public health officials work around the clock after a disaster to warn the public of these dangers and track potential disease outbreaks before they get out of hand.

Rebuilding

As the Philippines grapple with the mammoth effort of rebuilding their homes, roadways, and towns, they will first have the task of addressing the health needs inherent to a major disaster.  Disease pathogens and hazards are opportunistic and strike when we are at our most vulnerable. My thoughts are with the people of the Philippines and the aid workers helping to get the country back on their feet.

If you would like more information about recovery efforts or how you can help, please visit: http://www.usaid.gov/haiyan/External Web Site Icon.

Thursday, 14 November 2013 15:29

Role of CDO Still in Question

What if organizations don’t need a chief data officer so much as they need an executive team that understands and relies on data?

I stumbled backwards into this idea by misreading a shortened UK CIO headline: “Bank of England doesn't need a CDO, claims CIO.” As happens too often with tech, it turns out CDO is short for chief digital officer, not chief data officer.

Chief digital officers have more to do with transforming paper tasks to digital. If you want to read more about their job duties, ZDNet published a good trends piece about the role.

...

http://www.itbusinessedge.com/blogs/integration/role-of-cdo-still-in-question.html

Thursday, 14 November 2013 15:28

Low Insurance Impact Expected from Haiyan

Damage in the Philippines from Typhoon Haiyan is widespread, with new information emerging daily. Insured losses, however, are expected to be low, with the greatest impact on smaller reinsurers, according to insurance industry reports.

A.M. Best said in a briefing that it expects insured losses to be minimal, as non-life insurance is less than 1% of the country’s gross domestic product.

“Insured losses in the Philippines will be spread across many segments, including per­sonal lines, fire and property, and marine hull. Fire/property and marine hull will be well reinsured through the major global reinsurers and through Lloyd’s, which will also absorb some marine losses on a primary basis. Net losses to primary insurers will be limited, and some commercial losses also may be covered through captives or other forms of self-insurance,” the report said.

...

http://www.riskmanagementmonitor.com/low-insurance-impact-expected-from-haiyan/

Thursday, 14 November 2013 15:27

6 Tips to Help CIOs Manage Shadow IT

CIO — With the increase in cloud computing and BYOD in the workplace, it's become increasingly difficult for IT departments to keep track of and manage software and hardware -- and maintain a secure environment.

So what can CIOs and other IT leaders do to identify and manage Shadow IT -- software and hardware not directly under the control of IT -- and mitigate the potential risks? CIO.com asked dozens of IT, mobile and cybersecurity professionals to find out. Here are their top six tips for managing Shadow IT in the enterprise.

1. Monitor your network -- to find out if or where you have a Shadow IT problem. "Regardless of whether employees use company-issued or personal (i.e., BYOD) hardware, organizations need to identify where all their data resides -- [in house], in the data center, at the edge or in the cloud," says Greg White, senior manager, product marketing, CommVault, a provider of data and information management software.

...

http://www.cio.com/article/743114/6_Tips_to_Help_CIOs_Manage_Shadow_IT

Thursday, 14 November 2013 15:26

Amazon vs. IBM Conflict Conceals Real Problem

I’ve been thinking about the fight between Amazon Web Services and IBM for the CIA and other U.S. government business and it strikes me that something is really screwy. I’m not talking about the bid process, which both IBM and the General Accounting Office (GA0) called out. I’m talking about how, in the age of Manning and Snowden, no Web service provider should have made the cut for a CIA service no matter how benign. The very fact that Amazon had to go to war with the GAO, which you’ve got to believe will have implications for how supportive they will be to other CIA budgetary requests, points to a real failure to understand the dynamics here.

It should have been too politically risky and it suggests that the unique services that a company in IBM’s class provides were taken for granted or completely ignored, which likely goes to its complaint about the bid process, in which Amazon shouldn’t have been able to comply—not technically, but in terms of meeting the security and compliance requirements unique to the federal government.

...

http://www.itbusinessedge.com/blogs/unfiltered-opinion/amazon-vs.-ibm-conflict-conceals-real-problem.html

Thursday, 14 November 2013 15:25

Colorado Flooding: Two Months Later

DENVER – In the two months since heavy rains brought flooding, Colorado survivors have received more than $117.4 million in state and federal assistance and low-interest loans and an additional $35.1 million in FEMA’s National Flood Insurance Program (NFIP) payouts.

To date, more than $52.7 million in Individual Assistance (IA) grants has helped more than 15,000 Colorado households find safe, functional and sanitary rental units or make repairs to primary homes and cover other disaster-related expenses, such as medical needs or personal property loss. Nearly $48.7 million of IA grants have been issued in housing assistance and $4 million in other needs assistance, such as medical or personal property loss. Flood survivors have also received disaster unemployment assistance and disaster legal services.

The U.S. Small Business Administration (SBA) has approved $64.7 million in disaster loans to Colorado homeowners, renters, businesses of all sizes and private nonprofit organizations. Of that amount, $54.3 million was in loans to repair and rebuild homes and $10.4 million in business and economic injury loans. Approved loan totals in some of the impacted areas are currently $40 million in Boulder County, $8.9 million in Larimer County and $7.7 million in Weld County.

In addition:

  • FEMA housing inspectors in the field have looked at more than 24,000 properties in the 11 designated counties for Individual Assistance.
  • In coordination with the State and local officials, FEMA Disaster Survivor Assistance specialists have canvassed Colorado neighborhoods, helping 37,180 survivors connect with recovery services. Survivors have talked to local, state, nonprofit, nongovernmental and FEMA specialists at the Disaster Recovery Centers (DRCs). At the DRCs, in the field and on the phone, FEMA provides information in Spanish and many other languages.
  • More than 50 national, state and local voluntary and faith-based organizations have spent 269,330 hours helping people as they recover from the flooding. The 27,655 volunteers are providing donations, volunteer management, home repair, child care, pet care, counseling services and removal of muck and mold from homes.
  • In the 18 counties designated for Public Assistance, 190 Applicant Kickoff Meetings have been conducted and so far FEMA has obligated $9,451,743 for eligible projects for debris removal, emergency protective measures and the repair of critical public-owned infrastructure.
  • FEMA and the State’s Private Sector team has contacted organization leaders from 33 Chambers of Commerce, six Economic Development Centers and 38 colleges and universities to share disaster assistance information.
  • The Federal Disaster Recovery Coordination group is coordinating disaster recovery across the entire federal family of agencies, facilitating long-term relationships among agencies, identifying technical expertise and funding opportunities; suggesting strategies for addressing specific needs, and generally encouraging a whole community approach to disaster recovery.
    • Coordinating agencies represented in FDRC include U.S. Army Corps of Engineers, U.S. Department of the Interior, U.S. Department of Housing and Urban Development, and U.S. Department of Commerce.
  • Speakers Bureau has received 71 requests from local officials throughout the affected area and 363 State/FEMA specialists and SBA representatives have spoken at town hall meetings and other venues. More than 7,600 attendees received information about FEMA’s IA program, Hazard Mitigation, flood insurance and SBA.
  • Mitigation specialists have counseled 15,250 survivors during outreach efforts at area hardware stores and more than 4,300 survivors at Disaster Recovery Centers in Colorado.
  • In the first 60 days of the Colorado flooding disaster, there have been 96,375 total page views on the disaster web page, fema.gov/disaster/4145, or an average of 1,606 daily. More than 500 tweets in the last 60 days were posted on the FEMA Region 8 Twitter feed, an average of eight daily tweets. The R8 Twitter feed has increased its followers to 9,000, an increase of nearly 600 new followers in the past 60 days.
  • At the request of the State, the 11 counties with FEMA IA designations are Adams, Arapahoe, Boulder, Clear Creek, El Paso, Fremont, Jefferson, Larimer, Logan, Morgan and Weld.
  • At the request of the State, the 18 counties with FEMA Public Assistance (PA) designations are Adams, Arapahoe, Boulder, Clear Creek, Crowley, Denver, El Paso, Fremont, Gilpin, Jefferson, Lake, Larimer, Lincoln, Logan, Morgan, Sedgwick, Washington and Weld.

County-By-County Breakdown of State and Federal Grants

Adams County

Housing Assistance:

$1,017,068

 

Other Needs Assistance:

$118,156

 

Total State/FEMA Assistance:

$1,135,224

     

Arapahoe County

Housing Assistance:

$2,928,379

 

Other Needs Assistance:

$255,331

 

Total State/FEMA Assistance:

$3,183,710

     

Boulder County

Housing Assistance:

$28,419,729

 

Other Needs Assistance:

$1,820,947

 

Total State/FEMA Assistance:

$30,240,676

     

Clear Creek County

Housing Assistance:

$190,128

 

Other Needs Assistance:

$2,426

 

Total State/FEMA Assistance:

$192,554

     

El Paso County

Housing Assistance:

$1,338,680

 

Other Needs Assistance:

$142,673

 

Total State/FEMA Assistance:

$1,481,353

     

Fremont County

Housing Assistance:

$43,859

 

Other Needs Assistance:

$1,950

 

Total State/FEMA Assistance:

$45,809

     

Jefferson County

Housing Assistance:

$1,378,621

 

Other Needs Assistance:

$26,793

 

Total State/FEMA Assistance:

$1,405,414

     

Larimer County

Housing Assistance:

$4,816,065

 

Other Needs Assistance:

$267,884

 

Total State/FEMA Assistance:

$5,083,949

     

Logan County

Housing Assistance:

$474,194

 

Other Needs Assistance:

$42,515

 

Total State/FEMA Assistance:

$516,709

     

Morgan County

Housing Assistance:

$69,450

 

Other Needs Assistance:

$5,037

 

Total State/FEMA Assistance:

$74,487

     

Weld County

Housing Assistance:

$8,027,426

 

Other Needs Assistance:

$1,338,890

 

Total State/FEMA Assistance:

$9,366,315

Register with FEMA by phone, 800-621-3362, from 5 a.m. to 8 p.m., MST, seven days a week.  Multilingual phone operators are available on the FEMA helpline. Choose Option 2 for Spanish and Option 3 for other languages. People who have a speech disability or are deaf or hard of hearing may call (TTY) 800-462-7585; users of 711 or Video Relay Service can call 800-621-3362.

Register online: DisasterAssistance.gov. Register by Web-enabled device, tablet or smartphone: type m.fema.gov in the browser.

OKLAHOMA CITY – Nearly six months after the start of deadly tornadoes that struck the state, the Oklahoma Department of Emergency Management (OEM) and FEMA urge Oklahomans to continue to stay prepared for severe weather.

During this time of year, that means being ready for hazardous winter weather conditions. Wednesday, Nov. 13 is Winter Weather Preparedness Day in Oklahoma. As we near the winter weather season, this is a time for Oklahomans to become prepared for freezing temperatures and the snow and ice that may accompany them.

Travel

Before traveling, prepare your vehicle:

• Pack blankets, emergency food and water, flashlights, a radio and a cell phone with extra batteries in case you and your family become stranded due to weather.
• Make sure you have plenty of fuel; a good rule of thumb is to keep your fuel tank at least half full.
• Check antifreeze, washer blades and tire pressure.

Always heed the warnings of law enforcement and transportation officials regarding road conditions and refrain from traveling when possible.

If you must travel during a snow or ice event, allow extra time to reach your destination, and make sure you have plenty of fuel.

Be particularly cautious on bridges and overpasses as they will be the first to freeze. Stay back at least 200 feet behind salt and sand equipment in order to stay safe.

Always wear your seat belt.

Bring a cell phone with an emergency roadside assistance number. (In case of emergency, you can call the Oklahoma Highway Patrol at *55 or 911.)

If you must go out during a winter storm, let someone know your destination, as well as your route and when you expect to arrive.

If you get stranded, stay with your vehicle. After snowfall has stopped, hang a brightly-colored cloth on the radio antenna and raise the hood.

Carry extra clothing, blankets and high energy snacks, such as cereal or candy bars in your car for protection if car stalls.

Pack a kit that includes:

• A cell phone with extra batteries or two-way radio
• A windshield scraper, a shovel and small broom for ice and snow removal
• Blankets or sleeping bags
• Rain gear and extra sets of dry clothing, mittens, socks and a cap
• Water and non-perishable, high-energy foods
• A small sack of sand or kitty litter for generating traction under wheels and a set of tire chains or traction mats
• Jumper cables
• A first aid kit
• A flashlight with extra batteries
• A brightly-colored cloth to tie to the antenna if you get stranded.

Be Aware

Know what winter storm and blizzard watches and warnings mean:

• A National Weather Service winter storm watch is a message indicating that conditions are favorable for a winter storm.
• A National Weather Service warning indicates that a winter storm is occurring or is imminent.
• A blizzard warning means sustained winds or frequent gusts up to 35 mph or greater and considerable falling or blowing snow are expected to prevail for a period of three hours or longer.

Understand the hazards of wind chill. A strong wind combined with a temperature of just below freezing can have the same effect as a still air temperature of 35 degrees or colder.

Check for weather-related road conditions through the Oklahoma Department of Public Safety at dps.state.ok.us or by calling toll free, (888) 425-2385 or (405) 425-2385.

At Home

Check on friends, relatives and neighbors who live alone, especially seniors and those with disabilities.

Develop a family disaster plan for winter storms. Discuss with your family what to do if a winter storm watch or warning is issued. Everyone should know what to do in case all family members are not together when a winter storm hits.

Make sure pets have food and water and a place to seek shelter.

While indoors, try to keep at least one room heated to 70 degrees to prevent hypothermia. This is especially important for seniors and children.

Stay warm at night with extra blankets, a warm cap, socks and layered clothing.

To keep pipes from freezing, wrap them in insulation or layers of old newspapers. Cover the newspapers with plastic to keep out moisture. Let faucets drip a little to avoid freezing. Know how to shut off water valves if necessary.

Keep safe emergency-heating equipment, such as a fireplace with wood. Always be cautious in using a portable space heater and never leave the heater on when you are not in the room or when you go to bed.

Avoid carbon monoxide poisoning:

• Do not use an unvented gas or kerosene heater in closed spaces, especially sleeping areas.
• Do not use gas appliances such as an oven, grill, range or clothes dryer to heat your home.
• Do not burn charcoal inside a house, garage, vehicle or tent for heating or cooking, even in a fireplace.
• Look for carbon monoxide exposure symptoms including headache, dizziness, weakness, sleepiness, nausea and vomiting that can progress to disorientation, coma, convulsions and death.
• If you suspect carbon monoxide poisoning, open doors and windows, turn off gas appliances, and go outside for fresh air. Call 9-1-1 emergency medical services in severe cases.
• Install and check/replace batteries in carbon monoxide and smoke detectors.

Stay informed:

Find a full list of winter weather preparedness tips or sign up now to receive weather alerts on your cell phone or other email address at ok.gov/OEM/.

The National Oceanic and Atmospheric Administration provides additional information online about winter weather watches, warnings and advisories: srh.noaa.gov/ama/?n=wwad.

For more information on Oklahoma disaster recovery, visit the Oklahoma Department of Emergency Management site at oem.ok.gov or fema.gov/disaster/4117.

Wednesday, 13 November 2013 17:05

The quest for weak links in information security

CSO - A widely accepted definition of information security risk is the potential of a specific threat exploiting the vulnerabilities of an information asset, with the following formula used to represent information security risks: Risk = Likelihood x Impact.

The potential impact on information, processes and people is typically estimated during a business impact analysis as part of corporate business continuity planning. However, estimating likelihood of information security risks is often guesswork resulting from combined vulnerability assessments and threats assessments. While assessing the likelihood of risks, many IT security teams will categorise risk using the traffic light system for high, medium or low level. Those responsible for information security in a company should estimate risk levels for all corporate information systems and apply control measures accordingly. Estimating risk levels is a continuous process and it requires the use of tools such as vulnerability assessment scanners and/or contracting the services of companies specialized in ethical hacking.

In May this year, the Financial Times was hacked via the exploit of one of its many blogging systems. The system in question was based on the vulnerable version of a content management system. This case illustrates that the principle of the weakest link in the security chain could affect complex information systems with many interconnected components. To maintain a high level of protection of vital corporate information, it is necessary to assess vulnerabilities of all information systems, since those that are less critical could be exploited to provide access to other, more critical systems.

...

http://www.networkworld.com/news/2013/111213-the-quest-for-weak-links-275870.html

The credit card details of about 376,000 European citizens have been put a serious risk after a data breach affecting the Co Clare based company Loyaltybuild, making it what one industry person described today as perhaps the “largest data protection breach in western Europe in the last three years”.

Up to 1.5 million have had their personal information compromised - details such as names, addresses, phone numbers and email addresses.

Data Protection Commissioner Billy Hawkes had not been made aware of the full extent of the breach until Monday night, he indicated.

Supervalu, which uses Loyaltybuild to process customer data for its Getaway Breaks scheme, initially brought the issue to light last week when it said about 39,000 of its customers had been exposed to credit card fraud.

...

http://www.irishtimes.com/news/crime-and-law/breach-one-of-biggest-in-europe-in-last-three-years-1.1593370

Wednesday, 13 November 2013 17:03

Disaster Update – Typhoon Haiyan

Typhoon Haiyan swept across the central Philippines on Friday leaving a trail of massive destruction in its wake. With sustained winds reported at over 145 miles per hour, and significantly stronger gusts, Haiyan was the second category 5 typhoon to strike the Philippines this year. The typhoon affected 4.3 million people across 36 provinces.

Philippine Red Cross volunteers throughout the region are reporting significant damage and a growing death toll, while the full extent of the devastation continues to unfold. While relief efforts are underway, blocked roads, destroyed infrastructure and downed communication lines are making the response particularly challenging.

The Philippine Red Cross is leading the response effort and their volunteers have been caring for people even before Typhoon Haiyan made landfall—working closely to support pre-emptive evacuations of more than 125,000 families. The Philippine Red Cross is the largest humanitarian organization in the country, with 1,000 staff and an estimated 500,000 active volunteers engaged in response to this emergency. Red Cross has begun distributions of relief supplies, but delivery in the worst affected city of Tacloban has been significantly constrained by damage to local infrastructure.

The American Red Cross has deployed four people to the Philippines. These include two people who specialize in telecommunication and who are traveling with satellite equipment, and two others who specialize in disaster assessment. The Red Cross network has deployed teams in logistics, disaster assessment, shelter, health, water and sanitation.

In addition to supplying people, expertise, and equipment, the American Red Cross is helping reconnect families separated by Typhoon Haiyan. People searching for a missing family member in the Philippines should remember that many phones lines are down. If still unable to reach loved ones, people contact their local chapter of the American Red Cross to initiate a family tracing case.

Wednesday, 13 November 2013 17:02

Supertyphoon Haiyan Devastates Philippines

Supertyphoon Haiyan hit the Philippines on Friday, leaving at least 10,000 residents dead and hundreds of thousands without reliable food, shelter or water. One of the strongest storms ever recorded, Haiyan’s winds surpassed 140 miles per hour, bringing record storm surges. The full extent of the damage remains uncertain, with communication and transportation severely restricted.

The World Bank has called the Philippines one of the most hazard-prone countries in the world. Closed roads and airports restricted aid efforts after Supertyphoon Haiyan, and communication failures posed some of the greatest challenges to both assessing and recovering from damage.

“Under normal circumstances, even in a typhoon, you’d have some local infrastructure up and some businesses with which you can contract,” Praveen Agrawal, the World Food Program’s Philippines representative and country director, told the New York Times. “Being as strong as it was, it was very much like a tsunami. It wiped out everything. It’s like starting from scratch” in terms of delivering the aid, he said.

...

http://www.riskmanagementmonitor.com/supertyphoon-haiyan-devastates-philippines

One of the most important jobs in IT is that of the IT asset manager. Knowing the status of all software and hardware in the organization at a moment’s notice is a necessity. It takes a very detail-oriented person to plan for the life cycles of software, track all software licenses, and ensure that the company stays in compliance with its contracts.

When a company finds itself in need of just such a person, having the proper job description is integral to locating a candidate who captures all of the skills necessary. Our IT Download, “Job Description: IT Asset Manager,” provides the most detailed listing of skill sets and experience that a capable IT asset manager should possess.

According to this job description, duties and responsibilities of an asset manager include:

...

http://www.itbusinessedge.com/blogs/it-tools/how-to-find-the-right-candidate-for-an-it-asset-management-role.html

Wednesday, 13 November 2013 17:00

NFPA 1600 2016 edition development update

The NFPA Technical Committee on Emergency Management and Business Continuity, which is responsible for developing the 2016 edition of NFPA 1600, the Standard on Disaster/Emergency Management and Business Continuity Programs, met on October 22nd and 23rd in Salt Lake City, UT.

The draft minutes of the meeting have just been published and contain, amongst other items, details of critical milestone dates within the development process. These include:

  • First revision electronic filing must be completed by task groups
    by January 3, 2014;
  • The deadlines for submission of public submittal are November 29 (paper submissions) and January 3, 2014 (online submissions).
  • The First Draft meeting must be held by June 13, 2014, and
  • The first draft will be balloted no later than August 22, 2014.

Read the draft minutes (PDF).

The Business Continuity Institute has announced that Business Continuity Awareness Week 2014 (BCAW) will take place between March 17th and 21st.

BCAW is an annual global event to raise awareness of business continuity management, to demonstrate the importance of business continuity and to help people understand why they should apply it to their organization.

Business Continuity Awareness Week will include a number of regional events as well as a series of webinars.

More details will follow when they are available.

To see what took place during BCAW 2013 click here.

Wednesday, 13 November 2013 16:52

Social Media use at BCM2013

Back in June I was critical of Social Media usage at the Australasian BC Summit, suggesting that one of the reasons why there was no use of social media was the age of attendees. It was not a young audience.

If we did not make an issue of the need to use social media  at the time of a disruption it probably would not matter – but we do and at the same time when we don’t practice, nor understand, it.

The audience at BCI World Conference in London last week was not much younger – it is still an older person’s discipline. But there was a little more use of Social Media. But still remarkably disappointing – especially as there had been good promotion of the Twitter hashtag (unlike the Australasian conference) and clear exhortation to people to join discussion on social media.

...

http://www.blog.vrg.net.au/informed/conferences/bcm-world-conference-2013/social-media-use-at-bcm2013/

Wednesday, 13 November 2013 16:51

Typhoon Haiyan: The Insurance Perspective

Amid the pictures and stories of destruction from Typhoon Haiyan come some facts that put the damage from this storm in perspective, at least in insurance terms.

Typhoon Haiyan hit the central Philippines as an extreme Category 5 storm, with winds of 195 miles per hour as well as a massive storm surge on November 8. It then traveled across the South China Sea and made landfall on the north Vietnam coast as a Category 1 storm with 75 mile per hour winds on November 10.

Latest media reports put the death toll in the city of Tacloban alone at more than 10,000. While this figure seems high, the Capital Weather Gang blog notes that even if the death toll estimate holds up Haiyan would rank outside the top 35 deadliest tropical cyclones on record.

...

http://www.iii.org/insuranceindustryblog/?p=3430

Wednesday, 13 November 2013 16:31

Microsoft Ups Its Game in CRM and ERP

According to the Chinese calendar, 2014 is supposed to be the year of the horse. However, Microsoft prefers to dub it the year of the customer, a consideration that has led it to add new features to its Dynamics CRM software.

Kirill Tatarinov, executive vice president, Microsoft Dynamics explained that the millennial generation (born between the early 1980s and early 2000s) is more informed, has radically different expectations and is changing the market dynamics for every industry. This new breed of consumer, he said, has a constant connection to the Internet and uses social networks for feedback that can quickly go viral. They feel empowered.

"Over 90 percent of people today never complain when not served well," said Tatarinov. "They just leave and never come back."

...

http://www.itbusinessedge.com/articles/microsoft-ups-its-game-in-crm-and-erp.html

In life, and in business, reputation is everything. That said, reputation is very fragile and it only takes one mistake to cause irreparable damage to your company’s image. This is especially true in the digital world where radical transparency and high customer expectations reign supreme. Ignoring strong public digital voices isn’t an option any more. Companies have to learn to not only communicate effectively in the social media age, but to truly listen to the social chatter and respond in the way that align with both brand and customer expectations.

In the online era, it becomes critical for the business of any size to have a social media crisis management plan – or even better, a crisis prevention plan – in place for those times when things go wrong. And it is truly the matter of “when” vs. “if.”

Let’s take a look at some of the ways to avoid social media disasters, prevent them from escalating, or handle things if everything goes sideways.

...

http://www.forbes.com/sites/ekaterinawalter/2013/11/12/10-tips-for-reputation-and-crisis-management-in-the-digital-world/

Some 62,500 customers of Supervalu are now thought to have been affected by a security breach, significantly more than the 39,000 originally thought, and there is a “high risk” their payment details have been accessed by an unauthorised third party, the supermarket chain said last night. In a statement, it said those affected paid for Supervalu Getaway Breaks between January 2011 and February 2012.

The supermarket said the 62,500 customers who made bookings during the period have been advised to contact their bank or financial institution as soon as possible. They should “immediately check the transactions on their payment cards for any suspicious activity”, the statement said.

Customers are also being warned to treat any unsolicited communication claiming to represent Supervalu Getaway Breaks or Loyaltybuild with “extreme caution."

...

http://www.irishtimes.com/news/consumer/some-62-500-supervalu-customers-at-risk-over-breach-1.1591663

When you’re scouring your neighbourhood to detect possible risks to your organisation, a tool like Google Earth can be a valuable asset. Without leaving your desk you can tour streets and advance street view by street view, pinpoint addresses such as the nearest phone service and electricity providers on your map and spot vulnerabilities – that remote site with no surrounding fence, for example. That’s the good side of Google Earth. However, it also has its limitations and even potential drawbacks. Find out more about these below so that you won’t be caught short.

...

http://www.opscentre.com.au/blog/is-google-earth-a-good-tool-for-business-continuity-and-disaster-recovery/

The vision of the cloud as a magical realm of limitless scalability and customized, on-demand data architectures still runs strong in the enterprise industry. This view is not altogether wrong, even though many clouds with various levels of functionality will be created in order to meet the demands of an increasingly diverse data community.

But no matter how the individual enterprise chooses to implement the cloud or what applications it deploys, the fact remains that, as with any other infrastructure expansion, the migration process will be lengthy and complicated.

The good news, though, is that the cloud industry is highly motivated to absorb as much of the existing enterprise data environment as possible and, being already steeped in automated processes, it is working to take on the lion’s share of the migration burden using the latest software platforms.

...

http://www.itbusinessedge.com/blogs/infrastructure/you-may-be-ready-for-the-cloud-but-are-you-ready-for-the-migration.html

Tuesday, 12 November 2013 16:32

CFOs More Confident About Risk Management

Nearly two-thirds of CFOs are more confident in their ability to manage risk, with 25% reporting an increased appetite for risk, according to a new national survey from TD Bank. A number of respondents said their organizations have managed risk proactively since 2008 through internal controls and procedures and increased accountability.

“What we’re seeing, both through this survey and in our interactions with clients, is a more positive outlook about the economic environment and the business opportunities coming out of the recession,” Greg Braca, executive vice president and head of corporate and specialty banking at TD Bank said in a statement. “Well over a third of the CFOs surveyed expressed that they’re more confident in the U.S. economy, and more than half viewed their organizations’ prospects in the same vein. CFOs feel better equipped to manage risk, which will enable them to take a more active approach to investing and expansion, even if the economy improves at a slower pace than we’d like.”

CFOs are also apprehensive about the regulatory climate, with more than a third of respondents indicating that regulation is a top concern going forward.

The survey was conducted in September and October 2013 by ORC International. A total of 150 executives were surveyed, half at companies with annual sales of $50 million to less than $250 million (middle-market) and half at companies with annual sales greater than $250 million (corporate).

...

http://www.riskmanagementmonitor.com/cfos-more-confident-about-risk-management/

CSO — As everyone knows, cloud provider Nirvanix recently fell apart, declaring bankruptcy and leaving its customers in the lurch. Nirvanix gave enterprises less than a month to move their data to a new home. To avoid the fate of those customers, follow these best practices for safely moving data in and out of the cloud.

Due diligence: financials first

The Cloud Security Alliance's February 2013 report, "The Notorious Nine: Cloud Computing Top Threats in 2013" has identified a lack of due diligence as a continuing threat to cloud computing. When enterprises do look into cloud providers, their view of things is a bit lopsided. "Cloud consumers place too much emphasis on information assurance and privacy, or focus on cost reduction and savings at the expense of investigating the financial health of candidate providers," says John Howie, COO, the Cloud Security Alliance.

"Perceived profitability does not imply stability for a company or a service provider," says Adam Gordon, CISO, New Horizons Computer Learning Centers; "the management strategies of a company can squander financial success overnight, driving profitability, the company and its partners over a cliff quickly if nobody is paying attention."

...

http://www.cio.com/article/742976/Best_Practices_for_Safely_Moving_Data_in_and_Out_of_the_Cloud

Monday, 11 November 2013 17:14

Cybersecurity Threats Are Rising

Cyber security has moved from operations to a concern of the C-suite and the board, EY (formerly known as Ernst & Young before getting carried away with hip rebranding), the consultancy, has found in its work across industries.

“For nearly three- quarters of organizations surveyed, information security policies are now owned at the highest organizational level,” the firm concluded in a recent report on cyber security, “Under Cyber Attack, EY Global information security survey 2013.” Because the attacks are becoming more numerous and more sophisticated, organization have to improve their defenses and get proactive. (For a fascinating look at how Obama’s security is protected — a tent that is erected in hotel or conference rooms with tools to protect against eavesdropping, see The New York Times.)


“The number of threat actors is increasing and each has a different high value target,” said Chip Tsantes, cybersecurity leader for financial services at EY. “Five years ago it was protecting money, but now threat actors, nation states and hactivists are looking to disrupt, embarrass, steal IP or help their domestic industries. The number of targets has increased, techniques have gotten better and they are going after a wide array of targets.”

...

http://www.forbes.com/sites/tomgroenfeldt/2013/11/11/cybersecurity-threats-are-rising-ey/

By Brad Glisson

Experts from the University of Glasgow looked at a sample of mobile phones returned by the employees from one Fortune 500 company and found that they were able to retrieve large amounts of sensitive corporate and personal information. The loss of data such as this has potential security risks, inviting breaches on both an individual and corporate level.

The data yielded by this study on 32 handsets included a number of items that could potentially cause significant security risks and, lead to the leakage of valuable intellectual property or exposed the company to legal conflicts.

The study is an important step in proving that the increasing use of mobile devices in the corporate environments may be jeopardising security and compromising country specific data protection legislation.

...

http://www.nmk.co.uk/article/2013/11/10/mobile-phone-use-may-pose-significant-security-risks-for-companies

Today is National Remembrance Day for Veterans who served their country and across the world. In the US we call it Veterans Day. In the UK, it is called Remembrance Day. Whatever it is called, it is designed so that we may never forget the sacrifices that the men and women made so that we can live in a free society. So today, I ask you to personally thank a veteran, buy them a cup of coffee or simply reflect on those who made the ultimate sacrifice to allow us all to go forward into the 21st Century.

My father is a veteran of both World War II and the Korean Conflict. I saw him this weekend and at 87 he is still kicking along, reading, studying and thinking about the relevant issues of the day. He gave to me a copy of the Fall 2013 issue of the University of Illinois, College of Law, Comparative Labor Law & Policy Journal which had an article, entitled “Toward Joint Liability in Global Supply Chains: Addressing the Root Causes of Labor Violations In International Subcontracting Networks”, by authors Mark Anner, Jennifer Bair and Jeremy Blasi. So to honor my father’s continuing interest in anti-corruption compliance, today I will write about this article and how it informs anti-corruption compliance in the Supply Chain.

...

http://tfoxlaw.wordpress.com/2013/11/11/honor-our-veterans-and-compliance-in-the-supply-chain/

MANILA — The super-typhoon that tore through the Philippines and left a feared five-figure death toll touched down in central Vietnam early Monday, already ranking as one of Asia’s most destructive natural disasters in recent decades.

As rescue workers struggled to reach some areas along a heavily damaged chain of Philippine islands, survivors described a toll that this impoverished country will be contending with for years.

Entire regions are without food and water, and bodies are strewn on the streets, after a typhoon that had much the look of a tsunami, with waves as high as two-story buildings. Photos and videos showed towns ground to a pulp.

...

http://www.washingtonpost.com/world/asia_pacific/philippines-fears-massive-death-toll-after-typhoon/2013/11/10/2bd314f4-49dd-11e3-b87a-e66bd9ff3537_story.html?wpisrc=nl_headlines

Monday, 11 November 2013 17:04

Data Quality Enlightenment

A few weeks ago, I wrote about the Five-Fold Path for Ensuring Data = Information, which I drew upon Buddha’s Eight-Fold Path for inspiration.

But to really understand the practices of the eight-fold path, you need to understand the underlying doctrines that motivate it. In Buddhism, those tenets are outlined in the Four Noble Truths.

The five-fold path describes what you need to do to achieve data quality, but that still doesn’t define the realities that drive us to pursue data quality.

...

http://www.itbusinessedge.com/blogs/integration/data-quality-enlightenment.html

Monday, 11 November 2013 16:55

Enterprises Poised to Take on the Real Cloud

To say that the cloud is a common facet of enterprise infrastructure is something of a mistake. While many organizations have embraced the cloud as a means to ramp up storage capacity or even burst workloads during peak activity periods, few have integrated cloud infrastructure into their normal data environments in ways that leading experts say leverages the true value of the technology.

But that may be about to change. New market research is starting to suggest that attitudes are shifting and enterprise executives are warming up to the idea of the cloud as a full functioning extension, or even a replacement, of on-premise infrastructure.

First up is Gartner, which reported recently that cloud computing is on pace to make up half of the total IT market by 2016, with nearly half of all large enterprises deploying hybrid clouds by 2017. The company says virtualization, orchestration, high-speed networking and other cloud-enabling technologies have reached a point at which enterprise executives can finally see the advantages that cloud architectures have over traditional infrastructure, particularly as the industry starts to confront the realities of mobile computing, social networking, Big Data and other trends. The big question for many, however, is whether they will be strictly consumers of cloud services or a provider as well.

...

http://www.itbusinessedge.com/blogs/infrastructure/enterprises-poised-to-take-on-the-real-cloud.html

MANILA, Philippines -- MANILA, Philippines (AP) — The strongest typhoon this year slammed into the central Philippines on Friday, setting off landslides and knocking out power and communication lines in several provinces. At least four people died.

Huge, fast-paced Typhoon Haiyan raced across a string of islands from east to west — Samar, Leyte, Cebu and Panay— and lashed beach communities with over 200 kilometer (125 mile) per hour winds. Nearly 720,000 people were forced to evacuate their homes.

Due to cut-off communications, it was impossible to know the full extent of casualties and damage. At least two people were electrocuted in storm-related accidents, one person was killed by a fallen tree and another was struck by lightning, official reports said.

...

http://www.huffingtonpost.com/2013/11/08/philippines-typhoon_n_4239509.html

Friday, 08 November 2013 16:02

The 4 R’s of Disaster

When the director of technology states that the IT infrastructure is up and available after a disaster, many believe it means that an organization can now begin to operate as normal. This is not completely correct; it’s only part of the solution. It’s like a car salesman pointing out a car on the lot; just because it’s sitting there doesn’t mean it’s ready for use – you need gas, a key and other bits before it’s ready for use. So, just because the technology infrastructure is ready, doesn’t mean it’s ready for use.

What’s happened is that the infrastructure has only been restored; the organization still needs other components in play before it can safely say it is back to operations – not necessarily ‘normal’ operations (Is it ever ‘normal’ to operate in disaster mode??). Yet when technology is restored there is the misconception that all must be well.

I like to keep 4 R’s in mind when an organization is getting back up on its feet after a major situation. Below describe four key stages that an organization must go through before it can state – confidently – that it’s back open for business – albeit, no doubt at reduced capacity and capability.

...

http://stoneroad.wordpress.com/2013/11/07/the-4-rs-of-disaster/

Friday, 08 November 2013 16:01

Security a Focus after N.J. Mall Shooting

The most recent mall shooting, just a few days ago at the Garden State Plaza in N.J., again heightened the focus on risk management and security nationwide.

Parents have trusted that malls would be safe for teenagers to meet with friends, but places for public gathering can become targets for violence. The pressure is on for organizations to examine their security measures and contingency plans.

David Boehm, with Security USA said in an interview with CBS New York that the U.S. can learn from security experts in Israel. Similar to Israel, he said, our country heading in the direction of having officers stationed at entrances and exits to malls.

...

http://www.riskmanagementmonitor.com/security-a-focus-after-n-j-mall-shooting

Computerworld - The document scanning operations of a massive public online digital archive based in San Francisco suffered $600,000 in fire damage Wednesday night.

The Internet Archive said no one was hurt in the fire that broke out about 3:30 a.m. and caused damage to an electrical conduit and some "physical materials." The cause of the fire is under investigation. The archive has a second facility in Richmond, Calif.

...

http://www.computerworld.com/s/article/9243896/Fire_at_Internet_Archive_reaffirms_need_for_an_Internet_archive

Which situation do you think is worse: Your company getting a public relations and/or consumer confidence hit because you revealed that your network was breached or not disclosing the breach at all?

Based on a recent ThreatTrack report, a lot of employers out there think the PR situation must be the worst scenario. The survey, conducted by Opinion Matters, includes feedback from 200 security professionals dealing with malware analysis within U.S. enterprises. It found that nearly 6 in 10 malware analysts have investigated or addressed a data breach that was never disclosed by their company.

In addition to not being totally open with their customers, the ThreatTrack report shows that the data breach problem is a lot worse than any of us thought. According to Verizon’s 2013 Data Breach Investigations Report, there were 621 confirmed data breaches last year. But if nearly 60 percent of malware analysts say the breaches they investigated internally were never reported, it is a good bet that 621 breaches is a low number. A very low number.

...

http://www.itbusinessedge.com/blogs/data-security/alarming-number-of-companies-dont-disclose-data-breaches.html

LINCROFT, N.J.  -- From mucking out homes to hanging drywall; from providing cleaning supplies to delivering food and financial assistance, volunteers and charitable organizations from around the nation have worked diligently to help residents of hard-hit New Jersey recover from Superstorm Sandy.

At the one-year anniversary of Sandy, many of the volunteers and sponsoring organizations who lent a hand in the critical first days after the disaster are still here and still helping.

As of the end of September 2013, some 173,544 volunteers had invested more than 1 million volunteer hours in the Sandy recovery effort. The value of their contributions now totals more than $30 million.

“In a disaster such as Hurricane Sandy, the efforts of volunteers are critical to the recovery,” said Gracia Szczech, federal coordinating officer for FEMA in New Jersey. “Volunteers have made a substantial contribution to helping New Jerseyans respond and recover from the challenges they faced after Hurricane Sandy.”

While the volunteer efforts that extend across the state may appear unrelated, in reality, they are all part of a collaborative mission, participating in a massive team effort to assist survivors of Hurricane Sandy in their transition to long term recovery.

“I’ve witnessed how valuable volunteers have been,” said Lt. Joseph Geleta of the New Jersey Office of Emergency Management.  “It’s very important for the OEM to partner with the volunteer community.”

As the Volunteer Agency Liaison for Sandy Recovery, Geleta works in partnership with FEMA and a coalition of volunteer organizations who are members of the NJ Voluntary Organizations Active in Disaster to coordinate a network of resources to assist survivors as they rebuild their lives.

“We have established Long Term Recovery Groups to help survivors,” Geleta said. “Our goal is to try to meet those unmet needs of survivors who have exhausted all of their disaster assistance dollars and who are still in need.”

The task is a big one.

Back in 1999, in the aftermath of Hurricane Floyd, 70,000 people registered for FEMA disaster assistance. “At that time we established a Somerset County Long Term Recovery Group, and they were helping people for five years after the storm hit.”

In 2011, after Hurricane Irene, 90,000 New Jerseyans registered for disaster assistance. “We were still working on unmet needs from Irene when Sandy hit,” Geleta noted.

The number of people seeking help after Hurricane Sandy exceeded the numbers who registered after Floyd and Irene combined.

“More than 260,000 residents of New Jersey registered for disaster assistance,” Geleta said. “Clearly we expect this is going to be a very long recovery.”

During the year after Sandy, the NJVOAD coordinated and supported the volunteer efforts of more than 500 organizations.

These organizations ranged from internationally known agencies like the American Red Cross to smaller groups that regularly travel thousands of miles to assist their fellow Americans when disaster strikes.

Among those groups are the Southern Baptist Men, who applied emergency “blue roof” coverings on over 1,500 homes that had been so damaged by the hurricane that their interiors were exposed to the elements.

Other groups that provided volunteers, resources and skilled workers to Sandy survivors in New Jersey included Habitat for Humanity, Feed the Children, Lutheran Disaster Response, United Jewish Communities, the National Disaster Relief Office of the Roman Catholic Church and Mennonite Disaster Services, to name only a few.

Local churches, charities and nonprofits also worked around the clock to provide the help their neighbors needed to survive, recover and rebuild.

The Foodbank of Monmouth and Ocean Counties regularly provides more than 127,000 people with food and other services. The need for assistance increased substantially with the arrival of Sandy.

“In the immediate aftermath of Hurricane Sandy we provided over 1 million meals to people who were affected by the storm,” said Marion Lynch, marketing and communications coordinator for the Foodbank. And a year after the storm, “Our work continues. We provide food and outreach services to some of the area’s most hard hit communities and support recovery efforts in both counties. We remain committed to helping our neighbors recover and we rely on a caring community to support our work.”

The American Red Cross has also been a major partner in the recovery effort.

In the weeks following the disaster, the American Red Cross’s 5,300 employees and volunteers supported 65 shelters, distributed more than 1.5 million relief items, provided more than 23,000 health and mental health contacts, and served more than 4 million meals and snacks to Sandy survivors in New Jersey.

More than 2,200 Red Cross volunteers came from around the country, working with partner groups like the Southern Baptists, Islamic Relief - USA, Team Rubicon and others to help New Jersey.

Members of the U.S. Naval Academy Midshipmen Action Group, VISTA and AmeriCorps members also served as Red Cross disaster volunteers, joining members of Red Cross societies from Canada, Mexico, Saipan and other locations around the globe who were deployed throughout the state.

Red Cross volunteers contributed over 395,000 hours of service in New Jersey and millions of dollars’ worth of Sandy-specific in-kind donations flowed from generous corporate donors through the Red Cross. The agency delivered everything from batteries to baby food, food trucks to internet access, to the people of New Jersey.

Donations made by Americans around the country to the Red Cross Disaster Relief Fund supported the distribution of more than 47,000 Red Cross Clean-up kits and more than 28,000 Red Cross Comfort Kits in New Jersey.

 “The American Red Cross continues to support residents of New Jersey in their recovery from Hurricane Sandy through a variety of programs, including grant funding to community and faith-based groups actively working to help individuals and families recover,” said Nancy Orlando, regional CEO of the American Red Cross South Jersey Region.  “Additionally, through our Move-in Assistance Program, the Red Cross is providing direct financial assistance of up to $10,000 for housing-related expenses to eligible individuals whose primary homes were destroyed or made uninhabitable by Sandy. As of September, the American Red Cross has given close to $6 million to approximately 1,300 households in New Jersey through the MIAP initiative.”

While volunteer efforts have helped thousands of New Jerseyans repair, rebuild and recover from the devastation caused by Hurricane Sandy, many residents still need help. NJVOAD has been working since before the disaster struck to coordinate and deploy volunteer resources where they are needed.

LTRGs continue to serve survivors in the following locations: Atlantic County, Atlantic City, Bergen County, Camden County, Cape May County, Cumberland County, Essex County/Ironbound, Gloucester/Salem Counties, Hudson County, Middlesex County, Monmouth County, Morris County, Ocean County and Somerset County

 “They are all working hard to help people in their communities,” said Cathy McCann, chair of NJVOAD. “NJVOAD has been hosting six regularly scheduled coordination calls among the different LTRGs so that they can share challenges, successes and support one another and that we can speak as a united group on any issues we see on a statewide basis.  The different coordination calls are Case Management, Volunteers, Construction, Donations, Emotional and Spiritual Care.  

This week we have asked Church World Service to come in and do four workshops on how cases can flow through the Long Term Recovery process.  We have over 200 people scheduled to participate in these workshops. Sometimes it is hard to believe it is a year already and other times it feels like we should be further along, there have been many challenges, and many organizations that have not traditionally worked together are learning to do so, and are finding that we all need to work together to help people recover.” 

If you or someone you know is still in need of assistance with a Hurricane-Sandy related problem, help is available via the web at www.Ready.gov and http://www.state.nj.us/njoem/programs/sandy_recovery.html

Survivors may also find information and access resources by calling 2-1-1 or via the web at https://www.nj211.org.

The confidential service is funded by local United Way chapters in partnership with the State Department of Human Services, the Office of Homeland Security and Preparedness and the Department of Children and Families.

Resource specialists can connect New Jerseyans with community agencies for help with basic human needs such as clothing, food, shelter, rent and utilities, with special needs such as caring for an elderly or disabled person, with child care and with locating health and mental health care services

“The needs are still many,” McCann noted. “So many people are not aware of the Long Term Recovery Groups that are out there and that volunteers are available to help in the rebuilding,” McCann noted.

And as they help our neighbors in New Jersey rebuild, members of the volunteer network are reminding those who still want to help that donations of money and resources are still needed.

For information on making a donation of cash or materials, visit the National Donations Management Network on the web at www.ndmn.us/ to match your donation to the needs of the community.

Video Timeline of the Sandy Recovery Effort

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

http://www.fema.gov/news-release/2013/11/07/disaster-recovery-volunteer-efforts-are-priceless

By Rachel Little, FEMA Youth Preparedness Council Member, Region 1

Monson, Mass., July 7, 2011 -- The debris that was left behind by the June 1 tornado that hit the town of Monson and western Massachusetts. Alberto Pillot/FEMA

My name is Rachel Little and I am a junior attending Monson High School.  I have lived in Monson, Massachusetts, my whole life, and couldn’t have grown up in a better place.  My town is full of strong- willed, determined people, always willing to lend a helping hand.

When a tornado struck our town on June 1st, 2011, it brought our small community even closer together.  Everyone was reaching out to give support, from supplying food or water, to giving neighbors hope for a better tomorrow.  It was a very moving event to watch.  Even though I was not directly affected by the tornado, I had people very near and dear to me in the path of the tornado.  I wanted to help out in whatever way I could, because I saw how much the people of Monson were suffering.  I couldn’t stand by and watch -- I had to take action. 

Therefore, I joined the Monson volunteer efforts and eventually became a member of The Street Angels.  The Street Angels is a dedicated volunteer group that brought supplies to families in need after the tornado,  and helped families make connections with landscapers and builders. My fellow Street Angels helped me fill out an application to become part of FEMA’s Youth Preparedness Council, and I am now going into my second year of being a proud member.  To me, the Youth Preparedness Council is the beginning of people realizing that youth can make a difference in emergency preparedness and response -- not just myself and the wonderful people of this council, but the world’s youth.   My fellow members and I are just the beginning of that change.

My plan for 2013 is to collaborate with the Medical Reserve Corps (MRC), or Community Emergency Response Team (CERT), to start a teen readiness club in my town.  I know a lot of people my age wanted to get involved after the 2011 Monson tornado, but they didn’t know how.  If either a Jr. MRC or a Teen CERT had already been in play before the tornado, Monson would have seen a significantly higher amount of youth action.   Being a member of the Youth Preparedness Council, my mission is to increase the amount of prepared youth and families in my region.

I’ve also been trying to share emergency preparedness at my school.  I’ve hit significant road blocks during previous attempts at getting a teen readiness club up and running for Monson High School.  After last year’s Youth Preparedness Council summit in Washington DC, I had my heart set on starting a Teen CERT. The idea of getting my friends and classmates interested in preparedness and prepared for disasters was exciting.  I asked around to see if I could get a trainer to help me get the team started.  I found a man in my neighboring community who seemed very willing to help me out, but unfortunately, that fell through.

I turned to my Local Emergency Preparedness Committee, which was formed after the tornado.  Although I made a presentation to them and they liked my ideas, we weren't able to get the plans off the ground.  I did meet a woman in the Local Emergency Preparedness Committee meetings who happened to be the head of the MRC in my town, and she introduced me to Jr. MRC.   We’re still hoping to get the Jr. MRC started, and it’s a current work in progress.  I anticipate that the challenges for this year will again be finding someone to teach the course or help me with the establishment of the club.  I have a backup plan, so that if things fall through, I will take the Teen CERT “train the trainer” course so I can teach a class myself.

As a result of starting Teen CERT or Jr. MRC in Monson, I want to see this little community become prepared for future emergencies.  I hope never to see another disaster to the extent of the tornado ever again, but it’s better safe than sorry.  I will know I’ve met success when I have a fully functioning teen readiness club in Monson High School.  From there, I can only hope to expand my efforts to other communities and beyond.

Editor’s Note: The views expressed in this blog post do not necessarily represent the official views of FEMA, the Department of Homeland Security, or the United States Government. We are providing links to third party sites and organizations for your reference. FEMA does not endorse any non-government entities, organizations or services.

http://blog.fema.gov/2013/11/building-teenage-readiness-club-in.html

CSO — Everybody who spends much time on the web knows their activities are tracked for marketing purposes. Do a little online shopping for hats, and you will quickly see ads for hats popping up on other websites you visit.

But, the collection of individual data by so-called Big Data brokers goes well beyond your online shopping. Those companies -- there were 253 of them as of this past March, according to a directory compiled by the Privacy Rights Clearinghouse -- collect and sell information to marketers on everything from your marital status, whether you might be pregnant or have a newborn, have cancer, are trying to lose weight, are gay or straight, how much you make, what credit cards you use, your lines of credit, where you live, what your house cost, what kind of car you drive or if you might be looking to buy a new one, your race, occupation, political leanings, education level, have one or more children in college, have pets to what your hobbies are and more -- much more.

The clichA(c) is that data brokers know more about you than you know about yourself.

But this, according to those brokers, is a very good thing for you, the consumer. One major broker, Acxiom, which has been very much in the news over the past month for allowing consumers to view a portion of the data it collects on them through a new portal -- AboutTheData.com -- is using that higher visibility to assure people that not only is this collection harmless, but it also brings them a host of economic and other benefits.

...

http://www.cio.com/article/742859/Data_Brokers_Collection_of_Internet_Activity_Data_Raises_Privacy_Issues

CIO — A U.S. Senate committee yesterday approved legislation that would encourage government agencies to consolidate their data centers along with a bill to require online disclosures of federal spending data.

The Federal Data Center Consolidation Act, sponsored by Michael Bennett (D-Colo.), would spur on an initiative that the Obama administration launched in February 2010 to reduce the footprint of the government's IT infrastructure as agencies shift toward cloud computing and shared services.

The bill would require the 24 agencies participating in that effort to submit comprehensive inventories of their IT facilities to the Office of Management and Budget, along with long-term plans for phasing out data centers and optimizing performance at the ones that remain open. The agencies would also be expected to submit estimates of cost savings from their consolidation plans.

...

http://www.cio.com/article/742849/Federal_Agencies_on_Track_to_Consolidate_Data_Centers

Thursday, 07 November 2013 17:22

Alternatives to Traditional Risk Assessments

There are limitations to traditional risk maps, heat maps and risk rankings based on subjective assessments of the severity of the impact of potential future events and their likelihood of occurrence. These limitations include the influence of individual biases and “group think,” preempting out-of-the-box thinking, failure to address the unique characteristics of the risks the company faces, undue influence from past experience and successes and little insight regarding what to do about exposures to extreme events. Simply stated, an assessment process that subjects all risks to the same analytical grid has shortcomings that need to be recognized if risk management is to advance as a discipline.

While there may be a place for traditional risk assessment approaches when creating awareness and obtaining a “quick and dirty” overview of risk, more sophisticated assessment mechanisms may be necessary to provide the insights needed by management and the Board. If very little happens as a result of an organization’s risk assessment process, it is a clear sign that alternative approaches should be considered. We will explore alternatives for the four categories of risks: strategic, operational, financial and compliance.

...

http://www.corporatecomplianceinsights.com/alternatives-to-traditional-risk-assessments/

Thursday, 07 November 2013 17:21

What Are Your Top Ten Organisational Risks?

Organisational risk is in the eye of the beholder. What you see as being the main risks as an innovative small business serving the Melbourne metropolitan area may be very different from the point of view of a multinational corporation with projects all over the world. It’s wise however for both types of organisation to consider different perspectives. They can help reveal risks hitherto ignored or that lurk in the background, ready to increase in importance as conditions change. They also help enterprises to remain flexible in their outlook and more resilient to problems, whether inside or outside the business. Here are a few different takes you might consider.

...

http://www.opscentre.com.au/blog/what-are-your-top-ten-organisational-risks/

RoyalCourts03

London’s Royal Courts of Justice was the perfect setting for the Business Continuity Institute’s gala Global Awards dinner on November 6th at the conclusion of Day 1 of the BCM World Conference & Exposition.

The High Court was not in session, but the esteemed judges empanelled by The BCI rendered its verdicts – recognizing the outstanding achievements of Business Continuity professionals and organizations worldwide.

In the Consultancy & Individual categories:

Business Continuity Consultant of the Year was awarded to Saul Midler, LINUS.

Tom Clark, Liberty Mutual Insurance was named Business Continuity Manager of the Year.

And Standard Life PLC won the award for Business Continuity Team of the Year.

The award for Public Sector Manager of the Year award was presented to Alan Jones.

Andrew MacLeod, Needhams 1834 Ltd was named Business Continuity Newcomer of the Year.

In the Corporate categories:

The Business Continuity Innovation Award was presented to Vocal Ltd..

SunGard Availability Services was named Business Continuity Service Provider of the Year, and the Business Continuity Product Provider of the Year was presented to eBRP Solutions Network, Inc..

The award for Most Effective Recovery of the Year went to Etihad Etisalat – Mobily.

Finally, the public vote for the Industry Personality of the Year resulted in this year’s coveted honor being bestowed on Richard L. Arnold, recognizing his career-long contribution to the Business Continuity industry.

Congratulations to all of these worthy winners.  Each exemplifies the best in our industry – the highly skilled, the thought leaders, those who have leveraged their experience or demonstrated their acumen to have a positive impact both locally, and on the Business Continuity industry globally.  But simply being nominated for one of these awards should be considered an honor; only the select few are singled out as Regional Award winners and qualify as nominees for these Global awards

Here at eBRP Solutions we’re very, very proud of this honor.  Our award is testimony to the hard work of our designers and developers, and the incalculably valuable input of our customer worldwide.  We were thrilled to win this year’s Regional awards in North America, Europe, Asia and the Middle East.  We know that without the collaboration of our customers and other partners, eBRP and our flagship product- eBRP Suite – would not be what is today: recipient of the 2013 BCI Global Business Continuity Product of the Year Award.

The Business Continuity Institute (BCI) has named eBRP Solutions winner of the 2013 Global Business Continuity Product Provider of the Year award, for its flagship Business Continuity Management software eBRP Suite.

The BCI, eBRP

The award was presented at a gala Global Awards dinner concluding the open session of the 2013 BCM World Conference and Exposition on November 6th at the Royal Courts of Justice in London, UK.

The BCI Global awards are the culmination of a year-long program of Regional awards by BCI Chapters across the globe.  Winners of each of seven Regional award competitions were entered as nominees for the Global awards.  Earlier this year eBRP captured 4 Regional Business Continuity Product of the Year awards – honoring its flagship software eBRP Suite – in the North American, European, Middle Eastern and Asian BCI award competitions.

“2013 has been proven to be a banner year for eBRP,” according to Jim Mitchell, an eBRP Director. “Last year we were named the BCI’s North American Business Continuity Software of the Year, and this year we were delighted to pick up 4 additional Regional awards.  But the Global award is much more significant; it solidifies our standing a Thought Leaders in the Business Continuity industry.”

BCI Award

According to The BCI, the Global Awards “recognize the outstanding achievements of Business Continuity professionals and organizations worldwide and pay tribute to some of the finest talent in the industry.  Becoming a winner of a BCI Award gives international recognition for hard-earned achievements and is considered a great accolade within the BCM profession.”

“More than ten years of hard work has gone into the design and continuing development of eBRP Suite,” added eBRP Managing Director Ramesh Warrier.  “This award is shared with the entire eBRP Team – and with our Customers, whose collaboration has helped us evolve eBRP Suite to become a globally-acclaimed leader in the BCM industry.”

Want to find out what earned eBRP Suite the Global BC Product Award?  Simply click the Show Me button below, or the Request a Demo button to the left of this page – or email us directly at Info@eBRP.net, or phone us at  +1-888-480-3277 or (905) 677-0404.  We’ll be happy to show you how eBRP Suite can take your organization’s Business Continuity Management program to the next level.

Jennifer Craig Jennifer has been the cheerleader for everything eBRP – from designing & coordinating tradeshows, print ads, press releases and building eBRP’ s web presence. Strategic efforts with LinkedIn, Twitter, Word-press and Hoot Suite makes Jen the key social media marketing champion at eBRP. Her efforts have greatly enhanced eBRP’ s brand image globally and is credited for many of the accolades & awards in eBRP’ s trophy showcase.

Recently a group of executives, including myself, formed a new council whose aim is to increase disaster recovery preparedness and improve disaster recovery practices. The idea is to study current DR practices and develop DR standards and best practices for the industry to follow. Our initial research surprised us.

Initial results from the Disaster Recovery Preparedness online benchmark survey show the dismal state of DR preparedness of companies worldwide. Using a common grading system from A (the best) to F (the worst), 72% of survey participants, or nearly 3 out of 4 companies worldwide, are failing in terms of disaster readiness scoring ratings of either a D or F grade.  (You can take the test yourself at www.drbenchmark.org).

...

http://drbenchmark.org/423/

As I discussed in a previous post, for small to midsized businesses, cloud backup services can simplify the process of backing up data and storing it offsite. Such services are available in many service levels and fit the budgets and data storage needs of a variety of businesses.

Before a company signs on with a managed service provider (MSP) for backup services, however, it should answer questions to head off potential issues:

  • What type of service does the company need?
  • Will there be latency issues?
  • What is the service provider’s availability?
  • How will security be handled?
  • Are there compliance policies that will need to be followed?
  • How will cloud backups mesh with current policies for data recovery and/or disaster recovery?

...

http://www.itbusinessedge.com/blogs/smb-tech/smbs-when-considering-cloud-backup-service-ask-these-questions.html

Techworld — Enterprises should aim to create "business-defined data centers", according to IT analyst house Forrester Research.

In recent years, there has been a big push towards software-defined data centres, which aim to improve overall data centre performance by optimising the application layer and the hypervisor layer.

However, Forrester argues that the business-defined data centre cares about real services as opposed to less important applications.

Speaking at the annual Fujitsu Forum event in Munich today, Rachel Dines, senior analyst at Forrester, said: "Software-defined was a good step but it doesn't go far enough. We want to think about order to cash, payroll, supply chain management. Actual business processes instead of [applications like] ERP and CRM and HCM and a million other acronyms."

...

http://www.cio.com/article/742743/Software_Defined_Data_Centers_Aren_t_Enough_Says_Forrester

WILLISTON, Vt. – It usually takes a disaster like Tropical Storm Irene – which knocked out roads, electricity, water, and communications – to remind us how important our infrastructure is to our communities and our way of life.

The Federal Emergency Management Agency is urging Vermonters to become more aware of critical infrastructure and the need to protect it from disasters or other hazards.

President Barack Obama has declared November Critical Infrastructure Security and Resilience Month, and officials say disasters like Irene and this year’s flooding events demonstrate the importance of expanding and reinforcing critical infrastructure security and resilience.

“The memory of Irene is still strong in Vermont,” said Federal Coordinating Officer Mark Landry, the head of FEMA’s Vermont operations. “Now is a good time to think about how important our transportation, communication, and utility infrastructure is and what we can do to protect it.”

Critical infrastructure is the systems that form the backbone of America’s national and economic security, including the electric grid, communications structures, transportation systems, and utilities like water and sewer, as well as the cyber-security of these systems.

“In this day and age, protecting critical infrastructure means more than safeguarding electric substations or bridges,” said Ross Nagy, Deputy Director of the Vermont Division of Emergency Management and Homeland Security. “It also means ensuring that the control systems for these facilities are safe from cyber-attack or human error that could disrupt crucial networks.”

The U.S. Department of Homeland Security – FEMA’s parent agency – urges all Americans to do their part in ensuring critical infrastructure security and resilience by doing the following:

  • Learn about steps you can take to enhance security and resilience in your businesses and communities and how to handle certain events.
  • Make a plan with your families to keep your loved ones safe.
  • If you run a business, make a plan to keep your employees and community safe and enhance your ability to recover operations quickly. If you are an employee, ask your management whether there are plans in place and get a copy.
  • Report suspicious activity.

To learn more visit: http://www.dhs.gov/critical-infrastructure

On October 28, New York Governor Andrew Cuomo announced the establishment of a new Emergency Disaster Protocol that insurers should expect to follow in the event of a future natural disaster. The protocol was communicated to insurers in the form of a circular letter on the same day. The new protocol includes many of the same measures that were put into place following Superstorm Sandy.

“During Superstorm Sandy these steps helped us speed up relief to New York families and businesses, and they will now become a standard part of our storm response arsenal,” said Governor Cuomo. “Insurance companies have a vital responsibility to promptly process claims for consumers hit by a natural disaster and this new emergency protocol will help make sure that they live up to that standard.”

...

http://www.riskmanagementmonitor.com/new-york-institutes-new-disaster-protocol-for-insurers/

By Joshua Ottow, Assistant Principal, Yarmouth High School 

Yarmouth, Maine, Sep. 9, 2013 -- Assistant Principal Josh Ottow (center) talks about emergency preparedness with Yarmouth High School students on the opening day of school.

My name is Josh Ottow, and I am the assistant principal at Yarmouth High School in Maine. Yarmouth is a suburban town of approximately 8,000 residents and 1,400 students, with 500 students at our high school. I serve on a team of administrators that helps plan for security and emergency preparedness in our district. Currently, we have an emergency management protocol that applies to all schools, and has additional specific information and plans for individual schools.

We feel that Yarmouth High School is already a safe school, in that we foster a trusting and respectful school culture, where positive relationships between students and teachers are of the utmost importance. For example, we do not have locks on our lockers, bells between classes, or hall passes. It’s important to us to add measures that make our school more prepared for emergencies without losing that trusting culture.

This can be a challenge because, in the eyes, of students, things like locked doors, buzz-in systems, cameras in the parking lot, and lockdown drills can feel like we are assuming the worst in them, as opposed to trusting them to do the right thing.

At Yarmouth High School, the centerpiece of our emergency preparedness is having a strong Advisor/Advisee program. We believe in the innate strength and potential of a small group of students working together with an advising adult for four years. A student’s advisor is a person to rely on for advice, information, and genuine help and support in moments of distress.  Each teacher’s group of advisees comprises a unique combination of students, who might not otherwise have become friends. We see this as an opportunity for students to offer support and receive support from a group that will be a constant in students’ life for four years at Yarmouth High School. Because of our commitment to this program, we knew that it would be critical to our emergency preparedness implementation efforts.

Over the past year we spent considerable time in our Advisor/Advisee groups, talking about new emergency preparedness measures. The key is doing so in the context of keeping our school culture intact and making the school a safer place. One way we approach this is by employing discussion questions in our Advisor/Advisee groups to stimulate conversation, build understanding within our student body, and give students an opportunity to share their opinions and concerns. Example questions include:

  • What makes Yarmouth High School a secure place?
  • What makes the culture of Yarmouth High School unique?
  • Do you feel safe at Yarmouth High School?
  • Do you know what you would do in an emergency at school? Do you feel prepared?
  • What can we, as a school, do to ensure that we foster and maintain our positive, trusting, and respectful culture AND have a more secure school?

Teachers are advised to be sensitive to potential stress-level increase and emotional reactions surrounding these discussions, and are aware that student reactions may vary widely, and everyone’s opinion should be given its due. Our hope is that this conversation is honest and impactful for students as they wrestle with these tough issues.  We are also hoping that this conversation spills into “dinner time” talk with their parents at home. Parents are always invited to play a contributing role in these emergency preparedness plans via community-based forums, where they can express their opinions, make requests, and give suggestions.

Another method that we use to address emergency preparedness is collecting direct feedback from students. For example, we ask students (through their Advisor/Advisee groups) for feedback on our response plan and suggestions for future protocols each time we hold a lockdown drill. Advisors are given a detailed, play-by-play lockdown drill guide that they go over with their advisees after each drill. Sometimes, we get great suggestions from the students that we may not have thought about otherwise.

For example, during a recent lockdown drill we asked students to hand over their phones to their teacher. One student asked his Advisor why we did that, and he was told that one reason was to minimize light and noise coming from the classroom.  In response, he suggested that teachers should also close the lids of their laptops, because his teacher had his laptop open during the lockdown and it was emitting light. This was not something we had specified in the plan and may not have thought to add if this student hadn’t brought it up. Advisors have access to a shared online document where they can note these suggestions, and then we talk about the responses and potentially revising our plans at a school-wide faculty meeting.

Our emergency preparedness efforts in the past several months, from new plans and new equipment to authentic and honest discussions amongst students and staff, have shown me that involving students and being open with them about how preparedness measures could impact school culture is the best way to ensure a safe and positive school.

Editor’s Note: The views expressed in this blog post do not necessarily represent the official views of FEMA, the Department of Homeland Security, or the United States Government. We are providing links to third party sites and organizations for your reference. FEMA does not endorse any non-government entities, organizations or services.