Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Bonus Journal

Volume 29, Issue 5

Full Contents Now Available!

Industry Hot News

Industry Hot News (6945)

Wednesday, 22 January 2014 17:54

Unified BCM – Everybody Play Nice!

It wasn’t long ago that Business Continuity planning and IT Recovery Planning were done by different groups who never talked to each other.  In many organizations today the two groups have begun to work together – however grudgingly – to forge links between the IT requirements of critical business functions or processes and the prioritization of recovering IT assets.  The two groups may never meet in the same room, but they share the same data – and that’s a very good thing.

Of course, it still doesn’t happen in every organization.  And even where it does, there are often other planning groups that keep to themselves – to the detriment of their organization.



The data center is becoming more efficient, more modular and a whole lot more flexible as it transforms from the static architectures of the past to the virtual, dynamic infrastructure of the future. But part of this bargain calls for increasingly dense hardware footprints and steadily rising utilization rates, and that inevitably leads to heat generation.

Small wonder, then, that even as demand for key hardware elements like servers is declining, the need for advanced cooling systems is on the rise. According to MarketsandMarkets, the data center cooling systems market is on pace to top $8 billion by 2018, up from 2013’s level of about $4.9 billion. Part of this growth is due to the fact that data infrastructure across the board is increasing – more data centers mean more cooling systems. But the industry is also enjoying a renaissance of sorts as new, highly efficient technologies fulfill the need to make existing infrastructure more energy efficient. As the “do more with less” mantra takes hold, one of the most significant cost-saving measures available to the enterprise is new, highly efficient cooling infrastructure.



Wednesday, 22 January 2014 17:48

How Big Data Is Changing Earthquake Science

Twenty years ago, a fault that scientists didn’t even know existed slipped, triggering a massive 6.7 magnitude earthquake centered beneath the San Fernando Valley, with shockwaves rippling throughout the greater Los Angeles area.

When the strongest shaking ceased, the region had suffered 57 deaths and more than $20 billion in damage. The newly formed Southern California Earthquake Center (SCEC), founded in 1991 and headquartered at USC, stepped in to find out exactly what happened and what could be done about it.



Statistics and scare tactics don’t work; instead the starting point is ensuring that you have a deep understanding of the business landscape, strategies and risks.

By Larry Robert

There are many approaches that business continuity practitioners can take in convincing executive management to allocate funds and resources to a robust business continuity program. Many try to overwhelm with statistics and scare tactics. I believe these actually detract from the program by making sweeping examples that are typically outdated, untrue, and not applicable. Industry statistics, in many cases are either unverifiable, or can be traced back to a vendor that may benefit from the negative information. We owe it to our profession to always strive for accurate, verifiable information when citing examples in support of developing and maintaining a program.

As you will see below, the only way to bring an awareness to senior leaders is to discuss the specific risks to their particular business. Simple, yet very effective. As you develop yourself as a mature business continuity professional, you can bring into the conversation some of your own experiences from actual events and how various solutions either contributed to a quick recovery or further complicated the recovery process.



Tuesday, 21 January 2014 16:30

Network security’s ticking time-bomb

By Reuven Harrison.

Balancing effective IT security against a business’s need for agility is an age-old issue. But today, getting that balance right is trickier than ever. Organizational networks are increasingly sprawling, complex and hard to secure, with ever more changes required at the server level to ensure businesses can securely run all the applications they need, as and when they need them. In such a highly complex environment – characterised by constant change – a reactive, manual approach to security is no longer adequate. Mistakes can (and do) creep in, exposing organizations to cyber-attacks, data breaches and industrial espionage.

Yet slowing down the change process in order to ensure security can be similarly risky, since this will stifle the very agility that is key to business survival and success. Unless network managers fundamentally rethink their manual approach and adopt fresh strategies supported by automated tools, they face a ticking time-bomb that could seriously damage not just their security, but their business credibility and competitiveness.



Tuesday, 21 January 2014 16:28

#Are You Prepared?

An interesting article in the latest NFPA Journal looks at the rise of social media and its effects on emergency response and communication management; and provides some useful general social media crisis communications advice.

#Are You Prepared? highlights several natural disasters in which social media played a key role in keeping both the affected public and emergency responders informed. It also explains how FEMA established a ‘Hurricane Sandy Rumor Control’ website to counter false and misleading information circulating on social media during that disaster.

The article stresses how important it is for emergency and crisis management professionals to understand how social media works: "If social media is able to push out emergency information to critical audiences, we have to be able to use all of these tools," says Jo Robertson, chair of the NFPA 1600 Social Media Task Group and director of crisis preparedness for the chemical company Arkema. "Social media use is a reality. We all have to get past the notion that this is something we can ignore."

Read the article

Tuesday, 21 January 2014 16:27

WEF: Global Risks 2014

Climate change is among the five most likely and most potentially impactful global risks, according to the just-released World Economic Forum (WEF) 2014 Global Risks Report.

The report assesses 31 risks that are global in nature and have the potential to cause significant negative impact across entire countries and industries if they take place.

An analysis of the five risks considered most likely and most impactful since 2007 shows that environmental risks, such as climate change, extreme weather events and water scarcity, have become more prominent since 2011.



Be honest – do you currently have a malicious software reporting policy? Just relying on the existence of anti-virus software and firewalls may be too optimistic nowadays. The potential damage to information assets and productivity, let alone identity or bank account theft, suggests that a malware reporting policy should be in place in any organisation. Even Google is asking users to contribute to tightening up security by reporting any nefarious activity from websites listed in its results pages. And as an additional source of concern, it seems malware infections are also being caused by some of the very entities that are supposed to be protecting us.



Aon Global Risk Consulting has conducted research to understand more about organizations’ attitudes to the top threats they face in today’s ‘hyper connected’ world.

With a focus on analytics, Aon wanted to further explore some of the results of its biennial Global Risk Management Survey (GRMS) published in 2013, so it subsequently asked captive directors (executive and non-executive) for their opinions on the rankings of the top 50 risks identified.

Stephen Cross, Chairman, Aon Centre for Innovation and Analytics, said “We felt that the results from the GRMS 2013 had thrown up some anomalies. With our expertise in the captive space, we approached captive directors for their opinions on the rankings of various risks to give us a more holistic view. As a result, we believe there is a real debate to be had across the risk management industry on insurable versus uninsurable risk. Understanding risk has always been a fact of business life, but today, the magnitude, complexity and speed have increased exponentially. That is why business leaders are concerned with how they manage risk.”



A new ENISA report provides advice on how to implement incident reporting in cloud computing. ‘Incident Reporting for Cloud Computing’ looks at four different cloud computing scenarios and investigates how incident reporting schemes could be set up, involving cloud providers, cloud customers, operators of critical infrastructure and government authorities.

Using surveys and interviews with experts, ENISA identified a number of key issues:

  • In most EU Member States, there is no national authority to assess the criticality of cloud services.
  • Cloud services are often based on other cloud services. This increases complexity and complicates incident reporting.
  • Cloud customers often do not put incident reporting obligations in their cloud service contracts.

The report contains several recommendations,including:

  • Voluntary reporting schemes hardly exist and legislation might be needed for operators in critical sectors to report about security incidents.
  • Government authorities should address incident reporting obligations in their procurement requirements.
  • Critical sector operators should address incident reporting in their contracts.
  • Incident reporting schemes can provide a ‘win-win’ for providers and customers, increasing transparency and, in this way, fostering trust.
  • Providers should lead the way and set up efficient and effective, voluntary reporting schemes.

Read the report.

Monday, 20 January 2014 17:38

10 IT Outsourcing Trends to Watch in 2014

CIOThis year, the IT services industry saw customers doing more of their own IT services deals, testing the service integration model, and continuing to struggle with outsourcing transitions. CIO.com again asked outsourcing observers to tell us what they think is in the cards for the year ahead. And if they're right, 2013 could be the year customers--and a few robots--take greater control of the IT outsourcing space.

1. The Rise of the Machines

Say hello to the latest IT services professional: the robot. "2014 will see significant growth in the development and implementation of robot-like technologies that will automate many tasks currently performed by full-time employees in [outsourcing] deals," says Shawn C. Helms, partner in the outsourcing and technology transactions practices at K&L Gates. "Given the rise of robots replacing people in manufacturing and logistics, it is not a stretch to predict that robots will move up the intellectual value chain as artificial intelligence continues to develop."



According to the World Economic Forum’s Global Risks 2014 report, the chronic gap between the incomes of the richest and poorest citizens is the risk most likely to cause serious global damage in the next decade. Looking forward, the 700 experts queried emphasized that the next generation will only feel this disparity more acutely if current conditions continue. Those presently coming of age face “twin challenges” of reduced employment opportunity and rising education costs, prompting the World Economic Forum to consider the impact on political and social stability as well as economic development.

“Many young people today face an uphill battle,” explained David Cole, group chief risk officer of Swiss Re. “As a result of the financial crisis and globalization, the younger generation in the mature markets struggle with ever fewer job opportunities and the need to support an aging population. While in the emerging markets there are more jobs to be had, the workforce does not yet possess the broad based skill-sets necessary to satisfy demand. It’s vital we sit down with young people now and begin planning solutions aimed at creating fit-for-purpose educational systems, functional job-markets, efficient skills exchanges and the sustainable future we all depend on.”



CIO — The strained, dysfunctional relationship between CIOs and marketers can be overcome, in part by rallying around the customer. After all, we're in an age that requires IT and business people to put aside their differences in order to bring business technologies to bear that will win, serve and retain customers.

At least this is the key finding in a new report by Forrester Research. "The age of the customer places new demands on organizations, requiring changes to how they develop, market, sell and deliver products and service," the report says. "IT and business teams frequently inhibit successful digital experience execution by failing to work cooperatively."



Friday, 17 January 2014 19:40

Rentsys acquires IT-Lifeline

Rentsys Recovery Services, a US-based provider of comprehensive and integrated disaster recovery solutions has announced that it has acquired IT-Lifeline, a provider of comprehensive disaster recovery and compliance testing solutions for the financial services industry.

The acquisition came about through a prior strategic partnership between the two companies in which IT-Lifeline offered Rentsys’ business continuity services. IT-Lifeline’s BlackCloud, a compliance-focused vaulting, testing and recovery solution, will be incorporated into Rentsys’ disaster recovery offerings. Rentsys will also retain IT-Lifeline’s support team, which brings a wealth of knowledge regarding regulatory requirements as well as cloud technology.

“This acquisition expands our product offering and enhances our ability to meet the evolving business continuity and compliance needs of our customers,” said Walt Thomasson, managing director of Rentsys Recovery Services. “IT-Lifeline’s BlackCloud along with the recent addition of RCM enhances our ability to deliver business continuity solutions that ensure our clients will have access to their critical business functions if a disaster or outage does occur.”


CIO — C-suite executives today are striving to drive data-centric transformations of their businesses, but most are struggling to connect the dots. That's according to a new report by KPMG Capital, a global investment fund created by KPMG International in November to invest in innovation in data and analytics (D&A).

"Long before the term 'big' was first applied to data, organizations were struggling to make sense of all the information they had," says Mark Toon, CEO of KPMG Capital and global leader, D&A. "Over the past five years that focus on data has started to shift. Today, the issue is no longer about owning the most data but rather about how to gain the most insight from it. In short, how to turn data into insights, and insights into real business advantage."

"Data is everywhere, telling us everything," he adds. "But do companies really know where to look? The reality is that turning mountains of data into valuable, practical and actionable business analytics is not nearly as straightforward as people believe."



IDG News Service (New York Bureau) — Dispelling any lingering doubt that IBM sees cloud computing as the way of the future, the company announced that it will invest US$1.2 billion this year in expanding its global cloud infrastructure.

"Having lots of data centers in lots of different countries around the world will be important in the long term," said IBM SoftLayer CEO Lance Crosby. "We want the world to understand that cloud is transformational for IBM."

The company plans to open 15 new data centers this year, more than doubling the cloud capacity it acquired when it purchased SoftLayer last year for $2 billion. It plans to combine the new data centers, the existing SoftLayer data centers, and the data centers it already ran before the SoftLayer purchase into a single operation that would provide public and private cloud services to its customers, as well as provide services for internal operations.



Many of our readers should find the topics and outcomes of the 2013 Risk Frontier Survey interesting reading.  Although largely centering of matters of the European risk and insurance management community, this survey has valuable information that applies to all organizations in all parts of the world.

New risks require new thinking – and, this is why “The Risk Frontiers Survey” is so worthwhile as it delivers an in-depth picture of the current state of the risk management profession, gleaned from its leading practitioners.  It also outlines the big risk issues and ideas on how risk managers and those in the insurance market need to respond to these risks and challenges.

The survey is split into two halves. The first focuses on the big risks and the role of the risk and insurance manager. The second half focuses more on risk transfer than management.


Stick to core competence and competitive advantage, and outsource the rest: such has been the mantra of businesses for decades now. The logic is simple. By using external partners specialised in the non-core activities, for example, accounting, logistics and pay, an enterprise can benefit from that partner’s economies of scale and superior expertise. Profits go up and business continuity is reinforced. Yet outsourcing still gives rise to disappointment and animosity. It turns out that while a watertight contractual agreement is a pre-requisite for dependable outsourcing, it isn’t sufficient.  Organisations need more.



Thursday, 16 January 2014 17:21

BCM/DR: Understanding Want and Need

BIA results can help determine many aspects of the BCM/DR program to come; they validate what is required – and what’s not. And what’s required and what’s not is determined through the development of the various strategies and approaches that are created as a result of the BIA findings. However, that doesn’t stop individuals of all levels from believing they know what they require for their restoration and recovery strategy regardless of what the BIA findings state.

This is because many individuals have a difficult time comprehending that they may not be the most important area within the organization and thus, aren’t required to be available immediately. And if a department – or particular aspects of a department – aren’t required immediately after a disaster, many will disregard that fact and begin to state what they must have; what they want vs. what they actually need.

The difference between want and need is something that all BCM/DR practitioners must clearly understand and communicate to department leads; especially those responsible for acquiring, developing and implementing the various strategies required to address BIA findings.



Thursday, 16 January 2014 17:17

Are we ready for significant power outages?

Have a quick look around you and see what is powered by electricity in your buildings, pretty much everything. We need to start asking questions, questions like:

  1. Can we maintain Power for all our critical services through generator provision? Remembering that accessibility to large quantities of fuel becomes difficult without electricity.
  2. Are we up to date with our alternative power supply testing regimes?
  3. If our plans include the hire of generators, will they be available to you? Have you an agreement in place? Remember that everyone might want one.



Wednesday, 15 January 2014 16:27

Compliance Networks as Knowledge Networks

As compliance programs mature, they become less top down driven and more inculcated into the DNA of a company. The more doing business ethically and in compliance becomes part of the way your company does business, the better off you will be down the road. One of the methods that you can use is to set up a compliance network within your organization. I recently read an article in the Fall issue of the MIT Sloan Management Review, entitled “Designing Effective Knowledge Networks”, by Katrina Pugh and Laurence Prusak, in which they discussed knowledge network design as a mechanism to facilitate desired behaviors and outcomes. I found their ideas very useful in the compliance context.

Generally speaking, knowledge networks are a “collection of individuals and teams who come together across organizational, spatial and disciplinary boundaries to invent and share a body of knowledge. The focus of such networks is usually on developing, distributing and applying knowledge.” This is what a compliance regime should strive for within a company’s organizational structure. The authors believe that with the design of an effective knowledge network, a company can not only affect dynamics but also drive behaviors. In designing such a knowledge network, the authors postulate that there are “8 dimensions of a knowledge network” which encompass strategic, structural and tactical issues which must be considered. They are as follows:



Wednesday, 15 January 2014 16:27

Putting Data at the Center of Strategy

How’s this for a definition of Big Data: If it doesn’t make sense in a system built 10-plus years ago using principles from 30 years ago — then you’re dealing with Big Data.

That’s the unusual definition offered by William McKnight in a recent Q&A published on, oddly enough, the Huffington Post. Phil Simon, who consults, writes and speaks about technology, data and business issues, conducted the interview.

McKnight makes the case for why data outranks even the storefront as a strategic asset today.



Wednesday, 15 January 2014 16:26

Hyperscale: Not Just About Scale Anymore

The enterprise/IT industry has traditionally been segmented into four major groups: the SMB/SOHO, the mid-level organization, the large enterprise of the Fortune 5000, and the newest member: the hyperscale environments of Google, Facebook and other Web-facing entities.

The historical pattern has been for technologies developed for the big boys to trickle down to the smaller fry, gradually enabling advanced capabilities to percolate throughout the entire industry. When it came to hyperscale, however, the thinking was that most of the supporting technology, which was primarily customized anyway, would not apply to the average data center because the levels of scale simply were not needed. Even if Ford Motor Company were to shed all its dealerships and sell cars exclusively online, it would not approach the volume of, say, Amazon.



Wednesday, 15 January 2014 16:20

Big, Bad Data?

The Middle Ages used a phrase to describe a term that was not meaningful as “a distinction without a difference.” Oftentimes, in the desire to catch a technological/marketing wave, salespeople and consultants overuse terms coined to describe one thing to mean something entirely different. Not long ago, I was reading an article in the New York Times about department stores tracking their customers by using their wireless devices, using their movement through their stores to predict what they were interested in and what they bought. The article described this as yet another instance of the importance of Big Data. The more I read, the more I found this reference both comical and disturbing.



Twenty years on, the Northridge earthquake remains the costliest U.S. earthquake for insurers, causing $15.3 billion in insured damages when it occurred (about $24 billion in 2013 dollars), according to the Insurance Information Institute (I.I.I.).

The 6.7 magnitude quake, which hit Los Angeles on January 17, 1994, also still ranks as the fourth-costliest U.S. disaster, based on insured property losses (in 2013 dollars), topped only by Hurricane Katrina, the attacks on the World Trade Center and Hurricane Andrew.

On the global scale, the Northridge earthquake still ranks as the second costliest earthquake for insurers, after Japan’s earthquake and tsunami of 2011, according to Munich Re.



Tuesday, 14 January 2014 17:39

Risk and the limitations of knowledge

Awareness of risk can lead to unforeseen risk behaviors based on knowledge that is sufficiently convincing to lead to false positives.

By Geary W. Sikich

“The more you know, the more you know you don't know.” Attributed to Aristotle.

Knowledge is an opening door to understanding; however, the risk of knowledge is understanding how much you do not know.

Unfortunately when it comes to organizational risks we have a very limited understanding of where risk is or where risk is going to materialize.



By Garrett Freeman.

Building facility managers wear many hats. In addition to focusing on the maintenance and operational aspects of a building, you may also be in charge of controlling safety-related issues and helping ensure business continuity while property damage restoration procedures are underway. If it is necessary to move the business and its staff to a recovery site or a temporary worksite after a flood or storm, it is important for you to know the property and water damage restoration processes. This helps assure a quick recovery and provides peace of mind.

Property damage restoration steps after a flood

When water damage is involved, time is of the essence in restoring a building and its contents. Instead of tackling water damage restoration in-house, call the professional remediation service listed in the emergency disaster plan right away. The experts may tell you how to safely start the drying process as you wait for the technicians to arrive.



In data management, the way you delete information can be as important as the way you keep it. Confidential information that finds its way into the wrong hands can lead to loss of advantage over competitors, public relations crises or other threats to business continuity. However, that doesn’t mean the wholesale destruction of data within an organization: legal archival requirements exist for publicly held businesses. In addition, information is now a valuable asset for many organisations. But how do you manage its selective release or ‘sanitisation’? This is already a challenge for paper-based information; for digital data, the difficulty is greater still.



The new year is often a time for making resolutions to improve personal health, productivity and wellbeing.  Why not use that opportunity to make similar resolutions for your Business Continuity Management program?  This year, make a pledge to keep your Business Continuity Plan trim, while still meeting Audit and Compliance requirements.

Business Continuity professionals often walk a fine line between perception and reality.  The result is often a 3-inch thick ring binder with hundreds of pages of administrative documentation.  Is it possible to kick the more-is-better habit and slim down those BCP’s from overweight to featherweight?  It depends…



Digitally empowered customers are disrupting every industry; the age of the customer brings with it some inherent risks that will push organizations to increase spending on security software. In Asia Pacific, security software has leapfrogged other software categories and leads the region in terms of expected software spending growth in 2014 (see figure below).



IDG News Service (San Francisco Bureau) — Neiman Marcus has been notifying customers of a data breach after hackers stole merchant card information for an undisclosed number of shoppers.

The high-end retailer said it was working with the U.S. Secret Service and a forensics firm to investigate the theft, which it said it learned about in December from its merchant card processor.

"On January 1st, the forensics firm discovered evidence that the company was the victim of a criminal cyber-security intrusion and that some customers cards were possibly compromised as a result," Neiman Marcus said in an emailed statement.



I’ve said many times in the past that physical infrastructure is and will remain a crucial component of the data environment. After all, software isn’t much good without a solid hardware foundation. But as virtualization and software-defined architectures continue to work their way into the enterprise, it is also clear that the majority of enterprise management activity will shift to these higher level architectures.

Hardware, in other words, will be important, but boring. And that poses some interesting questions as to how data environments are to be built and managed, particularly in the way the burgeoning field of enterprise architecture (EA) will come to supplant many traditional IT roles.



Along with January renewals and analyzing whether existing policies offer sufficient coverage, the new year is a perfect reminder to review company-wide emergency plans. While 2013 may have been a relatively light year for catastrophe losses, there’s no reason to assume 2014 will be, too.

Check out this infographic from Boston University’s Masters in Specialty Management program for a jump-start on identifying the risks of natural disaster and updating plans for how to handle any emergency:



Monday, 13 January 2014 16:00

How MAD are your Top Management?

Dare to ask that question of your Top Management? Maybe not, but a Risk Manager would try to understand their attitude to risk and their mythical 'Risk Appetite'. As a Business Continuity Manager, why not explore their 'Maximum Attitude to Disruption' (M.A.D.) a phrase I believe I uniquely use and created hoping it becomes more prevalent in a commercially driven BC world.

Risk appetite is a feeling, a sense of danger perhaps. Your risk attitude is what you intend to do about avoiding that danger, your Maximum Attitude to Disruption is a mixture of your Top Management’s risk appetite and risk attitude expressed in a business continuity context.



Data Privacy Day is on January 28. But isn't all hope lost when it comes to the P-word? Interestingly, Daniel Solove is one key expert who doesn't think so: His recent Year in Privacy roundup sounds a number of positive notes, largely having to do with regulatory pressure driven by public pressure. In the age of the customer, we really can see "water wear away stone" when ordinary people demand change. 



CIO — Outlook connection problems? Salesforce.com system crashing repeatedly? Trouble connecting to internal human resources systems? You're not alone.

According to a recent study from Compuware, of the more than 300 business executives surveyed, 48 percent reported they experience tech performance issues daily, and three out of four of those executives say the frequency and severity of these issues isn't improving.

It's not that executives and IT leaders don't want to fix these problems, says Bharath Gowda, director of technology performance, Compuware. It's that they're pressured to focus on what are seen as larger, more pressing issues instead of these day-to-day headaches, he says.



CIO — McAfee's comprehensive 2014 security report, released at the end of December, goes beyond rehashing the same set of threats in ever-increasing volume to instead reflect the impact of digital currencies, NSA leaks and social media. Going through the report, one thing becomes eminently clear: We are in no way prepared for what's coming in 2014.

I'll cover the report's main elements, but I suggest you read it thoroughly yourself — perhaps after a couple glasses of good brandy.



According to AMI’s study, 2014 North America SMB Mobility Landscape, Opportunity Assessment & Outlook, small to midsize businesses will help the mobility market grow to a predicted $71.5 billion by 2018. The report says that small businesses account for almost eight of every 10 dollars spent on mobility services and products in the U.S. and Canada, while midsize businesses account for 20 percent of mobile-related investments.



A recent Canadian Medical Association Journal article shows how data specialists in Ontario are using integration and analytics to reinvent health systems.

Data-integration innovations are refashioning the health systems from supporting acute care to “total patient data capture,” according to the article.

I’ll say this much for it: It’s stunning in scope. These health care data projects are pushing beyond integrating health care data to create the revolutionary, 360-degree vision of people that makes marketing leaders salivate.



CSO — The Internet of Things (IoT) is a mass of billions of connected devices from cars to wireless wearable products. Cisco's Internet Business Solutions Group estimated 12.5 billion connected devices in existence globally as of 2010 with that number doubling to 25 billion by 2015.

In light of this burgeoning market, CSO identifies five categories of IoT devices at risk in the coming year. CSOs who are aware of the threats and potential damage to their organizations can prepare accordingly.



Weather damage never goes out of season. According to a new report from the Insurance Information Institute (I.I.I.), winter storms are historically the third-largest cause of catastrophe losses, behind only hurricanes and tornadoes.

“Winter storms accounted for 7.1 percent of all insured catastrophe losses between 1993 and 2012, placing it third behind hurricanes and tropical storms (40 percent) and tornadoes (36 percent) as the costliest natural disasters,” said I.I.I. President Robert Hartwig.

Insured Catastrophe Losses

Between 1993 and 2012, winter storms resulted in about $27.8 billion in insured losses—or $1.4 billion per year, on average, according to Property Claims Service for Verisk Insurance Solutions.



Certification Ensures xMatters’ IT Alerting and Communications Platform is Fully Integrated with Leading SaaS IT Management Solution

SAN RAMON, Calif.  – xMatters, inc., a global leader in enabling business processes with communications, announced today that its leading cloud-based, automated messaging and communications platform is now certified for integration with ServiceNow, the enterprise IT cloud company. With this integration, companies who are currently using ServiceNow’s industry-leading IT management solutions will be able to utilize xMatters’ for incident management, creating a single consolidated platform to manage all communications throughout the enterprise. 

“ServiceNow’s leadership as a transformational SaaS IT provider combined with xMatters’ cloud based communications platform enables large organizations to stop overwhelming staff with too many alerts that don’t matter,” said Troy McAlpin, CEO of xMatters. “Organizations can now target the right person, deliver content in any language to any device, enabling a quicker resolution time.  Our mutual clients can now take advantage of the certified integration, which assures rapid value and interoperability.”

With this certified integration, the accessibility of xMatters’ communications technology allows customers to design processes and workflows, reducing mean time to restore critical services and enable proactive communications to key stakeholders. Automated conference calls, increase in the signal to noise ratio of IT notifications, and mobile-enabled workflows are the hallmarks of successful joint ServiceNow and xMatters customers.

“Our ServiceNow implementation was the first step in becoming a more automated IT shop meeting the needs of a rapidly innovating broader organization,” said Anoop Malkani, Head of Enterprise Service Management, British Sky. “We added automated incident creation and updates via an integration with HP OpenView.  xMatters extends that automation by ensuring when IT incidents occur, communications are delivered to appropriate audiences with the most relevant messages and dramatically reduce Incident Response Time. This could be a response-required SMS to a resolution team member or an ‘FYI’ email to a manager. xMatters gives us the flexibility to align our communications with the type of incident we are dealing with, to customize messages to cater to the individual recipients and with the assurance that we can focus on resolving incidents - not worrying about internal message delivery.”

xMatters’ IT management solution is now accessible through  ServiceNow’s Certified Partner Integrations.

About xMatters, inc.

xMatters enables any business process or application to trigger two-way communications (text, voice, email, SMS, etc.) throughout the extended enterprise. The company’s cloud-based solution allows for enterprise-grade scaling and delivery during time-sensitive events. More than 1,000 leading global firms use xMatters to ensure business operations run smoothly and effectively during incidents such as IT failures, product recalls, natural disasters, dynamic staffing, service outages, medical emergencies and supply-chain disruption. Founded in 2000 as AlarmPoint Systems, xMatters is headquartered in San Ramon, CA with European operations based in London. More information is available at www.xMatters.com Follow us on Twitter and Facebook.

Thursday, 09 January 2014 17:44

2013 Nat Cat Losses Below Average

Of the five costliest natural catastrophes for the insurance industry in 2013, only two were U.S. events, though neither ranked first or second, according to Munich Re.

In its 2013 Natural Catastrophe Year-in-Review Webinar jointly presented with the I.I.I., Munich Re noted that hailstorms in Germany in July actually caused the highest insured losses of the year. This was also the insurance industry’s most expensive hail event in German history, costing $4.8 billion in overall economic losses, of which $3.7 billion was insured.

Flooding in Europe in June was the second most costly natural catastrophe for the insurance industry in 2013, causing insured losses of $3 billion, though overall economic losses from this event totaled $15.2 billion, making it the costliest natural catastrophe of the year in terms of economic losses.



Thursday, 09 January 2014 17:43

How secure is your rack?

By Jason Preston

Data centre / center security is a big issue: especially for co-location centres hosting multiple racks for multiple, often competing, clients. Yet whilst security to access the data centre can often be impressive, individual rack level security is often sadly limited. Given the number of in-house staff and external engineers, from cable engineers to storage and server providers, passing through a data centre on a near daily basis, poor rack level security creates unnecessary risk.

Security is about far more than putting cages into the data centre. Organizations need a robust process that combines network accessed rack level security with change controls to create a complete, rack level access audit.

Without real-time, rack level access control, organizations cannot deliver the level of data centre protection increasingly demanded by governments and banks to prevent unauthorised access and criminal activity.



ENISA, the EU’s cyber security agency, has issued a new report studying network outages caused by power cuts. It provides recommendations to the electronic communications sector on how to withstand and act efficiently after power cuts, a key point being to establish better exchange of situational awareness and improved cooperation mechanisms within the sector and with the energy sector.

The Agency makes eight recommendations to National Regulatory Authorities (NRA) and providers within the electronic communications sector to reduce the risk of network and service outages caused by power supply failures.



Thursday, 09 January 2014 17:42

Is 2014 the Year of the 'Big Data Stack'?

CIO — Will 2014 see the emergence of a big data equivalent of the LAMP stack?

Richard Daley, one of the founders and chief strategy officer of analytics and business intelligence specialist Pentaho, believes that such a stack will begin to come together this year as consensus begins to develop around certain big data reference architectures—though the upper layers of the stack may have more proprietary elements than LAMP does.



Perpetual motion, like the alchemist’s stone, makes a great legend. The idea of something that keeps going indefinitely with no external source of energy is highly seductive, but also highly impractical. Friction or resistance of some kind will always intervene to eventually bring the system to a halt. However, almost-perpetual motion that just needs a teeny bit of energy to keep going is a much more realistic proposition. This is the big difference between new sales and loyalty sales for a company, where sales costs can diminish in favour of the repeat customer by a factor of up to 10. What is the secret sauce that lets companies strengthen their sales and their business continuity by so much, and for so little?



The BYOD movement in the enterprise is already taking some unusual twists. In addition to the variety of cell phones and smart devices IT must contend with, many users are utilizing personal cloud-based infrastructure. And that is leading to a host of integration, compatibility and security issues.

The personal cloud is nothing new. Consumers have been using on-line storage and synchronization for music, video and a range of other applications for several years now. According to ABI Research, the personal cloud market nearly doubled to $1 billion over the past year and is on pace to top $3.5 billion by 2018. In terms of raw capacity, personal clouds held about 685 petabytes in 2013 and will rise to 3,520 in 2018.



Network World — Last September customers of storage provider Nirvanix got what could be worst-case scenario news for a cloud user: The company was going out of business and they had to get data out, fast.

Customers scrambled to transfer data from Nirvanix's facilities to other cloud providers or back on to their own premises. "Some folks made it, others didn't," says Kent Christensen, a consultant at Datalink, which helped a handful of clients move data out of the now-defunct cloud provider.

Nirvanix wasn't the first, and it likely will not be the last cloud provider to go belly up. Megacloud, a provider of free and paid online storage without warning or explanation suddenly went dark two months after Nirvanix's bombshell dropped. Other companies have phased out products they once offered customers for cloud storage: Symantec's Backup Exec.cloud, for example is no longer being sold by the company.



Thursday, 09 January 2014 17:30

The 7 Best Habits of Effective Security Pros

CSO — Today's information security professionals need to learn more swiftly, communicate more effectively, know more about the business, and match the capabilities of an ever-improving set of adversaries. But, it doesn't seem too long ago that all it took to survive in the field was a dose of strong technical acumen and a shot of creativity to protect the network, solve most problems, and fend off attacks.

Not so today. The role of the security professional has evolved beyond that of mere technical savvy, and now includes consultant, educator, investigator, and defender of the data.

To understand the traits and habits that matter the most, we reached out to a number of security professionals by phone, email, and social media, who are successful in their respective areas in the field.

If there's one thing that screamed out from the interviews it was this: security knowledge alone is only the beginning of the skills and habits one needs to succeed.



One of the more public and ongoing corruption scandals in the world right now seems to be happening in Turkey. To say the events and facts are confused is an understatement. At this point there are not any international players who have been implicated but given the breadth and scope of what has come out of that country over the past month or so, it would only appear to be only a matter of time. It began in December when, according to the BBC, “The arrests were carried out as part of an inquiry into alleged bribery involving public tenders, which included controversial building projects in Istanbul. Those detained in the 17 December raids included more than 50 public officials and businessmen – all allies of the prime minister. The sons of two ex-ministers and the chief executive of the state-owned bank, Halkbank, are still in police custody.”

The Prime Minister claims that all of these arrests were simply political theater, generated by supporters of Fethullah Gulen, an influential Islamic scholar living in self-imposed exile in the US. Members of Mr. Gulen’s Hizmet movement are said to hold influential positions in institutions such as the police and the judiciary and the AK Party itself. Many believe the arrests and dismissals reflect a feud within Turkey’s ruling AK Party between those who back the Prime Minister, Recep Tayyip Erdogan. On Tuesday the Prime Minister and his supporters struck back at the police by removing approximately 350 police officers from their positions in the capital, Ankara. The Prime Minister and his supporters have also attacked the judiciary leading the investigation, claiming that it is all politically motivated.



Wednesday, 08 January 2014 15:58

Data Gravity and the Distributed Enterprise

As data becomes more fungible, that is, less engaged with the physical infrastructure that supports higher level virtual and cloud architectures, the overall data environment starts to exhibit new characteristics, some of which will dramatically alter the way in which those environments are built and operated.

Of late, the concept of data gravity has been showing up in tech conferences and discussion groups. Coined by VMware’s Dave McCrory about four years ago, it describes the way data behaves in highly distributed architectures. Rather than becoming evenly distributed across a flattened fabric, data tends to collect in pockets, with smaller bits of data gravitating toward larger sets the same way that particles coalesced into galaxies after the Big Bang. Part of this is due to the nature of distributed architectures where the farther away storage is from processing centers and endpoints, the greater the cost, complexity and latency. But it is also a function of the data itself, particularly now that all information must be “contextualized” with reams of metadata for it to be useful.



What should you consider before using the cloud for disaster recovery? Martin Welsh and Patricia Palacio provide some guidance.

Recovery challenges

Whatever the company size or industry, the truth is that your business can't afford downtime but traditional DR strategy investments have been difficult to justify. The majority of organizations attempt to protect only mission critical applications, leaving second-tier, but still valuable, systems vulnerable to extended outages. It's hard to justify improving your disaster recovery capabilities when you're under pressure to cut IT costs and when DR is seen as an expensive insurance policy.

The major challenges faced when planning your disaster recovery strategies are:



Ian Kilpatrick describes six emerging technology trends that will need consideration during 2014:

Thanks to the NSA and GCHQ, (coupled with ongoing allegations against the Chinese), security, corporate privacy and encryption have moved swiftly up the corporate agenda. Identity management, which has often been seen as a ‘nice to have’, will become even more of a ‘must have.’

For many years, wireless security was an afterthought to wireless deployment. However, in 2014, with the ratification of multi GBPS 802.11ac, wireless security will become ever more important as organizations move from wired networks to wireless ones.

As one example, the majority of wireless access point deployments in SMEs are connected to the trusted network, effectively bypassing the gateway security controls and policies. This isn’t sustainable, as wireless becomes the core of the network. There will be a rise in the deployment of both 802.11ac wireless and associated access point security.



Although the dust hasn’t yet settled on the Edward Snowden revelations about the activities of the US National Security Agency, the consequences already extend beyond the purely technical. While the immediate reaction was to think of better ways in which to encrypt data, it also dawned on foreign organisations that they might want to review certain business relationships. The idea that the NSA could have direct backdoors into many US companies dampened the enthusiasm of certain international entities to continue trading with them. But will American enterprises alone have to increase their efforts to maintain business continuity, or are companies in other countries affected too?



Wednesday, 08 January 2014 15:54

Jan. 1 Reinsurance Renewal Rates Drop

New capacity, rate reductions and competition are a few factors contributing to a softer market and an 11% drop in reinsurance rate on line—a calculation of reinsurance premium divided by reinsurance limit—almost across the board, according to Guy Carpenter.

Much of this was driven by a decline of 15% in the United States, while property catastrophe pricing in Continental Europe and the United Kingdom fell by 10% and 15%, respectively, Guy Carpenter said.

Willis Re said in its “1st View” report that soft market conditions are not unique to the property catastrophe market. The report found that “with few exceptions rates are down on most lines at Jan. 1.”



Wednesday, 08 January 2014 15:53

Lessons from the Target Breach

One of the last things I wrote about in 2013 was the Target breach. I suspect that breach is going to linger for a while, not only for customers but for businesses that (I hope) are now thinking a lot more about the security of their credit card systems and their computer networks overall. I know one small business owner is, because she asked me the types of questions she should ask regarding the security of her system. (And those questions may be a blog post for another day.)

Right before I went on holiday break, I had an email conversation with some folks from Guidance Software regarding the Target breach and the forensic investigation into what happened. One of the first things I was told was that we shouldn’t have been surprised that this breach happened because it was inevitable. As Jason Fredrickson, senior director of application development at Guidance Software, told me:



CIO — In the world of IT, things can and will go wrong. Failure can come from a number of things such as rushing to get too much done in a single project instead of breaking it down into smaller, more manageable projects. It can come from not allowing enough lead time for developers to do their part on the back-end or even from a consultant or vendor that led you down the wrong path.

Whatever the case, failure does happen; it's to be expected and as the saying goes life is "10 percent what happens to you 90 percent how you react to it." Failure doesn't have to be a negative. With the right attitudes and processes in place it can be educational, informative and sometimes transformative.

You know from a logical perspective that you should learn from your mistakes. That is drilled into many of us beginning in childhood. The problem, according to experts, is that in the corporate world, a lot of companies don't handle failure well. They don't have adequate processes in place to examine why something failed, but that is a huge necessary part of the learning process.



Wednesday, 08 January 2014 15:40

7 CRM Trends for 2014

Mobile CRM, which has been gaining momentum for quite some time, is a trend that will only get hotter in 2014, experts predict. Among other trends they expect to take root or accelerate in 2014: social CRM, more integration and smarter CRM.

Mobile CRM

Most industry observers agree that the adoption of mobile will be a dominant CRM theme in 2014 as companies look for ways to extend CRM capabilities to give employees convenient, always-on access to sales content, allowing them to address customer needs and collaborate with sales teams in real-time.

"CRM capabilities will be integrated into mobile tools to generate leads and opportunities both in-store and on the road," said Chris O'Connor, founder and CEO of Taptera. "We see companies that are using CRM continue to invest in out-of-the-box solutions through extension into mobile channels and customization to monitor, manage and drive leads, conversions, shorten sales cycles and improve customer support."



Friday, 03 January 2014 15:37

Winter Storms Are Major Cause of Cat Losses

The arrival of the first major winter storm of 2014 just two days into the new year makes this a good time to take stock of the insurance implications.

The Insurance Information Institute (I.I.I.) reports
that winter storms are historically very expensive and are the third-largest cause of catastrophe losses, behind only hurricanes and tornadoes.

From 1993 to 2012, winter storms resulted in about $27.8 billion in insured losses—or $1.4 billion per year, on average, according to Property Claims Service for Verisk Insurance Solutions (see chart below).



Some of the best Big Data and sensor uses come from the manufacturing and logistics world. But while supply chains and manufacturing floors can generate plenty of important business data, those functions aren’t always the best equipped to use that data.

Operations, supply chains and manufacturing are due for a technology overhaul, according to IDC Manufacturing Insights and other analysts who research these B2B functions.

The problem: Supply chain technologies and processes lag behind the highly digital world of the business side.



Before we embrace a new year, I want to share my personal picks for the best data success stories from 2013:

Feds Stop $47 Billion in Fraud, Overpayment. We often think in terms of technology solutions. For example, we ask “How much can master data management save this company?” or “Will Big Data projects pay off?” Sometimes, you can define savings by the project, but often the best results come when you combine multiple data technologies. Together, they add up to better information management and analysis.



With the New Year comes added awareness of the hazards social media can present to corporations, the risks of data exchange between business systems and other challenges inherent with technology. Here is a look at the top trends of last year and predictions for the year ahead.

2013 Key Trends

1.      Growing Convergence between IT, Security and the Business

Evolving risk challenges require that internal and external stakeholders are on the same risk page. For many organizations, however, internal audit, security, compliance and the business have different views of risk and what it takes to build a risk-aware and resilient business. Effective risk management starts with good communications. This includes a common taxonomy for dealing with risk, and a collaborative discussion framework to facilitate the cross-functional sharing of ideas and best practices.



If 2013 was the year that most organizations discovered what Big Data platforms such as Hadoop were all about, then the coming year will be the one in which they discover the applications that turn all that data into something of business value.

Brett Sheppard, director of Big Data marketing for Splunk, says that in terms of Big Data, 2013 was pretty much defined by investments in plumbing. Organizations largely experimented with Big Data platforms only to discover that the cost of acquiring the platform was nothing compared to the cost of the expertise required to actually develop an application that could make sense of all that data.



Thursday, 02 January 2014 16:11

The Best Advice from Big Data 2014 Predictions

Just ask anybody—2014 is going to be an even bigger year for Big Data.

“In 2014, we will see Big Data funding only grow, and at least one significant IPO possibly from a player like Cloudera,” writes Concurrent CEO Gary Nakamura.

Inhi Suh, IBM vice president of Big Data, integration, and governance, told Information Week that she foresees more organizational spending on Big Data as companies invest in a wider range of analytics, such as reporting, dashboards and planning, predictive analytics, recommendations and new cognitive capabilities.



Thursday, 02 January 2014 16:10

Is Rapid Detection the New Prevention?

Network World — There's a trend underway in the information security field to shift from a prevention mentality -- in which organizations try to make the perimeter impenetrable and avoid breaches -- to a focus on rapid detection, where they can quickly identify and mitigate threats.

Some vendors are already addressing this shift, and some security executives say it's the best way to approach security in today's environment. But there are potential pitfalls with putting too much emphasis on detection if it means cutting back on prevention efforts and resources.

Clearly, rapid detection is gaining traction. Research firm IDC has designated a new category for products that can detect stealthy malware-based attacks designed for cyber-espionage ("Specialized Threat Analysis and Protection") and expects the market to grow from about $200 million worldwide in 2012 to $1.17 billion by 2017.



There are different ways of looking at IT security involving end-user equipment such as PCs and mobile computing devices. One is to batten down the hatches at a corporate level, repel all viral boarders and let end-users fend for themselves. Another is to extend security to all end-user devices and take responsibility for maintaining data integrity and confidentiality from beginning to end. Whether or not your organisation has a choice in the matter may come down to the nature of your business.  How then will you know which approach you should consider?



CIO — In our 13 years of conducting our annual State of the CIO survey, we've never seen anything quite like this year's results. Our profession has become a house divided, with traditional service-provider CIOs on one side and business-focused, digital-strategist CIOs on the other.

"As we plow through this period of digital disruption, where established rules for competing may no longer apply, some CIOs now question what they want for themselves," Managing Editor Kim S. Nash writes in our cover story ("State of the CIO 2014: The Great Schism"). "The profession is changing fast in an atmosphere where colleagues sometimes look upon a traditional IT group as a hindrance to corporate success."



What words spring to mind to describe the business world today – remote control, automation, speed, renewal? These concepts can all help with business continuity and competitiveness, but so can their ‘yesteryear’ counterparts. Although new technology lets organisations improve different areas of operations, it doesn’t mean that it is a panacea to be applied universally and indiscriminately. Face to face work styles, manual procedures, and re-use of old systems all still have a role to play. Here’s a quick tour of three pre-Internet methods that enterprises and their managers could continue to keep in mind.

Virtual Teams Still Need Face to Face Time

Despite the solutions available for remote working, such as video conferencing, collaboration software and even social networks, nothing replaces face to face interactions. The wealth of information in body language alone makes the difference between the two modes. Management by walking around may have given up ground in the shift to virtual team working, but it hasn’t gone away.



What good is history if we refuse to learn from it? Taking a few minutes to look back on crisis communications in 2013, I first wondered if there were any really big things that happened. I mean we didn’t have a Gulf Spill, we didn’t have a tsunami-radiation disaster, we didn’t even have a superstorm–unless you were in the Philippines. Then I saw the Bloomberg list of the top 10 reputation crises of 2013 and had to agree it was indeed a scandalous year.

And there’s my first observation: when high-flying careers (like Paula Deen), impeccable business leaders (like Jamie Dimon) and the world’s most powerful government legislative body (US Congress) have reputation crises at the level we have seen this year, and it doesn’t even seem like any major disasters happened, well, you kind of have to wonder what is going on.



Monday, 30 December 2013 16:04

What Do You Want the Enterprise to Do?

This is the time of year when CIOs shore up their infrastructure deployment and development plans for the next 12 months. Naturally, this is guided by at least a rudimentary vision of what you want your data environment to look like, not just next year but in the decade ahead.

But while most plans center on hardware, software and, now, services – in essence, what you want the enterprise to be – it wouldn’t hurt to shift the focus a little toward what, exactly, you want the enterprise to do. Viewing infrastructure through the lens of functionality can often lead to innovative solutions to problems that hamper data flow and productivity.



In my previous post, I shared the three business drivers for re-evaluating Ye Old Integration Strategy: Integration costs too much, it’s too complex, and you’re too slow at it, which annoys the business.

But how are you supposed to fix those problems? In its recent Integration 2014 Trends-to-Watch report, Ovum predicts four technology strategies that will play a key role in resolving these business problems. Let’s look at each and see which ones can help you with your integration challenges.

IPaaS. Ovum predicts iPaaS solutions will evolve more in 2014. That’s a safe bet since we’re already seeing it: Silicon Angle reports that MuleSoft upgraded its iPaaS this month to offer more enterprise support.



SPRINGFIELD, Ill.—Take advantage of a new year to make your family safer in the face of future disasters.

The Federal Emergency Management Agency encourages Illinois residents to resolve to rebuild stronger and smarter, reducing the risk of potential devastation caused by events like the Nov. 17 tornadoes.

Through New Year’s Day, FEMA will offer simple tips and ideas to construct and maintain a home that can better withstand weather risks your community faces. This information will be posted and updated on FEMA’s Illinois recovery website FEMA.gov/Disaster/4157 as well as Facebook.com/FEMA and Twitter.com/FEMAregion5. Learn about rebuilding techniques and tips such as:                                                                                                                   

  • Reinforcing your Residence. Retrofitting your home can provide structural updates that didn’t exist when it was constructed. For instance, a homeowner can install straps to their roof’s structural beams to make it strong enough to resist the "uplift" effect of high winds that can cause it to lift and collapse back down on the house.
  • Fortify those Floors. Homeowners can secure their structure to its foundation by using anchors or straps. This can minimize the chances of a home moving off its foundation during events like tornadoes and earthquakes.
  • Trim & Tighten. Consider cutting away any dangling tree branches that pose a threat to your home and securing outdoor furniture and fuel tanks that can serve as projectiles during high wind events.
  • Elevation is a Smart Renovation. Flooding is a real risk in Illinois and elevating your home and its critical utilities can significantly reduce the risk of water damage. Contact your local floodplain manager to learn your flood risk and elevation requirements for your residence.
  • Assure You’re Fully Insured. Take the time to review your insurance coverage. Are you adequately insured for the risks your community faces? Are you covered for wind, flood or sewer back-up coverage? Has your policy been updated to reflect the value of your home? Contact your insurance agent to get these questions answered and ensure your home is financially protected.                                                                                                  

Survivors can apply online at DisasterAssistance.gov or with a smartphone or tablet by visiting m.fema.gov. They can also register and get questions answered over the phone by calling FEMA’s helpline, 800-621-FEMA (3362). Survivors who use a TTY can call 800-462-7585. The toll-free telephone numbers operate from 7 a.m. to 10 p.m. (local time) seven days a week until further notice.                                         

For the latest information on Illinois’ recovery from the Nov. 17 storms, visit FEMA.gov/Disaster/4157. Follow FEMA online at twitter.com/femaregion5, facebook.com/fema and youtube.com/fema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

With the steady rise of new cloud services, plus rapidly increasing solid-state deployment and advanced near-line and on-server solutions, storage had a pretty big year in 2013. The question for 2014, though, is whether we will see even more advanced technologies coming to the fore or whether this will be a year for capitalizing on the gains that are already in the channel. Or both?

For Instrumental CEO Henry Newman, 2014 looks to be a transitional year as the continued acceptance of solid state in the enterprise leads to greater consolidation in the industry, and possibly a few bankruptcies. As well, long-time storage solutions like native Fibre Channel and SATA will give ground to the improved performance and steadily declining costs of more advanced technologies. And if you have your heart set on finally putting PCIe 4.0 into play, well, think again. He expects the format to be delayed again until 2015.



IDG News Service (Boston Bureau) — Target has confirmed that hackers obtained customer debit card PINs (personal identification numbers) in the massive data breach suffered by the retailer during the busy holiday shopping season, but says customers should be safe, as the numbers were encrypted.

Some 40 million customer debit and credit cards were affected by the breach, but until now it wasn't clear that PINs were part of the hackers' massive haul.

"While we previously shared that encrypted data was obtained, this morning through additional forensics work we were able to confirm that strongly encrypted PIN data was removed," Target said in a statement on its website Friday. "We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems."



Monday, 30 December 2013 15:59

Are You Ready for BYOI?

By now nearly everyone is familiar with bring your own device (BYOD). Some people out there still aren’t sure whether BYOD was nothing more than a buzzword in 2013 or if it really was a popular movement with serious security implications. (My personal thought is that the trendiness of the acronym downplayed the very real security concerns that the concept brought upon the enterprise.)

But no matter what you think of it, BYOD is, as Art Coviello, executive chairman of RSA, told me in an email, “so 2013.” According to Coviello, we should get ready for BYOI, bring your own identity. BYOI, Coviello added, is the next step in the trend that began with BYOD:

The next evolution will be the consumerization of ID or identity as employees increasingly push for a simpler, more integrated system of identification for all of the ways they use their devices.  Identity will be less entrusted to third parties and increasingly be something closely held and managed by individuals – as closely as they hold their own devices....


As small businesses prepare for 2014, they shouldn't focus solely on increasing their bottom lines.

Paychex, a provider of payroll, human resource and benefits outsourcing solutions, says it's equally as important for small businesses to be aware of the legislative issues that could affect their operations in the year to come.

"Navigating all of the legislative and regulatory changes that occur throughout the course of the year can be challenging, taking business owners away from other important aspects of running their businesses," said Martin Mucci, Paychex president and CEO. 



Thursday, 26 December 2013 16:00

3 Ways Enterprise IT Will Change in 2014

CIO — The holiday season is a great time to look back at the year, with an eye toward what we in the ever-changing world of information technology can expect in 2014. These three trends warrant your close attention in the new year.

In Light of NSA Revelations, Companies Will Be Wary of the Cloud

For most businesses, 2013 was the year of the cloud. Companies that still hosted their email in house would in large part move that expense and aggravation to someone else. Microsoft SharePoint and other knowledge management solutions could be run in someone else's datacenter, using someone else's resources and time to administer, thus freeing your own people to improve other services or, gasp, work directly on enhancing the business.

But then Edward Snowden came around in June and started to release a series of damning leaks about the United States National Security Agency's capability to eavesdrop on communications. At first, most folks weren't terribly alarmed. But as the year wore on, the depth of the NSA's alleged capabilities to tap into communications — both with and without service provider knowledge — started to shake the faith of many CIOs in the risk/benefit tradeoff for moving to cloud services.



Data center infrastructure will undergo dramatic change across the board in the coming year, but while much of the focus will be on software-defined architectures and cloud computing, bare metal changes are on tap as well.

This is actually quite a heady time for servers in particular, given that the pressure to revamp data-handling capabilities is mounting as the enterprise struggles to meet the challenges of mobility, Big Data, collaboration and other macro forces.

For InterWorx’ Graeme Caldwell, the rise of high-volume/small packet data traffic will lead directly to the ARM architecture finally breaking the “x86 monoculture” that has gripped the enterprise for so long. ARMs thrive in the chaotic universe of mobile data, so if the enterprise wishes to scale resources up and down to suit ever-changing load volumes, they would be better off with legions of low-power ARM units at their disposal than highly virtualized x86 machines. And while Intel currently holds a slight edge with its 64-bit Avoton SoC, the coming year will see 64-bit ARMs from Caldexa, Applied Micro and others.



Thursday, 26 December 2013 15:58

Welcome to the New Enterprise Data Center

The coming year will be a pivotal one for a wide range of data center components including everything from servers and storage to the virtual layer and cloud architectures. But before I get to all of those, I thought it would be a good idea to see what is likely to happen to the data center itself. After all, with enterprise infrastructure poised for some truly wide-scale distribution, the data center is increasingly being viewed as a single component of perhaps a global data environment.

And while some may argue that the data center will diminish in importance as responsibility for actual physical layer infrastructure falls to the cloud provider, the fact remains that for the coming year, at least, enterprises of all sizes will rely on their own data facilities to a higher degree than in years past.



If you can see what will happen in the future, you can take steps to prepare for it – or avoid it, or even change it. That’s the promise of predictive analytics, a topic that naturally interests business continuity managers. While there’s no guarantee of exact predictions, predictive analytics can indicate change patterns and emerging trends. Sensibly constructed models can show areas of combined high uncertainty and influence, where particular attention should be paid in preparing to ensure continuity. However, predictive analytics as such fall short in two areas related to business continuity: one of them can be ‘fixed’ by using a similar approach, whereas the other cannot.



Many folks take the days between Christmas and New Year’s off. Others, of course, have to work, despite the consumption of too much egg nog.

If you do have to work, it makes sense to be as productive as possible. This year, keep in mind that the late fall has been characterized by winter-like weather. It is not a good sign that suddenly the people who are in charge of this sort of thing have decided to name the storms that seem to be meandering from west to east on a regular basis.

So why not focus on a business continuity plan? These templates are vital, and may come in handy very quickly.



Thursday, 26 December 2013 15:55

BCM / DR Scheduling

Nothing happens without good planning and implementation strategies and this is required when planning out the development of the Business Continuity Management (BCM) / Disaster Recovery (DR) program. It’s impossible to just start something without having any idea when you’ll be finished or what you need to reach along the way to be able to take the next step.

Often, to get proper buy-in from executives, a BCM/DR practitioner has to provide a timeline alongside the goals and deliverables the project will provide. Its one thing to provide the reasons why you need a program and if those are accepted by executives as valid reasons (let’s hope they think so…), the next question will be, “When will it be done?” So, a draft timeline must be mapped out; from how long a BIA will take and when the findings will be delivered to when the 1st test will occur.

Of course, it will all be built upon assumptions such as resource availability for example, but a high-level timeline must be provided to executives. Below are ten considerations a practitioner must keep in mind when building the BCM/DR program:



Thursday, 26 December 2013 15:55

Saas Predictions for 2014

IDG News Service (Boston Bureau) — While the bulk of enterprise software is still deployed on-premises, SaaS (software as a service) continues to undergo rapid growth. Gartner has said the total market will top $22 billion through 2015, up from more than $14 billion in 2012.

The SaaS market will likely see significant changes and new trends in 2014 as vendors jockey for competitive position and customers continue shifting their IT strategies toward the deployment model. Here's a look at some of the possibilities.



A storm that left at least nine people dead and more than 400,000 without power this weekend was pushing its way into Canada on Sunday, but holiday travelers may still face slick roads as the system douses the Southeast with heavy rainfall.

The storm that brought high winds, ice, snow and rain to a wide swath of the Southeast before roaring north will affect sections of the USA through Monday night, said Frank Strait, senior meteorologist with AccuWeather.

"The main part of the storm is pulling away into Canada now and taking some of the snow with it,'' Strait said. But a lingering cold front could stretch from Virginia to Pensacola, Fla., causing heavy downpours before the system finally begins to weaken.



Monday, 23 December 2013 14:33

The Changing Trends of DDoS Attacks

Distributed denial-of-service (DDoS) attacks certainly aren’t new. I’ve been talking about them for years. However, they have been changing. The traditional style of attack, the flood-the-target type that crashes a website, is still going strong. But now we are seeing an increase in application-layer attacks that have the same goal: Systems go down, resources are unavailable and the victim is scrambling to fix everything.

Recently, Vann Abernethy, senior product manager for NSFOCUS, talked to me about the changing DDoS landscape. Something he has noticed is how DDoS attacks are being used as smokescreens to cover up other criminal activity. He said:

In fact, the FBI warned of one such attack type back in November of 2011, which relies upon the insertion of some form of malware. When the attacker is ready to activate the malware, a DDoS attack is launched to occupy defenders. In this case, the DDoS attack is really nothing more than a smokescreen used to confuse the defenses and allow the real attack to go unnoticed – at least initially.  Considering that most malware goes undetected for long periods of time, even a small DDoS attack should be a huge red flag that something else may be going on.



Monday, 23 December 2013 14:32

Target Sees Massive Customer Data Hack

It couldn’t have happened at a worse time for a retailer. Target informed shoppers that if they charged an item at Target stores between Nov. 27 and Dec. 15, their credit and debit card accounts may have been compromised—as much as 40 million cards in all.

While online shoppers typically have been the victims, this time hackers went through the physical checkout systems inside every Target store—about 2,000 stores, 1,797 in the United States and 124 in Canada. It’s possible that every shopper who swiped a credit card or entered a pin number at the point of sale had their information stolen.

Barbara Endicott-Popovsky, director of the Center for Information Assurance and Cybersecurity at the University of Washington told TIME Magazine that hacking “is a business. The general public would be shocked and amazed by the size of the problem.”



Give the IT industry credit for facing up to the challenge of energy consumption over the past few years. Once it entered the popular consciousness that data infrastructure consumes a significant portion of total energy capacity, industry leaders across the board set to work building more efficient infrastructure.

Part of this was simple economics, of course – less energy means lower operating costs. And to be sure, virtualization came along at just the right time to slim down hardware footprints without sacrificing data processing capabilities.

And now it seems some planners are moving onto the next goal, and a rather ambitious one at that: the zero-carbon data center. A colocation firm in Iceland is nearing completion on a facility that relies entirely on hydroelectric and geothermal sources to power its fully modular data infrastructure. The company recently installed a free air cooling system from Eaton-Williams that operates without chillers or mechanical cooling of any kind, instead taking advantage of arctic winds brought in by the Gulf Stream. The Tier-3 facility measures about 23,000 square meters and is backed by redundant UPS supplies for critical systems, with power densities ranging from 4 kW to 16 kW per rack.



Monday, 23 December 2013 14:30


By Dan Watson, Public Affairs

At the end of each week, we post a "What We’re Watching" blog as we look ahead to the weekend and recap events from the week. We encourage you to share it with your friends and family, and have a safe weekend.

A Potentially Stormy Holiday 

According to our friends at the National Weather Service, a storm system is set to track across the nation this weekend, impacting states in a variety of ways and potentially disrupting holiday travel. Here’s the latest forecast from the NWS:

  • Heavy rain is forecast from the lower Mississippi River Valley to the Ohio Valley this weekend with a risk for flash flooding.
  • A wintry mix, including freezing rain and snow, is possible from the central Great Plains, through the Great Lakes and to northern New England this weekend.
  • The NWS Storm Prediction Center (SPC) has indicated a Moderate Risk of severe thunderstorms on Saturday, with possible tornadoes, for portions of the Lower Mississippi Valley.
  • Severe thunderstorms are possible from the Central Gulf Coast/Lower Mississippi Valley into the Ohio Valley Saturday.

As you travel to visit friends and loved ones for the holidays, we encourage you to exercise caution and monitor weather conditions as they change. Stay up-to-date on weather conditions in your area by visit weather.gov or mobile.weather.gov on your mobile device.  Also, visit Ready.gov for more winter weather safety tips and other great resources!

Be Prepared in 2014!

 This year's Resolve to be Ready campaign focuses on 'Family Connection' to reinforce the importance of parents including their children in preparedness conversations in advance of potential disasters. The Ready campaign makes an emergency preparedness resolution easy to keep by recommending families consider these three ideas when making a plan: who to call, where to meet and what to pack. User this image as your Facebook and Twitter cover photo graphics to get your community prepared in 2014.

With the New Year around the corner, it’s time to make our resolutions. Why not Resolve to be Ready for an emergency?

This year, we’re continuing our Resolve to be Ready campaign with an emphasis on 'Family Connections' – reinforcing the importance of getting kids involved in preparedness conversations in advance of an emergency. We’re making your emergency preparedness resolution easy to keep this year with three simple tips when making a plan: who to call, where to meet and what to pack.
Here’s what you can do:

  • Make a family communication plan that answers – who to call, where to meet and what to pack.
  • Join our Thunderclap on Facebook and Twitter and share a New Year's resolution of preparedness with your followers. How does Thunderclap work? Once you sign up, Thunderclap will sync your social media accounts to release an automatic Facebook post, Tweet or both on January, 1, 2014 at 12:30 PM reminding your friends and followers to make a family emergency plan.
  • Use #Prepared2014 in your social media messaging throughout 2014 to remind your friends and followers to be prepared for emergencies all year long.
  • Share preparedness messages from the Ready Facebook and Twitter feeds.

Visit ready.gov/prepared2014 for more information on how you can Resolve to be Ready in 2014!

Photos of the Week

Here are a few of our favorite photos that came into our Photo Library this week.

Forest Hills, N.Y., December 17, 2013 -- United States Marine Sgt. Nail, from the 6th Communications Battalion, is greeted by Federal Coordinating Officer Willie Nunn. The Marines came to FEMA's Joint Field Office in Queens to pick up toys donated by FEMA workers for the "Toys for Tots" charity. K.C.Wilsey/FEMA

East Peoria, Ill., December 17, 2013 -- FEMA Public Information Officer Art Alejandre, does an interview in Spanish with Univision at a local Disaster Recovery Center to encourage local residents impacted by the November tornadoes to apply for FEMA assistance. Local residents who suffered damages or losses are encouraged to apply to FEMA for disaster assistance by calling (800) 621-3362, (TTY) (800) 462-7585, or by applying online at www.DisasterAssistance.gov. Jocelyn Augustino/FEMA

Santa Clara, N.M., December 16, 2013 -- Deputy Tribal Coordinating Officer Michael Chavarria is charged with a project on restoration of the Santa Clara Pueblo’s ancient tribal lands, which were damaged after recent fires. Adam DuBrowa/ FEMA

New Topics on Our Online Collaboration Tool

We’ve recently launched a few new topics on our online collaboration tool and as always, we want to hear your thoughts and ideas. Head on over and share your ideas, comment on others ideas, and vote for your favorite.

That’s it for today’s What We’re Watching. On behalf of everyone at FEMA, we wish you and your family a wonderful and safe holiday!

Monday, 23 December 2013 14:29

Colorado Flooding – 100 Days Later

(Editor: Cuts of disaster response and recovery are available at www.flickr.com/photos/coemergency or www.go.usa.gov/DeK9.)

DENVER – In the 100 days following the catastrophic floods that hit much of Colorado, more than $204 million has gone to individuals and households in recovery assistance, flood insurance payments and low-interest disaster loans.

In addition, more than $28 million has been obligated to begin to repair and rebuild critical infrastructure and restore vital services.

Initially, the State, federal and local objectives were to save lives, bring aid to the affected areas, provide temporary safe housing, clear debris and to make immediate repairs to damaged infrastructure to put communities on the path to recovery.

President Obama signed a major-disaster declaration for Colorado Sept. 14 after severe and unremitting rains that began on Sept. 11 inundated much of the northeast portion of the state. The flooding killed 10 people, forced more than 18,000 from their homes, destroyed 1,882 structures and damaged at least 16,000 others.

Progress by the Numbers:

  • Under the Individuals and Households Program, FEMA has granted $53,816,716 for housing needs and $4,572,871 to help survivors who suffered damage to their homes. Under the Public Assistance Program, FEMA has obligated $28,338,878 to publicly owned entities and certain nonprofits that provide vital services. (See below for county-by-county breakdowns.)
  • The U.S. Small Business Administration has approved 2,274 low-interest disaster loans for over $90 million to Colorado homeowners, renters, businesses of all sizes and private nonprofit organizations. Of that amount, $73 million was in loans to repair and rebuild homes and replace personal property and $17 million was in business and economic-injury loans. Approved loan amounts for some of the most impacted areas include $55.2 million to Boulder County, $14 million for Larimer County and $9.4 million for Weld County.
  • More than 50 national, State and local volunteer organizations pitched in to help in the recovery efforts, involving the work of 28,664 people giving their time and energy to both short- and long-term healing and to address any unmet needs. Volunteers provided donations-coordination, home repair, child and pet care, counseling services, removal of muck and mud from homes and much more. In-kind donations amounted to $3,187,564. Valuing a volunteer hour at $22.43, the 275,860 hours of time represents a contribution of $6,162,725.
  • The National Flood Insurance Program approved more than $55.7 million to settle 1,910 claims.
  • More than 28,348 survivors registered for disaster assistance.
  • FEMA housing inspectors in the field have looked at nearly 26,000 properties in the 11 counties designated for Individual Assistance in the president’s major-disaster declaration.
  • FEMA Disaster Survivor Assistance teams canvassed hundreds of neighborhoods, visiting more than 62,000 homes and 2,741 businesses to provide information on a vast array of services and resources available to eligible applicants and made follow-up contacts in hundreds of cases.
  • More than 21,500 survivors were able to visit 26 State/federal Disaster Recovery Centers to get one-on-one briefings on available assistance, low-interest loans and other information.


  • Since Transitional Sheltering Assistance was activated Sept. 22, a total of 1,067 households have stayed in 177 participating hotels. The Transitional Sheltering Assistance deadline was extended five times to Dec. 14, with checkout Dec. 15. To date, 55 manufactured housing units are either in place or being placed in Boulder, Larimer and Weld counties for families unable to secure other housing resources. FEMA has ordered a total of 66 manufactured housing units.


  • In the 18 counties designated for FEMA’s Public Assistance program, 236 meetings were held to discuss the details of the program and the amounts involved in each recovery project. This component of federal assistance provides at least 75 percent of the costs of repairing and rebuilding public infrastructure, reimbursement for emergency measures, helping critical services conducted by governments and certain nonprofits get back to normal, and in some cases implementing mitigation against future damage and losses. FEMA and the State fielded 238 eligible Requests for Public Assistance. The amount obligated so far: $28,338,878.


  • FEMA and the State supplied disaster-assistance information to 33 chambers of commerce, six economic-development centers and 38 schools of higher education.
  • FEMA’s Speakers Bureau received 85 requests from officials and other interested parties and 443 State/federal specialists have spoken at meetings and other venues. Thus more than 8,300 attendees were able to get information on assistance programs, flood insurance and low-interest loans.
  • FEMA mitigation specialists counseled 15,250 survivors during outreach efforts at area big-box hardware and building-supply stores and counseled more than 4,700 at Disaster Recovery Centers.
  • At , the dedicated Colorado-disaster website, there have been more than 103,000 hits – an average of 1,300 daily. The FEMA Region VIII Twitter feed has fielded more than 600 tweets and has increased the number of followers to 9,100. In the last 100 days, the State has sent out 1,025 tweets, has increased to 21,500 @COemergency followers and the COemergency Facebook page garnered 2,182 “likes.” The coemergency.com page has had 234,757 page views.
  • FEMA Corps teams were instrumental in spreading the word about assistance throughout the affected areas and worked alongside FEMA regulars in the Joint Field Office in Centennial. More than 300 FEMA Corps members helped survivors in responding to and recovering from the disaster.


Avere Systems has released the findings of a cloud adoption study conducted at AWS re:Invent 2013. The overwhelming majority of attendees surveyed indicated that they currently or plan to use cloud for compute, storage, or application purposes within the next two to five years. Cost savings and disaster recovery / business continuity were found to be the factors most heavily driving cloud storage adoption, indicating that organizations believe cloud storage has the potential to increase efficiency, productivity, and the bottom line for their business.

Despite the majority of participants reporting cloud use within the next few years, attendees surveyed indicated security, performance, and organizational resistance as the largest barriers to cloud adoption. In addition, more than a third of attendees surveyed reported that their primary providers of traditional on-premises storage equipment are not helping with their adoption of cloud storage.



Here’s what I see coming in the new year:

  1. Enlightened CIOs will regain a key role in the acquisition and implementation of enterprise Cloud solutions, including Software-as-a-Service (SaaS) applications and Infrastructure-as-a-Service (IaaS) computing resources. They will not only put policies in place that will encourage end-users and business units to include IT in the procurement and deployment processes, but will also enable IT to play a more proactive role in the evaluation and selection process.
  2. Corporate end-users and business units will be forced to enlist greater IT involvement and support in the acquisition and implementation of enterprise Cloud solutions because they will face greater challenges integrating them into their existing systems, software and data sources, and ensuring their security and performance.
  3. IT professionals will become more receptive to acquiring Cloud-based IT management solutions that enable them to more easily and economically perform their day-to-day duties so they can dedicate more time to strategic corporate initiatives.



CIO — Around this time last year, CIO.com and its outsourcing experts made some plucky predictions for IT services in 2013 We said this would be the year that outsourcing governance finally grew up. (Hardly.) We said outsourcing customers would take matters into their own hands with more do-it-yourself deals. (They did.) And we predicted that customers would value domestic presence as a key differentiator among service providers. (It was just one of many factors.)

We revisited all of our prognostications from last year and found that three of them were right on target, four of them were off base and the other two were just beginning to take shape at year's end. As we pull together our 2014 forecast, here's how those 2013 predictions turned out:



A number of big changes will start to impact IT in 2014 — but you should likely be thinking about them over the holiday break. Here are three trends I'm watching and what they will mean as we all get ready for the New Year.

First, robotics will move very rapidly now that Google is chasing the robot market. The question: Who will buy and maintain these robots, which will be increasingly used for anything from manufacturing to security? They'll need software updates, for one, and eventually they'll need to be managed like PCs, but the jobs robots replace or supplement will reside in other functions. Like all emerging technologies that enter at the bottom line, managers will initially be making the decisions without input from IT.



If one of your goals in the New Year is to move toward using Big Data, then it’s time to move beyond the theoretical discussion to the nitty-gritty of implementations.

That doesn’t mean you should ignore your strategic goals, of course: It just means filling in the integration blanks between having Big Data and using Big Data.

TechTarget recently published a good starting point by excerpting chapter 10 from “Data Warehousing in the Age of Big Data,” written by Krish Krishnan, who is a Chicago-based executive consultant with Daugherty Business Solutions and a TDWI faculty member.



Conventional Big Data wisdom holds that in order to derive any value from technologies such as Hadoop, organizations need to invest in a cadre of data scientists to build complex analytics applications. The problem with that thinking is that by the time an organization assembles all the software and hardware expertise needed to launch a Big Data application, multiple years will have gone by.

Datameer is one of a handful of application providers that are challenging Hadoop conventional wisdom. Fresh off garnering an additional $19 million in funding this week, Datameer is making the case that what organizations really want is access to Big Data analytics applications that are about as complicated to use as a Microsoft Excel spreadsheet.



Friday, 20 December 2013 15:20

Disaster Losses Down From 2012

Windstorm Xaver: Model shows a large area of high winds in the lower atmosphere pushing waters of the North Sea into the coasts around western Europe. Courtesy WeatherBELL Analytics.

Natural catastrophes and man-made disasters worldwide reached $44 billion in insured losses in 2013—down from $81 billion in 2012, according to a Sigma preliminary report by Swiss Re.

The study found that total economic losses from disasters in 2013 totaled $130 billion and 25,000 lives were lost. Hurricane Haiyan alone, which hit the Philippines in November with record-breaking winds, claimed more than 7,000 lives. In 2012 total economic losses were $196 billion and 14,000 lives were lost.



Friday, 20 December 2013 15:13

The three roles of social media in crises

We all (most anyway) know that social media and digital communications play a primary role in creating, expanding and responding to crises today. But it all seems sort of a mishmash, so I found these comments from Dallas Lawrence very helpful in distinguishing the three roles that social and digital media play:

First, social media is an instigator. Were there not a social platform that allows us to send out our every thought, or record every stupid thing that happens, the crisis wouldn’t have occurred.

The next role is that of accelerant. A similar crisis may have happened 20 years ago, but it would not have metastasized so quickly without social media. So Lawrence stresses we must be prepared to act immediately instead of waiting and seeing.



Thursday, 19 December 2013 14:30

Man-made Disasters and 2013

Just $6 billion of the $44 billion in estimated insured global losses arising from catastrophes in 2013 were generated by man-made disasters, little changed from 2012, according to Swiss Re sigma preliminary estimates.

But as an article on the Lloyd’s website reports, even though natural catastrophes may have dominated the news headlines in 2013, a series of man-made disasters have had a significant impact on a number of communities.

In fact around 5,000 lives were lost as a result of man-made disasters in 2013, according to Swiss Re sigma estimates.



IDG News Service (Bangalore Bureau) — Target has confirmed that data from about 40 million credit and debit cards was stolen at its stores between Nov. 27 and Dec. 15.

The statement from the retailer Thursday follows reports that thieves had accessed data stored on the magnetic stripe on the back of credit and debit cards during the Black Friday weekend through card swiping machines that could have been tampered with at the retailer's stores, a practice known as card skimming.

The data could have been used to create counterfeit cards that could even be used to withdraw money at an ATM, according to the reports.



Lists, kits, packs… they often exhibit order and completeness, two dimensions that are also important for effective business continuity. They are also the underlying principles of the ‘battle box’, a repository for vital information to allow an organisation to carry on operating in adverse conditions. Just like first aid kits and motorists’ emergency packs, a battle box should focus on the essentials. It should also be accessible and ‘grabable’ so that it can be made readily available to those responding to an incident.  However, there’s more a viable battle box than just ticking off items to be put in it.



Privacy is on trial in the United States. Legal activist Larry Klayman asked U.S. District Judge Richard J. Leonto require the NSA to stop collecting phone data and immediately delete the data they already have. Their argument was that US citizens have a right to privacy and this is a violation of the 4th Amendment of the Constitution protecting you from illegal search and seizure. Monday' ruling that this practice is unconstitutional has privacy activists cheering in the streets, but it will not be a lasting victory.

In the United States, there is not a single privacy law on the books. (You can argue that HIPAA is a privacy law, but nuances exists that can lessen its impact.) What is protected has come from judgments based on the application of the 4th Amendment regarding search and seizure. US citizens were given "privileges”, thanks to Richard Nixon, which say we have an expectation of privacy when using a phone, which basically means that the government has to get a warrant for a wiretap. (It’s worth noting that in the UK, they don’t get that privilege.)

Data is up for grabs. And everyone is grabbing.



Thursday, 19 December 2013 14:26

5 Strategies for Post-Holiday BYOD Problems

CSO — Christmas is fast approaching. Now, and after the office is back to normal after the first of the year, employees are going to return with several shiny new gadgets, along with the expectation that they'll "just work" in the corporate environment. Security will be a distant afterthought, because it's still viewed as a process that hinders productivity.

The back and forth between security helping or hurting productivity is a battle that has existed before the mobile device boom, and it will exist long after the next big technological thing arrives. But the fact remains security is an essential aspect to operations.

Analysts from Frost & Sullivan have estimated that mobile endpoint protection market will reach one billion dollars in earned revenue by 2017, a rather large number given that last year the market was worth about $430 million. The reason for the large projection is simple; mobile is the new endpoint, and everyone has one.



CIO - Superstorm Sandy, the Fukushima Daiichi nuclear plant near-meltdown and ongoing regional natural disasters such as Typhoon Haiyan all wreak havoc with the capability of many affected companies - thousands, if not more - to continue business operations.

We define business risk as any event or activity that threatens the capability of a company to concentrate on its primary goal of generating revenue. There's also business risk from unexpected or unbudgeted costs to a company owing to improper management or monitoring of the software running in an enterprise. Do you recognize that there may be significant business risks to your company lurking in your IT operations, even as you take the time to read this article?

Business risk is what organizations continually work to mitigate via disaster recovery or business continuity plans - and rightfully so. But a company may also be exposed to elevated business risks owing to two frequently overlooked issues: Software asset management (SAM) and software license management (SLM). Let's take a look at the how your organization can mitigate business risk using SAM and SLM.



Thursday, 19 December 2013 14:24

The 8 Hottest Security Stories of 2013

CSO — Data loss, privacy violations, stolen source code, malware development, and more. In hindsight, 2013 was busy year for security professionals, as well as a costly one for the organizations and individuals targeted by criminals.

As mentioned, 2013 was a busy year with regard to security incidents. While there's still a month left, the fact remains that one-hundred million plus records have been compromised during the past eleven months. The source of this loss has been blamed on everything from nation state attacks and activists, to hackers with an agenda.



Wednesday, 18 December 2013 16:17

Four enterprise IT predictions for 2014

What challenges threaten to impact on the integrity of enterprise IT systems during the year ahead? David Gibson, VP at Varonis Systems, gives his predictions:

Knowing where your enterprise’s data is stored is no longer optional.

Privacy and other laws vary from nation to nation. Businesses and their remote offices need to know which laws they must comply with, and those laws are in a state of flux in a number of large countries. In particular, US companies doing business in Europe face the prospect of new challenges that will require more accurate knowledge of where their data – and their customers’ data – reside than most of them have today.

The proliferation of personal cloud services and mobile device capability continues to put critical data in flight, beyond not only the walls but also the awareness of the enterprise. Making this even more urgent is the realization that some governments can (legally, it appears) access data stored in cloud services.



It’s the CIO’s version of Groundhog Day: Business units want a solution, but do not want to wait on IT. So the division leaders bypass IT by funding the solution from their own budget. Eventually, it all comes out and IT has to solve the ensuing integration problems.

The cloud has only multiplied the problem and added one more complication: Now, business users aren’t willing to put up with IT taking its sweet time on solving the integration problem, even if the business caused it, Gartner VP and Research Fellow Massimo Pezzini told Information Age.

And yet, as InformationWeek’s State of Cloud Computing Survey revealed, many companies are still trying to solve integration with manual coding.



Here are my predictions for 2014:

  1. 2014 will bring exponential expansion and evolution of the Internet of Things (IoT).
    This will also bring new opportunities for information security trailblazers unlike any we’ve seen before. The potential benefits of the IoT will be huge, but just as large will be the new and constantly evolving information security and privacy risks. We will see some significant privacy breaches resulting from the use of IoT devices as a result. New IoT risks, and resulting security incidents and privacy breaches, will bring a significant need for technology information security pros to also understand privacy concepts so they can implement privacy protections within all these new devices, and into the processes and environments where the devices are used. Even though basic information security and privacy concepts will still apply, very little has been done to actually implement security or privacy controls in these new technologies. We will need more information security and privacy professionals who can recognize new information security and privacy risks. There is no textbook to look to for these answers as risks evolve.



Wednesday, 18 December 2013 16:13

Cloud Storage Cozies Up to the Enterprise

Cloud storage providers want your business, and they are actively exploring numerous strategies to get it.

However, catering to professional organizations is much different than catering to individuals, even if those individuals use their personal clouds to house business data. And the provider, or providers, who can establish robust, enterprise-friendly storage environments will reap a substantial reward as organizations look to scale infrastructure in order to take on Big Data and other challenges.

This is why so many cloud providers are introducing a wide range of top-tier storage features in their platforms. Box, for example, recently added a new administration console that aims to extend visibility and control into its hosted environment. The system includes protections for personal data like credit card numbers and Social Security information, as well as data and traffic analysis tools to help organizations better manage resource consumption and red-flag unusual usage patterns. There are also new automation and content management suites with improved workflow and search functions.



When is the last time you personally experienced a hard drive failure?

A few years ago, thieves broke into our RV and stole the laptops, hard drives, and basically anything not nailed down.

At the time, I had a backup strategy - but pushed the backup and swap by two days (after the weekend). As a result of that fateful decision, I lost a few weeks of work and a few gigabytes of pictures. I recreated the work, but the pictures are gone.

I learned the importance of sticking to the backup plan, having multiple backups (in different locations), and never leaving a phone with a laptop. Never.

Last summer, as the hard drive on my roughly four year old laptop signaled it was failing, I was ready. I had a backup. And to be safe, I had a backup of my backup.

- See more at: http://blogs.csoonline.com/security-leadership/2874/using-evidence-hard-drive-failure-backblaze-increase-value-security#sthash.DUEc8wMl.dpuf

When is the last time you personally experienced a hard drive failure?

A few years ago, thieves broke into our RV and stole the laptops, hard drives, and basically anything not nailed down.

At the time, I had a backup strategy - but pushed the backup and swap by two days (after the weekend). As a result of that fateful decision, I lost a few weeks of work and a few gigabytes of pictures. I recreated the work, but the pictures are gone.

I learned the importance of sticking to the backup plan, having multiple backups (in different locations), and never leaving a phone with a laptop. Never.

Last summer, as the hard drive on my roughly four year old laptop signaled it was failing, I was ready. I had a backup. And to be safe, I had a backup of my backup.

- See more at: http://blogs.csoonline.com/security-leadership/2874/using-evidence-hard-drive-failure-backblaze-increase-value-security#sthash.DUEc8wMl.dpuf
Wednesday, 18 December 2013 16:11

History is a great teacher


By Rev. David L. Myers, Director, DHS Center for Faith-based and Neighborhood Partnerships meeting with tornado survivor

History is a great teacher.

Associate Pastor Ben Davidson of Bethany Community Church learned a valuable lesson during Hurricane Katrina in 2005 that benefitted him and his congregation the morning of Nov. 17, 2013, when a powerful tornado tore through Washington IL.

His quick thinking reminds me when disasters occur; having a plan can save lives and help pivot a community toward a strong recovery. I have learned this lesson many times through the faith leaders I’ve engaged as director of the DHS Center for Faith-based & Neighborhood Partnerships.

On Sunday morning Pastor Davidson was preparing to begin his adult Sunday school class, when he received an emergency phone call.  A tornado had touched down and their church was in its path.
Immediately he and the staff worked to move the congregation --particularly the children -- to their designated shelter in the church location and they began to pray together as the storm passed through their community.

The entire congregation comforted one another through what Pastor Davidson recalls as "the longest 45 minutes of my life." Once all congregants were accounted for and that families could leave the sheltered location Pastor Davidson immediately went home to confirm the safety of his children who were at home sick that morning.

Immediately following the disaster, Bethany Community Church joined its fellow members of the Washington Ministerial Association, AmeriCorps and the Illinois Voluntary Organizations Active in Disaster to help coordinate the community’s recovery efforts.

meeting with pastor in washington illinois

Since the devastating event, more than 4,000 community volunteers have registered with Bethany Community Church to help their loved ones and neighbors during disasters.  Their effort and commitment will help to increase the community’s resilience and ensure they are better prepared for emergencies.

The story of Washington, IL, and Bethany Community Church is a reminder of the care and compassion that faith-based organizations can provide all survivors in times of disaster. Their story reinforces the power of a whole community, “survivor centric” approach and the important role and responsibility of faith leaders in preparing their communities before disasters strike.

I encourage you know what to do before disaster strikes by joining the thousands of faith-based and community members on the National Preparedness Coalition faith-based community of practice and connecting with faith leaders across the country working on preparedness.

Being prepared contributes to our national security, our nation’s resilience, and our personal readiness.

Wednesday, 18 December 2013 16:01

10 Cloud Computing Predictions for 2014

CIO — It's the time of year when darkness comes early and people begin to sum up how this year has gone and next year will unfold. It's also the time of year that predictions about developments in the technology industry over the next 12 months are in fashion. I've published cloud computing predictions over the past several years, and they are always among the most popular pieces I write.

Looking back on my predictions, I'm struck not so much by any specific prediction or even the general accuracy (or inaccuracy) of the predictions as a whole. What really comes into focus is how the very topic of cloud computing has been transformed.

Four or five years ago, cloud computing was very much a controversial and unproven concept. I became a strong advocate of it after writing Virtualization for Dummies and being exposed to Amazon Web Services in its early days. I concluded that the benefits of cloud computing would result in it becoming the default IT platform in the near future.



Tuesday, 17 December 2013 16:12

Emerging IT continuity challenges

What issues and new technologies have disrupted the IT continuity landscape in 2013 and how are these likely to develop in 2014?

By Patrick Hubbard and Lawrence Garvin, SolarWinds.

We have spent the past year speaking with hundreds of techies at every major networking trade event in 2013 and from these discussions have drawn a number of predictions for the coming year, as well as insights into how the industry has evolved and developed over the past twelve months. Below, we share our thoughts on the past year and our predictions for 2014.

2013 has been the year of vendor-led hype on buzz technologies such as SDN and cloud, but in practice very few notable advances in technologies or vendor offerings in these areas have come into fruition.

Cross-product support, and a noticeable increase in budget, has accelerated the advance of virtualization. Products such as Cisco Unified Computing System (UCS) have made it possible to integrate with VMware V-block, boosting the desktop virtualization trend and widened its reach into mid-market networks. Similarly, with the launch of Hyper V, 2013 was the year that Microsoft finally became a genuine player in the virtualization space.



New research from Corero Network Security has found that many businesses are failing to take adequate measures to protect themselves against the threat of a DDoS attack. A survey of 100 companies revealed that in spite of the reports about the cost of downtime and the potential for DDoS attacks to mask greater threats, businesses are failing to put in place effective defenses/defences or plans to mitigate the impact of a DDoS attack against their organization. More than half of companies lack adequate DDoS defense technology, and 44 percent of respondents have no formal DDoS attack response plan.

The survey asked respondents about the effectiveness of their plans to prevent, detect and mitigate the damage of a cyber attack including examining their incident response plans from the standpoint of infrastructure, roles and responsibilities, technology, maintenance, and testing. The findings revealed a lack of planning on multiple levels: whilst nearly half of businesses lacked a formal DDoS response plan, the problem was compounded by out of date network visibility as more than 54 percent of respondents have outdated or non-existent network maps. Furthermore, approximately one in three businesses lacked any clear idea of their normal network traffic volume, making it more difficult to discern between routine traffic peaks or high traffic volumes that could signal a DDoS attack.



While the web has opened wide the doors of opportunity for entrepreneurs around the world, others have shown evidence of creativity as well. Ingenious use of technologies has led to hacktivism, identity theft, distributed denial of service (DDoS) and swatting, to name but a few. Perpetrators use both the latest cyber-techniques and also old-fashioned approaches such as social engineering (a new term for the classic tactics of confidence tricksters). Business continuity and personal security both need to be safeguarded against threats like these. But what is driving the proliferation of such Internet incidents?



Risk certainly marked the year of 2013, with knock-on effects on business continuity thinking. However, in a year picking up the pieces after different disasters, the real message was a reminder that while we collectively now know a great deal about risk, we don’t always prepare or take action appropriately. The devastation caused by rainfall in the Uttarakhand state of India was one example. Environmentalists blamed what they considered to be haphazard preceding development projects of roads, resorts and hydroelectric stations for the subsequent high level of damage and deaths. Meanwhile in the US and for much of 2013, New York was applying lessons learned the hard way following Hurricane Sandy back in 2012 to produce an improved city resilience plan.



Tuesday, 17 December 2013 16:08

BYOD Has Not Won

Bring your own device (BYOD) has a lot going for it. The simplicity of the approach of letting Jane and Joe use their own devices at work and compensating them in some manner is so simple and so rooted in common sense that the case against it is lost in the shuffle.

Or was lost in the shuffle. The reality is that significant downsides and obstacles to BYOD do exist. That reality may finally be dawning on corporate managers. Strategy Analytics released interesting worldwide research that revealed that everything is growing: the number of BYOD devices, the number of company-owned devices issued to employees, and the total number of devices shipped.

The percentage that deserves the most attention is the portion of corporate-liable devices:



A new study finds that in Seattle more than 10,000 buildings — many of them homes — are at high risk from earthquake-triggered landslides.


By Sandi Doughton

Seattle Times science reporter

With its coastal bluffs, roller-coaster hills and soggy weather, Seattle is primed for landslides even when the ground isn’t shaking. Jolt the city with a major earthquake, and a new study from the University of Washington suggests many more slopes could collapse than previously estimated.

A powerful earthquake on the fault that slices under the city’s heart could trigger more than 30,000 landslides if it strikes when the ground is saturated, the analysis finds. More than 10,000 buildings, many of them upscale homes with water views, sit in areas at high risk of landslide damage in such a worst-case scenario.

“Our results indicate that landsliding triggered by a large Seattle fault earthquake will be extensive and potentially devastating,” says the report published this month in the Bulletin of the Seismological Society of America.



Monday, 16 December 2013 16:23

5 Tips to Keep Your Data Secure on the Cloud

How can you be sure the information you store on the cloud is safe? The short answer is you can't. However, you can take some protective measures. Here five data privacy protection tips to help you tackle the issue of cloud privacy.


CIO — The number of personal cloud users increases every year and is not about to slow down. Back in 2012 Gartner predicted the complete shift from offline PC work to mostly on-cloud by 2014. And it's happening.

Today, we rarely choose to send a bunch of photos by email, we no longer use USB flash drives to carry docs. The cloud has become a place where everyone meets and exchanges information. Moreover, it has become a place where data is being kept permanently.



After years of false starts, virtual desktop infrastructure (VDI) products are here. They work, and if implemented correctly they can deliver substantial cost savings to enterprise IT shops. What are the risks and rewards involved in embarking on a VDI implementation for your organization?

By Ed Tittel and Kim Lindros

CIO — Virtual desktop infrastructure (VDI) is designed to deliver virtual desktops to client computers over a network from a centralized source. With traditional VDI, you create a master image (reference computer, or core) to use for all clients, then personalize images as needed.

The process of distributing patches and updates is simplified because you only have to update images, not every physical desktop. Plus, you can push desktops across a variety of platforms and devices, from desktop PCs to thin clients and mobile devices.



About this time every year, journalists covering the InfoSec beat start seeing prediction lists being pitched. Sadly, we will see the same pitch, from the same vendor, several times, often because we're on multiple blast lists. Thus, our inbox is clogged with pitches and follow-up emails asking if we've seen the pitches, plus the follow-ups to the follow-ups.

Not everyone is a fan of prediction lists. (Other than the vendors who make them.) For example, Martin McKeay, who works at Akamai as a Security Evangelist, holds an opinion shared by many security professionals when it comes to the vendor-driven prediction lists:

- See more at: http://blogs.csoonline.com/pandemic-preparedness/2869/magical-list-security-predictions-2014#sthash.zMOGpHaa.dpuf

About this time every year, journalists covering the InfoSec beat start seeing prediction lists being pitched. Sadly, we will see the same pitch, from the same vendor, several times, often because we're on multiple blast lists. Thus, our inbox is clogged with pitches and follow-up emails asking if we've seen the pitches, plus the follow-ups to the follow-ups.

Not everyone is a fan of prediction lists. (Other than the vendors who make them.) For example, Martin McKeay, who works at Akamai as a Security Evangelist, holds an opinion shared by many security professionals when it comes to the vendor-driven prediction lists:

"Really, the amazingly stupid part of these annual lists is that they’re not predictive in the least. With rare exceptions, the authors are looking at what they’ve seen happening in the last three months of the year and try to draw some sort of causal line to what will happen next year. The exceptions are either simply repeating the same drivel they reported the year before or writing wildly outrageous fantasies just to see if anyone is actually reading..."

Dave Lewis, fellow CSO blogger and Security Advocate for Akamai, pointed out that many of the prediction lists from years gone by could just as easily apply to the here and now. In fact, in his blog post on the topic, he proved it. His list comes form the year 2000.

- See more at: http://blogs.csoonline.com/pandemic-preparedness/2869/magical-list-security-predictions-2014#sthash.zMOGpHaa.dpuf

The data integration market is growing faster than security and virtualization, according to Margaret Breya, executive vice president and CMO, Informatica Business Solutions.


Not surprisingly, Breya credits Big Data, machine data and the Internet of Things.

But it’s not just because organizations need to integrate these new forms of data into enterprise systems: A large market for embeddable data management engines is available, both for applications and devices, she said.

“The addressable market is huge, comprising 52 thousand large enterprises and 60 million medium and small enterprises,” Breya told CIOL, an India-based IT publication. “The opportunity is quite huge in the devices space, if you take into account the prediction of 50 billion connected devices by the year 2020.”



Now that a good number of enterprises have gained a modicum of experience with public cloud architectures, attention is turning in earnest toward replicating those environments on internal infrastructure.

The private cloud, in fact, is expected to be one of the chief growth areas for both enterprise-class hardware and software as organizations seek to first build the broad scalability needed to support a functioning cloud, and then the virtual and software layers to make it happen.

Indeed, the private cloud has emerged as a top priority within the enterprise vendor community as it provides a unique opportunity to remake the entire data infrastructure stack from the ground up. Dell, for example, has zeroed in on the private cloud now that its lengthy privatization process is complete, teaming up with Red Hat to integrate the OpenStack-friendly RHEL 6.5 across Dell’s data center portfolio. Dell will also take on RHEL service and support functions, even if the system is deployed on non-Dell hardware, a testament to the company’s desire to function within what is likely to be a broad, multi-vendor environment.



There is a 14-dog race going on, with a goal to win the wallets of the enterprise for mobile security spend. When lined up in the starting blocks, the racers may all seem to have equal chances, but a few are better poised to cross the finish line first and bask in the glory of the winners' circle. Three of these technologies are the odds-on favorites to lead from start to finish, with the rest of the racers struggling to remain relevant.

Coming off the starting block with the "holeshot" are the mobile device management vendors. With huge engines of revenue, large customer counts, and first-mover advantage, this dog is the odds-on favorite to take the championship trophy. Mobile device management vendors are already expanding their technologies and products into security platforms to diversify their rapidly commoditized product offerings. The move is paying off for the biggest and toughest MDM participants in the race, giving them the early, and potentially insurmountable, lead.

CIO — Infrastructure and Operations (I&O) staffing is both your organization's greatest asset and greatest monetary investment, says John Rivard, research director for Infrastructure and Operations at Gartner.

It's on the shoulders of these folks that the future of your organization rests, and if you're not doing everything you can to recruit and retain the best of the best, you could be at a competitive disadvantage, he says.

"I believe there's going to be a battle over the future of your organization, and I&O is at the crossroads," Rivard said. "Your best employees have a greater, more positive impact on your organization than your best customers," he says.



Achieving certifications within the IT field is almost a rite of passage. Most IT workers have a degree, but specialize in a certain technology and may become certified in that area to help prove their mastery of that skill or technology.

However, some professionals are still leery of certifications. Is all that studying and testing really worth it? Do employers really pay attention to certifications on resumes? Which certification would be right for the job? And will you need to keep up the certification after you achieve it?

In our IT Downloads section, you will find an excerpt from the book “The Basics of Achieving Professional Certification: Enhancing Your Credentials.” The download features Chapter 5: Maintaining Professional Certifications.

This chapter discusses the need for keeping certifications current and up to date. According to the chapter:



SPRINGFIELD, Ill. — Federal Emergency Management Agency (FEMA) officials, along with partners from the U.S. Small Business Administration (SBA) are encouraging homeowners, renters and businesses to apply for low-interest disaster loans to help fund their losses.

If Illinois residents apply for assistance with FEMA and are referred to the SBA, it’s important for them to submit a loan application to assure that the federal disaster recovery process continues and they keep their options open:

  • Many survivors who register with FEMA will be contacted by the SBA. Survivors can submit their SBA disaster loan applications one of three ways: by mail, in person at a Disaster Recovery Center or online at DisasterLoan.SBA.gov/ela.
  • It is important for survivors to complete and return the application as soon as possible. Filing the loan application does not obligate people to accept an SBA loan and failure to complete and submit an SBA loan application may stop the FEMA grant process. However, homeowners and renters who submit an SBA application and are declined a loan may be considered for certain other FEMA grants and programs that could include assistance for disaster-related car repairs, clothing and household items.
  • Next to insurance, an SBA loan is the primary funding source for real estate property repairs and replacing lost contents following a disaster like a tornado. Homeowners may be eligible for low interest loans up to $200,000 for repairs.
  • SBA can help renters replace their essential items. Homeowners and renters may be eligible to borrow up to $40,000 to repair or replace personal property, including automobiles damaged or destroyed in the disaster.
  • Loans for businesses and private non-profit organizations. Loans are available up to $2 million to repair or replace disaster damaged real estate, and other business assets.  Eligible small businesses and non-profits can apply for Economic Injury Disaster Loans (EIDL) to help meet working capital needs caused by the disaster. 
  • Do not wait on an insurance settlement before returning an application. Insurance may not pay for any or all of the storm-related damage. Survivors can begin their recovery immediately with an SBA disaster loan.  The loan balance will be reduced by their insurance settlement.

For additional information about SBA low-interest disaster loans, contact the SBA Disaster Assistance Customer Service Center by calling 800-659-2955 or TTY 800-877-8339, emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or visiting sba.gov/disaster. SBA customer service representatives are available at all disaster recovery centers. Centers can be found online at fema.gov/DRC.

For the latest information on Illinois’ recovery from the Nov. 17 storms, visit FEMA.gov/Disaster/4157. Follow FEMA online at twitter.com/femaregion5, facebook.com/fema and youtube.com/fema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

SBA provides low-interest, long term disaster loans for homeowners, renters and businesses of all sizes. For more information, visit SBA’s website at www.sba.gov/disaster.

Friday, 13 December 2013 17:29

Companies Unprepared for DDoS Attacks

What is your plan in case your company is hit by a distributed denial of service (DDoS) attack? Do you have a plan?

If you are like many of the companies surveyed in Corero Network Security’s most recent poll, the answer would be no, you probably don’t have a plan in place, despite knowing what the risks are. The survey of 100 companies discovered that 44 percent have no formal response plan. Worse yet, more than half don’t have the tools in place to defend against a DDoS attack.

Part of the problem, Corero discovered, is that companies tend to under-invest in security for their network infrastructure. And even when they do have security tools in place, no one is ensuring that they work when needed. It’s like having a jack and a spare tire in the trunk of your car but never checking to make sure the jack works or whether there is air in the tire. You might think you are prepared in case of a flat, but when the time actually comes, you are in no better shape than you would be if the jack and tire were at home in the garage.



Friday, 13 December 2013 17:22

Executives Explore Strategic Risk

Quickly made business decisions and innovations in technology—such as big data and social media—can throw a curve to a company’s strategic risk management, according to a survey by Deloitte. As a result, risk managers need to be prepared to act quickly to avoid disruptions that can follow.

The study, Exploring Strategic Risk: 300 Executives around the World Say Their View of Strategic Risk is Changing, found that 81% of companies surveyed manage strategic risk explicitly, focusing on major risks that could impact the long-term performance of their organization.

Strategic risk management is also more of a board level priority, with 67% saying the CEO and board have oversight in managing strategic risk. They also say reputation risk is now their biggest risk concern. Much of this concern is due to the instantaneous aspects of social media globally, which can impact a company’s perception in the marketplace.



The proverbial stitch in time may save nine, but IT operations predicting problems before they occur saves more than just the budget.

TeamQuest, a provider of IT management software, has made available a predictive analytics offering that can be used to identify the root causes of likely future performance issues.

According to TeamQuest product advocate Dave Wagner, TeamQuest Risk Prediction helps IT organizations address the complexity of IT environments where multiple application workloads now routinely run on top of virtual machines that compete for a limited amount of physical resources. By applying predictive analytics to that complexity, Wagner says TeamQuest Risk Prediction can be used to analyze the data it collects as often as every 15 minutes.



Ray Abide looks at the concepts of detail complexity and dynamic complexity in the context of business continuity planning.

Over an extended period of time, I believe that a conventional instinct is to add more specifics and detail to our business continuity plans. This may be guided by increasing complexity in the subject business or by our improved understanding and planning maturity brought about by plan exercises or experience gained by plan activation during a crisis.

While this increasing detail and texture in the plan may seem to be an improvement or an enhancement, it is only true if the incremental planning addresses the type of complexity that can be reduced or eliminated, in advance.



Health care organizations are facing a much more challenging directors and officers (D&O) liability insurance market as they adapt to changes arising from the Affordable Care Act (ACA), according to a new report from Marsh.

It reveals that average primary D&O rates for midsize and large health systems increased by 9.6 percent in the third quarter of 2013, while total program D&O rates renewed with 7.9 percent increases on average.

Nearly all organizations – 91 percent – renewed with rate increases, according to its findings.



Computerworld UK — CFOs are frustrated with "excessive IT costs" and limited insights into their business despite IT investments, acccording to joint research from Oxford Economics and consulting firm AlixPartners.

The two organisations initially brought in CFO Research to survey senior finance executives at large and mid-size North American companies to examine their views on the value of their investments in IT.

Recently they added a further 50 CFOs across four European countries, including the UK, to the research. They found that senior finance executives across both continents were frustated about the same aspects of IT investment.



Thursday, 12 December 2013 17:09

How Much Can You Outsource a Risk?

A common corporate credo nowadays is: ‘make only what you cannot buy’. The idea is that if a supplier is already making an affordable, quality component or product, there is no sense in re-inventing the wheel. The company would be better off using its internal resources to develop more strategic advantages related to its core differentiating competences. Similarly, corporate activities such as accounting, logistics and procurement can also be handled by third parties offering different benefits to the purchaser – sometimes, but not always, in terms of cost reduction. But in such cases, does the purchasing company’s risk go down or up? And to what extent is it still responsible for the outsourced activity?



One of the major challenges with Big Data, I think, is figuring out your options. It is such a new space, so it’s a bit tricky to identify what type of tools you’ll even need, much less figure out which vendors actually offer them.

A large number of lists about Big Data are available: The Big Data 100, the Hot Start-Ups, the Most-Powerful Big Data Companies, and so on. All of these sites are informative, but they don’t necessarily help you piece together a basic Big Data architecture or list of solutions you must have, particularly when it comes to Big Data integration.

Organizations need to realize that not everything changes just because they’re dealing with Big Data.



What links a brand's reputation, a railway sleeper and a telecommunications network? While these things may seem very different, according to experts working on a new International Standard they can all be seen as assets creating value for a company and can therefore be managed in similar ways.

The new International Standard ISO 55001 on asset management systems is set to be published in early 2014 and we asked Rhys Davies, the chairman of the committee developing the standard (PC 251) to give us his lowdown on the document.

So, Rhys what is an asset and why would someone need to manage it?

Well, in this new standard we have defined an asset as an item, thing or entity that has potential or actual value for an organization. This is vague, but in fact purposefully so. We wanted to make it clear to everyone that an asset can be anything from tangible and physical items such as rails, trains and vehicles to the more intangible such as the reputation of a company.

All of these things can bring value to a company and need to be well managed in order to make the most of that value.

These are quite diverse things, is managing rails really the same as managing a brand?

There are many similarities yes, and the fundamental principles are the same. If you do nothing with things, and this applies to both a brand and rails, they deteriorate. Their value, or potential value, decreases. All assets need maintaining so although the actions we take to maintain them might be different (e.g. for rails this might be renewing them, whereas for brands it might be choosing to sponsor new events), both will benefit from long term plans and strategies.

Asset management is about knowing what we want to achieve with an asset and how to make it happen, in addition to assessing risks associated with that asset. It is about having a long term strategy.

Most successful organizations and companies have long term strategies, complete with yearly objectives and so on. Why do we need a strategic asset management plan as well?

One of the key things with assets is that their life span can be much longer, or much shorter, than the average strategic plan. A brand's reputation will (hopefully!) outlast a five year plan, as will the physical infrastructure of a railway for example, so the long term strategic asset management plan has to take this longer life span into account and plan for it.

This longer term approach also forces us to get to know our assets much better. We may not always be aware of everything that has value or has the potential to create value for our organization. Identifying assets, what we want to achieve with them and how to get there, requires in-depth knowledge of the asset in question, which can help in operational decision making and an organization’s performance overall.

What are the benefits of using this standard?

The major benefit is of course being able to realize value from your assets, and one of the great things about this approach is that there are many quick wins early on in the process. Some are related to the improved knowledge of assets, as I have already mentioned. In addition, the approach can help improve the relationship with stakeholders. Value doesn't necessarily mean monetary gain and defining what the value is for an asset is often a conversation that happens with people outside the company or organization.

For example, there has been a lot of interest from cities in this standard. The notion of value from a public park will not be expressed in monetary terms and defining it will mean getting closer to those using the public park. This is very beneficial for many organizations.

Who is this standard for?

This standard can be used by many types of organizations and companies, public or private. Everything from a city or local service provider to a supermarket chain can benefit from good asset management.

You have been the chairman of the committee for the past 3 years. What is the most exciting thing about its development?

That the standard is soon finished and will soon be available for use. I was involved in the development of BSI PAS 55 (a British standard concentrating on physical assets) and I have seen that grow up and be adopted in lots of different industries. The ISO route and the inclusion of non-physical assets will open up new markets for that story, where previously companies and organizations wouldn't have used that document. This means we are able to get a good story out to more places - more industries and countries can benefit and we can get more feedback to improve the approach even further.

ISO 55001 (and two others in the family ISO 55000 and ISO 55002) will be published in January 2014. Watch this space for more information!


Wednesday, 11 December 2013 16:15

Lessons from the future?

In this op ed thought experiment, David Lindstedt looks back from the year 2027 and highlights some pitfalls that the resilience road could lead to.

We should have been more careful, more disciplined.

But the idea of ‘resilience’ was so alluring.

Not like all the other stuff. IT DR was boring in the details, and it was all about the details. BCP could never get the proper sponsorship from executives. Life safety was tolerated, but never engaging in the corporate space.

But resilience? Now that showed promise.



Three quarters of the world’s 250 largest companies (G250) researched by KPMG acknowledge risks to their business from environmental and social ‘megaforces’, such as resource scarcity and climate change, in corporate responsibility (CR) reports. Yet only one in ten that reports on CR clearly links CR performance to remuneration, suggesting that many companies are failing to incentivise their executives to manage these risks effectively.

The findings from the eighth KPMG Survey of Corporate Responsibility Reporting, published recently, also reveal that only 5 percent of G250 reporting companies quantify and report the potential impact of environmental and social risks on financial performance.

“Environmental and social risks can impact the supply chain, productivity, financial performance, reputation and brand value. So it is disappointing to see that so many companies still shy away from quantifying these risks in financial terms and few factor in the management of these risks into executive remuneration,” said Yvo de Boer, KPMG’s Global Chairman, Climate Change & Sustainability Services.



The European Parliament has voted to adopt new legislation on EU Civil Protection which paves the way for a stronger European cooperation in responding to disasters.

Welcoming the vote, Kristalina Georgieva, the EU Commissioner for International Cooperation, Humanitarian Aid and Crisis Response said: "A rising trend in natural and man-made disasters over the past decade has demonstrated that coherent, efficient and effective policies on disaster risk management are needed now more than ever. This vote brings us a step closer to a predictable and reliable civil protection system at the European level. This can mean the difference between life and death when a disaster strikes. Equally important, the revised legislative proposal includes measures that will help to prevent and prepare better for the upcoming disasters. Successful disaster risk management is first and foremost about providing security to our citizens. I would like to thank the European Parliament for its strong support."

The revised legislation on the EU Civil Protection Mechanism is designed to better protect and respond to natural and man-made disasters. To ensure better prevention, the Member States will regularly share a summary of their risk assessments, share best practices, and help each other identify where additional efforts are needed to reduce the disaster risks. A better understanding of risks is also the departure point for planning an effective response to major disasters.



Wednesday, 11 December 2013 16:12

Collaboration and Social Tools in 2014

For 2014, I predict …

1. The browser becomes the OS. More and more is being added to Google’s Chrome browser; so much so that it is starting to look much like an operating system. You have all of these plug-ins (like applications), you can customize and configure your device or the look and feel of the browser. Nowhere is Chrome more an OS than with Chromebooks, where it is the OS. And it is a very web-oriented OS (thin client), with just the browser, media player and file manager as its only native applications. The question is: will IE or Firefox follow suit? Or are they pursuing different directions?



Wednesday, 11 December 2013 16:11

Survey Shows SMBs Take Compliance, Risk Seriously

Nexia, a London-based consulting company, surveyed small to midsize businesses (SMBs) about compliance and operational risks in its Global Risk Management Report. It found that nearly two-thirds of respondents already have a formal process in place for risk assessment.

Those surveyed identified operational risks and compliance as the top risks facing their companies to date. Glenn Davis, a partner with CohnReznick LLP, explained:

Risk management has become critically important as businesses are challenged to remain competitive while grappling with uncertain operational and financial conditions… Regardless of the size of the entity, the risks are broadly the same, but the ramifications are much greater for small and mid-sized organizations.



CIO — Is the complexity of your company's data making it difficult to make effective IT decisions? If so, you're not alone. Keeping the lights on and systems running while still finding the resources to innovate is a challenge for most IT organizations, and the growing complexity of data about IT environments is making that challenge nearly insurmountable for many.

According to a new study by Forrester Research, commissioned by Data as a Service (DaaS) company BDNA (creator of the Technopedia repository of information on enterprise hardware and software), 73 percent of high-level IT decision makers cite the complexity of data as the largest challenge in making effective IT decisions in the next 12 months.



CSO — No matter how valiant the efforts of chief security officers, or how much businesses say they focus on securing their systems, or the amount of money spent on IT defenses -- many of the same IT security challenges persist.

Enterprises lag in their ability to swiftly detect breaches -- an important measure of security maturity. According to the 2013 Verizon Data Breach Investigations Report, 62 percent of organizations didn't detect breaches for months, or longer -- and partners and customers, or others identified about 70 percent of those breaches.

There's clearly much room for improvement, but as the number, duration, and costs of attacks reveal, as well as our interviews in recent weeks, there certainly won't any quick fixes. However, according to the experts we've spoke there are a handful of areas that, if dramatically improved, would significantly shorten today's chasm between defender and attacker.



There can be a variety of reasons why bad decisions get made in the corporate world. Last week I wrote about psychopaths in the C-Suite and Boardroom. Today I want to look at some less flamboyant, more mundane ways that a company might get into compliance hot water through poor decision making. In an article in the November issue of the Harvard Business Review, entitled “Deciding How to Decide”, authors Hugh Courtney, Dan Lovallo and Carmina Clarke reviewed how senior decision makers in a company might go about strategic decision making. One of the areas that they explored was how systemic roadblocks might get in the way of making a valid decision.

I found their discussion very interesting from the compliance perspective. The FCPA Guidance emphasized the need for companies to have a robust pre-acquisition due diligence process, in addition to a vigorous post-acquisition integration. The FCPA Guidance stated, “In the context of the FCPA, mergers and acquisitions present both risks and opportunities. A company that does not perform adequate FCPA due diligence prior to a merger or acquisition may face both legal and business risks. Perhaps most commonly, inadequate due diligence can allow a course of bribery to continue—with all the attendant harms to a business’s profitability and reputation, as well as potential civil and criminal liability.” But what are some of the biases which might prevent a company from making a good strategic decision even with adequate pre-acquisition due diligence. The authors set out five which I will explore in more detail.



Tuesday, 10 December 2013 17:35

The Worst IT Project Disasters of 2013

IDG News Service (Boston Bureau) — Trends come and go in the technology industry but some things, such as IT system failures, bloom eternal.

"Nothing has changed," said analyst Michael Krigsman of consulting firm Asuret, an expert on why IT projects go off the rails. "Not a damn thing."

"These are hard problems," he added. "People mistakenly believe that IT failures are due to a technical problem or a software problem, and in fact it has its roots into the culture, how people work together, how they share knowledge, the politics of an organization. The worse the politics, the more likely the failure."

Here's a look at some of this year's highest-profile IT disasters.



CIO — Growth is normally a boon for any business. Servers hum faster when an ecommerce site attracts more customers (and more credit card transactions). When storage requirements for a new business that handles documentation for large companies suddenly escalate, executives high-five each other.

Scaling can be so costly, though, that fast growth isn't always a positive. Fortunately, new technologies can help a company ramp up quickly and efficiently, removing some of the pain of having to expand a data center. Instead of being faced with a major capital outlay that offsets new revenue, these innovations make the impact of scaling up a data center to meet demand less of a drain.



Vendors supplying you with components or services for your infrastructure need to feel confident about working with your organisation. That way they’ll be motivated to give off their best. It could be argued that stressing a vendor with unannounced tests might have a negative impact on their relationship with you. After all, they have a business to run too and your test is a business disruption for them. However, real disasters often arrive unannounced and in order to be realistic tests should be unannounced too. Is there a way out of this conundrum, and if so what is it?



No doubt you’ve heard about a shortage of data analytics specialists.

The data’s getting a bit long in the tooth, but a 2011 McKinsey Global Institute study predicted a shortfall of about 150,000 people with the needed analytic skills to manage Big Data analytics.

That may not be the biggest problem facing analytics, however. An equally important, but less cited, finding in that study was the predicted shortfall of 1.5 million business people who could leverage that data, notes a recent Harvard Business Review blog post.



The hard disk drive’s utility in enterprise settings has been under question since the first enterprise-class, solid-state solutions were introduced nearly five years ago. But now it seems a new challenge is on the horizon, not from advanced technologies like Flash, but from a perceived lower order of storage: consumer disk drives.

A recent blog post from cloud backup provider BackBlaze details the company’s use of both consumer and enterprise-class drives for its Storage Pod service and its own administrative and transactional applications. Over the past two years, the company reports that it has racked up 368 drive years with the enterprise systems—primarily Dell PowerVault and various EMC solutions—and 14,719 drive years with consumer-grade technology. In that time, it reported 17 enterprise-class failures and 613 consumer failures, which produces an annual failure rate of 4.6 percent and 4.2 percent, respectively. So with lower costs and better reliability, why bother with an enterprise drive?



TEKsystems, a company that provides IT staffing and services, recently did a study that essentially took the temperature of IT departments – what they think trends are, where budgets are focusing dollars and the like. One of the areas the survey focused on was security.

Most of the predictions and trend reports I see are from security experts. While I think these predictions are essential for anyone in charge of enterprise network security – it really does help to have an idea of what threats to protect against – it is good to hear about security concerns and predictions from the IT point of view.

What TEKsystems discovered is that security is a rising concern for IT departments. When asked, “Which of the following trends or technology will have the biggest impact on your organization in 2014,” big data came in first, but security moved from third place in 2013 to second place in 2014. Mobile computing also moved up a spot, from fourth to third. It is fitting that security and mobile move together because the two issues are so intertwined. An IT department can’t have a good mobile policy without having a solid security plan built into it.



male student walking to university buildingBy Thomas Clark, MD, MPH

This time last year public health officials were grappling with a meningitis outbreak linked to fungus found in tainted medication.  Now officials are trying to rein in a different outbreak of meningitis, more specifically meningococcal disease, popping up on a college campus, including Princeton University.

Most college freshmen are instructed to get a series of vaccinations before starting school in the fall, including one for meningococcal disease which can spread quickly in close quarters, such as dorms. The meningococcal vaccine routinely given to rising freshman protects against four different serogroups, or types, of meningococcal bacteria – A, C, Y, and W-135. Unfortunately, the cases of meningococcal disease that have been appearing at Princeton University are from a different strain of these bacteria not covered by the vaccine.

male scientist working in labTaking Action

Because meningococcal disease can be deadly or lead to long-term disabilities [LINK], affecting the linings of the brain and spinal cord or the bloodstream, and can spread more easily on college campuses, it’s important that school and health officials take immediate action to stem the spread of disease. Princeton University and the New Jersey Department of Health have launched an aggressive awareness campaign to educate students and the University community about the disease and how to help prevent spreading it.  Individuals who were in close contact with patients diagnosed with meningococcal disease have also been recommended antibiotic treatment as a precautionary measure. But because giving antibiotics to everyone isn’t an effective strategy, CDC has recommended that a vaccine approved in Europe and Australia be imported to try and halt the spread of this outbreak. FDA has given the OK for use of the vaccine at Princeton University under an Investigational New Drug application. This is a term FDA uses to describe a vaccine that’s not licensed (approved) in the US, but which is made available in certain situations. FDA has concluded that the benefits of using the vaccine to prevent meningococcal disease at Princeton University outweigh the risks of possible adverse events. Clinical trials in other countries have shown the vaccine to meet safety and efficacy standards to allow licensure in the European Union and Australia in January and August 2013, respectively.  This is the first time CDC has had the chance to consider using this newly licensed vaccine in response to a serogroup B meningococcal disease outbreak.

female patient receiving vaccination from nurseWhy Vaccinate?

Since students have become ill over the course of two school years, officials believe there will be more cases. And because predicting who meningococcal bacteria will strike next isn’t possible – many people carry the bacteria in their throats without actually get sick – vaccination is the most effective way of controlling future spread of the disease. Unlike antibiotics, a vaccine would protect people for a longer period of time, and could help decrease or stop the spread of the bacteria, which would help protect the University community as a whole. It also avoids some of the complications of antibiotics, such as antibiotic resistance and side effects. The vaccine is recommended for all Princeton University undergraduate (regardless of where they live) and graduate students living in dormitories. Certain other individuals associated with the University may be evaluated for vaccination if they have specific medical conditions. Getting vaccinated would be voluntary and funded by the University. You can get more information on the vaccine at http://www.cdc.gov/meningococcal/vaccine-serogroupB.html

Staying Safe at School

Meningococcal disease can spread from person to person, through saliva (think coughing or kissing) or through lengthy contact (think living in the same dorm room or apartment). Symptoms of meningococcal disease include rapid onset of fever, headache, body aches, and feeling very tired. Individuals may also experience a stiff neck, increased sensitivity to light, feel nauseated or confused, and have a rash. Students should be aware of how they are feeling and look for possible signs or symptoms. If you feel you might be getting sick, seek medical attention immediately and avoid contact with others (don’t go to class or work until you’ve talked to a doctor about how you’re feeling). The same basic health practices that you should normally follow for preventing infection from the flu or colds are also recommended. They include:

  • Covering your mouth and nose when you cough or sneeze,
  • Washing your hands often with soap and warm water, and
  • Practicing good health habits like not sharing utensils, water bottles, or other items that might be contaminated with someone else’s saliva (this means beer pong too!)

***Stay Tuned!  Dr. Clark, Branch Chief of CDC’s Meningitis and Vaccine Preventable Diseases Branch is currently in New Jersey working with Princeton University on their vaccination campaign.***


Monday, 09 December 2013 16:16

Measles Still Threatens Health Security

On 50th Anniversary of Measles Vaccine, Spike in Imported Measles Cases


Fifty years after the approval of an extremely effective vaccine against measles, one of the world’s most contagious diseases, the virus still poses a threat to domestic and global health security.

On an average day, 430 children – 18 every hour – die of measles worldwide. In 2011, there were an estimated 158,000 measles deaths.

In an article published on December 5 by JAMA Pediatrics, CDC’s Mark J. Papania, M.D., M.P.H., and colleagues report that United States measles elimination, announced in 2000, has been sustained through 2011. Elimination is defined as absence of continuous disease transmission for greater than 12 months. Dr. Papania and colleagues warn, however, that international importation continues, and that American doctors should suspect measles in children with high fever and rash, “especially when associated with international travel or international visitors,” and should report suspected cases to the local health department. Before the U.S. vaccination program started in 1963, measles was a year-round threat in this country. Nearly every child became infected; each year 450 to 500 people died each year, 48,000 were hospitalized, 7,000 had seizures, and about 1,000 suffered permanent brain damage or deafness.

People infected abroad continue to spark outbreaks among pockets of unvaccinated people, including infants and young children. It is still a serious illness: 1 in 5 children with measles is hospitalized. Usually there are about 60 cases per year, but 2013 saw a spike in American communities – some 175 cases and counting – virtually all linked to people who brought the infection home after foreign travel.

“A measles outbreak anywhere is a risk everywhere,” said CDC Director Tom Frieden, M.D., M.P.H. “The steady arrival of measles in the United States is a constant reminder that deadly diseases are testing our health security every day. Someday, it won’t be only measles at the international arrival gate; so, detecting diseases before they arrive is a wise investment in U.S. health security.

Eliminating measles worldwide has benefits beyond the lives saved each year. Actions taken to stop measles can also help us stop other diseases in their tracks. CDC and its partners are building a global health security infrastructure that can be scaled up to deal with multiple emerging health threats.

Currently, only 1 in 5 countries can rapidly detect, respond to, or prevent global health threats caused by emerging infections. Improvements overseas, such as strengthening surveillance and lab systems, training disease detectives, and building facilities to investigate disease outbreaks make the world -- and the United States -- more secure.

“There may be a misconception that infectious diseases are over in the industrialized world. But in fact, infectious diseases continue to be, and will always be, with us. Global health and protecting our country go hand in hand,” Dr. Frieden said.

Today’s health security threats come from at least five sources:

  • The emergence and spread of new microbes
  • The globalization of travel and food supply
  • The rise of drug-resistant pathogens
  • The acceleration of biological science capabilities and the risk that these capabilities may cause the inadvertent or intentional release of pathogens
  • Continued concerns about terrorist acquisition, development, and use of biological agents.

“With patterns of global travel and trade, disease can spread nearly anywhere within 24 hours,” Dr. Frieden said. “That’s why the ability to detect, fight, and prevent these diseases must be developed and strengthened overseas, and not just here in the United States.”

The threat from measles would be far greater were it not for the vaccine and the man who played a major role in creating it, Samuel L. Katz, M.D., emeritus professor of medicine at Duke University. Today, CDC is honoring Dr. Katz 50 years after his historic achievement. During the ceremony, global leaders in public health are highlighting the domestic importance of global health security, how far we have come in reducing the burden of measles, and the prospects for eliminating the disease worldwide.

Measles, like smallpox, can be eliminated. However, measles is so contagious that the vast majority of a population must be vaccinated to prevent sustained outbreaks. Major strides already have been made. Since 2001, a global partnership that includes the CDC has vaccinated 1.1 billion children. Over the last decade, these vaccinations averted 10 million deaths – one fifth of all deaths prevented by modern medicine.

“The challenge is not whether we shall see a world without measles, but when,” Dr. Katz said.

“No vaccine is the work of a single person, but no single person had more to do with the creation of the measles vaccine than Dr. Katz,” said Alan Hinman, M.D., M.P.H., Director for Programs, Center for Vaccine Equity, Task Force for Global Health. “Although the measles virus had been isolated by others, it was Dr. Katz’s painstaking work passing the virus from one culture to another that finally resulted in a safe form of the virus that could be used as a vaccine.”


“A doctor walks into a room…” It sounds like the start of joke, but it’s part of a reality that speaks volumes about compliance. Here’s how this true story begins.

A pharmaceutical sales representative (sales rep) is conducting a typical lunchtime informational session at a doctor’s office. The sales rep’s manager is with the sales rep that day. It just so happens there is another doctor within the same office who – according to the company’s policy – is not permitted to participate in the session since said doctor, based on his specialty, should not (in theory) be prescribing the drug the sales rep is detailing. Note: I say “in theory,” since according to state law, doctors can prescribe any drug they want regardless of their specialty and whether or not the drug is indicated for the condition. But I digress.

The sales rep is engaged in a conversation with the “appropriate” physician when the “not allowed” physician walks into the room, signs the attendance sheet that is required in these sessions, and obtains a drink of water from the office cooler. He then promptly exits the room without talking to the sales rep or partaking of the lunch the sales rep provided. The sales rep’s manager asks the sales rep who the physician is and at this point the sales rep and the manager determine this is a “not allowed” physician.



Monday, 09 December 2013 16:14

You Can’t Outsource Accountability

Needless to say, Indian service providers pioneered and developed the outsourced software development space; currently, they generate a combined $3.2 billion of revenue annually. Although Indian software service providers claim high standards, it is apparent that there are still weaknesses in their delivery. I just published a report that highlights the main culprits for this: a lack of executive commitment, poor application coding, and the industrialization of software development:



WASHINGTON — Seven minutes after the authorities in Sparks, Nev., received a call one day in October that a gunman was on the loose at a local middle school, a paramedic wearing a bulletproof vest and a helmet arrived at the scene.

Instead of following long-established protocols that call for medical personnel to take cover in ambulances until a threat is over, the paramedic took a far riskier approach: He ran inside to join law enforcement officers scouring the school for the gunman and his victims.

“He met the officers right near the front door, and they said: ‘Let’s go. There are victims outside near the basketball court,’ ” said Todd Kerfoot, the emergency medical supervisor at the shooting. “He found two patients who had been shot and got them right out to ambulances.”

Federal officials and medical experts who have studied the Boston Marathon bombing and mass shootings like the one in Newtown, Conn., have concluded that this kind of aggressive medical response could be critical in saving lives. In response to their findings, the Obama administration has formally recommended that medical personnel be sent into “warm zones” before they are secured, when gunmen are still on the loose or bombs have not yet been disarmed.



Springfield, Ill. – In the aftermath of a disaster, misconceptions about disaster assistance can often prevent survivors from applying for help from the Federal Emergency Management Agency and the U.S. Small Business Administration. A good rule of thumb: register, even if you’re unsure whether you’ll be eligible for assistance.

Registering with FEMA is simple. You can apply online at DisasterAssistance.gov or with a mobile device by downloading the FEMA app or by visiting m.fema.gov. You can also register over the phone by calling FEMA’s helpline, 800-621-FEMA (3362). Survivors who are deaf or hard of hearing and use a TTY can call 800-462-7585. The toll-free telephone numbers operate from 7 a.m. to 10 p.m. (local time) seven days a week until further notice.

Clarification on some common misunderstandings:

  • MYTH: I've already cleaned up the damage to my home and had the repairs made. Isn’t it too late to register once the work is done?
    FACT: You may be eligible for reimbursement of your clean up and repair costs, even if repairs are complete.
  • MYTH: I believe FEMA only makes loans so I didn’t apply for help because I don’t want a loan.    
    FACT: FEMA only provides grants that do not have to be paid back. The grants may cover expenses for temporary housing, home repairs, replacement of damaged personal property and other disaster-related needs such as medical, dental or transportation costs not covered by insurance or other programs.    

The U.S. Small Business Administration provides low-interest disaster loans to renters, homeowners and businesses of all sizes. Some applicants may be contacted by SBA after registering with FEMA. You are not obligated to take out a loan, but if you don’t complete the application, you may not be considered for other federal grant programs. You can apply online using the Electronic Loan Application (ELA) via SBA's secure website at https://disasterloan.sba.gov/ela. For more information on SBAs Disaster Loan Program, visit SBA.gov/Disaster, call the SBA Customer Service Center at 800-659-2955 (TTY 800-877-8339 for the deaf and hard-of-hearing) or send an email to This email address is being protected from spambots. You need JavaScript enabled to view it..

  • MYTH: I don’t want to apply for help because others had more damage than I had; they need the help more than I did.        
    FACT: FEMA has enough funding to assist all eligible survivors with their disaster-related needs. 
  • MYTH: I'm a renter. I thought FEMA assistance was only for homeowners for home repairs.
    FACT: FEMA assistance is not just for homeowners. FEMA may provide assistance to help renters who lost personal property or who were displaced.
  • MYTH: FEMA assistance could affect my Social Security benefits, taxes, food stamps or Medicaid.
    FACT: FEMA assistance does not affect benefits from other federal programs and is not considered taxable income.
  • MYTH: I heard registration involves a lot of red tape and paperwork.
    FACT: There is no paperwork to register with FEMA. The process is very easy and normally takes between 15 and 20 minutes.
  • MYTH: Since I received disaster assistance last year, I’m sure I can’t get it again this year.
    FACT: Assistance may be available if you suffered damages from a new federally-declared disaster.
  • MYTH: My income is probably too high for me to qualify for FEMA disaster assistance.
    FACT: Income is not a consideration for FEMA grant assistance. However you will be asked financial questions during registration to help determine eligibility for SBA low-interest disaster loans.

For the latest information on Illinois’ recovery from the Nov. 17 storms, visit FEMA.gov/Disaster/4157. Follow FEMA online at twitter.com/femaregion5, facebook.com/fema and youtube.com/fema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

SBA is the federal government’s primary source of funding for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts, and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover uninsured and uncompensated losses and do not duplicate benefits of other agencies or organizations. For information about SBA programs, applicants may call 800-659-2955 (TTY 800-877-8339).

The man who called himself “Mo” had dark hair, a foreign accent and — if the pictures he e-mailed to federal investigators could be believed — an Iranian military uniform. When he made a series of threats to detonate bombs at universities and airports across a wide swath of the United States last year, police had to scramble every time.

Mo remained elusive for months, communicating via ­e-mail, video chat and an ­Internet-based phone service without revealing his true identity or location, court documents show. So with no house to search or telephone to tap, investigators turned to a new kind of surveillance tool delivered over the Internet.



It is a sad fact, that getting people or organizations to discuss disaster preparedness topics is easier to do just after they have experienced a disaster.  Call it human nature, procrastination or avoidance — but, this remains a constant challenge for nearly all emergency management and disaster response professional teams.

In a rather recent posting, however, we are directed to a rather unique approach submitted by one of the neighborhood group organizations of Boston, MA called the Jamaica Plain Neighborhood Development Corporation (JPNDC).  This group encourages people to host a “Preparedness Pie Party” — in order to better engage neighbors to talk about preparedness.

Monday, 09 December 2013 16:08

Big Data Keeps on Truckin'

Many of the early success stories with Big Data came from logistics companies.

For example, UPS used sensor data to improve maintenance and fuel efficiency back in 2010. In 2011, CIO.com ran a story about U.S. Xpress, which used Big Data and sensors to save about $6 million a year across its fleet.

So it really shouldn’t be surprising that an intriguing new Big Data business intelligence platform would be unveiled at a recent American Trucking Associations’ executive summit.



Monday, 09 December 2013 16:07

Train Disaster Calls for Safety Action

At 7:20 a.m., Dec. 1, four people died and more than 68 were injured, 11 critically, when a speeding passenger train headed for Grand Central Terminal derailed on a steep curve.

Brake failure was cited as a possible reason for the crash, but inspections determined that the brakes were in good condition. The train’s operator, who recently had been switched to an early shift, later said he may have dozed off, failing to apply the brakes in time to avoid the crash.

The derailment is of special interest to me. The Hudson line is the one I take to work every day and is the same line that suspended service in July when 10 CSX garbage cars derailed near the same location, just north of the Spuyten Duyvil train station.



As a recent graduate now working in a business continuity role within a leading investment firm, I’ve been looking for a good mentor; someone I could shadow; who I could learn from; and who would help me develop to become the best I could be in the business continuity profession. Looking back it’s not been the easiest process. The most notable advice I have received thus far is as follows.

  • "Always look busy."
  • "Always know more than the person in front of you."

My first mentor was a really great bloke who you would undoubtedly grab a beer with any day. He was considered a subject matter expert for BCM but when asked to develop a business continuity policy his words to me were: "Here is my pal's policy - just change the name and we're good". It was after 120 pages of sifting that I realised two things:



By Paul Clark, AlgoSec.

Security is always walking a fine line between enabling the business, and acting as a brake on agility and productivity.  Unfortunately for many organizations, it seems that their security infrastructure has stepped over the line and is holding them back.  When we surveyed 240 infosecurity, network operations and application professionals in autumn 2013, we found they were struggling with managing their critical business applications effectively, because of the sheer complexity involved.

Over half of the survey respondents reported that they had over 100 critical business applications in their data center /centre.  This means a heavy workload of application connectivity change requests for IT teams, to enable those applications to keep up with the evolving needs of the business.  45 percent of respondents said they have to manage over 11 requests every week, and 21 percent have more than 20 changes per week. 

A majority of respondents (59 percent) said each request takes more than 8 hours to process, with nearly a third saying that each change takes more than one business day.  And the typical time needed to deploy a new data center application was over 5 weeks, and in some cases more than 11 weeks. 



This document builds upon the current practice of CERTs with responsibilities for ICS networks, and also on the earlier work of ENISA on a baseline capabilities scheme for national/ governmental (n/g) CERTs (make an internal link to the main 'baseline capability' page). The document is an initial attempt to provide a good practice guide for the entities that have been tasked to provide ICS Computer Emergency Response Capabilities (ICS-CERC). On the other hand, this guide does not have the ambition to prescribe to the EU Member States which entities should be entrusted with provision of ICS-CERC services.

Dec 04, 2013


When end users circumvent the IT department and start using software-as-a-service (SaaS) applications without permission, the IT pros complain about the plague they call "shadow IT." But it would seem the professionals are also operating in the shadows, according to a survey out today.

The report entitled "The Hidden Truth behind Shadow IT," was a collaboration of consultancy Frost & Sullivan and McAfee. The survey asked 300 IT pros and 300 line-of-business employees whether they used SaaS applications in their jobs without official approval. Eighty percent admitted they did, with only 19% of the business employees and 17% of IT claiming to be innocent.



Wednesday, 04 December 2013 16:31

A Mini-FAQ on Combining MDM and Big Data

I’m starting to see more pieces about using master data management (MDM) with Big Data.

If the very idea gives you a headache, you’re in good company — but stick with me. I’ve been juicing vegetables, and feel energetic enough to tackle some questions about the topic.

Do people really combine MDM and Big Data, or are vendors just piling hype on top of hype?



A recently released study by IBM that involved more than 4,000 C-suite leaders from 70 countries, including hundreds of midmarket leaders, gave interesting insight into digital strategies employed by various companies. Among the results are some compelling facts about how small to midsize businesses (SMBs) view their digital influence on their customers.

Of those SMBs who responded, 43 percent believe their company has an integrated physical and digital strategy already in place. The study identified that digitization of information is changing the way businesses relate with customers:



Wednesday, 04 December 2013 16:16

Beware of Disaster-Related Fraud

CHICAGO, IL -- The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) and Illinois Emergency Management Agency (IEMA) urge Illinois residents affected by recent severe storms, straight-line winds and tornadoes to be alert for potential fraud and to keep these points in mind:

  • A FEMA inspector will first contact you by phone to arrange a visit to your damaged home or apartment to determine if you have uninsured, eligible losses. A FEMA inspector will always have an official badge visible during the inspection. Ask to see the badge before allowing him/her to enter your home.
  • FEMA will not contact you requesting your personal information to process a prepaid credit card.
  • FEMA does not charge for information that it gives out. Apply free online at www.DisasterAssistance.gov or call 1-800-621-3362 (TTY 1-800-462-7585).
  • FEMA does not send out text messages asking recipients to call fee-based telephone numbers. The toll-free numbers above are used for all contact with FEMA, including applying and follow-up.
  • FEMA and the U.S. Small Business Administration do not charge fees for information regarding filling out the SBA loan applications. Free assistance is available by calling SBA’s toll-free number, 1-800-659-2955 (TTY 1-800-877-8339).

Anyone with knowledge of fraud, waste or abuse may call the FEMA Fraud Hotline at 1-800-323-8603. You may also send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.. Complaints may also be made via the FEMA Helpline at 1-800-621-3362 (TTY 1-800-462-7585) or with state or local law enforcement officials or consumer agencies.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.


Tuesday, 03 December 2013 16:32

The Complete Picture of Embedding Agile

If you visit an Agile conference these days, it’s hard not to hear talks like “Scrum within a RUP project” or “Agile in a Traditional Organization.” From a dogmatic Agile point of view, this reminds me a little bit of a veggie-stuffed beef recipe promoted as vegetarian food. From a management perspective, it means that you are only exploiting about 10% or 20% of the potential of Agile . Many consultants would consider such an implementation as failed, and I’m sure you will find a lot of “Scrumbut” practices in these organizations.

But does that necessarily mean such an approach is bad? I don’t think so. To the contrary, a fast judgment of these approaches often mirrors the arrogance of the judge rather than his or her capability to carefully consider the circumstances. I know this is a provoking statement within the Agile community, so let’s dig into it.



In the 20th century, companies waited until their industries and competitors fully vetted technologies before investing in even the most tried and true ones.  Technophobes believed that investing too early was indulgent and reckless.  Executives wore their late technology adoption strategies as badges of corporate honor.  Today, emerging technologies are ready for immediate deployment:  iPads are ready; Dropbox is ready; Skype is ready; ListenLogic is ready; Foursquare is ready; YouTube is ready.

I predict that these and many other hardware and software technologies will be adopted without clear (or “validated”) requirements models, without the venerable SDLC, and even without rapid prototyping. I predict that technology adoption will turbo-charge into instant deployments

The figure below summarizes defined and ready technology adoption and the implications of ready technology adoption.  It also provides some examples.



According to new research conducted by the UK Department for Business, Innovation & Skills (BIS) with MI5 and GCHQ, only 14 percent of directors responsible for audit at the FTSE 350 firms regularly consider cyber threats, with a significant number receiving no intelligence at all about cyber criminals.

Espion, a company that specialises in information risk management, believes this research should serve as a wakeup call to those charged with governance and compliance to apply the same rules to information risk that are in place for other forms of corporate risk.

Espion’s head of consultancy, Stephen O’Boyle says: “Whether attacks from data thieves, spies or saboteurs who steal from, gain unfair advantage over or damage companies, the cyber crime threat facing UK organizations is increasing.



‘Trends in extreme weather events in Europe: implications for national and European Union adaptation strategies,’ a new report from the European Academies Science Advisory Council (EASAC), looks at how climate based disasters have changed in frequency and what can be expected in the future.

Key points in the report include:

  • Weather-related catastrophes recorded worldwide have increased from an annual average of 335 events from 1980 to 1989, to 545 events in the 1990s and to 716 events for 2002–2011.
  • Compared with other continents, the increase in loss-relevant natural extreme events in Europe has been moderate, with an increase of about 60 percent over the past three decades. The highest increases have occurred in North America, Asia and Australia/Oceania with today about 3.5 times as many events as at the beginning of the 1980s.



Tuesday, 03 December 2013 16:28

The Top Five Emerging Risks in 2013

Most companies have experienced (or will experience) significant financial damage in their lifetime due to an unforeseen risk event. Companies that fail to proactively identify and prepare for these risks can easily be caught off guard, often exacerbating the financial impact and lengthening the time required to address and mitigate the risk. As part of the quarterly surveys CEB conducts with risk officers at Fortune 500 companies and other organizations around the globe, we have identified the top five emerging risks companies are seeing today. Based on these findings, we are able to capture the impact a risk event has on traditional risk categories regularly tracked by companies, how these risks have changed over time and which risks will likely have greater impact in months to come.



CIO — The latest Bureau of Labor Statistics data reveals that over the last 12 months, only 77,600 IT jobs were added, as CIOs and hiring managers remain cautious about the slow economic recovery, says Victor Janulaitis, CEO of Janco Associates, a management consulting firm that specializes in IT.

According to the BLS data, September's IT jobs number was adjusted down from a gain of 2,500 jobs to a loss of 3,600 jobs. At the same time, the number of jobs reported as gained in October was only 5,200. But amid these dismal numbers, Janulaitis says, there's a bright spot  companies are increasing thier budgets for hiring skilled IT contractors.



Tuesday, 03 December 2013 16:18

Weather Risks Often Overlooked

Unpredictable weather is a risk that can’t be put off or ignored. In fact, insurer payouts for weather-related catastrophes rose from $15 billion a year between 1980 and 1989 to a staggering $70 billion annually between 2010 and 2013, a study found.

While major weather events are a focus of businesses, small events can still have a big impact, according to The Weather Business: How Companies Can Protect Against Increasing Weather Volatility by Allianz Global Corporate & Specialty.

Even though weather volatility is shown to be rising globally, organizations are still failing to protect their revenue from the risks of changes in temperature, snowfall, wind levels, rainfall and too much sun, the report found. Changes in weather can also impact a number of industries including construction, energy, retail, tourism, food, distribution and transport.



Companies that emphasize strong health and safety environments outperform their peers in the market, suggests a new report. It provides evidence that health, wellness, and safety programs not only reduce workers' comp and other health-related costs but may actually lead to better financial performance.


Add to FacebookAdd to TwitterAdd to LinkedInWrite to the EditorReprints

"Evidence seems to support that building cultures of health and safety provides a competitive advantage in the marketplace," says the report. "A portfolio of companies recognized as award winning for their approach to the health and safety of their workforce outperformed the market."

The research was published in the September issue of the Journal of Occupational and Environmental Medicine. While the study does not conclude that a health and safety culture is the cause of better financial outcomes, "results consistently and significantly suggest that companies focusing on the health and safety of their workforce are yielding greater value for their investors as well," the report says.



Cyber attacks have become a top concern for businesses in 2013, with 85 percent of corporate executives naming it their greatest risk – but surprisingly, less than 20 percent of companies purchase cyber insurance for protection against this increasingly common cause of loss.[1] As cybercriminals begin employing more sophisticated tactics, cyber insurance is becoming a necessity; companies hit by hackers could be held accountable with class actions in court for large-scale data breaches.

Cyber insurance is available to everyone and is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage and cyber extortion. The Department of Commerce has deemed cyber insurance an “effective, market-driven way of increasing cybersecurity” because it may help reduce the number of successful cyber attacks by promoting widespread adoption of preventative measures, encourage the implementation of best practices by basing premiums on an insured’s level of self-protection and limit the level of losses that companies face following a cyber attack[2].



By Brian McNoldy

It was a hurricane season almost without hurricanes. There were just two, Humberto and Ingrid, and both were relatively wimpy, Category 1 storms. That made the 2013 Atlantic hurricane season, which ended Saturday, the least active in more than 30 years — for reasons that remain puzzling.

The season, from June through November, has an average of 12 tropical storms, of which six to seven grow to hurricane strength with sustained winds of 74 mph or greater. Typically, two storms become “major” hurricanes, Category 3 or stronger, with sustained winds of at least 111 mph.



Monday, 02 December 2013 17:10

Obsolescence as risk

I don't usually consider obsolescence as a risk.

We usually know when things start to reach the end of their useful life. After all, when we make a Major Purchase (and "major" depends on the budget) we look for a Use By date or MTTF information. Warranties and extended warranties also give us a clue to a product's useful life.

Today, as I tried to enter the gated community in which I reside I - like Froggy the Gremlin - tried to plunk my magic twanger, a/k/a gate clicker, and it once again failed to raise the barrier.
The gate mechanism recently was replaced and the residents were told we would need to buy, at more than $50 each, new clickers. Turns out that the new mechanism could be programmed to receive signals from the old clickers. (Some of the residents suspect shenanigans on the part of the board, but that's another matter.)



During the week (26 November to be exact), The Times (UK) distributed a special  supplement published by Raconteur, entitled “The Agile Business”. This is something I probably would have missed as I don’t live in the UK and even when I am visiting I don’t generally read The Times.

Fortunately I know people who contributed one of the articles and were gleefully engaged in blatant self-promotion on social media – pointing at you Charley Newnham!



Monday, 02 December 2013 17:08

Next Up for the Enterprise: Wearable Gadgets

Most enterprises are still getting used to the idea of employee-owned data access devices and all the architecture-, infrastructure- and policy-related challenges that go with them.

But like virtualization, the cloud and everything else affecting the data center, the Bring Your Own Device (BYOD) phenomenon is only just beginning, and the ultimate ramifications are open to wide interpretation at this point.

Already, the movement is passing by such workaday devices as tablets and smartphones to entirely new classes of hardware that may or may not even require the user’s active participation in order to engage enterprise resources. A case in point is the new lines of wearable devices, spearheaded by Google Glass but potentially encompassing all manner of gadgets like wristbands, lapel pins and even hats and shoes (if someone tries to get me to wear smart-underwear, that may be the day I decide to check out of the human race and go live on a mountain somewhere).



Monday, 02 December 2013 17:05

2013 Atlantic Hurricane Season Roundup

As the 2013 Atlantic hurricane season comes to a close, it may be easy to dismiss the significance of this year’s season.

While it’s true that this year had the fewest number of hurricanes since 1982, the 2013 hurricane season was only the third below-normal season in the last 19 years, since 1995, when the current high-activity era for Atlantic hurricanes began, according to forecasters.

A NOAA press release quotes Gerry Bell, lead seasonal hurricane forecaster at NOAA’s Climate Prediction Center, a division of the National Weather Service:

A combination of conditions acted to offset several climate patterns that historically have produced active hurricane seasons. As a result, we did not see the large numbers of hurricanes that typically accompany these climate patterns.”


Johannesburg – The earth tremor that occurred in Johannesburg earlier on Monday measured a four on the magnitude scale, said the Geo-science Counsel.The tremor was “quite a big guy”, the seismology unit manager, Michelle Grobelaar told News24.He added that the city should expect a similar tremor to occur again, but was unable to say when it could be expected.The tremor’s epicenter was near the University of Johannesburg and struck just before 10am.The quake did not last more than six seconds.“We have not received any reports of damage or injury and are consulting with other regions in Johannesburg Divisional,” said chief for disaster risk management, Tshepo Mothlale.Some people took to popular social networking site, Twitter to describe their experiences.“There was a tremor in JHB about 20mins ago. Building shook for about a minute. I’m still shaking,” said one user. ... http://za.news.yahoo.com/joburg-experiences-magnitude-4-earthquake-another-expected-104017946.html
Search-and-recovery operations are underway today after severe storms and tornadoes wreaked havoc on the Midwest, killing at least six people and injuring dozens more with powerful winds that flattened homes and decimated much of the town of Washington, Ill.A sixth death was confirmed late Sunday night after 81 reports of tornadoes ripped through at least five states in the Midwest earlier in the day. One of the tornadoes in New Minden, Ill., was estimated to have winds up to 200 mph.Jonathon Monken, the director of the Illinois Emergency Management Agency, said a third person was confirmed dead Sunday night in Massac County. An elderly couple was killed in Nashville, Ill., and another person was killed in Washington. ... http://gma.yahoo.com/least-6-dead-illinois-tornadoes-storms-damage-homes-061534702--abc-news-topstories.html
Monday, 18 November 2013 15:00

CDC accredited for emergency management

The Centers for Disease Control and Prevention received accreditation from the Emergency Management Accreditation Program (EMAP)External Web Site Icon for its excellence in emergency management. CDC is the first federal agency to attain full accreditation of its emergency management program.“CDC’s emergency management program has seen the nation through flu emergencies, multistate foodborne outbreaks, hurricanes and more,” said CDC Director Tom Frieden, M.D., M.P.H. “CDC is the first federal agency to attain full accreditation of its emergency management program.”Accreditation means a program has completed the six step EMAP processExternal Web Site Icon, including a self-assessment, an on-site appraisal, and a committee review. The on-site assessment and follow up report includes a summary of compliance against 64 EMAP standards set out in the Emergency Management StandardExternal Web Site Icon. Included in the EMAP standards are program management; administration and finance; laws and authorities; operational planning; exercises, evaluations and corrective action; and crisis communication, public education and information.“Accreditation is a serious accomplishment for CDC and the emergency management community we support,” said Ali S. Khan, M.D., M.P.H., director of the Office of Public Health Preparedness and Response. “Preparing for and responding to emergencies of any kind – natural disasters, bioterrorism events, chemical terrorism or pandemics – is a core function of public health. Everyone at CDC has a hand, at one point in time, in emergency management and execution.”Since 1997, EMAP’s independent assessors and program review committee evaluates local, state and national emergency management programs to ensure they meet nationally set standards for emergency management and promote consistent quality of in emergency management programs. The cost of accreditation is $50,000 and is valid for five years. Thirty one states, the District of Columbia, and 14 cities and counties in the United States are accredited.CDC is hosting a recognition ceremony today. For more information, please visit http://www.cdc.gov/about/newsevents/events.htm.
Computerworld — A high-potential millennial told the CIO at a big-name pharmaceutical company during her exit interview that she found the work environment toxic. Her main complaint was that the enterprise did not allow use of the modern consumer technologies and applications that she perceives as comprising her personal and professional identity. This is mobility's rock: People want the interface, the ease of use, the "cool" factor, the freedom and the functionality of consumer technology in the workplace.Recently, about 100 CIOs sat mesmerized as two clean-cut, well-groomed and impressively articulate young men demonstrated an exploit that breached two smartphones (iOS and Android). This is mobility's hard place: Smartphones don't meet enterprise security requirements.All CIOs today find themselves caught between the two. ... http://www.cio.com/article/743361/Caught_Between_Mobility_s_Rock_and_Hard_Place
CIO — If you want to learn how to succeed with predictive analytics at your business, CIO.com can help. These three CIOs say it takes a lot of front-end data work and angst about cultural change. Expect Culture ShockChris Coye, Senior Vice President & CIO, Disney ABC Television Group: We've implemented three predictive analytics tools this year: One analyzes what-if ad sales scenarios, another is a promotional media-optimization tool, and a third will help our executives decide which pilots to pick up. We created a small data analytics team in IT, but the models are built by Disney's revenue sciences group.The biggest technical challenge was getting the right source data. We have multiple divisions, and that data had to be standardized. We built our own extract, transform and load tool, but we're migrating to a commercial tool to speed the process. ... http://www.cio.com/article/742867/3_CIOs_Reveal_How_They_Got_Started_With_Predictive_Analytics
WASHINGTON – The Federal Emergency Management Agency (FEMA), through its regional offices in Chicago and Kansas City, is monitoring severe weather, including strong tornadoes, that continues to impact the Midwest and staying in close coordination with officials in affected and potentially affected states. Earlier today, FEMA elevated its National Watch Center in Washington, D.C. to a 24/7 enhanced watch, and has deployed liaisons to support state emergency operation centers in a number of impacted states."Residents should continue to monitor weather conditions as they develop and follow the direction of local officials,” said FEMA Administrator Craig Fugate. "Be prepared for power outages and dangerous road conditions as a result of downed power lines and flooding – remember if you encounter a flooded road while driving, turn around, don't drown."Since before the storm system developed, FEMA has been in close coordination with state and local partners through its regional offices. FEMA's Region V Administrator, Andrew Velasquez III, has been in close contact with the Ohio Emergency Management Agency, the Wisconsin Emergency Management Agency, the Michigan Homeland Security and Emergency Management Division, the Illinois Emergency Management Agency, and the Indiana Department of Homeland Security regarding the potential impacts in those states.FEMA has deployed an Incident Management Assistance Team (IMAT) to support the State of Illinois. FEMA also has deployed liaison officers to emergency operations centers in Illinois, Indiana, and Ohio, and additional liaison officers are on standby and ready to deploy, if requested. FEMA is in continued contact with its emergency management partners in Illinois, Indiana, Michigan, Ohio, and Wisconsin.According to the National Weather Service, numerous fast-moving thunderstorms, capable of producing strong tornadoes along with widespread damaging winds and large hail, will move across portions of the middle Mississippi and Ohio Valley region and the southern Great Lakes region for the remainder of today into this evening.Visit www.ready.gov to learn more about what to do before, during, and after severe weather. Here are a few safety tips to keep in mind should severe weather occur in your area:Familiarize yourself with the terms that are used to identify a tornado hazard. A tornado watch means a tornado is possible in your area. A tornado warning is when a tornado is actually occurring, take shelter immediately. Ensure your family preparedness plan and contacts are up to date and exercise your plan. If you haven’t already, now is the time to get prepared for tornadoes and other disasters. Determine in advance where you will take shelter in case of a tornado warning: Storm cellars or basements provide the best protection. If underground shelter is not available, go into an interior room or hallway on the lowest floor possible. In a high-rise building, go to a small interior room or hallway on the lowest floor possible. Stay away from windows, doors and outside walls. Go to the center of the room. Stay away from corners because they attract debris. Vehicles, trailers and mobile homes are not good locations to ride out a tornado. Plan to go quickly to a building with a strong foundation, if possible. If shelter is not available, lie flat in a ditch or other low-lying area. Do not get under an overpass or bridge. You are safer in a low, flat location.Follow FEMA online at blog.fema.gov, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.
As far as pissing matches go, the emerging dispute over public vs. private cloud is right up there with Microsoft vs. Apple, Ford vs. Chevy and Pepsi vs. Coke. And the funny thing is, no controversy really exists at all, except in the minds of service providers and vendors who have product lines to protect.Amazon’s Andy Jassy was at it again this week, telling the audience at the company’s Reinvent conference that private clouds are simply a rouse on the part of “old-guard” companies like IBM to keep the enterprise in thrall to yesterday’s hardware and software platforms. The public cloud, he argued, is not only cheaper and more agile but more reliable and, yes, more secure than any internal infrastructure you care to name. And even though AWS provides tools like VPNs and access management to help the enterprise with its hybrid infrastructure, this is merely the first step in porting the entire enterprise data center to the public cloud. ... http://www.itbusinessedge.com/blogs/infrastructure/private-vs.-public-for-the-enterprise-its-mostly-irrelevant.html
Continuity Central has launched its annual business continuity trends survey which looks at the changes the profession can expect to see in the year ahead. One week into the survey the results are looking interesting.So far, responses show that most respondents expect to see some changes in the way their organization manages business continuity during 2014. Just over half (51 percent) expect to see small changes and almost a quarter (23 percent) expect to see large changes.Trends that are emerging in terms of the changes that business continuity professionals expect to see include:10 percent are anticipating changes in incident / crisis management processes; 8 percent expect to see greater integration with the wider business; 5 percent expect ISO 22301 implementation projects to drive change in 2014.Business continuity budgetsThe majority (53 percent) of respondents state that their 2014 spending will be the same as 2013. However more than a third say that their business continuity budgets will be increased: 22 percent state that spending will be higher in 2014 compared to 2013; and 15 percent state that it will be much higher.RecruitmentThree quarters (77 percent) of respondents believe that their organization’s business continuity team will remain the same size in 2014. However a fifth (21 percent) expect the team to grow with new additions being made. Only 2.5 percent of respondents expect their business continuity team to shrink.Please take part in the survey: go to https://www.surveymonkey.com/s/businesscontinuityin2014To read the results of last year’s survey click here.

Natural and manmade disasters underscore the challenges of seamless disaster recovery in the real world. Having a comprehensive business continuity plan isn't just an IT concern; though. Nothing less than the survival of your company is at stake.

By Ed Tittel and Kim Lindros

CIO — We rarely get a head's up that a disaster is ready to strike. Even with some lead time, though, multiple things can go wrong; every incident is unique and unfolds in unexpected ways.

This is where a business continuity plan comes into play. To give your organization the best shot at success during a disaster, you need to put a current, tested plan in the hands of all personnel responsible for carrying out any part of that plan. The lack of a plan doesn't just mean your organization will take longer than necessary to recover from an event or incident. You could go out of business for good.



Cloud services whether PaaS (platform), SaaS (software), DraaS (disaster recovery) or another ‘as a service’ option are part of the business landscape now. However, in the vast majority of cases, using them means that your data is stored outside your organisation. No matter what the cloud vendor’s reputation, security must be evaluated, confirmed and applied. Here’s a list of ten security questions to help you safeguard your data, your confidentiality and quite possibly your business.



Thursday, 14 November 2013 15:32

FEMA to Evaluate Readiness of Pennsylvania

PHILADELPHIA – The Department of Homeland Security’s Federal Emergency Management Agency will evaluate a Biennial Emergency Preparedness Exercise at the Limerick Generating Station.  The exercise will take place during the week of November 18, 2013 to test the ability of the Commonwealth of Pennsylvania to respond to an emergency at the nuclear facility.

“These drills are held every other year to assess government’s ability to protect public health and safety,” said MaryAnn Tierney, Regional Administrator for FEMA Region III.  “We will evaluate state and local emergency response capabilities within the 10-mile emergency-planning zone of the nuclear facility.”

Within 90 days, FEMA will send their evaluation to the Nuclear Regulatory Commission (NRC) for use in licensing decisions.  The final report will be available to the public approximately 120 days after the exercise.

FEMA will present preliminary findings of the exercise in a public meeting at 11:30 a.m. on November 22, 2013 at the Hilton Garden Inn Valley Forge/Oaks, 500 Cresson Blvd, Phoenixville, PA 19460.  Scheduled speakers include representatives from FEMA, NRC, and the Commonwealth of Pennsylvania.

At the public meeting, FEMA may request that questions or comments be submitted in writing for review and response.  Written comments may also be submitted after the meeting by emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or by mail to:

MaryAnn Tierney
Regional Administrator
615 Chestnut Street, 6th Floor
Philadelphia, PA 19106

FEMA created the Radiological Emergency Preparedness (REP) Program to (1) ensure the health and safety of citizens living around commercial nuclear power plants would be adequately protected in the event of a nuclear power plant accident and (2) inform and educate the public about radiological emergency preparedness.

REP Program responsibilities cover only “offsite” activities, that is, state and local government emergency planning and preparedness activities that take place beyond the nuclear power plant boundaries. Onsite activities continue to be the responsibility of the NRC.

Additional information on FEMA’s REP Program is available online at fema.gov/radiological-emergency-preparedness-program.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Follow us on Twitter at twitter.com/femaregion3.


By Ali S. Khan

Waives battering wooden pier and houses

Seeing images of the devastation in the Philippines reminded me of my own experiences with Hurricane Katrina and the Asian Tsunami. During both of those events, I had the honor to join CDC (and WHO in the case of Indonesia) teams to help re-establish crucial public health services and support the impacted communities. Disaster recovery isn’t just about rebuilding damaged homes and businesses; it has everything to do with health.

When something as devastating as Typhoon Haiyan occurs, it can be daunting to consider what a recovery effort might look like. Providing for basic needs and preventing potential injuries and outbreaks are usually at the forefront of any recovery plan. Despite the widespread devastation and lack of infrastructure people still need access to food and water. Groups with special needs, such as pregnant women or the elderly, still need care. These basic needs can present a host of health problems in the face of disaster. And as people begin to get their lives back in order, injuries from cleanup efforts and potential outbreaks due to contaminated food or water sources are a constant concern.

Men and women in a makeshift clinic wearing face masks

Clinic set up in Haiti following the cholera outbreak. Photo by Kendra Helmer/USAID

Stabilizing and Surveillance

The initial health response usually centers on setting up field hospitals, to take care of those who need immediate medical attention. We then turn our attention to disease monitoring efforts to understand the needs within the community and provide critical public health services. These services initially focus on environmental health concerns such as food and (especially) water safety, worker safety, and injury prevention.  

Following an event such as a hurricane or typhoon – where you have excess flood waters – communities must be vigilant about preventing the spread of water borne illness (think E. coli or cholera), which often cause diarrhea and severe dehydration. Although these are two seemingly treatable symptoms, they can be difficult to manage when infrastructure is down and basic supplies (such as clean water) are hard to come by. Crowded and unsanitary conditions can also lead to the spread of disease. Following Hurricane Sandy, several recovery centers had to act quickly to halt the spread of norovirus, a common “stomach bug” that can spread quickly in close quarters. We’ve also learned about the risk of spread of communicable diseases within shelters and the need to provide select immunizations.

building and cars destroyed by a tornado

broken glass, metal, and other debris can pose a serious risk of infection following a disaster.

Cleanup can be a mess

Aside from possible disease outbreaks, one of the most common health problems we saw post-Katrina were injuries related to cleanup, people falling from ladders, carbon monoxide poisoning from generators, and cuts and lacerations people got moving through the rubble. Following a disaster health officials are often on the lookout for cases of tetanus or other wound infections. In 2011, after the F5 tornado struck Joplin, Missouri, a deadly fungal outbreak was discovered among those who had sustained wounds from the cleanup effort. Public health officials work around the clock after a disaster to warn the public of these dangers and track potential disease outbreaks before they get out of hand.


As the Philippines grapple with the mammoth effort of rebuilding their homes, roadways, and towns, they will first have the task of addressing the health needs inherent to a major disaster.  Disease pathogens and hazards are opportunistic and strike when we are at our most vulnerable. My thoughts are with the people of the Philippines and the aid workers helping to get the country back on their feet.

If you would like more information about recovery efforts or how you can help, please visit: http://www.usaid.gov/haiyan/External Web Site Icon.

Thursday, 14 November 2013 15:29

Role of CDO Still in Question

What if organizations don’t need a chief data officer so much as they need an executive team that understands and relies on data?

I stumbled backwards into this idea by misreading a shortened UK CIO headline: “Bank of England doesn't need a CDO, claims CIO.” As happens too often with tech, it turns out CDO is short for chief digital officer, not chief data officer.

Chief digital officers have more to do with transforming paper tasks to digital. If you want to read more about their job duties, ZDNet published a good trends piece about the role.



Thursday, 14 November 2013 15:28

Low Insurance Impact Expected from Haiyan

Damage in the Philippines from Typhoon Haiyan is widespread, with new information emerging daily. Insured losses, however, are expected to be low, with the greatest impact on smaller reinsurers, according to insurance industry reports.

A.M. Best said in a briefing that it expects insured losses to be minimal, as non-life insurance is less than 1% of the country’s gross domestic product.

“Insured losses in the Philippines will be spread across many segments, including per­sonal lines, fire and property, and marine hull. Fire/property and marine hull will be well reinsured through the major global reinsurers and through Lloyd’s, which will also absorb some marine losses on a primary basis. Net losses to primary insurers will be limited, and some commercial losses also may be covered through captives or other forms of self-insurance,” the report said.



Thursday, 14 November 2013 15:27

6 Tips to Help CIOs Manage Shadow IT

CIO — With the increase in cloud computing and BYOD in the workplace, it's become increasingly difficult for IT departments to keep track of and manage software and hardware -- and maintain a secure environment.

So what can CIOs and other IT leaders do to identify and manage Shadow IT -- software and hardware not directly under the control of IT -- and mitigate the potential risks? CIO.com asked dozens of IT, mobile and cybersecurity professionals to find out. Here are their top six tips for managing Shadow IT in the enterprise.

1. Monitor your network -- to find out if or where you have a Shadow IT problem. "Regardless of whether employees use company-issued or personal (i.e., BYOD) hardware, organizations need to identify where all their data resides -- [in house], in the data center, at the edge or in the cloud," says Greg White, senior manager, product marketing, CommVault, a provider of data and information management software.



Thursday, 14 November 2013 15:26

Amazon vs. IBM Conflict Conceals Real Problem

I’ve been thinking about the fight between Amazon Web Services and IBM for the CIA and other U.S. government business and it strikes me that something is really screwy. I’m not talking about the bid process, which both IBM and the General Accounting Office (GA0) called out. I’m talking about how, in the age of Manning and Snowden, no Web service provider should have made the cut for a CIA service no matter how benign. The very fact that Amazon had to go to war with the GAO, which you’ve got to believe will have implications for how supportive they will be to other CIA budgetary requests, points to a real failure to understand the dynamics here.

It should have been too politically risky and it suggests that the unique services that a company in IBM’s class provides were taken for granted or completely ignored, which likely goes to its complaint about the bid process, in which Amazon shouldn’t have been able to comply—not technically, but in terms of meeting the security and compliance requirements unique to the federal government.



Thursday, 14 November 2013 15:25

Colorado Flooding: Two Months Later

DENVER – In the two months since heavy rains brought flooding, Colorado survivors have received more than $117.4 million in state and federal assistance and low-interest loans and an additional $35.1 million in FEMA’s National Flood Insurance Program (NFIP) payouts.

To date, more than $52.7 million in Individual Assistance (IA) grants has helped more than 15,000 Colorado households find safe, functional and sanitary rental units or make repairs to primary homes and cover other disaster-related expenses, such as medical needs or personal property loss. Nearly $48.7 million of IA grants have been issued in housing assistance and $4 million in other needs assistance, such as medical or personal property loss. Flood survivors have also received disaster unemployment assistance and disaster legal services.

The U.S. Small Business Administration (SBA) has approved $64.7 million in disaster loans to Colorado homeowners, renters, businesses of all sizes and private nonprofit organizations. Of that amount, $54.3 million was in loans to repair and rebuild homes and $10.4 million in business and economic injury loans. Approved loan totals in some of the impacted areas are currently $40 million in Boulder County, $8.9 million in Larimer County and $7.7 million in Weld County.

In addition:

  • FEMA housing inspectors in the field have looked at more than 24,000 properties in the 11 designated counties for Individual Assistance.
  • In coordination with the State and local officials, FEMA Disaster Survivor Assistance specialists have canvassed Colorado neighborhoods, helping 37,180 survivors connect with recovery services. Survivors have talked to local, state, nonprofit, nongovernmental and FEMA specialists at the Disaster Recovery Centers (DRCs). At the DRCs, in the field and on the phone, FEMA provides information in Spanish and many other languages.
  • More than 50 national, state and local voluntary and faith-based organizations have spent 269,330 hours helping people as they recover from the flooding. The 27,655 volunteers are providing donations, volunteer management, home repair, child care, pet care, counseling services and removal of muck and mold from homes.
  • In the 18 counties designated for Public Assistance, 190 Applicant Kickoff Meetings have been conducted and so far FEMA has obligated $9,451,743 for eligible projects for debris removal, emergency protective measures and the repair of critical public-owned infrastructure.
  • FEMA and the State’s Private Sector team has contacted organization leaders from 33 Chambers of Commerce, six Economic Development Centers and 38 colleges and universities to share disaster assistance information.
  • The Federal Disaster Recovery Coordination group is coordinating disaster recovery across the entire federal family of agencies, facilitating long-term relationships among agencies, identifying technical expertise and funding opportunities; suggesting strategies for addressing specific needs, and generally encouraging a whole community approach to disaster recovery.
    • Coordinating agencies represented in FDRC include U.S. Army Corps of Engineers, U.S. Department of the Interior, U.S. Department of Housing and Urban Development, and U.S. Department of Commerce.
  • Speakers Bureau has received 71 requests from local officials throughout the affected area and 363 State/FEMA specialists and SBA representatives have spoken at town hall meetings and other venues. More than 7,600 attendees received information about FEMA’s IA program, Hazard Mitigation, flood insurance and SBA.
  • Mitigation specialists have counseled 15,250 survivors during outreach efforts at area hardware stores and more than 4,300 survivors at Disaster Recovery Centers in Colorado.
  • In the first 60 days of the Colorado flooding disaster, there have been 96,375 total page views on the disaster web page, fema.gov/disaster/4145, or an average of 1,606 daily. More than 500 tweets in the last 60 days were posted on the FEMA Region 8 Twitter feed, an average of eight daily tweets. The R8 Twitter feed has increased its followers to 9,000, an increase of nearly 600 new followers in the past 60 days.
  • At the request of the State, the 11 counties with FEMA IA designations are Adams, Arapahoe, Boulder, Clear Creek, El Paso, Fremont, Jefferson, Larimer, Logan, Morgan and Weld.
  • At the request of the State, the 18 counties with FEMA Public Assistance (PA) designations are Adams, Arapahoe, Boulder, Clear Creek, Crowley, Denver, El Paso, Fremont, Gilpin, Jefferson, Lake, Larimer, Lincoln, Logan, Morgan, Sedgwick, Washington and Weld.

County-By-County Breakdown of State and Federal Grants

Adams County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Arapahoe County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Boulder County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Clear Creek County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



El Paso County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Fremont County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Jefferson County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Larimer County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Logan County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Morgan County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:



Weld County

Housing Assistance:



Other Needs Assistance:



Total State/FEMA Assistance:


Register with FEMA by phone, 800-621-3362, from 5 a.m. to 8 p.m., MST, seven days a week.  Multilingual phone operators are available on the FEMA helpline. Choose Option 2 for Spanish and Option 3 for other languages. People who have a speech disability or are deaf or hard of hearing may call (TTY) 800-462-7585; users of 711 or Video Relay Service can call 800-621-3362.

Register online: DisasterAssistance.gov. Register by Web-enabled device, tablet or smartphone: type m.fema.gov in the browser.

OKLAHOMA CITY – Nearly six months after the start of deadly tornadoes that struck the state, the Oklahoma Department of Emergency Management (OEM) and FEMA urge Oklahomans to continue to stay prepared for severe weather.

During this time of year, that means being ready for hazardous winter weather conditions. Wednesday, Nov. 13 is Winter Weather Preparedness Day in Oklahoma. As we near the winter weather season, this is a time for Oklahomans to become prepared for freezing temperatures and the snow and ice that may accompany them.


Before traveling, prepare your vehicle:

• Pack blankets, emergency food and water, flashlights, a radio and a cell phone with extra batteries in case you and your family become stranded due to weather.
• Make sure you have plenty of fuel; a good rule of thumb is to keep your fuel tank at least half full.
• Check antifreeze, washer blades and tire pressure.

Always heed the warnings of law enforcement and transportation officials regarding road conditions and refrain from traveling when possible.

If you must travel during a snow or ice event, allow extra time to reach your destination, and make sure you have plenty of fuel.

Be particularly cautious on bridges and overpasses as they will be the first to freeze. Stay back at least 200 feet behind salt and sand equipment in order to stay safe.

Always wear your seat belt.

Bring a cell phone with an emergency roadside assistance number. (In case of emergency, you can call the Oklahoma Highway Patrol at *55 or 911.)

If you must go out during a winter storm, let someone know your destination, as well as your route and when you expect to arrive.

If you get stranded, stay with your vehicle. After snowfall has stopped, hang a brightly-colored cloth on the radio antenna and raise the hood.

Carry extra clothing, blankets and high energy snacks, such as cereal or candy bars in your car for protection if car stalls.

Pack a kit that includes:

• A cell phone with extra batteries or two-way radio
• A windshield scraper, a shovel and small broom for ice and snow removal
• Blankets or sleeping bags
• Rain gear and extra sets of dry clothing, mittens, socks and a cap
• Water and non-perishable, high-energy foods
• A small sack of sand or kitty litter for generating traction under wheels and a set of tire chains or traction mats
• Jumper cables
• A first aid kit
• A flashlight with extra batteries
• A brightly-colored cloth to tie to the antenna if you get stranded.

Be Aware

Know what winter storm and blizzard watches and warnings mean:

• A National Weather Service winter storm watch is a message indicating that conditions are favorable for a winter storm.
• A National Weather Service warning indicates that a winter storm is occurring or is imminent.
• A blizzard warning means sustained winds or frequent gusts up to 35 mph or greater and considerable falling or blowing snow are expected to prevail for a period of three hours or longer.

Understand the hazards of wind chill. A strong wind combined with a temperature of just below freezing can have the same effect as a still air temperature of 35 degrees or colder.

Check for weather-related road conditions through the Oklahoma Department of Public Safety at dps.state.ok.us or by calling toll free, (888) 425-2385 or (405) 425-2385.

At Home

Check on friends, relatives and neighbors who live alone, especially seniors and those with disabilities.

Develop a family disaster plan for winter storms. Discuss with your family what to do if a winter storm watch or warning is issued. Everyone should know what to do in case all family members are not together when a winter storm hits.

Make sure pets have food and water and a place to seek shelter.

While indoors, try to keep at least one room heated to 70 degrees to prevent hypothermia. This is especially important for seniors and children.

Stay warm at night with extra blankets, a warm cap, socks and layered clothing.

To keep pipes from freezing, wrap them in insulation or layers of old newspapers. Cover the newspapers with plastic to keep out moisture. Let faucets drip a little to avoid freezing. Know how to shut off water valves if necessary.

Keep safe emergency-heating equipment, such as a fireplace with wood. Always be cautious in using a portable space heater and never leave the heater on when you are not in the room or when you go to bed.

Avoid carbon monoxide poisoning:

• Do not use an unvented gas or kerosene heater in closed spaces, especially sleeping areas.
• Do not use gas appliances such as an oven, grill, range or clothes dryer to heat your home.
• Do not burn charcoal inside a house, garage, vehicle or tent for heating or cooking, even in a fireplace.
• Look for carbon monoxide exposure symptoms including headache, dizziness, weakness, sleepiness, nausea and vomiting that can progress to disorientation, coma, convulsions and death.
• If you suspect carbon monoxide poisoning, open doors and windows, turn off gas appliances, and go outside for fresh air. Call 9-1-1 emergency medical services in severe cases.
• Install and check/replace batteries in carbon monoxide and smoke detectors.

Stay informed:

Find a full list of winter weather preparedness tips or sign up now to receive weather alerts on your cell phone or other email address at ok.gov/OEM/.

The National Oceanic and Atmospheric Administration provides additional information online about winter weather watches, warnings and advisories: srh.noaa.gov/ama/?n=wwad.

For more information on Oklahoma disaster recovery, visit the Oklahoma Department of Emergency Management site at oem.ok.gov or fema.gov/disaster/4117.

Wednesday, 13 November 2013 17:05

The quest for weak links in information security

CSO - A widely accepted definition of information security risk is the potential of a specific threat exploiting the vulnerabilities of an information asset, with the following formula used to represent information security risks: Risk = Likelihood x Impact.

The potential impact on information, processes and people is typically estimated during a business impact analysis as part of corporate business continuity planning. However, estimating likelihood of information security risks is often guesswork resulting from combined vulnerability assessments and threats assessments. While assessing the likelihood of risks, many IT security teams will categorise risk using the traffic light system for high, medium or low level. Those responsible for information security in a company should estimate risk levels for all corporate information systems and apply control measures accordingly. Estimating risk levels is a continuous process and it requires the use of tools such as vulnerability assessment scanners and/or contracting the services of companies specialized in ethical hacking.

In May this year, the Financial Times was hacked via the exploit of one of its many blogging systems. The system in question was based on the vulnerable version of a content management system. This case illustrates that the principle of the weakest link in the security chain could affect complex information systems with many interconnected components. To maintain a high level of protection of vital corporate information, it is necessary to assess vulnerabilities of all information systems, since those that are less critical could be exploited to provide access to other, more critical systems.



The credit card details of about 376,000 European citizens have been put a serious risk after a data breach affecting the Co Clare based company Loyaltybuild, making it what one industry person described today as perhaps the “largest data protection breach in western Europe in the last three years”.

Up to 1.5 million have had their personal information compromised - details such as names, addresses, phone numbers and email addresses.

Data Protection Commissioner Billy Hawkes had not been made aware of the full extent of the breach until Monday night, he indicated.

Supervalu, which uses Loyaltybuild to process customer data for its Getaway Breaks scheme, initially brought the issue to light last week when it said about 39,000 of its customers had been exposed to credit card fraud.



Wednesday, 13 November 2013 17:03

Disaster Update – Typhoon Haiyan

Typhoon Haiyan swept across the central Philippines on Friday leaving a trail of massive destruction in its wake. With sustained winds reported at over 145 miles per hour, and significantly stronger gusts, Haiyan was the second category 5 typhoon to strike the Philippines this year. The typhoon affected 4.3 million people across 36 provinces.

Philippine Red Cross volunteers throughout the region are reporting significant damage and a growing death toll, while the full extent of the devastation continues to unfold. While relief efforts are underway, blocked roads, destroyed infrastructure and downed communication lines are making the response particularly challenging.

The Philippine Red Cross is leading the response effort and their volunteers have been caring for people even before Typhoon Haiyan made landfall—working closely to support pre-emptive evacuations of more than 125,000 families. The Philippine Red Cross is the largest humanitarian organization in the country, with 1,000 staff and an estimated 500,000 active volunteers engaged in response to this emergency. Red Cross has begun distributions of relief supplies, but delivery in the worst affected city of Tacloban has been significantly constrained by damage to local infrastructure.

The American Red Cross has deployed four people to the Philippines. These include two people who specialize in telecommunication and who are traveling with satellite equipment, and two others who specialize in disaster assessment. The Red Cross network has deployed teams in logistics, disaster assessment, shelter, health, water and sanitation.

In addition to supplying people, expertise, and equipment, the American Red Cross is helping reconnect families separated by Typhoon Haiyan. People searching for a missing family member in the Philippines should remember that many phones lines are down. If still unable to reach loved ones, people contact their local chapter of the American Red Cross to initiate a family tracing case.

Wednesday, 13 November 2013 17:02

Supertyphoon Haiyan Devastates Philippines

Supertyphoon Haiyan hit the Philippines on Friday, leaving at least 10,000 residents dead and hundreds of thousands without reliable food, shelter or water. One of the strongest storms ever recorded, Haiyan’s winds surpassed 140 miles per hour, bringing record storm surges. The full extent of the damage remains uncertain, with communication and transportation severely restricted.

The World Bank has called the Philippines one of the most hazard-prone countries in the world. Closed roads and airports restricted aid efforts after Supertyphoon Haiyan, and communication failures posed some of the greatest challenges to both assessing and recovering from damage.

“Under normal circumstances, even in a typhoon, you’d have some local infrastructure up and some businesses with which you can contract,” Praveen Agrawal, the World Food Program’s Philippines representative and country director, told the New York Times. “Being as strong as it was, it was very much like a tsunami. It wiped out everything. It’s like starting from scratch” in terms of delivering the aid, he said.



One of the most important jobs in IT is that of the IT asset manager. Knowing the status of all software and hardware in the organization at a moment’s notice is a necessity. It takes a very detail-oriented person to plan for the life cycles of software, track all software licenses, and ensure that the company stays in compliance with its contracts.

When a company finds itself in need of just such a person, having the proper job description is integral to locating a candidate who captures all of the skills necessary. Our IT Download, “Job Description: IT Asset Manager,” provides the most detailed listing of skill sets and experience that a capable IT asset manager should possess.

According to this job description, duties and responsibilities of an asset manager include:



Wednesday, 13 November 2013 17:00

NFPA 1600 2016 edition development update

The NFPA Technical Committee on Emergency Management and Business Continuity, which is responsible for developing the 2016 edition of NFPA 1600, the Standard on Disaster/Emergency Management and Business Continuity Programs, met on October 22nd and 23rd in Salt Lake City, UT.

The draft minutes of the meeting have just been published and contain, amongst other items, details of critical milestone dates within the development process. These include:

  • First revision electronic filing must be completed by task groups
    by January 3, 2014;
  • The deadlines for submission of public submittal are November 29 (paper submissions) and January 3, 2014 (online submissions).
  • The First Draft meeting must be held by June 13, 2014, and
  • The first draft will be balloted no later than August 22, 2014.

Read the draft minutes (PDF).

The Business Continuity Institute has announced that Business Continuity Awareness Week 2014 (BCAW) will take place between March 17th and 21st.

BCAW is an annual global event to raise awareness of business continuity management, to demonstrate the importance of business continuity and to help people understand why they should apply it to their organization.

Business Continuity Awareness Week will include a number of regional events as well as a series of webinars.

More details will follow when they are available.

To see what took place during BCAW 2013 click here.