Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6531)

Monday, 19 August 2013 17:19

The Reality of Cloud Scalability

Now that the cloud is becoming a standard feature in the enterprise, a little truism has emerged: Resources are infinitely scalable, but so are the costs.

Theoretically, at least, increased cloud consumption should only happen in the presence of increased business activity, and therefore increased revenue. So the cost/benefit ratio should always favor the enterprise, at least if you’re smart about it. In practice, though, it doesn’t always work that way. But even if it did, the real question is not at what point does a gargantuan cloud presence become a money loser, but when does it end up costing more than building and operating your own data center?

This conflict is particularly acute in rapidly growing enterprises. Companies that go from little-known start-up to must-have business solution provider overnight can suddenly find themselves on the hook for millions per year. Wired.com, for example, tells the tale of MemSQL, a West Coast database services company that originally provisioned its entire test and development infrastructure on Amazon only to dump it one day in favor of in-house, bare metal infrastructure. A simple cost comparison was the key driver: For about $120,000 amortized over three years, the company was able to shed more than $300,000 in cloud costs per year – a reduction of more than 80 percent.



Monday, 19 August 2013 17:12


To most people a crisis is bad and for the most part, they’d probably be right. However, an organization can do good things when they are hit with a crisis; some may even say there is an opportunity. The situation itself might be bad enough but it it’s not being managed correctly or communications aren’t approached in a positive way, the crisis can be compounded because the media and the public will think there are more things being hidden by the organization.

If it seems that an organization isn’t prepared – through its communications and response actions – the media and public may start to go ‘hunting’ for more information and uncover other details of the organization that the organization may not want released. Not that they are bad examples on their own but compounded with the existing crisis they will seem larger and could create another crisis or even escalate the existing one. The organization will then be fighting more than one crisis on its hands.
Below are some tips for how to communicate during a crisis; some do’s and don’ts and tips for ensuring good communications when speaking to the media and the general public.



Friday, 16 August 2013 16:29

Know your neighbors

I’ve written it before.

I’m writing it again.

Know your neighbors.

Usually the admonishment comes with a suggestion to know what your neighbor does (is the product or service popular or not?), who your neighbor employs (popular or unpopular segments of the population), and how you neighbor treats its personnel (walkouts possible to probable?).

Turns out, according to an Associated Press article in the “PhillyBurbs.com” site titled

Salvation Army to be named in Philadelphia building collapse lawsuits

(see http://www.nbcnews.com/id/52764647/ns/local_news-delaware_valley_pa_nj/t/salvation-army-be-named-philadelphia-building-collapse-lawsuits/), that's not enough.



If the financial crisis and events like the Japanese tsunami had but a single lesson, it is this: What we don’t know can be more important that what we do know. This raises the ultimate rhetorical question, “Do we know what we don’t know?” Of course, no one knows. The reality of today’s environment is that management and the board can never be certain that they know everything they need to know. So how do we manage an organization given this reality?

Following are 10 things companies can consider in managing uncertainty:

(1)      A margin for error may be needed to cover what we don’t know: While management has knowledge from internal and external sources, do they have a useful point of view regarding what they don’t know? Probably not. That’s why strategic choices and the risks undertaken should provide a margin for error to reflect what directors and management may not know.



By Eric Thomas

“Use it or lose it!” You might hear your doctor say that expression about your mental acuity or your personal trainer about your physique. I often hear it from my clients in government, specifically from federal CIOs or IT managers. The phrase relates to their IT budget; if they don’t spend their money in the current year, it goes away the following year. Of course, we should have smarter incentives to reward spending under budget, but we’ll properly address that issue another day.

The impact of “use it or lose it” or, more aptly, “spend it or lose it” is most acutely felt during the budgeting process. The federal budgeting process is highly regulated, long and not very transparent to the layperson. In short, the U.S. Congress appropriates funds to agencies which then appropriate funds within the agency. From there, the IT manager is given a sum of money to spend during the fiscal year. The manager starts with a spend plan, allocates money to individual projects or line items, and tracks obligations and actual spending throughout the fiscal year.

- See more at: http://www.cioinsight.com/it-management/it-budgets/five-tips-for-use-it-or-lose-it-budgets/#sthash.zYbK8A7Q.dpuf

By Eric Thomas

“Use it or lose it!” You might hear your doctor say that expression about your mental acuity or your personal trainer about your physique. I often hear it from my clients in government, specifically from federal CIOs or IT managers. The phrase relates to their IT budget; if they don’t spend their money in the current year, it goes away the following year. Of course, we should have smarter incentives to reward spending under budget, but we’ll properly address that issue another day.

The impact of “use it or lose it” or, more aptly, “spend it or lose it” is most acutely felt during the budgeting process. The federal budgeting process is highly regulated, long and not very transparent to the layperson. In short, the U.S. Congress appropriates funds to agencies which then appropriate funds within the agency. From there, the IT manager is given a sum of money to spend during the fiscal year. The manager starts with a spend plan, allocates money to individual projects or line items, and tracks obligations and actual spending throughout the fiscal year.

- See more at: http://www.cioinsight.com/it-management/it-budgets/five-tips-for-use-it-or-lose-it-budgets/#sthash.zYbK8A7Q.dpuf

By Eric Thomas

“Use it or lose it!” You might hear your doctor say that expression about your mental acuity or your personal trainer about your physique. I often hear it from my clients in government, specifically from federal CIOs or IT managers. The phrase relates to their IT budget; if they don’t spend their money in the current year, it goes away the following year. Of course, we should have smarter incentives to reward spending under budget, but we’ll properly address that issue another day.

The impact of “use it or lose it” or, more aptly, “spend it or lose it” is most acutely felt during the budgeting process. The federal budgeting process is highly regulated, long and not very transparent to the layperson. In short, the U.S. Congress appropriates funds to agencies which then appropriate funds within the agency. From there, the IT manager is given a sum of money to spend during the fiscal year. The manager starts with a spend plan, allocates money to individual projects or line items, and tracks obligations and actual spending throughout the fiscal year.

- See more at: http://www.cioinsight.com/it-management/it-budgets/five-tips-for-use-it-or-lose-it-budgets/#sthash.zYbK8A7Q.dpuf
Friday, 16 August 2013 16:22

Networking Beyond TCP

Difficult to imagine? From our grandparents days Networking across systems is working reliably over TCP and that is what we have seen all throughout. The systems at either end of the network did not have to bother how the TCP connection was being established so the core definition of TCP was “a single connection between two hosts”. While researchers designed TCP/IP protocol suite, they did an awesome job on looking through the requirements which may come up in next couple decades. Given their vision till today we are able to communicate well over TCP.

But what did change in between? The network of devices or the Internet grew at an unexpected rate and broke all the predictions. The internet backbone traffic in 1990 was close to 1 Terabyte which grew to nearly 35000 Terabyte by year 2000. What an exceptional growth and large businesses started transforming themselves on Internet. Was the TCP designed to take up this much load without getting slower and getting to a point where it starts breaking? While all this growth was happening, in the background researchers continued to work on simplifying the congestion control issues with TCP and many new RFCs came up and got adopted as well. Today we all are able to work efficiently using these complex congestion control and avoidance algorithms.



It would be impossible for a company that has no disaster recovery (DR) plan in place to continue business after a severe hacker attack, fire, flood or tornado. And yet, many companies still do not have solid DR strategies developed. Businesses often find it challenging to make a case for a business continuity plan, much less devote funds, people and time to its creation “just in case” something were to happen someday.

Every minute your business systems spend down is a loss of revenue. For your enterprise to ensure its continued services after an emergency situation, having an extensive DR strategy is critical.

Our IT Download, Business Continuity: Considerations, Risks, Tips and More, provides instruction on how to develop a business recovery strategy. According to this report:

…Executives know that downtime equals lost dollars and that every minute spent on recovery data and systems is time taken away from running their business. This results in a lack of productivity and a poor customer response time. Companies can create a resilient IT infrastructure with automated disaster recovery (DR) for any service, any time and any place…



A small documentary released this summer has created a reputational riptide for SeaWorld. Blackfish, directed by Gabriela Cowperthwaite, combines park footage and interviews with trainers and scientists to explore the impact of keeping killer whales for entertainment – and, ultimately, examines the possible factors that led one such whale to kill three people in captivity. The film has outraged animal rights activists and casual audience members alike with footage of brutal whale-on-human attacks at the parks and haunting tales of a natural order torn apart to keep 12,000-pound animals in captivity. SeaWorld’s attempts to head off criticism by emailing an itemized rebuttal to critics has drawn widespread publicity, but many have interpreted the move as defensive and further damning.

This week, it became clear that Pixar has taken note of the movie – and the backlash. The animation studio decided to rewrite part of the upcoming sequel to Finding Nemo that referenced a SeaWorld-like facility.

The plot is reportedly still in flux for Finding Dory, currently scheduled for release in November 2015. Ellen DeGeneres is set to star as Dory, an amnesiac blue fish who cannot remember who raised her, according to the L.A. Times. Initial plans for the movie saw characters ending up in a marine park for fish and mammals. But now, the aquatic center will be differentiated from SeaWorld by giving the animals the option to leave.



Weighing up the cost of risk against the cost of coverage seems to be the perpetual dilemma of some insurance buyers.

In the case of cyber insurance, it would appear that concerns about the cost of coverage diminish once companies make the decision to purchase a policy. And the longer that policy has been held, the greater the satisfaction.

According to a recently released Ponemon study, only 31 percent of risk management professionals at companies surveyed say they have a cyber security insurance policy. However, among those companies that don’t have a policy, 57 percent say they plan to purchase one in future.



In the 10 years since sagging power lines in Ohio sparked a blackout across much of the Northeastern United States and Canada, utility engineers say they have implemented measures to prevent another such event in the country's electric grid.

But there is one disaster scenario for which the power companies are still unprepared: a massive attack on the computer networks that underlie the U.S. electric grid.

Energy industry leaders believe a cyberthreat could produce a blackout even bigger than the , which left an estimated 50 million people in the dark.



Martin Lee, technical lead threat intelligence, CISCO, explains why smart buildings bring a new range of potential vulnerabilities that need management and mitigation.

CISCO defines the ‘Internet of Everything’ as “as bringing together people, process, data, and things to make networked connections more relevant and valuable than ever before - turning information into actions that create new capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries” but as well as bring opportunities is also changes the threat landscape.

The Internet of Everything is being created through continuing technical advances. Computers are getting smaller, more powerful in terms of functionality, yet drawing less electrical power. These features coupled with the ubiquity of WiFi, 3G, 4G and mesh networks means that small computing devices can be embedded within the most mundane devices that previously had operated autonomously — like a toaster or copy machine —and connect them to the Internet. These devices can then report on local conditions to a central server that can understand the wider environment, and then receive instructions on how to modify their operation to achieve maximum efficiency.



Asigra has released the results of new research into the impact of data growth on backup and recovery pricing and cost containment. The research, commissioned by Asigra and conducted by the Enterprise Strategy Group (ESG), includes findings from nearly 500 financial and IT decision makers/influencers. The research includes insights on data growth, software pricing preferences, and data recovery trends.

In the report, IT end-users were questioned about the financial pressure they are under to reduce IT expenditures amidst rising data growth costs. The research revealed that two out of three respondents felt at least some pressure to reduce IT spending and that pressure was found to increase with a corporation’s annual revenue. Those from large companies were more likely to say they felt strong pressure to reduce costs across several areas of IT. While the desire to reduce IT costs are high for many organizations, financial buyers of backup and recovery software and/or services expect to see a substantial increase in purchases in this area over the next five years due to data growth rates.



CSO — Growing awareness of cyber threats and reporting requirements by regulators are driving a newfound interest in insurance products covering data breaches and other computing risks.

Almost a third of companies (31 percent) already have cyber insurance policies, and more than half (57 percent) that don't have policies say they plan to buy one in the future, a recent study by the Ponemon Institute and Experian Data Breach Resolution found.

"It's an issue that's much more front and center with senior executives in companies now," Larry Ponemon, founder and chairman of the Ponemon Institute, said in an  interview.

"Data security may not be a top five issue with companies, but it's in the top 10," he added.



CIO — Between electronic health record (EHR) systems, imaging systems, electronic prescribing software, healthcare claims, public health reports and the burgeoning market of wellness apps and mobile health devices, the healthcare industry is full of data that's just waiting to be dissected.

This data analysis holds much promise for an industry desperately seeking ways to cut costs, improve efficiency and provide better care. There are victories to be had, to be sure, but getting data from disparate, often proprietary systems is an onerous process that, for some institutions, borders on impossible.



Thursday, 15 August 2013 15:15

XenApp administration going mobile

Our Mobile SDK for Windows Apps  has been out for a while now, and customers are already using it to mobilize Windows Apps delivered via XenApp/XenDesktop. You might have seen it, but not looked into it as you don’t have any development experience. Well you don’t need to be a developer to try out the Mobile SDK as we have some sample apps for that leverage it.

One of our sample apps is a simple XenApp administration console that provides basic view and control functionality for a XenApp farm. It allows you to view sessions and servers in your XenApp farm. The following screen shot shows the Servers page where you can see summary information for your XenApp servers.



In mid-July 2013, several of New York’s Wall Street firms participated in an exercise to test their resilience in the face of cyber-attacks. The initiative was coordinated by SIFMA, the Securities and Financial Markets Association, and included commercial financial companies, as well as the U.S. Treasury Department. Financial institutions in the US have been subjected recently to massive attacks centred on distributed denial of service (DDoS). DDoS attacks render systems inaccessible for normal use, either by generating floods of traffic to use up all the network bandwidth for the system, or by overloading the application itself. Given that such attacks are not specific to the financial arena, where else might such tests need to be done?



Writing about technology is, by nature, an exercise in predicting the future. And when it comes to enterprise technology, the question hanging over nearly everyone’s head is: “What will happen to my data center?”

To be sure, data is the lifeblood of the enterprise. But the infrastructure used to process and manipulate that data is in a constant state of flux. In today’s world, the biggest changes involve virtualization, software-defined systems and the cloud, all of which are steadily breaking down the close relationships that once existed between hardware, software and middleware platforms, while at the same time ushering in new levels of dynamism and diversity across data environments.



By Nicole Hawk

An estimated 75,000 wildfires occur in the United States each year, and each one has potential public health concerns including evacuating safely, dealing with smoke, or cleaning up spoiled food after a power outage.  In June 2013, Colorado faced multiple devastating wildfires, including the Royal Gorge FireExternal Web Site Icon in Cañon City, which required the evacuation of a state prison, and the Black Forest FireExternal Web Site Icon in Colorado Springs, which became the most destructive in Colorado history.  The 14,000-acre fire forced 38,000 people to evacuate and destroyed almost 500 homes.  Before, during, and after the wildfires, local, state, and federal public information officers (PIOs) worked together to quickly share emergency information via traditional media, social media, and websites such as InciwebExternal Web Site Icon

Smokey the Bear warns of extreme danger

As with most responses, CDC’s main role is getting information to people before an emergency to help them prepare and after an emergency during the recovery phase to help them protect their physical and emotional health.  As members of CDC’s Joint Information Center (JIC), Joanne Cox and I had the opportunity to travel to Colorado to observe these wildfire information activities.  Understanding how Colorado handled information needs helped us build relationships and find new ways to get CDC information to our partners during a wildfire response.  

We first reached out to the Colorado Department of Health and EnvironmentExternal Web Site Icon, which put us in touch with Dave Rose, an El Paso CountyExternal Web Site Icon PIO.  Dave welcomed us to the Black Forest Fire JIC in Colorado Springs.  We found the JIC, staffed by county and city PIOs and volunteers, buzzing with activity.   People worked around the clock answering phones, posting evacuation and damage updates to websites and social media, and coordinating public meetings and media interviews. 

wildfire PIO meeting

The Rocky Mountain Incident Management Team B gathers for an afternoon command and general staff meeting.

Although this was Joanne’s first time observing a wildfire, she was in good hands.  Before working at CDC, I served as a wildland firefighter and PIO for the U.S. Forest Service.  As a result, Joanne and I were armed with plenty of fire T-shirts, which helped us blend into the crowd of firefighters. By the time our 3-day whirlwind trip was over, we had toured the Black Forest Fire JIC, a wildfire base camp, two incident command posts (ICPs), and the Rocky Mountain Area Coordination CenterExternal Web Site Icon, and made a lot of new friends in the wildland fire community.   Most importantly, we learned even more about the kinds of information people need and how they can best receive it before, during, and after a wildfire. 

We used CDC’s social media network and real-life connections to make the most of our time in Colorado.  Because CDC’s own @CDCEmergencyExternal Web Site Icon Twitter handle follows local, state, and federal emergency management agencies, we learned of a public meeting for the Royal Gorge Fire in Cañon City, Colorado.  Our virtual network may have gotten us to the public meeting, but once we arrived, we were fortunate to meet Susan Ford, a liaison officer for the Rocky Mountain Area Incident Management Team BExternal Web Site Icon.  She invited us to spend June 14 with the team.  At the ICP, we attended a VIP visit from Colorado Governor John Hickenlooper as well as meetings with command and general staff and agency cooperators, including the Fremont County Public Health AgencyExternal Web Site Icon

Another connection at the Royal Gorge Fire was one from my days in the Forest Service. I worked with Chris Barth, the lead PIO for the fire, on the 2011 Rockhouse fire in Texas.  He put us in contact with the lead PIO for the Black Forest Fire which was managed by the Great Basin Type 1 Incident Management TeamExternal Web Site Icon.   On June 15, we fortified ourselves with coffee and attended the 6:00 a.m. briefing at the Black Forest fire ICP, where we met the Incident Commander, Rick Harvey.  It was another action-packed day of observing live media interviews, a press conference, and lots of communication activities. 

Joanne Cox gets a tour of the Royal Gorge Fire incident command post from Susan Ford, a liaison officer on the Rocky Mountain Incident Management Team B.

Shane Greer, an incident commander for the Royal Gorge fire, helped snag us an invitation to visit the Rocky Mountain Area Coordination Center in Lakewood, CO.  The Geographic Area Coordination CenterExternal Web Site Icon works with the National Interagency Fire CenterExternal Web Site Icon to mobilize wildland fire resources across Colorado, Kansas, Nebraska, South Dakota, and Wyoming and maintains a big-picture view of fire activity by analyzing information, maps, weather forecasts, GIS files, and data from fire modeling software.   While observing a morning coordination call, we got a taste of how information flows from the national to the regional to the local level. 

We learned a lot about how information was shared on Colorado’s wildfires and made many valuable connections to the wildland fire community. Now we are even better equipped to help the JIC share CDC wildfire information with PIOs, partners, the media, and most importantly, with local communities.


While IBM may be dominant when it comes to all things mainframe, EMC has been steadily expanding its share of the mainframe storage business.

EMC’s launch of new disk-based library systems for mainframe environments that are based on the company’s VMAX, VNX, or Data Domain storage platforms strengthens its role in the mainframe storage arena.

According Rob Emsley, senior director of product marketing for EMC Backup Recovery Systems division, the latest generation of EMC storage systems takes advantage of Intel processors to deliver backups at speeds that are four times faster than anything IBM currently offers. Speed is critical in mainframe environments, says Emsley, because of the sheer volume of data typically flowing through mainframe systems.



Step 1 – Over commit and under deliver. Large corporations are seeking ways to drive their cost models down in the market place today by using Cloud based services.  Bespoke outsourcing is not a Cloud based delivery model and yet many large Outsourcing companies are billing their services this way to large enterprise.  Committing a custom delivery for thousands of subscribers with thousands of applications will lead to a higher cost model and lower customer satisfaction.  If you are a Service Provider, better to start with a catalog of applications and meet the needs of the SMB first, then move up stream to the larger businesses.  Migration of subscribers from large enterprise into a cloud data center is very time consuming.

Step 2 – If you build it they will come.  Cash is king… it always has been so why develop an environment spending tens of millions of dollars/euros unless you have adequately done the research for who needs what and where.  Looking at IaaS purchases in the last three years should give a clue.  How many of these purchases (buy vs. build) have led to the success in cloud delivery of services?  Again, Service Providers should develop a business model based on the demand for apps, desktops and data in the SMB and stoke your cash flow engine before sinking huge capital costs in data centers?



Life as a Chief Compliance Officer is not so easy.  The job, as defined, means living with day-to-day risks, any one of which is significant enough to damage or even destroy the company for whom you work.  CCOs learn to live with risk.

When a CCO has the backing of the board and the CEO, their job is relatively easier.  That does not mean it is an easy job.  To the contrary, every CCO has their challenges in their company to secure adequate resources, to gain the cooperation of other business components, and to persuade senior managers and employees that ethics and compliance is important to the company bottom line.

The inherent difficulty for the CCO is to demonstrate his or her importance to an organization by proving a negative – we have not had any serious law violations because of the existence of the company’s ethics and compliance program.  That is a hard argument to make, but luckily it is intuitive and it naturally appeals to intelligent senior managers and a CEO.



Struggling with what comes after “instant news,” I’ve tried to come up with a way of describing the dramatic change in real time information sharing that was powerfully demonstrated in the Boston manhunt. For better or worse, I’m using “NanoNews” to describe it.

I created a video in lieu of an in-person presentation I was invited to make at the National Capital Region’s Social Media in Emergencies conference. That presentation was just concluded so now I’m sharing this with you.

In 2001, when I wrote the first version of “Now Is Too Late: Survival in an Era of Instant News” I used the term instant news to help communicate that news cycles were gone, that as fast as news helicopters could get overhead the news of your event or disaster would be live on the air. I was thinking of the ubiquitous breaking news as well as the already emerging trend of sharing information via the Internet—at that time primarily through email.

But compared to the “instant news” we have today, “breaking news” corresponds more to snail mail. It’s practically dead and gone, and not just through over-use. When millions are tuned into the police scanner chatter broadcast live through Ustream or converted into a Reddit thread using websites like Broadcastify or scanner apps like 5_0 Scan, it’s obvious that breaking news can’t keep pace. By the time even the fastest news crews get the information from such sources, and relay it, it will be minutes old—and minutes old is unacceptable when you could have real time information.



Enterprises are struggling to understand the risk and privacy impacts of the mobile applications in use in their environment. As the consumerization of mobile continues to shove BYOD into the enterprise, the number of applications in use is growing exponentially. Organizations must get a better handle on just how much risk is accumulating from the proliferation of mobile apps on their user’s devices.

I'm currently researching a concept designed to help an enterprise know where they are on the mobile application security maturity curve. Understanding where one currently resides is the quickest method to determine the path required to improving your standing in the future.



Wednesday, 14 August 2013 15:53

Green IT Initiatives Provide Business Savings

For businesses, going green often means cost savings. Nowhere can this be truer than in the area of IT. Smaller, more efficient computers and servers, cloud computing and even advancements in software can bring about significant budgetary and carbon-footprint savings for the business. This brings many companies to start thinking about creating greener data centers.

But where and when do you begin to adopt greener policies? How do you know what to buy?

The book “Green Computing: Tools and Techniques for Saving Energy, Money, and Resources,” by Bud E. Smith provides an in-depth look at green IT initiatives. It begins by explaining why a company should go green, and then continues with chapters that give detailed explanations on cost savings, environmental drivers and climate change issues. Other chapters give informative looks into:



Wednesday, 14 August 2013 15:52

Why You Won’t Hire a Data Scientist

I remember the first time I heard the terms “business intelligence” and “analytics.” Business. Intelligence. Yep, that was something I could get behind.

Then I figured out that it really amounted to business statistics, automated to a certain extent by a computer. It was a bit of a bummer, really.

It seems the term "data science” is likewise overrated.

IT consultant Robin Bloor, in a fabulous piece, points out that there’s really no such thing as “data science.” In fact, what we’re calling data science has very little to do with science and everything to do with mathematics — specifically, statistics.

“If you are already tired of the term ‘big data,’ but not yet tired of the term ‘data science,’ let me help you get there as swiftly as possible,” Bloor writes. “If there were a particular activity devoted to studying data, then there might be some virtue in the term ‘data science.’ And indeed there is such an activity, and it already has a name: it is a branch of mathematics called statistics.”



Wednesday, 14 August 2013 15:51

How to handle a software audit

Software audits are an irritating and time consuming part of life.

To survive one unscathed you'll need a thorough understanding of your licensing requirements.

'IT executives being thrown into prison' is the usual battle cry of software industry bodies such as the BSA and FAST (despite no executive going to prison in my knowledge in the last 15 years).

The more realistic pain of software audits is unbudgeted cost and distraction from delivery of projects. It takes time to defend an audit; to collect the appropriate data and documentation - precious time that should have been spent focusing on business priorities. 

Microsoft, Oracle, Adobe, IBM, SAP, Attachmate and other large software publishers regularly audit their customers. Research with ITAM Review readers in the past suggest that, faced with a vendor audit, Microsoft are said to be most helpful, and Oracle least helpful.



Wednesday, 14 August 2013 15:49

Visual Discovery Tools

There is no question that we are becoming more visually oriented in our approach to thinking today. You can see it in the increasing numbers of PowerPoint presentations given with the admonition that fewer words will suffice. You can see it in the increase in infographics, catchy photographs, and pictorial slogans that continue to spread across social media. And you can see the result in BI dashboards and an increasing array of visually oriented approaches to the display, digestion, and understanding of data. It is no wonder, then, that visual discovery tools should emerge as an important and rapidly growing part of BI.

Visual discovery tools are applications that typically enable non-analyst users to “play” with relationships between data items and explore an array of hidden possibilities that might yield interesting trends. They are available in some form from every major BI vendor, with a few pure play solutions leading the way. Current leaders are QlikView, Tableau, and TIBCO Spotfire, although rankings are somewhat obscured by increasing incorporation of this capacity in larger BI solutions.



Wednesday, 14 August 2013 15:42

No, Your Data Isn't Secure in the Cloud

Computerworld — While online data storage services claim your data is encrypted, there are no guarantees. With recent revelations that the federal government taps into Internet search engines, email and cloud service providers, any myth about data "privacy" on the Internet has been busted.

Experts say there's simply no way to ever be completely sure your data will remain secure once you've moved it to the cloud.

"You have no way of knowing. You can't trust anybody. Everybody is lying to you," Security expert Bruce Schneier said. "How do you know which platform to trust? They could even be lying because the U.S. Government has forced them to."

While providers of email, chat, social network and cloud services often claim -- even in their service agreements -- that the data they store is encrypted and private, most often they hold the keys, not you. That means a rogue employee or any government "legally" requesting encryption keys can decrypt and see your data.



Wednesday, 14 August 2013 15:11

Valley Fever, Explained

Cases of an illness known as valley fever have increased dramatically over the past decade. So what is it exactly? And who's at risk? We went to California's Central Valley to find out—watch the video above, then read this handy FAQ.

What is it? Coccidioidomycosis—commonly known as valley fever—is a fungal disease. Its spores live in the soil. If the soil becomes dry and dusty, people and animals can breathe it in, allowing the spores to grow inside their bodies.

What does valley fever feel like? It depends. Some people who get valley fever don't have any symptoms at all; in others the disease resembles a cold or flu. Some develop a pneumonia-like condition from the fungus in their lungs. In rare cases, the fungus disseminates and can even attack the brain. According to the CDC more than 40 percent of people who become ill from valley fever may require hospital visits; the average cost of that visit is $50,000. Between 1990 and 2008 there were 3,089 reported deaths from valley fever, though some public health experts suspect that it was an underlying cause of many more deaths.




Thriving in the Mainframe World: 4th Gen EMC Disk Library for Mainframe Sets a New Standard


Peter Smails

By Peter Smails

Senior Director, Product Marketing, Backup Recovery Systems Division at EMC

Even with significant growth in mainframe market share in 2012, Darwinian evolution never takes a break at EMC.

Today, EMC announced the next generation of Disk Library for Mainframe (DLm) systems; the DLm 8100 and DLm 2100.  Enabled by an enhanced virtual tape engine and new 8 Gb/s FICON adapters, the new products deliver 2x the scalability of the previous generation, with support for up to 11.4 PB of logical capacity and up to 80% faster performance, making the new systems more than 4x faster than the nearest competitor.



ROLLING MEADOWS, Ill. – Big data—dubbed “the new oil” by the World Economic Forum—can improve decision making, reduce time to market and increase profits. But it can also raise significant risk, ranging from disastrous data breaches to privacy and compliance concerns. To help enterprises retain control of their massive and fast-changing information, ISACA has issued new guidance available freely at www.isaca.org/privacy-and-big-data. Privacy and Big Data: An ISACA White Paper outlines critical governance and assurance considerations as well as key questions that must be answered.

“CIOs are often under pressure from the board and senior leadership to implement big data before proper risk management and controls are in place, in order to compete in the marketplace,” said Richard Chew, CISA, CISM, CGEIT, a developer of the ISACA paper and senior information security analyst at Emerald Management Group. “Big data provides an important opportunity to deliver value from information, but an enterprise will be more successful in the long run if policies and frameworks such as COBIT are put into place first.”



Tuesday, 13 August 2013 15:26

When backups are not enough

By Lee Fleming

The vital importance of developing a disaster recovery plan – and testing it regularly.

Not that long ago, to prepare for an IT disaster (either manmade or natural), hospitals and other healthcare facilities cared only about having some sort of back-up system in place. They still kept patient information on paper charts along with medicine prescriptions should their IT system collapse.

Then the concept of “disaster recovery” emerged. Hospitals became more sophisticated, relying on computerized storage. Today, it’s the high availability of IT that matters, not disaster recovery. The new motto is: “Let’s make sure we don’t have to recover.”



PHILADELPHIA – Recently a council was formed to gain a better understanding of Disaster Recovery (DR) best practices and make preparedness more cost-effective and efficient. This Disaster Recovery Preparedness (DRP) Council was created by IT business, government and academic leaders to address these issues, with its mission to increase DR Preparedness awareness and improve DR practices.

Organizations around the globe have participated in an online Disaster Recovery Preparedness Benchmark (DRPB) Survey created by the council that launched just over a month ago. This survey is designed to give business continuity, disaster recovery, compliance audit and risk management professionals a measure of their own preparedness in recovering critical IT systems running in virtual environments.



“Something is happening here, but you don't know what it is, do you, Mr Jones?”  

Bob Dylan's lyrics come to mind with the findings of Deloitte’s second Data Nation survey of consumers’ and citizens’ attitudes towards how companies and public sector organisations collect and analyse their personal data. For it reveals a 10% drop in people fully aware of what is being done with their information.

Peter Gooch, privacy practice leader at Deloitte said this shows that people are: “More aware that something is happening with their data, but they don't know what that is and there is increased nervousness.

“There is no real sign of a tipping point, where people see their own data as an asset that can be exploited. Consumers recognise their data as an asset to the extent that they want to protect it, but not to the extent of exploiting it.



The frequency and potential impacts of information security breaches are increasing. Dr. Jim Kennedy explains why and looks at what organizations can do about it.

Computer, network, and information security is based on three pillars: confidentiality, integrity, and availability. In my business as an information & cyber security, business continuity and disaster recovery consultant, I see every day how various sized and types of companies address these three areas. Some very well, some not so well, and some really poorly.

Given all the regulations and standards (like HIPAA, SOX, NERC-CIP, FISMA, PIPEDA, and etc.), developed and published over the last five years you would think that business and government should be doing much better in securing their computing systems and network infrastructures. However, based on the on-going events prominent in the press and trade journals almost every day this does not seem to be the case.

We continue to be informed that government agencies and private sector companies continue to have numerous cases of data leakage: a politically correct way of saying data loss, theft, or compromise. We hear about the theft of credit card and personal information and worst of all we hear of companies that have lost critical personal and health related information despite the many security controls that were supposed to be in place. Worse yet we hear of extremely large sums of monies extorted from banks and other financial institutions and also of the fragility of our power grids and gas distribution systems world-wide.



NOAA has issued an updated Atlantic hurricane season forecast, saying that the season is shaping up to be above normal with the possibility that it could be very active. The season has already produced four named storms, with the peak of the season – mid-August through October – yet to come.

“Our confidence for an above-normal season is still high because the predicted atmospheric and oceanic conditions that are favorable for storm development have materialized,” said Gerry Bell, Ph.D., lead seasonal hurricane forecaster at NOAA’s Climate Prediction Center. “Also, two of the four named storms to-date formed in the deep tropical Atlantic, which historically is an indicator of an active season.”

The conditions in place now are similar to those that have produced many active Atlantic hurricane seasons since 1995, and include above-average Atlantic sea surface temperatures and a stronger rainy season in West Africa, which produces wind patterns that help turn storm systems there into tropical storms and hurricanes.

The updated outlook calls for a 70 percent chance of an above-normal season. Across the Atlantic Basin for the entire season – June 1 to November 30 – NOAA’s updated seasonal outlook (which includes the activity to date of tropical storms Andrea, Barry, Chantal, and Dorian) projects a 70 percent chance for each of the following ranges:

13 to 19 named storms (top winds of 39 mph or higher), including6 to 9 hurricanes (top winds of 74 mph or higher), of which 3 to 5 could be major hurricanes (Category 3, 4 or 5; winds of at least 111 mph)

These ranges are above the 30-year seasonal averages of 12 named storms, six hurricanes and three major hurricanes.

The updated outlook is similar to the pre-season outlook issued in May, but with a reduced expectation for extreme levels of activity. Motivating this change is a decreased likelihood that La Niña will develop and bring its reduced wind shear that further strengthens the hurricane season. Other factors are the lack of hurricanes through July, more variability in the wind patterns across the tropical Atlantic Ocean and slightly lower hurricane season model predictions. In May, the outlook called for 13-20 named storms, 7-11 hurricanes and 3-6 major hurricanes.

Techworld — Data center providers have welcomed the news that Google, IBM and Nvidia will collaborate to form an open development alliance for datacentres called OpenPower.

The consortium aims to provide advanced server, networking, storage and graphics technology to give more control and flexibility to developers of next-generation, hyperscale and cloud datacentres.

IBM will license designs of the Power microprocessor architecture to other companies in the consortium including Google, as part of an effort to expand use of the architecture and reverse declines in its systems hardware business. Meanwhile, component companies will be able to make hardware that can be integrated, or attached, to the processor.



‘How do you eat an elephant’ is the age-old metaphorical business question. ‘One piece at a time’ is the answer. Big problems can be broken down into smaller ones, which can in turn be broken down again, until you get to a level where you can see your way to solutions. Project management and production assembly lines work on the same basis, although the concern is that the whole does not become less than the sum of the parts. In a recent development in IT security and business continuity, a similar divide and conquer strategy uses virtualisation to isolate individual IT activities instead of applying malware detection techniques to a system as a whole.



According to SMB Group’s 2013 Top 10 SMB Technology Market Predictions, this is the year that small to midsize businesses get serious about their social media efforts. The group’s study shows that 58 percent of SMBs used social media in 2012, but only 28 percent of them were putting a strategic plan into place. Although social media is a fairly new concept, its use requires just as much planning and attention as any other marketing campaign in order for it to be deemed successful.

All the posts and tweets and pins may seem foreign to those who are used to traditional marketing lingo, so learning which social media platforms to use and how to use them is key to an effective social media campaign.



It seems that everyone is using cloud storage these days. Even enterprise managers who say they aren’t on the cloud yet probably are—they just don’t know it. So at this point, the question is not whether to use cloud storage, but how best to integrate it into the overarching enterprise infrastructure.

Ideally, this integration will come about through the transformation of internal IT infrastructure from current silo-laden architectures to a diverse hybrid cloud. But that process will not happen overnight, and the technology to produce such a flattened, infinitely scalable data environment is not quite out of the lab yet.

In the meantime, then, what is the enterprise to do? First off, says Widen Enterprises’ Matthew Gonnering, recognize that cloud integration is already taking place on the software level, particularly as the workforce becomes more mobile. Smartphones in particular lack the storage capacity to meet personal needs, let alone professional ones, so many apps come with built-in links to Dropbox, Google Drive and other such services where data can be stored, shared and synced outside the enterprise firewall. Rather than pull up the drawbridge when it comes to external storage, enterprises would be wiser to embrace the trend by working with software developers and cloud providers to devise the proper APIs and other tools needed to keep cloud data safe, secure and available.



By Roberto L. Hylton, Senior Law Enforcement Advisor

If you have ever had the chance to speak with Administrator Fugate or listen to him discuss the role of first responders in disasters… you will know he views their work with a revered appreciation.  They are an intricate part of the emergency/disaster response team.  As a former Police Chief, I can attest to their hard work and dedication and agree whole heartedly with Administrator Fugate.

In my 30 year career I have witnessed heroic efforts by my officers and colleagues, including during times of disasters.  While serving Prince George’s County, we responded to 9/11, Hurricane Isabel, snowstorms, and multiple tornadoes.  Specifically, I recall one of the tornadoes that impacted my county.  An EF-3 tornado impacted the nearby college campus and devastated neighborhoods and infrastructure.  Emergency services were stretched to the max.  Our officers worked relentless hours, 48 hours straight in some cases, setting up and supporting emergency response and rescue operations.  The scene was chaotic with debris and terrified college students, but the right training helped officers maintain public safety and conduct lifesaving missions.

Over the last two years I have had the distinct privilege of sharing the Administrator’s views with the law enforcement community and recently, he reflected on Law Enforcement’s Role in Responding to Disasters in an article in Police Chief Magazine:

We ask a tremendous amount of our first responders during disasters and emergencies. They are the first line of defense; they are the first helping hand extended to survivors. Every police officer knows emergencies can happen without notice. Our ability to respond to and recover from disasters is directly influenced by how well prepared our first responders are and how well we all work together as a team before, during, and after a crisis. 
The role of law enforcement in responding to a disaster is very similar to the day-to-day role of public safety and supporting the community. In preparing for a disaster, police officers trust in their training and capitalize on their knowledge of a community. Exercises portraying the situations (large- and small-scale events) help better prepare officers and allow them to fully understand the resources needed for each event and apply that information to each community’s needs. Law enforcement officials know their communities best and interact with residents on a daily basis. This knowledge gives them the ability to provide valuable situational awareness to response and recovery groups coming in to help. For example, where will there be language barriers? Does the community have unique challenges? Law enforcement can help communicate this information to the emergency management team and can offer support to other members of the team by simply being a presence in the neighborhoods.
During a disaster, police officers play a key role in many operations including: search and rescue, evacuations, door-to-door checks, and maintaining overall public safety within the community. These are critical actions that support not only their own communities but neighboring towns as well. 

As the Administrator explained in the article, the law enforcement community has two vital roles in responding to disasters:

  • As first responders during times of crisis, and
  • Providing for the safety and security of the community. 

Responding to disasters is a shared responsibility, and those in law enforcement are aware that emergency management planning is for all hazards and that it takes a team effort to keep our communities safe.  I’m proud to represent the law enforcement community at FEMA as we continue to strengthen the coordination among the entire emergency management team.

Editor’s Note: Police Chief Magazine is a publication from the International Association of Chiefs of Police and serves as the professional voice of law enforcement and supports programs and research, as well as training and other professional services for the law enforcement community.


Hurricanes and other natural disasters can bring business to a screeching halt when an office or plant is damaged or destroyed, and critical infrastructure is offline.

"When Hurricane Sandy hit the East Coast last fall, it resulted in $62 billion in damages and economic losses from businesses that were not able to operate because of flooded buildings, power blackouts and damaged communications infrastructure," said Justin Moore, CEO at Axcient, a provider of cloud solution applications to avoid downtime and data loss.

"However, there were several success stories, where firms had disaster plans in place and were able to leverage cloud-based disaster recovery and business continuity solutions to weather the storm. Dozens of IT providers in Sandy’s path used the latest technology to spin up virtual offices in the cloud to keep employees productive while waiting for primary systems to come back online or be restored," Moore explains.



A new law requiring school drills that prepare students for an attack by armed intruders is an unfortunate, but necessary, sign of the times.

The sad truth is that teachers and students, however young, must know what to do to protect themselves in such an unthinkable situation.

These drills, which have been added to the standard school fire drills, have been in place since 1999, after the fatal shootings at Colombine High School in Littleton, Colo. More states have been enacting legislation mandating such drills in the wake of the 2012 shooting at a Newtown, Conn., school that left 20 young children and six adults dead.



Network World — Devops and the cloud: They're two of the biggest buzzwords in high-tech today. But organizations embracing these trends are finding out just how closely the two are linked, and the advantages that automating IT processes can bring.

Take Rafter, a San Mateo-based company that was founded on the idea that college textbooks are really expensive. Chris Williams created a sort of Netflix for textbooks rental business that started by running off a couple servers sitting in a closet. Seven years later the company has 150 employees and is helping students and bookstores manage inventory and host online book stores for colleges, in addition to the book rentals.

Rafter is continually rolling out feature enhancements to its web site, so the company has a bustling development and testing lab where new services are created. Instead of the code-writers waiting for the IT shop to spin up a virtual machine with a replica of the production website, instead the developers can provision their own compute resources themselves. Welcome to a devops shop.



Today, many regulatory standards—from HIPAA to FISMA to PCI—have created a compliance landscape that can be onerous and burdensome. And it’s likely to only get worse. Complying with the requirements set forth by all of these regulatory bodies that control the business world has a profound effect on companies, as it involves a great deal of time, cost and effort. Historically, different functions within a company—legal, IT, operations, accounting—have each owned different compliance mandates. Yet in that situation, there has been very little coordination between them, creating silos that stand in the way of efficiency, communications and organization. So, how can companies rise above the complexity created by geographical boundaries and different workflows within the business?

The answer is an approach that, once adopted by companies, could eventually make any other way to conduct compliance efforts obsolete. Called the “one-to-many” approach, it is a streamlined effort of energy that involves working with constituents within the same company to coordinate the different compliance efforts that are needed within a company. In simple terms, it’s all about eliminating inefficiencies. For example, if you are answering the same question to fulfill five different mandates, why not gather the answer only once? Performing redundant work to provide the same information for the many users of this information is a waste of resources. Instead, you should streamline your compliance efforts by adopting the one-to-many approach. This alleviates the impact of compliance on the company and frees up employees’ time to concentrate on other strategic initiatives.



We start the week with a new animation from NASA that shows the increasing risk of wildfire activity across the United States in the coming decades.

An article on the NASA website notes that with satellite and climate data, scientists have been able to track an increase in dry conditions since the 1980s.

Climate projections suggest this trend will continue, increasing the risk of fire in the Great Plains and Upper Midwest by the end of the 21st Century, according to NASA.



Risk managers around the world appear to be closely aligned when it comes to top concerns for their organization, according to findings of two studies.

One was preliminary results of a study, Global Risk Management Research, which is due in September by Accenture. Executives from 446 organizations across eight industries were asked what they see as the biggest risks over the next two years. Out of a list of 10 “external pressures,” legal risks topped the chart at 62%. Second on the list were business risks at 52%, and third were regulatory requirements at 49%.

There was a tie at 46% between the fifth, sixth and seventh concerns, which were credit risks, operational risks and strategic risks.



Monday, 12 August 2013 18:21

Protect the Data in the Cloud Castle

We’ve all read medieval stories about castles, knights, traitors and thieves. Stories about villains storming the walls and castle guards surrounding the moat have dotted our memories since we were children. Each story has a prize – maybe the queen or treasure. Each story has a battle over that prize, resulting in a war of good versus evil with a potential victor.

When we read these stories, we know that good triumphs over evil. However, real life doesn’t always mirror the fairy tales we grew up hearing.

While it’s extremely important to protect the castle with the right moat, drawbridge, guards and weapons, the castle itself should not be the only thing that is secured.  In all of the hustle and bustle of protecting the castle infrastructure, the most important thing is often forgotten: the prize. Thieves or traitors don’t always care about the castle itself – they only care about what’s inside. The same principle applies to your data in the cloud. Hackers, thieves and snoops aren’t interested in the infrastructure they’re only interested in the one thing they can use: your data.



Steve’s Flower Shop rents a commercial space in a downtown area. Steve’s income is derived primarily from purchasing wholesale live flowers and creating arrangements and selling those arrangements at retail. Steve’s shop has coolers to preserve the arrangements, an area to create the arrangements, and a retail space for customers. Steve’s rent and utilities are his highest expense. To save costs and increase profits, Steve’s purchases its wholesale flowers in bulk through a local distributor with a long-term contract. Let's say Steve’s clears $500 per day. Of that amount, $350 is cost for utilities, rent, wholesale product, supplies, and etcetera. Steve’s makes $150 per day which is acceptable to Steve – this is his retirement business after years as an overworked business lawyer.

Then… the storm comes. Steve’s shop is wiped out. The commercial space is uninhabitable. The coolers are gone. A shipment bound for a customer is gone and the stock is gone. Steve submits a claim to his property insurer. Within a few days, the insurer has put Steve in touch with a contractor and has cut a check to Steve to replace the equipment.



By Larry Lang

Statistics have shown that most small to mid-sized businesses will experience at least one instance of system downtime a year. Once a year doesn't seem like much, but consider this: Aberdeen Group estimates that an hour of downtime costs a mid-sized business an average of $74,000. Then factor in results from a Harris Interactive survey, which found that IT managers estimate 30 hours on average for recovery.

Now that the cost has been put into perspective, are you sure your business can bounce back from even one instance of system downtime each year? Has your disaster recovery system been through regular real-world tests to find out? Unfortunately, only a small minority can respond to this last question in the affirmative: A 2011 survey found that only 28 percent of small to mid-sized businesses surveyed have even tested their backup at all.



LINCROFT, N.J. -- FEMA’s Hazard Mitigation Grant Program provides important assistance to local, state and tribal governments following a major disaster declaration, both speeding recovery and protecting life and property from future disasters.

With the Hazard Mitigation Grant Program, the Federal Emergency Management Agency provides funds to the state to enable mitigation measures to be implemented during recovery from a disaster.

The Hazard Mitigation Grant program can be used to fund projects to protect public or private property as long as the project fits within state and local government mitigation strategies. Funds are sent to the state for distribution.

Examples of projects include:

  • Acquiring and relocating structures from hazard-prone areas, such as the $29.5 million acquisition of flood-prone properties in Sayreville.
  • Retrofitting structures to protect them from floods, high winds, earthquakes or other natural hazards.
  • Constructing certain types of minor and localized flood control projects.
  • Constructing safe rooms inside schools or other buildings in tornado-prone areas.
  • Helping state, local or tribal governments develop mitigation plans.

Federal funding under FEMA’s Hazard Mitigation Grant Program is made available at the request of a state’s governor following the declaration of a major disaster.

Hazard Mitigation Grant Program funding is allocated using a sliding scale formula based on the percentage of funds spent on FEMA’s Public and Individual Assistance Programs for each declared major disaster.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.


CIOBYOD is a reality, and we all have to deal with it.

Most of us are used to well-behaved devices such as laptops, netbooks, iPhones and iPads. There are enough mobile device management products to handle remote wipes and other strategies to lock down these devices if they are lost or stolen.

But when the device doesn't have a disk, things get a little dicey. Flash RAM that's soldered into a device can't be removed practically, and if the device is broken, that memory can't be erased. It gets more fun with Android tablets; the hardware may not be all that long-lived, and the myriad software configurations can be hard to manage in the wild.



Usage-based payment systems are becoming increasingly common, but a recent variation in disaster recovery has an interesting twist. A new pricing model from a company called Asigra is based not on how much data an organisation backs up, but how much it restores. In particular, a ‘recovery performance score’ determines the amount of money a customer will pay. The Asigra system emphasises value rather than cost: the value is in the data restored, rather than the data saved. Is a similar pricing model likely to spread to related services such as DraaS (Disaster Recovery as a Service)?



Thursday, 08 August 2013 18:47

Cloud: Responsibility and Accountability

For years, the IT industry has been experiencing growth in outsourcing. Organizations large and small have looked to utilize the promises of lower cost of operation. Witnessing this trend over time has allowed me to see something emerge that I have long-held as truth. Users have a responsibility to be accountable. Accountable to the service that they have contracted for, the information provided, the knowledge of the ownership of information, the recoverability, the usage, and the measurement against established criteria to name a few. Cloud is no different. I like to say, “You cannot manage that which you do not measure, and you cannot measure that which you do not know about”. Nonetheless, countless organizations dive into contracting for a service at one level and demand the service of the levels above that which they have contracted for.

When an organization outsources “backup”, for instance, the act of recovery must have established objectives (both time and point). This may come as no surprise to countless people in the business, but few organization have prioritized which applications are mission critical and need different recovery objectives than say the holiday office party logistics. While some may have done this, too many do not have an application matrix which outlines up-line and down-line dependencies. The number one reason why a “backed” up system cannot be restored, beyond hardware failure, is the lack of synchronization with the application up-line and down-line dependencies. So, why is it that the yelling and screaming commences once the failure occurs and the information provided was incomplete, inaccurate, or simply missing with regard to the actual nature of the criteria for success? It seems that the answer is lack of responsibility and accountability. The user no longer feels any responsibility or accountability for the “backup” since they have contracted for it even though they have not contracted for the level of service they are demanding, nor have they done their due diligence to manage the contracted service.



While three of the major hurricane forecasters have reduced by a smidgen their predictions for the 2013 Atlantic hurricane season, the season as a whole is still expected to be above-average as is the chance of a major hurricane making U.S. landfall.

Bear in mind that to-date the 2013 season has seen four named storms (Andrea, Barry, Chantal and Dorian) – none of which reached hurricane status.

Here’s how the revised forecasts stack up:



Thursday, 08 August 2013 18:45


By Meredith Cherney

When you ask someone what the most important thing to have on hand for a hurricane is, the common answers include food, water, flashlights, batteries, or a radio.  As I read through my student surveys however, I found a different set of answers.  Lifejackets.  Boats.  Buckets.  Axes.

Growing up in New Orleans fosters a unique hurricane perspective. When I stepped into that classroom to teach 9 to 12 year old students about hurricanes and preparedness, I wasn’t sure what to expect.  What do they know about hurricanes?  Do they understand that some evacuations are mandatory? Has their experience with hurricanes fostered a fear or resilience?

I work for Evacuteer.orgExternal Web Site Icon, a private non-profit commissioned by the New Orleans Office of Homeland Security and Emergency Preparedness to help with the City Assisted Evacuation (CAE) plan.  Beyond our role in emergency events we also seek to inform the public about the CAE and foster community preparedness. 

Our EvacuKids program targets a younger demographic.  We’ve already quadrupled our reach since 2012, from 30 to 120 students. Complete with a new curriculum and corresponding science experiments and activities, we not only teach students about hurricanes, but also work to improve literacy, writing, and critical thinking skills. 

There are four modules: disasters, hurricanes, prepare, and evacuate.  Each week builds upon the previous week, starting with the science of disasters and how hurricanes form to preparing your home for a storm and finding a safe place to stay in the event of a hurricane. 

In addition to academic lessons, we also talk to students about their experience with hurricanes, what they did, and how they felt.  Many students express fear and uncertainty when recalling their experience and as a class we discuss coping mechanisms to help them deal with their feelings.  Additionally, learning how hurricanes form and why they are common in our area can alleviate anxieties and foster a greater sense of understanding, preparedness, and even excitement in students. 

EvacuKids is tailored to the specific needs of the children, those whose families have transportation out of the city and those without it.  EvacuKids is a fantastic opportunity to make a meaningful, sustainable impact on a generation that will someday lead New Orleans in a positive direction.


Today is our 40th wedding anniversary, so naturally it leads to me to think about what love, marriage and life together has to do with crisis communication. A lot I think. And not just because there are plenty of crises in any marriage and communication or the lack of it is often the major cause of such crises.

Though some dispute the statistics, about half of marriages don’t survive–which makes 40 years very much worth celebrating. I’m going to suggest that the primary reasons why some do are very applicable to crisis communication, and for that matter any relationship.

Crisis communication, despite what too many think, is primarily about relationships. The all-important relationships between your company and organization and its most important stakeholders. Trust and respect are key elements of that relationship. What customer will stick with a company, what investor will maintain investment, what donor will contribute, what employee will eagerly produce without those two critical ingredients. Crises are crises mostly because they threaten the trust and respect that the important relationships hold in the leaders and the organization. That’s why whether or not an organization survives a crisis is primarily based how key stakeholders view the character of the leaders–are they worthy of continued trust and respect?



Hello, I’m David Mundie, a CERT cybersecurity researcher. This post is about the research CERT is doing on the unintentional insider threat. Organizations often suffer from individuals who have no ill will or malicious motivation, but whose actions cause harm. The CERT Insider Threat Center conducts work, sponsored by the Department of Homeland Security’s Federal Network Resiliency Division, that examines such cases. We call this category of individuals the “unintentional insider threat” (UIT).

This research includes

  • creating a definition of UIT
  • collecting and reviewing over 60 cases of UIT
  • analyzing contributing factors and observables in those cases
  • recommending preliminary ways to mitigate unintentional insider threats

For the purposes of our research, the team built a working definition of an unintentional insider threat:

An unintentional insider threat is (1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization’s network, system, or data and who, through (3) their action/inaction without malicious intent, (4) negatively affects the confidentiality, integrity, or availability of the organization’s information or information systems.

Our preliminary study of the UIT problem identified a number of contributing factors and mitigation strategies. The malicious insider threat and the UIT share many contributing factors that relate to broad areas in security practice, organizational processes, management practices, security culture, etc. However, there are significant differences. Human error plays a major role in UIT. Countermeasures and mitigations to decrease UIT incidents should include strategies for:



CIO — IT walks a fine line between balancing security issues and giving people the tools they need to get the job done. Every day companies move sensitive data around and IT is in charge of securing that data, but what about the little things that tend to fall through the cracks?

According to data from several recent surveys there are a number of things your employees could be inadvertently doing that puts your company's sensitive data and information at risk.

A survey done recently by IPSwitch, an FTP software organization, includes some of the reasons employees are putting sensitive data into places where IT has no control over what happens to it:



CSO — A security researcher has shown that hackers, including an infamous group from China, are trying to break into the control systems tied to water supplies in the U.S. and other countries.

Last December, a decoy water control system disguised as belonging to a U.S. municipality, attracted the attention of a hacking group tied to the Chinese military, according to Trend Micro researcher Kyle Wilhoit. A dozen similar traps set up in eight countries lured a total of 74 attacks between March and June of this year.

Wilhoit's work, presented last week at the Black Hat conference in Las Vegas, is important because it helps build awareness that the threat of a cyberattack against critical infrastructure is real, security experts said Tuesday.



KANSAS CITY, Mo. – With several areas throughout Kansas and Missouri experiencing bouts of late-summer flooding, the Federal Emergency Management Agency (FEMA) is urging residents to stay informed about the potential hazards of flooding.

Floods, especially flash floods, kill more people each year than any other weather phenomenon. This recent spate of severe weather-related events across the Midwestern states serves as a pointed reminder just how dangerous floods can be and how important it is to stay abreast of weather warnings, understand flood terms, and take action by monitoring, listening, preparing and acting accordingly.

Beth Freeman, Regional Administrator for FEMA Region VII urges residents to be constantly aware of their environment and any potential for flooding. "There's no doubt that when people are aware of the dangers and power of flooding, they can take measures to lessen the exposure to danger for themselves and family members," Freeman said. "When you're driving and you see the road ahead is flooded, be safe. It's best to 'turn around, don't drown.' FEMA is monitoring the situation and is on standby to help states if assistance is requested.”

While floods are the most common hazard in the United States, not all floods are alike. Floods typically occur when too much rain falls or snow melts too quickly. While some floods develop slowly, flash floods develop suddenly. 

One of the most dangerous elements of a flood is floodwaters covering roadways, and motorists are urged to never attempt driving through them.  About 60 percent of all flood deaths result from people trying to cross flooded roads in vehicles when the moving water sweeps them away.

While flood risks can indeed be a formidable threat, there are simple steps citizens can take today to reduce their risk to all types of floods. 

If a flood is likely in your area, you should:

  • Listen to your radio or television for information.
  • Be aware that flash flooding can occur. If there is any possibility of a flash flood that could affect you, move immediately to higher ground. Do not wait for instructions to move.
  • Be aware of streams, drainage channels, canyons, and other areas known to flood suddenly. Flash floods can occur in these areas with or without such typical warnings as rain clouds or heavy rain.

If you must prepare to evacuate, you should:

  • Secure your home. If you have time, bring in outdoor furniture. Move essential items to an upper floor.
  • Turn off utilities at the main switches or valves if instructed to do so. Unplug electrical appliances. Do not touch electrical equipment if you are wet or standing in water.
  • Take essential documents (http://www.ready.gov/evacuating-yourself-and-your-family)

If you must leave your home, remember these evacuation tips:

  • Do not walk through moving water. Six inches of moving water can make you fall. If you have to walk in water, walk in areas where the water is not moving. Use a pole or stick to make sure the ground continues in front of you.
  • Do not drive into flooded areas. If floodwaters rise around your car, abandon the car and move to higher ground if you can do so safely. You and your vehicle can be quickly swept away.
  • Six inches of water will reach the bottom of most passenger cars causing loss of control and possible stalling.
  • A foot of water will float many vehicles.
  • Two feet of rushing water can carry away most vehicles including sport utility vehicles (SUVs) and pick-ups.

Additional tips to consider:

  • United Way’s 2-1-1 is a helpful resource before, during and after disasters. Keeping this number and an up-to-date family communication plan handy is a must-do when preparing for emergencies.
  • Keep emergency supplies on hand, such as non-perishable food, medicine, maps, a flashlight and first-aid kit.
  • Use extreme caution when returning to flood damaged homes or businesses.

Become familiar with the terms that are used to identify flooding hazards:

  • Flood Watch: Flooding is possible. Tune in to NOAA Weather Radio, commercial radio, or television for information.
  • Flood Warning: Flooding is occurring or will occur soon; if advised to evacuate, do so immediately.
  • Flash Flood Watch: Rapid rises on streams and rivers are possible. Be prepared to move to higher ground; listen to NOAA Weather Radio, commercial radio, or television for information.
  • Flash Flood Warning: Rapid rises on streams and rivers are occurring; seek higher ground on foot immediately.

The National Weather Service is the official source for weather watches and warnings.

For more information on flood safety tips and information, visit www.ready.gov/floods or the Spanish-language web site www.listo.gov.

For information on how to obtain a flood insurance policy, visit www.floodsmart.gov.

Follow FEMA online at www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Find regional updates from FEMA Region VII at www.twitter.com/femaregion7. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.


In today’s enterprise, data is the key. It enables a business to make its best decisions and efficiently manage its business processes.

Data is demanded by many departments and must be gathered, sorted, cleaned, managed, analyzed and protected. Because data is often gathered from applications, it likely falls in the realm of IT, where business intelligence and analytics systems are managed. However, what many IT organizations lack is a framework for data governance—a solid set of processes and policies that dictate the way data is supervised and preserved.

The book “Data Governance: Creating Value from Information Assets,” provides a detailed look into information governance; it begins with a chapter on how data governance plays a role in an enterprise, moves through management of metadata, and then explains how to operationalize data quality. Other chapters include:



Wednesday, 07 August 2013 15:47

The Road to the Hybrid Cloud Runs Through PaaS

Most enterprises are far enough into the cloud deployment process to understand that there is more than one type of cloud. At the moment, many organizations are content to spin up a few hosted resources to gain extra storage or run a few key applications. But as cloud strategies become more refined, the style of cloud implemented on both private and public resources and the infrastructure that supports them can have a dramatic impact on future data objectives.

As I’ve pointed out, hybrid architectures are only as good as the private cloud allows them to be, and so far only a handful of organizations are pursuing what leading experts deem to be a true private cloud strategy. Part of this is because the cloud is still an ill-defined concept, but legacy infrastructure can be a major drag as well—particularly when it consists primarily of silo-based, bare-metal architecture. So clearly, the first step in any coordinated cloud strategy is to implement virtual and software-defined infrastructure to the broadest extent possible.



Wednesday, 07 August 2013 15:45

IT Evolution

We really need to transform what the American IT workforce is made up of. Instead of teaching COBOL, Pascal, C++, and other elements of technology, we really need to teach how to align business and IT to take advantage of innovation and creative thinking. The way to align business and IT is to focus on the customer experience and the value that they live in that experience.

Instead of IT being a separate business unit, IT needs to be integrated into every business unit. I am by no means advocating breaking IT up into multiples of itself contained within each business unit. I am advocating that IT needs to reside with knowledge of the business and each unit in their strategic planning to assist with how to enable their people and process in a cost effective, simple, agile, and rigorous way. If IT establishes strategy along side of the business, then the execution and results will match. This is opposite of the way it is done today where the business and each unit goes off to develop strategy based upon a vision that IT is not a part of. Likewise, IT, more often than not, sequesters itself and develops its own strategy and execution plan based upon a limited view or knowledge of the vision of the organization. I liken this to picking the route to go on vacation before picking the destination.



PC World — For small businesses today, there's nothing that can't be done in the cloud. You could plunk down your cash for Basecamp, Yammer, and Google Docs like everyone else, but alternatives to these stalwarts abound. For something that does more, costs less--or both--check out these six Web-based tools, categorized based on their primary functionality.


General collaboration: Podio

Podio may still fly under the radar of such behemoths as Basecamp, but it's rapidly emerging as the go-to collaboration tool for a new generation of knowledge workers. Originally a Danish startup, Citrix acquired it last year, and the new features keep on coming.

Designed (like most collaboration systems) to eliminate excessive emailing, the structure is relatively simple: You invite employees into Podio's internal communication network, then create any number of "workspaces" in which they can collaborate. You can admit outsiders on a workspace-by-workspace basis, keeping them out of the broader employee network.



For homeland security professionals to be successful in their field, it is critical to stay ahead of prevailing tendencies within the industry. Colorado Technical University recently sponsored a mock exercise, hosted by the Colorado Emergency Preparedness Partnership (CEPP), and attended by personnel from private and public sector institutions to help prepare for a cyber-attack.

During the tabletop exercise, an expert panel addressed propagation and impacts of a cyber-attack from domestic and foreign organizations. This simulated exercise was part of a continued series of emergency preparedness events led by CEPP and this event’s sponsors: Western Cyber Exchange, CTU and the Canadian Consulate.

The cyber-attack scenario began in southern Colorado and spread from local jurisdictions to a national threat, and ultimately a global one. Families, businesses, communities, government services and the critical infrastructure we depend on for our everyday needs suffered the consequences from the simulated attack. Our expert panel, consisting of private and public sector members from the city of Colorado Springs; telecommunications and energy sectors; the state, federal and Canadian governments; addressed the evolving scenario.



One flood victim in Canmore says he has concerns after learning the province's disaster recovery program is being run by a private company.

Gus Curtis' yard was washed away by Cougar Creek and his home's foundation is exposed and cracked. Until recently Curtis assumed he was working with a government employee on a recovery plan.

In fact, Edmonton-based Landlink Consulting has been contracted to processes flood claims and calculate and distribute payments.

Curtis said an employee shut him down after he asked a few questions. "So I said ‘who is Landlink?’ He paused and said Landlink is a company hired to administer the fund,” Curtis said.



Disasters happen. And though business and IT leaders like you can’t prevent them, you can curtail the losses and costs that disasters cause — by ensuring that Business Continuity and Disaster Recovery (BC/DR) plans are in place at your organization.

Hurricane season, flooding, tornadoes and other severe weather threats remind us once again just how important it is to be prepared 

For instance, in the event of a disaster, would your IT operations be back to business with the help of data centers that remain running amid the storm, transitioning from generators to utility power in the days following? We explore this possibility further in our recent Forbes.com article “Does Your Data Center Have a Disaster Plan?” with strategies that protect buildings, systems, equipment, and personnel — and also have contingencies for the loss of any or all of them.



Tuesday, 06 August 2013 17:52

Training children in emergency preparedness

In July 2012, the Federal Emergency Management Agency (FEMA), through Administrator Craig Fugate, announced the following regarding youth disaster preparedness: “Youth have a unique ability to influence their peers and families to be more resilient, and children play an important role in disaster preparedness, during and after a crisis.”

According to FEMA, studies have shown “those households with schoolchildren who brought home preparedness materials are more likely to be prepared on a range of preparedness than households with schoolchildren who did not bring home preparedness materials.”

It is reported that 70% of households receiving preparedness information from their children have an emergency response plan they have discussed with family members compared to the national average of 45%. It appears the best champions for disaster preparedness are our children.

Some training can start at home before they’re old enough to attend school, when your children are of an age they can absorb information, and comprehend what to do with the information. Here are some things you can teach your children to get them started down the path of emergency preparedness:



Tuesday, 06 August 2013 17:50

Lost in the privacy landscape

Australia’s privacy and data protection laws are hard to explain and often poorly understood. The first challenge is to explain that the Australian Privacy Commissioner sits in the Office of the Australian Information Commissioner (OAIC) and applies laws that the Australian parliament has misleadingly called ‘principles’.

The second challenge is describing how to read principles as laws and fit them together with other provisions in the Privacy Act that clearly are drafted as laws.

And then there’s the difficulty of trying to interpret these provisions when dealing with novel issues such as cross-border cloud deployment and access to personal information held in another jurisdiction (or jurisdictions unknown), geo-tracking of devices, data warehouses, virtualised servers, big data and customer data analytics.



With the increase in the use of online services for government transactions, datacentres are a key focus of the government’s green IT strategy and the Green ICT Delivery Unit (GDU), according to its report.  

Over 80% of HMRC’s tax returns are submitted via the internet, suggesting the growing importance of public sector datacentres.

As a result, the Department for Food, Environment and Rural Affairs (Defra) is setting out best practice guidelines for public sector organisations to procure energy efficient datacentre and cloud hosting services. The guidance has been discussed with Intellect, the UK industry body and there have also been discussions with the European Commission (EC) via its EU-wide Green Public Procurement process.

The Greening Government: ICT Annual Report 2013 by Jennifer Rigby, chair of GDU and John Taylor, SRO for Green ICT and CIO at MoD also praised government CIOs and IT staff’s progress in implementing green IT strategies.



Lancope has released a survey indicating that many enterprises possess an unrealistic confidence surrounding the security of their networks.

According to the survey, more than 65 percent of IT/security professionals did not think, or were unsure whether, they had experienced any security incidents within the last 12-18 months.

According to Lancope’s director of security research, Tom Cross, this scenario is not likely. “Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter,” he said. “I would assert that if you’re unsure whether or not your organization has had a security incident, the chances are very high that the answer is yes.”

The survey also revealed that 38 percent believe recent security incidents had no impact on their organization. According to Cross, “even the most basic malware infection has some financial cost to the organization, even if it’s just the cost to clean infected machines. Not to mention the additional serious consequences that can result from a breach, including data loss, customer distrust, regulatory fines and many others.”



A crisis in 2013 vaguely resembles a crisis of 15 years ago. Today, social media can be both a curse and a blessing in an emergency. Managers must understand that with the power of real-time comes a huge responsibility to learn how to use the media responsibly. One piece of misinformation posted on social media during a crisis can start a cascade of panic that is almost impossible to stop. - See more at: http://blog.missionmode.com/blog/3-keys-to-using-social-media-responsibly.html#sthash.CBr4tPjV.dpuf

On July 2, the government of India released the National Cyber Security Policy 2013. This policy extends to a spectrum of ICT users and providers, including home users, SMEs, large enterprises, government and non-government entities. The policy aims to serve as an umbrella framework for defining and guiding the actions related to the security of cyberspace. The policy has been much delayed but is now released amid reports of snooping by the US globally - and ever-increasing threats to India as a country.

The policy defines 14 diverse objectives that provide an overview of the government’s approach to the protection of cyberspace in the country. A few objectives that will have a positive impact on S&R professionals in India caught my attention:



Today’s “social age” has brought many changes to the corporate world and increased the competitive threats enterprises have to deal with on an ongoing basis. Traditionally, competition has been upfront and direct with open head-to-head strategies to win customers and market share. But as the world approaches a complete “digital state” the competitive tactics against corporations have never been more threatening or aggressive.

As disruptive, non-traditional business competitors emerge, many of these organizations are adopting tactics that would typically be “off limits” to traditional corporations, including partnering with activist groups to attack and disrupt the market leader to damage the reputation and erode the financial state of the organization.

Many enterprises are no longer simply looking to compete, but actually to protect their operations against the disruptive, aggressive forces these non-traditional competitors are partnering with. To combat these unconventional tactics, traditional corporations are turning to real-time advanced social intelligence to receive deep, multidimensional insight on the tactics and actions.



Tuesday, 06 August 2013 17:20

Terrorism Risk and Insurers

Ratings agency Fitch has warned that failure to renew the federally backed Terrorism Risk Insurance Program could have a significant impact on the availability and pricing of workers compensation and commercial property insurance coverage.

Insurer credit ratings and the commercial mortgage backed securities (CMBS) market would also be affected.

The report comes as at least 19 U.S. embassies and consulates in the Middle East and North Africa remain closed through the week after the State Department issued a global travel alert to U.S. citizens due to potential terrorist threats.

Fitch notes that workers compensation insurers could be particularly vulnerable to large losses if an extreme terrorist event takes place without the federal terrorism reinsurance program in place:



Tornadoes, hurricanes, wildfires or other natural disasters can bring your business to a screeching halt when the office is damaged or destroyed, and critical infrastructure is offline. Axcient, the leading cloud solution for eliminating application downtime and data loss, today outlined 10 disaster preparedness tips that can help your company prepare and respond to disasters, while keeping the business up-and-running and maintaining vital revenue.

“When Hurricane Sandy hit the East Coast last Fall, it resulted in $62B in damages and economic losses from businesses that were not able to operate because of flooded buildings, power blackouts and damaged communications infrastructure,” said Justin Moore, CEO at Axcient. “However, there were several success stories, where firms had disaster plans in place and were able to leverage cloud-based disaster recovery and business continuity solutions to weather the storm. Dozens of IT providers in Sandy’s path used the latest technology to spin up virtual offices in the cloud to keep employees productive while waiting for primary systems to come back online or be restored.”

These businesses had a clear emergency preparedness plan in place for their personnel and relied on technologies that can deliver real business protection exactly when it’s needed. 

Looking at examples of what enterprises did to successfully weather Hurricane Sandy and other natural disasters, Axcient developed the following 10 Disaster Preparedness Tips for Businesses:



Monday, 05 August 2013 15:11

Instilling Ethics in a Compliance Program

I continue to be astounded by one simple fact (candidly there are others) – companies do not understand that creating and maintaining an ethical culture improves bottom-line financial performance.  A commitment to ethics as an enhancement to an existing compliance program not only improves performance of the compliance program, but improves corporate profitability and long-term shareholder value.

From my days as a history major, I am reminded of the Luddites and their rejection of technology.  To me, the issue is remarkably similar – companies ignore ethics as a driver of compliance, but more importantly fail to recognize the importance of ethics a means to ensure business success and long-term viability.

There is an abundance of research proving that an ethical culture improves financial performance.  The link appears very logical and intuitive and research confirms the improvement to the bottom line.



Monday, 05 August 2013 15:09

Business Continuity and the use of Robots

For most organisations, business continuity issues have more to do with breakdowns in everyday processes than with incidents in a nuclear reactor. However, events like the most recent catastrophe in Japan have catalysed discussions on the potential for using robots for recovery and continuity – discussions that could progressively include even ‘run of the mill’ incidents. The high radioactivity levels of the Fukushima reactor systems prevented human beings from being able to shut them off early enough to minimise damage. Correctly designed robots on the other hand might have been able to do this: however, while the use of robots in industrial applications and in space exploration is well-known, emergency situations require a different approach to robot programming.

The need to be able to issue simple, natural commands according to the need at hand, and the need for robots to respond to these commands are defining characteristics of these critical situations. Current pre-defined, pre-programmed robot activities do not allow for this. In tape archives for instance, robots organise tape cartridge picking, mounting, and storing, but do not step outside the narrow limits of an orderly process. Such robots are not designed to respond to abnormal situations such as fire or flooding. Recovery robots on the other hand would be expected to handle such events and understand spontaneous commands such as ‘shut the door’ or ‘go down the stairs’.



The all-Flash data center—it used to be considered something of a pipe dream. While solid-state storage has its uses, both costs and the complexity of modern data environments seem to demand mixed storage architectures for the time being. But as costs come down, more storage experts are looking at all-Flash, or perhaps Flash-dominant storage environments.

Storage has always been the laggard in the data-handling relay race, but recently the disparity has become stark. As virtual and cloud environments shift the burden away from processing power and even storage capacity, speed has become the determining factor in high-performance environments. According to Kaminario, more than 90 percent of the performance issues afflicting leading applications these days can be traced to storage. Whether it is web-facing OLTP or Big Data OLAP batches, the I/O culprit is almost always poor random read/write performance in legacy HDD arrays. The results were largely same across Oracle, SQL, DB2, MySQL and even unstructured data sets.



Instead of the teacher, I was the student.  I was “grasshopper”.

Recently, I had the opportunity to attend a Dale Carnegie workshop that my employer hosted as part of our employee development program.  The course was titled “How to Say What You Mean to Get the Results That You Want”.

I was pleased (confident) when throughout the class we talked about several topics that we also cover in the Community Emergency Response Team (CERT) Train-the-Trainer curriculum that I’ve been teaching for the past few years.

I thought I’d share with you some of the concepts, suggestions, and thoughts that I left the class with.



Monday, 05 August 2013 14:49

What We're Watching: 8/2/13

Posted by: Dan Watson, Press Secretary, Public Affairs 

At the end of each week, we post a "What We’re Watching" blog as we look ahead to the weekend and recap events from the week. We encourage you to share it with your friends and family, and have a safe weekend.

Photos of the Week
Here are a few of our favorite photos from the past week. Check out our Photo Library for more.

Moore, Okla., July 29, 2013 -- The American flag stands as a sign of strength in the foreground of the devastation left in the wake of the May 20th EF-5 tornado.

Old Bridge, N.J., July 27, 2013 -- FEMA Mitigation specialist Jenai Jordan and External Affairs representative Susan Langhoff provide information on mitigating disasters like Hurricane Sandy at the Home Depot Hurricane Workshop in Old Bridge, New Jersey.

White River, Mich., July 30, 2013 -- Muskegon County Road Maintenance Superintendent Laurie Peterson, views this very dangerous road washout. FEMA Public Assistance and Hazard Mitigation Grants become available following application and inspection and cover a significant portion of the cost of repair.

Weather Outlook
According to the National Weather Service, it doesn’t appear there will be any severe weather threats this weekend.  While there aren’t any significant weather threats at this time, weather conditions can change rapidly. We encourage everyone to monitor their local weather conditions online at www.weather.gov or on their mobile device at http://mobile.weather.gov.

While you’re out and about this weekend, take a few moments to make sure your family’s emergency kit is fully stocked as we head into the peak of hurricane season.  Last week we saw two Tropical Storms -- Dorian in the Caribbean and Flossie in the Pacific. These storms are great reminders that the time to prepare for tropical weather is now. Visit Ready.gov for a list of items that should be in your emergency kit and for safety tips on what to do before, during and after a hurricane.

Public-Private Partnership Conference
This week the Department of Homeland Security and FEMA, in association with the United States Northern Command and the American Red Cross, hosted the “Building Resilience through Public-Private Partnerships” conference.

The conference highlighted successful public-private partnerships, identified coordination gaps between public-private organizations, and engaged both sectors to determine how to further promote teamwork to make our communities and nation more resilient.

Here are a few tweets from the @FEMALive account, which covered live the conference live on Twitter:

Thanks to everyone who was able to participate and follow the discussion online!

For more information on how FEMA engages with the Private Sector, visit www.fema.gov/private-sector.

Have a safe weekend!


This summer’s floods in Alberta and Toronto highlight the importance of business continuity planning – a key part of any risk management strategy. It keeps employees productive and maintains essential business operations and customer satisfaction during any kind of interruption. However, according to IDC, only 44 per cent of Canadian large businesses, with more than 1,000 employees, had a continuity plan in place as of late 2011. Small businesses, with fewer than 100 employees, were even less prepared, with 25 per cent planning to launch business continuity plans in the next 12 months.

Here are some key steps to make sure your business operations can continue in the event of another major interruption:

1. Have executive buy-in. Support from executives or other senior leadership is critical for the success of a business continuity plan. Planning and execution will require their buy-in and attention to ensure that all processes are managed effectively.



Friday, 02 August 2013 15:54

NIH Announces Big Dollars for Big Data

Big Data is playing a huge role in medical research—some even believe it will be instrumental in finding a cure for cancer. Though in its early stages, harnessing the power of Big Data obviously has the potential to change medical research in a major way.

The National Institutes of Health apparently agrees. This week, the NIH announced funding for the establishment of six to eight investigator-initiated Big Data to Knowledge Centers of Excellence. The funding will be for up to $24 million per year for four years.

“The centers will improve the ability of the research community to use increasingly large and complex data sets through the development and distribution of innovative approaches, methods, software, and tools for data sharing, integration, analysis and management,” Scientific Computing reports.



As we approach the peak of hurricane season, catastrophe modeler RMS has warned that storm surge poses a greater risk than hurricane wind.

RMS says its updated North American hurricane model shows there is a 20 percent chance that storm surge loss will be greater than wind loss for any U.S. hurricane that makes landfall. And for the northeast coast of the U.S. the risk is even higher.

Dr. Claire Souch, vice president, model solutions at RMS says:

Our model shows there is a 20 percent chance that storm surge loss will be greater than wind loss for any U.S. hurricane that makes landfall, which rises to almost 40 percent along the northeast coast of the United States – this is a risk the market can no longer afford to ignore.”

RMS’ updated North Atlantic hurricane model suite includes the ability to fully quantify the risk from catastrophic hurricane-driven storm surge.



There is no doubt that companies understand the importance of business intelligence (BI) to supporting the efficient and effective running of the organisation.

Continued economic uncertainty and major industry-changing dynamics like mobility and the shift to digital business put a premium on data and information. Whether it's optimising processes, improving customer service, increasing the accuracy of marketing initiatives, breaking into new markets, or seeking ways to get ahead of the competition, firms recognise that getting the right data to the right person at the right time is a key prerequisite to business success.

However, recognising the importance of data and analytics is one thing. Actually putting in place the processes and tools required to deliver data and analytics in the most efficient and appropriate way to meet the needs of business decision-makers is a different matter:



Cloud data storage and disparate privacy laws could be hampering companies fighting cyber attacks, according to Seth Berman, UK executive managing director of digital risk management and investigations firm, Stroz Friedberg.

He urged organisations to review cloud services contracts to prevent valuable time being lost when responding to a data breach incident.

“Companies are forced to fight attackers on multiple geographic fronts, but the complexities of the internet cloud and a patchwork quilt of data privacy laws means a prompt response is often difficult,” said Berman.

Cyber incident response plans must take into account any potential restrictions to access, but providers are rarely set up to support a victim's needs to obtain forensic images of their own servers.



Heightened regulatory scrutiny and greater concerns over risk governance have led financial institutions to elevate their focus and attention on risk management, a new global survey from Deloitte Touche Tohmatsu Limited (DTTL) finds. In response, banks and other financial services firms are increasing their risk management budgets and enhancing their governance programs.

According to Deloitte’s eighth biennial survey on risk management practices, entitled ‘Setting a Higher Bar,’ about two-thirds of financial institutions (65 percent) reported an increase in spending on risk management and compliance, up from 55 percent in 2010.

A closer look at the numbers finds, though, that there is a divergence when it comes to the spending patterns of different-sized firms. The largest and the most systemically important firms have had several years of regulatory scrutiny and have continued their focus on distinct areas like risk governance, risk reporting, capital adequacy, and liquidity. In contrast, firms with assets of less than $10 billion are now concentrating on building capabilities to address a number of new regulatory requirements, which were applied first to the largest institutions and are now cascading further down the ladder.



Online threats and cyber crimes increase with intensity and complexity almost daily. Couple this with the fact that nearly all business functions rely on the Internet and IT in some way, and you have big reasons to fear a failure in your company’s online defenses.

The Department of Homeland Security has identified five main questions that c-level executives should consider when addressing cyber risks. These points are presented in the IT Download, Cybersecurity Questions for CEOs. The informative document covers these key questions and others that company leaders must evaluate in their organization to ensure company data and systems are safe from attack—questions that many executives never think to ask of their IT security team, such as:

  • How many cyber incidents do we detect in an average week?
  • How and when is executive staff notified of a breach or attack?
  • What are our current risks to attack?

According to the document, company leaders should take an active role in risk management discussions:



Friday, 02 August 2013 15:35

How to Smooth IT-Business Friction

CIO — Who loves their IT department? Only one out of 10 have a positive sentiment toward IT support or service, according to a survey by BMC Software. A whopping 63 percent have a negative sentiment, while the rest take a neutral stance.

The vast majority of end-users shake their heads when it comes to IT's ability to respond and resolve to tech problems in a timely manner. The perceived impact this has on worker productivity is pretty bad, too.

"I hate calling the help desk at work," a survey respondent writes. "Not only are they useless, but the guys also do some excessive breathing into the phone."

BMC offers a few things both end-users and IT professionals can do to reduce this friction. End-users can have a "take your techie to lunch day," while IT can deploy a digital ticketing system that drives accountability.

Another potential fix that has been gaining steam lately is the enterprise Genius Bar. Companies such as SAP are taking a page from Apple's hands-on, consumer-friendly approach to solving tech problems. This trend is in the early stages, yet an enterprise Genius Bar has the potential to change the odd-couple relationship dramatically.



I swear I could write about BYOD and the potential security problems every day until the foreseeable future. But I have to wonder if we are approaching the risks in the wrong way.

A new study by managed cloud services provider NaviSite found that while 80 percent of 700 IT decision makers agree that BYOD is the “new normal,” only 45 percent have a formal BYOD policy in their workplace.

That number is awfully low when you consider that even though BYOD is being thought of as the “new normal,” it isn’t exactly a new concept. After all, employees having been using personal computers and laptops for business purposes long before there were mobile devices. And mobile devices have now been around in the workspace for several years.



Over half of UK IT managers believe a fully outsourced managed security service is necessary to support the roll-out and management of cloud technologies, a survey has shown.

The poll of IT managers across all sectors by Vanson Bourne revealed that 78% of respondents are concerned about how to migrate to online services securely.

“As more people introduce cloud services there may be an increase in the use of security in the cloud,” said the survey report.

The report said it is likely that most businesses are trialling the technologies before taking the next step, especially with an issue as important as security.

Only 5% of all IT managers saw no benefit in using a security as a service provider, but all those in the financial sector recognised the benefit of security services.

Just over two-thirds said security service providers should be held responsible for security breaches, indicating that few are willing to accept the security responsibilities of moving to the cloud.



Thursday, 01 August 2013 15:13

Disease Spreading At Speed of Flight

Polio, not bird flu

[Updated on 1 August 2013 at end of entry]

Israel has recently reported several cases of polio.

Since Israel inoculates all children and new immigrants with anti-polio vaccine, the appearance of polio should tell risk management practitioners two things:

      One: In order to eradicate a contagious disease, the effort must be worldwide

Two: Communicable diseases can – and are – spread at the speed of flight.

According to Israeli sources ( http://www.israelnationalnews.com/News/News.aspx/), “The strain of polio virus recently discovered in southern Israel is exactly the same kind as the type of virus that is prevalent in Pakistan, and which existed exclusively in Pakistan until recently, reports the Pakistan-based publication Dawn.

“Dr. Nima Abid, a representative of the World Health Organization (WHO) in Pakistan, told Dawn that the virus was "definitely" from Pakistan, since “The virus genotype (genetic make-up) is the same as prevalent in Pakistan and this is what the research has indicated."

“The samples of the virus strain were found in sewage in Cairo, in December last year.

There had been no cases of polio in Egypt for five years previously, and the disease had been eradicated in Israel much before that, said the WHO official.”

Polio is not the only easily transmitted disease that requires international cooperation to eliminate.



Thursday, 01 August 2013 15:12

Garbage In, Garbage Out

Last week I wrote about a train derailment on the line I take to work every day. It was the third derailment in only a few months for the MTA. It turns out that two sets of tracks were destroyed as the result of a derailment of 10 cars on a CSX train hauling garbage at night.

The MTA responded promptly and by the next morning had plans in place, using buses and a subway line to get people to work in Manhattan. That was a Friday, and by Monday garbage had been removed from the tracks and one track was replaced so that service could mostly be restored. The second track was back a few days later.

But a recent letter to the editor of our local newspaper gave the incident a new perspective. The reader pointed out that a CSX garbage train makes a trip four times each day to and from the Bronx, through Albany, to Virginia.

He stated, “The garbage is loaded next door to two gas-fired electric generating plants,” and pointed out that “every advanced country is converting garbage to gas for electric production – we are not.” Instead, we are hauling it to faraway locales to be placed in landfills.



Thursday, 01 August 2013 15:09

Do 1 Thing: Family Communication Plan

By Cate Shockey

This blog is part of a series, covering a preparedness topic each month from the Do 1 Thing ProgramExternal Web Site Icon . Join us this month as we discuss family communication plans.

For Do 1 Thing this month, it was time to sit down and create a family communication plan. The point is to be able to communicate with family members during a disaster.

On vacation with my family this month, we discussed how we would stay in touch in an emergency situation. Local phone calls can be overloaded in an emergency, so it’s important to choose a person that lives outside of the area to call if you’re not able to reach each other. Because I live in a different state than my family members, it was easy to decide that I would be their out of state contact, and my parents would be mine.

The next step was entering ‘in case of emergency’ numbers (ICE) into our phones. If you are hurt and unable to use your phone, first responders can call your ICE contact for you.

Here are a few things you can do this month to make sure you can stay connected toyour family in an emergency:

  • With the prevalence of social media, many people have found that the best way to communicate in the chaos of an emergency is to check in with others on Facebook, Twitter, and Instagram. In 2012, the American Red CrossExternal Web Site Icon reported that three out of four Americans (76 percent) expect help in less than three hours of posting a request on social media and 40% of those surveyed said they would use social tools to tell others they are safe (up from 24% in 2011).
  • Fill out a family communication plan Adobe PDF fileExternal Web Site Icon at Ready.gov. Keep a copy of your plan in your emergency supply kit or another safe place where you can access it in the event of a disaster.
  • Keep a car charger for your cell phone in your car. That way, if the power goes out, you can still charge your phone.
  • Remember that if your call won’t go through in an emergency, a text message might. Make sure everyone in your family knows how to send and receive text messages.
  • The American Red Cross Safe and WellExternal Web Site Icon website helps families keep in touch during a disaster. In an emergency, visit the website and enter your information as well as find information on others.

Check out Do 1 ThingExternal Web Site Icon for more tips and information, and start putting your plans in place for unexpected events. Are YOU ready?

Leave a Comment! Do you have a family communication plan? Have you ever had to use it?


It should come as no surprise that regulators and organizations alike struggle to set and enforce guidelines for social media activity. It’s not just that the rise of social media is rapidly transforming the way we interact with people, customers, and brands; but also how many ways this transformation is happening.

The core issue is that social media alters the way we as individuals share who we are, merging our roles as people, professionals, and consumers.  As we share more of ourselves on a growing number of social networks, questions quickly surface:

  • How frequently and on what social networks should we post?
  • When should we present ourselves in our professional role versus sharing our personal opinions?
  • Is it okay to be social media friends with co-workers, clients, or your boss?

These are complicated matters for individuals, and absolute conundrums for organizations concerned with how employees behave and interact with others in, and outside of, the workplace. Their questions are even more complicated:



Thursday, 01 August 2013 15:06

Is it time for object storage to shine?

My previous column touched on the promise of storage virtualisation in an era of “software-defined everything” and other initiatives that promise to make storage much simpler to manage.

One option for time and cost-starved IT managers to rein in their storage spending is object storage.

Object storage, on paper at least, seems like an appealing option. It is radically simpler than traditional storage area networks (SAN) and even network-attached storage (NAS), it scales much better from a capacity standpoint, and it is especially well suited to cost-effectively storing lots of unstructured data – think files, videos, music and images – in this big data era.

Yet, according to our research, the adoption of object storage is a minority activity. In a recent study by 451 Research’s The Info Pro service, out of 275 storage professionals at mid-sized and large organisations, just under a quarter (24%) said they had already deployed object storage.



Wednesday, 31 July 2013 18:57

This is not a test

FORTUNE -- Manpower -- SWAT teams, bomb squads, K9 units, scores of local police officers, and citizens providing information -- will forever receive credit for bringing down the suspects linked to the Boston Marathon bombings that killed three and wounded hundreds. But there was another, little-noticed participant in the manhunt: an emergency alert platform created by Glendale, Calif.-based Everbridge.

It was Everbridge's system that enabled officers to keep locals informed -- and safe -- as they tore through suburban streets in search of the suspects. Everbridge allows single entities to send thousands of messages at the push of a button, even if cell towers are down. (The system can send texts using Wi-Fi). During Boston's marathon bombings, local companies used the system to verify the safety of employees, hospitals used it to relay information to nurses, and police updated citizens with safety alerts and messages. "We really wanted to limit people being out [on the streets] so that those law enforcement folks could maneuver around the town," says Watertown Fire Chief Mario Orangio. "By getting that message out as quickly as we did, it helped immensely." At one point during the manhunt that resulted in the capture of suspect Dzhokhar Tsarnaev, the Watertown Fire Department sent out 11,000 messages in a 15-minute span using Everbridge, he added.



CIO — Your organization will come under attack. It's not a matter of "if." It's a matter of "when." And security is no longer simply an operational concern. As technology has become the central component of nearly all business processes, security has become a business concern. As a result, information security should sit firmly on the boardroom agenda.

"If the worst were to happen, could we honestly tell our customers, partners or regulators that we've done everything that was expected of us, especially in the face of some fairly hefty fines that could be levied by regulators," asks Steve Durbin, global vice president of the Information Security Forum, a nonprofit association that researches and analyzes security and risk management issues on behalf of its members, many of whom are counted among the Fortune Global 500 and Fortune Global 1000.

"We're seeing, I think, not only that boards need to get up to speed on this, but also they need to be preparing their organization for the future," Durbin says. "They need to be determining how they can be more secure tomorrow than they were today."



Today I’m going to discuss how a company can mismanage a crisis in a way that makes their plans backfire and blow up.

Of course a crisis cannot always be perfectly planed for or averted. There are a few ways for a social web team to turn a crisis around and even reap the benefits of said crisis.

Recently, Chipotle’s Twitter account was allegedly hacked with several incoherent tweets being published.



Cloud computing gives organisations the opportunity to rethink many traditional IT practices, but it may be a particularly good fit for disaster recovery and business continuity.

Network World Editor in Chief John Dix caught up with IBM Distinguished Engineer Richard Cocchiara, who is CTO and the Managing Partner of Consulting for IBM's Business Continuity & Resiliency Services, for his perspective on the subject.

Cocchiara leads a worldwide team who work with clients on systems availability, disaster recovery planning, business continuity management and IT governance.



More than three quarters of IT professionals have experienced a data center outage in the past year, a report released on Tuesday by disaster recovery company Zerto said.

In a survey of 356 IT professionals, including IT managers, VMware and sys admins, Zerto found that 42 percent of respondents report to have experienced an outage in the last six months, with 86 percent of those incidents caused by something other than a natural disaster. The top two causes of a data center outage are hardware failure and power loss.

According to the report, 7 percent of companies have no disaster recovery plan at all, which is particularly disturbing when you see the different types of industries the respondents work in, including finance, healthcare, legal, education, pharmaceuticals and manufacturing. In a report from 2011, data center association AFCOM found that more than 15 percent of data centers have no plan for business continuity or disaster recovery.



After investigating alleged steroid use by New York Yankees third baseman Alex Rodriguez, Major League Baseball has reportedly offered him a plea deal. It’s the latest installment in a sad story, with important lessons for companies and workers, both inside and outside the ballpark.

Before allegations of his steroid use surfaced, Rodriguez had become one of baseball’s most storied – and lucrative – franchises and one of the wealthiest players in the game’s history. His annual earnings were $30.3 million according to FORBES’ latest estimates, making him #18 in the magazine’s list of the world’s highest paid athletes. Penalties and fines could mar his future earnings and what should be a hall-of-fame career.



These are some of the lessons that emerge for corporate America.



The surge of BYOD and mobile devices in general has unleashed havoc in mobile security in the enterprise. IT security managers have been attempting to deal with the fast influx of devices, but most are reeling from the overload of OSes, security issues, vulnerabilities and technologies aimed at securing such devices. In response to this, the National Institute of Standards and Technology (NIST) has provided an informative publication to assist IT organizations in securing mobile devices throughout their life cycles.

The Guidelines for Managing the Security of Mobile Devices in the Enterprise Download breaks down the issues surrounding mobile device security into manageable segments, including:

  • Defining Mobile Device Characteristics
  • Technologies for Mobile Device Management
  • Security for the Enterprise Mobile Device Solution Life Cycle

Within each section are many subsets of information to guide IT security teams in developing their own mobile device security management plan. According to NIST, organizations may not need to use all of the services covered, but services to be considered should include:



Wednesday, 31 July 2013 14:51

Are Businesses Rushing to BYOD Too Quickly?

CIO — Are you breaking the law with your BYOD policy?

In a TEKsystems June survey of 3,500 tech professionals, 35 percent of IT leaders (such as CIOs, IT vice presidents and directors) and 25 percent of IT professionals (such as developers, network admins and architects) are not confident that their organization's BYOD policy is compliant with data and privacy protection acts, HIPAA, Dodd-Frank or other government-mandated regulations.

Half of the respondents also believe that 25 percent or more of sensitive data is at risk due to end users accessing this information over personal devices.

These and other alarming findings paint a disturbing picture: The race to embrace BYOD might be outpacing sound business practices.



I’ve mentioned in previous posts that Big Data is more than just big. In order to realize its true value, it must be fast as well.

That means analysis has to approach real-time levels in order to ensure that the final product is relevant to the rapidly changing business environments in which most enterprises find themselves. And therein lies the problem, because while Big Data analytics platforms can be deployed on existing data center infrastructure, producing a real-time architecture will take a bit of work.

Hitachi Data Systems recently completed a study of UK organizations that have implemented Big Data strategies and found that more than half were still relying on outdated or inaccurate information because their legacy infrastructure could not meet the demands of real-time analytics. A key problem remains the stubborn presence of data silos within existing infrastructure, which prevent analytics engines from gaining a true picture of both structured and unstructured data sets. Not to mention, critical data is often kept hidden from decision makers because it can’t be made available on an organization-wide basis.



Truly savvy managers know the value of information. It’s the stuff intelligent decisions are borne of. But in recent weeks, the international community and the US Federal Government have been howling over the data collection efforts of the National Security Agency, making arguments as to whether or not those efforts are in the interests of US national security and whether or not data mining is an invasion of individual civil liberties. The concerns being raised may be misplaced. The major concern may not be with the data, but with the information being derived from it.

Information is distilled data. Distillation is a process that profoundly alters the natural state of the data. Anyone who has ever distilled data knows that context, sampling procedures, and data aging all play significant roles in the value of the information derived there from. As managers and executives, we need to examine four key considerations whenever we’re using data and information to make critical business decisions:



Tuesday, 30 July 2013 16:42

ERM: Old concept, new ideas

CSO - Enterprise risk management (ERM) is hardly new. Eric Cowperthwaite, CISO at the nonprofit healthcare organization Providence Health and Services, recalls hearing the term for the first time in the late 1990s, "and it existed before then, even if we didn't call it that," he said.

Indeed, the term goes back several decades, according to Jeff Spivey, who is vice president at RiskIQ, president at Security Risk Management, and international vice president of ISACA.

"My father was involved in risk management beginning in 1968," he said. "What was then called 'risk management' is now called 'enterprise risk management.'"

John Shortreed, a member of the International Organization for Standards, which developed ISO 31000, one of the most prominent frameworks for ERM, says the framework has been "evolving and maturing over the last decade, in response to the increasing risks [in] our world" brought on by such varied factors as interconnectivity, climate change and economic upheaval.



While the tragedies of April 15 and April 18, 2013, are forever etched into the minds of the greater-Boston and MIT communities, 46 participants in the MIT Professional Education course Crisis Management and Business Continuity, had the opportunity to hear first-hand accounts of the events on Boylston Street and MIT’s campus from several key responding organizations, news outlets, an MIT alumnus, and several others on July 18 at the Stata Center.

The panel titled “The Boston Marathon bombings: Exemplary response amid horror,” was moderated by WBUR’s Deborah Becker, and included Edward Davis, Boston Police commissioner; James Hooley, chief of Boston EMS; Dr. Paul Biddinger, chief, Division of Emergency Preparedness, medical director, Emergency Department Operations, Massachusetts General Hospital; Imad Mouline, SB ’91, CTO, Everbridge, a Mass and Emergency Notification software company; Joe Sciacca, editor-in-chief of the Boston Herald; and Peter Casey, programming and news director, WBZ radio. William VanSchalkwyk, managing director, Environment, Health, and Safety Headquarters Office, MIT; and Helen Privett, business continuity manager at GMO, were also on hand.



Colleges and universities are putting the financial and personal information of students and parents at risk by allowing them to submit such data to the school in unencrypted email.

That was a finding in a survey released Monday by Halock Security Labs after surveying 162 institutions of higher learning in the United States.

Half the institutions allowed sensitive documents to be sent to them in unencrypted emails, the survey said, while a quarter of the schools actually encouraged such transmissions.

"Typically, they do what they need to do to comply with regulations, but they're weak on risk management and actively controlling  and managing risk," Terry Kurzynski, a partner with Halock Security Labs, said in an interview.



Has a third-party vendor caused a data breach at your organization? If so, did the vendor notify you? If you weren’t notified during — or right after — the investigation you have plenty of company.

A new study conducted by the Ponemon Institute indicates that many business associates don’t notify their organizations of a data breach during the investigation or after determining the cause of the incident. In fact, 47 percent of those polled either have no timeframe for notification or they do not notify the organization at all.

 These facts alone are alarming but can be especially detrimental to an organization in the health care industry, where the new HIPAA Omnibus Final Rule broadens the definition of a data breach and calls for stricter enforcement and greater penalties. The Omnibus Rule took effect in March 2013, although organizations have until September to comply.



A tremendous amount of attention has been lavished on machine-to-machine (M2M) communications. One of its great selling points is its ubiquity. It holds the promise of burrowing into the nooks and crannies of everyday life and providing communications affecting a massive number of mundane uses. It’s a terrific time and labor saver – if things go according to plan.

Believe it or not – and I know this is shocking – things don’t always go according to Hoyle. M2M, if compromised, can turn those rote procedures and promises into real headaches. The Internet of Things can turn into the Internet of Troubles.



It seems like barely a week goes by that there isn’t another development in the software-defined data center.

But as the advancements keep piling up, one thing is becoming clear--or less clear when you think about it. As more and more vendors, developers, systems integrators and data operators and providers enter the field, the more muddled it becomes. What once appeared to be a fairly straight-forward, albeit highly technical, means of extending the benefits of hardware virtualization across both localized and distributed infrastructure is quickly becoming a mish-mosh of platforms, architectures and design philosophies that could very well end up destroying the broad universality that the technology was supposed to engender.

In this way, software-defined tech is no different from the many IT evolutions of the past. Yet it is still painful to see another golden opportunity for widespread infrastructure interoperability slip through the data community’s grasp.



JERSEY CITY, N.J. – ISO announced today revisions to its e-commerce (cyber insurance) product. The E-Commerce Program enhancements from ISO introduce new insurance policies designed specifically for companies with a media liability exposure. Both a "claims-made" and "occurrence" version, each providing defense within limits, are available. ISO is a member of the Verisk Insurance Solutions group at Verisk Analytics (VRSK).

The new policies complement ISO`s existing cyber liability insurance policies: the Information Security Protection Policy (for commercial risks) and the Financial Institutions Information Security Protection Policy (for all financial institutions).

ISO`s media liability policies offer eight separate insuring agreements: media liability; security breach liability; programming errors and omissions liability; replacement or restoration of electronic data; extortion threats; business income and extra expense; public relations expense; and security breach expense. All of them can be written with separate limits and deductibles. Similar to the existing ISO cyber insurance policies, the new media liability policies have associated manual rules and loss costs.



Recent developments in the cybersecurity landscape have heightened interest in the challenges associated with accurately anticipating and understanding risk, and using that knowledge to better manage organizations.

Enterprises are better delivering risk assessment and, one hopes, defenses, in the current climate of challenging cybersecurity.

Nation-state types of threats may have a very serious impact on organizations. President Obama has directed the National Institute of Standards and Technology to develop a new cybersecurity framework. The administration has sharpened its focus on what can be done to improve cybersecurity throughout the United States' critical infrastructure.

In this podcast, a panel of experts discuss how predicting risks and potential losses accurately is an essential ingredient in enterprise transformation.

- See more at: http://www.ecommercetimes.com/rsstory/78587.html#sthash.uKinWVIy.dpuf

Recent developments in the cybersecurity landscape have heightened interest in the challenges associated with accurately anticipating and understanding risk, and using that knowledge to better manage organizations.

Enterprises are better delivering risk assessment and, one hopes, defenses, in the current climate of challenging cybersecurity.

Nation-state types of threats may have a very serious impact on organizations. President Obama has directed the National Institute of Standards and Technology to develop a new cybersecurity framework. The administration has sharpened its focus on what can be done to improve cybersecurity throughout the United States' critical infrastructure.

In this podcast, a panel of experts discuss how predicting risks and potential losses accurately is an essential ingredient in enterprise transformation.

- See more at: http://www.ecommercetimes.com/rsstory/78587.html#sthash.uKinWVIy.dpuf

Considering potential threats to an organization's reputation as part of the strategic planning process can help reduce such risks and even position a company to enhance its reputation by allowing it to prepare an effective response when an event occurs.

“I think there is a very powerful connection between strategic risk management and reputation and brand management,” said James W. DeLoach, managing director at consultant Protiviti Inc. in Houston.

“As we view certain events over the last several years, we have come to realize even the best household names, the best brands face their moment of crisis. No company is immune to the risk of a crisis,” Mr. DeLoach said.



Can you imagine a major industry which suffers a near death experience, angers its entire customer base—wholesale and retail, domestic and international—and yet refuses to publicly apologise and adopt a plan of action that commits the industry to not repeating the mistakes of the past. That is where the banking industry is at right now.

This lack of decisive action on the part of the industry’s leadership will do lasting damage to not only the industry but also to its as yet unforgiving customers and the global economy. Part of the problem is that the industry does not appear to even realise that it is in a crisis—one which has been brought about by a complete loss of public faith in its activities. That is a tragedy.



Monday, 29 July 2013 15:57

The RAID5 delusion

Case in point
I spoke to the head of small company – about 25 employees – who had suffered a RAID5 drive failure. The 4TB RAID was used for file sharing.

A drive failed, reconstruction failed and vendor phone support was disastrous. All data was lost.

But the worst of it was that there was no backup. They believed that RAID5 would protect their data. They were wrong.

What RAID5 is for
RAID5 does offer some data protection assuming it works. But it's main purpose is to protect access to your data. This is why it is popular in enterprise applications where maintaining data access during a failure is of vital concern.



While there’s a tendency to think of cloud computing as a nebulous IT experience that provides continuous access to files and applications, the reality of cloud computing is governed much more by the unforgiving laws of physics. In fact, cloud computing is little more than a massive exercise in distributed computing where the location of files and applications matters more than ever.

Given that reality, there’s a lot more interest these days in putting applications in the cloud as near to the core Internet as possible without being locked into a specific carrier for network services.



Computerworld — There's a new C-level executive -- the Chief Digital Officer (CDO) -- in the boardroom, charged with ensuring that companies' massive stores of digital content are being used effectively to connect with customers and drive revenue growth.

At first blush, an executive title that includes the word "digital" would seem to encroach on IT's territory. Not so, observers say -- but that doesn't mean tech leaders don't need to be prepared to work closely with a CDO somwhere down the line.

Gartner last year reported that the number of CDOs is rising steadily, predicting that by 2015, some 25% of companies will have one managing their digital goals, according to analyst Mark P. McDonald. (See also CDOs by the numbers.)

While media companies are at the forefront of this movement, McDonald says, all kinds of organizations are starting to see value in their digital assets and in how those assets can help grow revenue.

"I think everybody's asking themselves whether they need [a CDO] or should become one," McDonald enthuses. "Organizations are looking for some kind of innovation or growth, and digital technologies are providing the first source of technology-intensive growth that we've had in a decade."



Monday, 29 July 2013 15:51

Cloud EHR Lessons Learned in Haiti

CIO — Healthcare providers in the United States have preconceived notions about electronic health records—namely, that EHR systems haven't lived up to their promise of transforming healthcare by improving efficiency and cutting costs.

The healthcare industry also has preconceived notions about cloud computing, too—namely, that the cloud isn't secure enough for patient data.

Go to Haiti, though, and the story's dramatically different. There are no preconceptions, no tales of IT implementations gone wrong and no government mandates to adopt technology. As one health worker told Pierre Valette, vice president of content communications for cloud EHR and practice management software vendor athenahealth, "They've got nothing to unlearn."



We couldn’t let this week end without leaving you with another reminder of the unaddressed risks in BYOD practices. It’s a trend that shows no sign of slowing, as the risks may be multiplying faster than IT’s ability and willingness to take control in some organizations.

In a Fiberlink survey conducted by Harris Interactive among 2,064 U.S. adults earlier this year, respondents answered questions about how they use their personal and work-provided mobile devices, how they regard those devices, and which specific risky activities they have performed with those devices.

What have they been up to? Twenty-five percent had opened or saved a work attachment file into a third-party app like Dropbox. Twenty percent had cut and pasted a work-related email or attachment from company email to personal email. Eighteen percent had accessed websites blocked by company policy. Fifty-six percent reported they had not performed any of these activities. Since this is self-reported, we can assume these numbers are skewed to make the respondents look more chaste than they may really be.



A recent study of 35 large organizations found that social data is still “largely isolated from business-critical enterprise apps” and is created in departmental silos.

The Altimeter Group study found that the average enterprise-class company owns 178 social accounts, with 13 departments “actively engaged” on social platforms. That’s creating serious social data silos, and, not surprisingly, there’s very little effort to integrate all this data.

You really didn’t need a crystal ball to see this coming. As long as businesses function in departmental silos, there will be data silos that mimic that structure.

The report also revealed it’s not always easy to integrate this data, attributing the issue to the fact that so many organizational departments touch the data, “all with varying perspectives on the information,” the article states, adding:

“The report also notes the numerous nuances within social data make it problematic to apply general metrics across the board and, in many organizations, social data doesn’t carry the same credibility as its enterprise counterpart.”

When social data is integrated with enterprise data, it’s usually through business intelligence tools (42 percent), followed by market research at 35 percent. CRM (27 percent), email marketing (27 percent) and sensor data (uh? 4 percent) are also points of convergence.



Now that energy prices seem to have stabilized once again, there has been a noticeable shift in attitude surrounding the development and design of the next-generation, “green” data center.

It’s not that the IT industry has discarded the concept entirely--indeed, a number of high-profile projects are scheduled to break ground in the next few months--but there is growing disagreement over how to ensure that everyone’s needs are being met, including data providers, data consumers and the environment itself.

A key topic of debate is the use of renewable energy. Whether it’s wind, water, solar, geothermal, etc., questions are surfacing as to whether full or even partial dependence on renewables is right for the data center. It’s important to note that some of the criticisms are coming from leading environmental researchers, not the data center industry.



CIO — Earlier this week, Intel discussed its plans to forever change the data center as we know it.

Intel, a core technology maker, is now aggressively moving from servers into networking and storage and partnering with segment leaders such as Cisco Systems and EMC along the way. This could make the near future rather interesting.


Think RAID, But With Cheap Processors

For a while, I was convinced that Intel wouldn't catch this wave. Years ago, Microsoft began an initiative to rethink the data center as kind of a modular server. Applying a RAID-like concept to low-cost processors stood at the center of this effort. Replacing the "D" in RAID with a "P" would give any CMO a heart attack, so the concept never got a catchy name—but, on paper, it was poised to reduce computing costs dramatically.



By far the majority of reputation crises I’ve been involved in have a very, very important question at the core: how do we avoid fanning the flames? There is a very real danger in communicating about an event of actually doing harm rather than improving the situation. The greatest danger, of course, is bringing a bad story to the attention of others who otherwise would not even be aware of it.

The understandable fear of this I believe is the main cause for the other problem which is “too little, too late.” When actions taken, or messages communicated about a big problem, are seen as coming slowly only as a result of outrage or pressure, then reputation damage can be severe.

This is a dilemma, a clear example of being between a rock and a hard place. And almost everyone wants to know how to make a sure-fire strategy decision that doesn’t cause harm in either direction.



Two months after Hurricane Sandy pummeled New York City, Battery Park is again humming with tourists and hustlers, guys selling foam Statue of Liberty crowns, and commuters shuffling off the Staten Island Ferry. On a winter day when the bright sun takes the edge off a frigid harbor breeze, it's hard to imagine all this under water. But if you look closely, there are hints that not everything is back to normal.

Take the boarded-up entrance to the new South Ferry subway station at the end of the No. 1 line. The metal structure covering the stairwell is dotted with rust and streaked with salt, tracing the high-water mark at 13.88 feet above the low-tide line—a level that surpassed all historical floods by nearly four feet. The saltwater submerged the station, turning it into a "large fish tank," as former Metropolitan Transportation Authority Chairman Joseph Lhota put it, corroding the signals and ruining the interior. While the city reopened the old station in early April, the newer one is expected to remain closed to the public for as long as three years.

Before the storm, South Ferry was easily one of the more extravagant stations in the city, refurbished to the tune of $545 million in 2009 and praised by former MTA CEO Elliot Sander as "artistically beautiful and highly functional." Just three years later, the city is poised to spend more than that amount fixing it. Some have argued that South Ferry shouldn't be reopened at all.



When I was 21, I almost lost several hundred million dollars by threatening to mutilate one of our customers.

In my senior year in college, I worked full time as an intern PM at NetApp NTAP -1%. I spent most of that time at work being groomed and prepared to be a full PM, and given that my background was in cryptography I got pulled into a lot of customer meetings related to security.

One of our customers at the time was undergoing a big change with their security architecture,  and I tagged along with one of the directors to the meeting. I was one of ten PMs giving talks on roadmap and our plans, and I had 30 minutes to convince their CIO and CEO that we could integrate our new systems well with the new security infrastructure they were rolling out.



WASHINGTON, D.C. — U.S. small businesses — widely recognized as the backbone of the U.S. economy — are particularly at risk from extreme weather and climate change and must take steps to adapt, according to a new report from Small Business Majority (SBM) and the American Sustainable Business Council (ASBC).

Titled “Climate Change Preparedness and the Small Business Sector,” the report concludes: “Because small businesses are distinctly critical to the U.S. economy, and at the same time uniquely vulnerable to damage from extreme weather events, collective actions by the small business community could have an enormous impact on insulating the U.S. economy from climate risk.”

Featuring case studies from the retail, tourism, landscape architecture, agriculture, roofing and small-scale manufacturing sectors of the U.S. economy, the Small Business Majority/ASBC report finds:



By David Zahn, FuelQuest

Hurricane season began June 1 and will last for six months. The National Oceanic and Atmospheric Administration (NOAA) predicts 2013 will be an above-average year for tropical storms and hurricanes. NOAA estimates anywhere between 13 and 20 named storms (sustained winds of 39 miles or greater) and between seven and 11 hurricanes (sustained winds of 74 miles or higher), with three to six of those storms possibly becoming at least a Category 3 (111 miles per hour or higher winds).

Contrasted against seasonal averages of 12 named storms, six hurricanes and three major hurricanes, communities, businesses and governments are on notice for 2013.

The devastating, crippling and deadly nature of these storms is without compare. Hurricane Sandy, which hit the New Jersey coast on Oct. 29, illustrates this fact well. According to the National Hurricane Center, Sandy impacted 24 states, caused 72 deaths and generated more than $50 billion in damages. It also left more than 8.5 million customers without power.



“Business Continuity Planning: Is it an Art or a Science?” That discussion rages on, with as much intensity as the chicken-or-the-egg controversy.  But there is no doubt when it comes to Incident Management – there must be an underlying science for the response to be predictable and effective. One key element of that science is the “Causality Chain”, knowledge which can lead to a predictive response (the selection of appropriate strategies, tactics, actions, or plan to invoke) in any disruptive incident.

An understanding of the Causality Chain should start with an understanding of the organization model.  An organization, in its simplest form, can be represented as a collection of interdependent assets – People, Facilities, Processes, Technology and Supply-Chains – all engaged in delivering products and/or services. This is true in any industry; products and services are an outcome in manufacturing, retail, finance, energy, communications, information, services and everything else – including non-profits and government.



By Brandon Butler

Network World — Oracle had a busy couple of weeks at the end of June, rolling out a new version of its database software and announcing partnerships with Microsoft, Salesforce.com and NetSuite. In doing so the company who's CEO Larry Ellison at one time bemoaned cloud computing has almost overnight become a major player in the industry. Here's why.

The moves are not just significant for Oracle; the partnerships that the company has garnered are significant to the partnering with Microsoft and Salesforce, too. And they'll also reverberate across the industry to competing companies such as Amazon Web Services and SAP, predicts Holger Mueller, vice president at Constellation Research who recently published a report about these developments. "The bottom line: Oracle technology will play a fundamental role accelerating cloud adoption," he writes.



Disaster Recovery and Business Continuity are completely different. They are siblings but still two separate and unique topics. Disaster Recovery is technology + process + people for IT systems. Business continuity is people + process for business functions. You can have Business Continuity without Disaster Recovery. The opposite is a total waste of money. If there is no plan for the business to recover and connect to IT systems, you are pouring money down the drain.

In addition, Disaster Recovery is not all about technology. There have been some good discussions about Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) in the industry. However, the linkages to the business functions have not thoroughly been detailed. Even large companies have issue with correlating the IT systems to business functions. In fact, one very large airline I worked with is a perfect example. They named 55 mission critical business functions. IT identified 55 mission critical applications. After some due diligence in aligning business function to applications, only 9 of the applications named by IT supported mission critical business functions and 46 mission critical business functions were not properly supported. So, there were many applications which had clusters, replication, and expensive Disaster Recovery techniques employed that did not need it.



When a deluge of rain and river water hit Calgary's streets last month, many of the city's businesses were forced to shut their doors and stop employees from coming into work. In fact, an estimated 180,000 workers that live in the downtown core and were forced to evacuate from their homes had no way of getting to work. Some of the country's largest energy corporations were forced to contact staff through social media channels to notify them that their workplaces were no longer accessible. Others asked available staff to log in remotely if they could do so safely. And others set up makeshift satellite offices outside the areas affected by the flood and asked workers to convene at the nearest one instead of overloading the computer systems by logging in remotely all at once.

While the cost of Calgary's floods to local businesses is still being tabulated, the overall economic cost is estimated to be more than $1-billion. Much of that will be related to business losses in the wake of the flood. Tragedies such as the Alberta flood bring to the fore more frequently the often-overlooked issue of risk management and business continuity planning.



Thursday, 25 July 2013 15:41

Plan Vs. Technology

Technology is not a Plan. Technology enables a Plan. A Plan coordinates the people and processes that are then enabled by the technology. A replication package only “copies” (I realize it does more than copy, but for simplification purposes that’s what we will call it) bits from one location to another one. How do you decide what to replicate? How do you decide whether there is corruption? How do you handle a hardware failure on one or both of the arrays which are involved in the replication during a disaster? Who declares disaster? Who makes the decision to purchase an array, if necessary? How do you communicate between team members if cell phones and land lines are down? Where do you go to connect if the normal location is inaccessible (blocked off by police, etc.)?

These are the things that a Plan addresses. Apologies for stating the obvious for some. As you can tell, one of my pet peeves is the belief by IT that technology IS the Plan. The same is true for the business assuming that because they think it is “backed up” it is instantly available and synchronized.



The Wharton School’s Risk Management and Decision Processes Center is joining forces with Zurich Insurance Group in an effort to enhance flood resilience.

In this one-of-a-kind multiyear interdisciplinary approach, Wharton and Zurich, which provides a wide range of insurance services worldwide, will expand upon current research on flood resilience, risk reduction and economic and communal security.

The Risk Management and Decision Processes Center focuses its research on catastrophic risk management as it applies to manmade hazards — floods impact more people across the globe than does any other natural disaster.

“Catastrophic floods — from hurricanes such as Katrina or Sandy, from tsunamis, or from inland flooding as recently happened in Europe—have caused billions of dollars in losses and displaced millions of individuals and businesses in recent years,” Managing Director of the Wharton Risk Center Erwann Michel-Kerjan, who will lead Wharton’s research efforts, said in a statement.



Data storage has always been a challenge but in recent times it has become harder to manage, purely because of the sheer amount of information organisations are dealing with. This includes structured data from enterprise systems and unstructured data from social networks – all accessed using connected and increasingly, mobile devices.

These trends have raised significant issues for storage managers around how to best manage capacity to cope with the constant influx of data, while optimising performance, managing disaster recovery activities and controlling costs. At the same time, IT managers and other technologists have more choice than ever when it comes to controlling storage infrastructure – including managing all or parts of their storage onsite or in the cloud.

Throughout May and June, IT leaders discussed these issues and more at a series of Computerworld roundtable events in Brisbane, Melbourne, Perth and Sydney, sponsored by IBM.



Arlington, VA - Today, the Ethics Resource Center released its latest report, National Business Ethics Survey of Social Networkers: New Risks and Opportunities at Work. The study investigates how social networking is affecting the way work gets done, reshaping relationships among workers at all levels of an organization, and altering attitudes about the type of conduct that is acceptable in the workplace.

Major findings show that the more active the social networker, the more likely they are to encounter ethics risks (witness misconduct, feel pressure to compromise standards, and experience retaliation for reporting misconduct). The report also indicates that, despite what many think, social networks are not only for younger employees. Forty-seven percent of active social networkers are under the age of 30, but not far behind, 40 percent are between the ages of 30 and 44.

“Social networking is transforming the office environment in unpredictable ways, with changes that could potentially involve employees at all levels.” said ERC’s President, Dr. Patricia J. Harned. “It is important that those in leadership roles do not fall behind the curve, so they are prepared to act in ways that will seize the opportunities social networking creates, while limiting the risk.”



Thursday, 25 July 2013 15:30

12 Predictive Analytics Screw-Ups

Computerworld — Whether you're new to predictive analytics or have a few projects under your belt, it's all too easy to make gaffes. "The vast majority of analytic projects are riddled with mistakes," says John Elder, CEO at data mining firm Elder Research.

Most of those aren't fatal -- almost every model can be improved -- but many projects fail miserably nonetheless, leaving the business with a costly investment in software and time, and nothing to show for it.

And even if you develop a useful model, there are other roadblocks from the business. Elder says that 90% of his firm's projects are "technical successes," but only 65% of that 90% are ever deployed at the client organization.

We asked experts at three consulting firms -- Elder Research, Abbott Analytics and Prediction Impact -- to describe the most egregious business and technical mistakes they're run across based on their experiences in the field. Here is their list of 12 sure-fire ways to fail.



Chances are your organization is so reliant upon IT services that it couldn't function without it. That's why business continuity planning often falls under the purview of the IT department, even though it affects the entire company.

This is both a great thing and a not-so-great thing. On one hand, IT knows that it's covered in the event of a crisis. On the downside, the rest of the company is often left thinking, "Not my problem." So when the time comes for IT to test the disaster recovery models, the rest of the business often won't tolerate being put offline for the sake of business continuity testing. It's no wonder that only 40% of IT organizations have tested their disaster recovery plans in the last 12 months. It's no easy task, but a rock-solid business continuity plan is mission critical for high-functioning, mature companies.



Pointing out how poorly you pay your own employees is a crisis management faux pas

So, you set out to create a website, accessible to the public, aimed at helping your employees budget. You have hopes of helping them out, but let’s be real here, you’re also looking to grab you some good PR in the process. Once you get started, however, you realize that there is no way a typical employee at your organization makes enough to live on, even with a second job, and leaving out minor expenses like food, water, and clothing…because those are luxury items, right?

Most of us would scrap the project on the spot, but not McDonald’s! The company, which has already run into a few stumbling blocks while getting acquainted with how the modern web works, must not have thought it was a problem because they went live. As could be expected, the company took a beating in the media, largely as result of the buzz generated following video, from the activists at Low Pay is Not Okay:

- See more at: http://managementhelp.org/blogs/crisis-management/2013/07/23/mcdonalds-callous-crisis-management-mistake/#sthash.M923gTRZ.dpuf

Pointing out how poorly you pay your own employees is a crisis management faux pas

So, you set out to create a website, accessible to the public, aimed at helping your employees budget. You have hopes of helping them out, but let’s be real here, you’re also looking to grab you some good PR in the process. Once you get started, however, you realize that there is no way a typical employee at your organization makes enough to live on, even with a second job, and leaving out minor expenses like food, water, and clothing…because those are luxury items, right?

Most of us would scrap the project on the spot, but not McDonald’s! The company, which has already run into a few stumbling blocks while getting acquainted with how the modern web works, must not have thought it was a problem because they went live. As could be expected, the company took a beating in the media, largely as result of the buzz generated following video, from the activists at Low Pay is Not Okay:

- See more at: http://managementhelp.org/blogs/crisis-management/2013/07/23/mcdonalds-callous-crisis-management-mistake/#sthash.M923gTRZ.dpuf
Wednesday, 24 July 2013 16:15

Dreamworks builds disaster recovery program

If a major earthquake hits Glendale, one of the city's largest businesses, DreamWorks Animation, wants to get back to work as soon as possible — and has partnered with the city on a new program to make that happen.

On Monday, officials from the city of Glendale and the animation studio announced the new partnership, called the "Back to Business" program, during a press conference on DreamWorks' campus on Flower Street.

City Building Official Stuart Tom said the program allows businesses to pre-qualify to perform their own damage assessments with private engineers, who are 'deputized' on a case-by-case basis, in the wake of a disaster.



Over the past 2½ years, Christchurch's business environment has challenged many assumptions and contracts. In this six-part series, lawyers from Christchurch legal firm Malley & Co look at some of the lessons all businesses can learn. In this article Michael McKay looks at some of the insurance issues.
Repairs to earthquake damaged shops on New Regent Street after the Christchurch earthquakes. If a loss in profit was because of damage to a business's property, it was likely to be covered by insurance. If, however, the loss was due to fewer customers visiting the affected area, it may be excluded under another circumstances clause. Photo / File
Repairs to earthquake damaged shops on New Regent Street after the Christchurch earthquakes. If a loss in profit was because of damage to a business's property, it was likely to be covered by insurance. If, however, the loss was due to fewer customers visiting the affected area, it may be excluded under another circumstances clause. Photo / File

Insurance is one of the biggest business issues to emerge from the Christchurch earthquakes.

It's led several businesses to consider whether they can claim under their existing policy and whether that policy is still appropriate.

After the earthquakes, it became apparent that many insured and insurers held different views about the scope of their policies. Policy provisions were often untested, and interpretations differed.



Wednesday, 24 July 2013 16:00

Will CSOs Become CROs in the Future?

CSO — Few would deny the chief security officer role has evolved quite a bit in recent years. At many large companies, the heads of both physical and information security now report in to the same person, an enterprise CSO. The pace of change for the function is accelerating along with the ever-changing nature of threats.

Today, many believe CSOs will morph, sooner rather than later, into chief risk officers (CROs), monitoring and mitigating enterprise risks, including those relating to information security and facilities (but excluding financial risks, which are covered by the more traditional CRO function in large companies). At a high level, the new responsibilities include understanding your company's risk profile and risk appetite and then mitigating the risks accordingly.



CSO — A recent study that greatly reduces an often-cited estimate on the economic impact of cybercrime and cyberespionage should not give companies a reason to spend less on security, experts say.

The McAfee-sponsored report, released on Monday, found that Internet-based crime and spying cost the U.S. economy as much as $100 billion a year, not the $1 trillion originally estimated by the Intel-owned security vendor. The study was done in conjunction with the nonprofit Center for Strategic and International Studies.



You work in compliance. Now you are on the horns of a dilemma.  Are you going to become a whistleblower or not?

Serious Misconduct

You have learned of serious misconduct within your organization that has been overtly or tacitly approved by high-level management.   You have alerted those above you –or outside counsel– about the misconduct or have tried your best to put a stop to it.  But neither has worked.  You are appalled by what you have witnessed and may even be concerned with being held accountable if and when the misconduct gets exposed and turns into a civil or criminal action.  You understandably are worried about your reputation, both professionally and personally.  You’re near the end of your rope.  Perhaps, you’ve even spoken out so vehemently that you’ve already lost your job.



On July 22, 2013, a 6.6 magnitude earthquake, followed by hundreds of aftershocks, jolted China’s northwest Gansu Province, one of the country’s most under-developed regions. Ninety four people were initially reported dead, although that number is likely to rise in coming days. Hundreds were injured and some 227,000 people were displaced by the earthquake, which damaged 127,000 homes. Heavy rain is forecast to hit the affected area—potentially affecting rescue and relief efforts and increases chances of landslides or houses collapsing.

The Red Cross Society of China immediately responded to assess needs on the ground and dispatch relief supplies, including tents, family kits, jackets and quilts, and more items are being mobilized from warehouses around the country. A 24-member health Emergency Response Team, including volunteer doctors and psychosocial specialists, have also deployed to the affected area.

China is one of the world’s most disaster-prone countries—with approximately 70% of its cities and half of its population located in disaster-prone areas. Earlier this year, the Red Cross Society of China responded to a 7.0 magnitude earthquake in the hit Sichuan province, which killed 196 people and injured over 13,400.

The International Federation of Red Cross and Red Crescent Societies is closely monitoring the situation together with the Red Cross Society of China.


Wednesday, 24 July 2013 15:51

… addicted to thinking

Every so often I find something that sparks me out of the intellectual wasteland that so much of the debate around risk, BC and resilience seems to have become. One example is the book I recently finished reading - Addicted to Performance by John Bircham and Heather Connolly.

I would recommend this to those interested in risk and resilience thinking.
If your primary approach to risk, BC and resilience is standardised, templated and adhering to conventional wisdom – rather than application of critical thinking – this book is for you. But you may not fully appreciate that.



Company Growth Rate Remains Above 40% as Company Exceeds $43 Million in Annualized Revenue


HOUSTON, TX – Alert Logic (www.alertlogic.com), the recognized leader in Security-as-a-Service solutions for the cloud, today announced GAAP revenues for the quarter ending June 30, 2013 of $10.1 million, up 43 percent from the second quarter of 2012, and up 7 percent from the first quarter of 2013. Alert Logic’s annualized revenue under contract in the month of June 2013 exceeded $43 million, and is tracking ahead of the company’s plan to reach a $50 million run-rate by the end of 2013.

Alert Logic realized strong Q2 momentum within the public cloud sector as the company’s release of Threat Manager for Cloud and Log Manager solutions helped secure more than 100 Amazon Web Services customers.

“Our strong growth this quarter keeps us on track to reach our goal of being a $50 million business by the end of 2013,” said Gray Hall, Alert Logic’s president and CEO. “Our new product releases from the second half of 2012 and the first half of 2013 helped fuel our growth this quarter, and we expect a similar boost in the future from the exciting new products and capabilities we plan to launch in the second half of 2013.”

To date, Alert Logic has more than 2,200 customers using its Security-as-a-Service solutions, both via service providers and directly from Alert Logic.

Alert Logic’s notable highlights for Q2 2013 include:

·         Releasing the next generation of Threat Manager, the first fully managed threat management solution deployable in any elastic cloud infrastructure, irrespective of hypervisor and networking architecture.

·         Being named a “Cool Vendor“ by Gartner in its 2013 Security Services report, which recognizes Alert Logic for its innovative business model, intrusion detection, vulnerability assessment, log management and web application firewall Security-as-a-Service solutions and cloud-based architecture.

A privately held company, Alert Logic publicly reports its Generally Accepted Accounting Principles (GAAP) revenue results and growth rates quarterly, in addition to its annualized recurring revenue under contract. Alert Logic’s financial statements have been audited in accordance with GAAP since 2005. All Alert Logic revenue is derived through long-term subscription contracts, consistent with the company’s Security-as-a-Service business model. Alert Logic’s solutions are sold directly to enterprise customers and through a diversified channel of resellers and cloud service provider partners.

Alert Logic specializes in providing a portfolio of Security-as-a-Service solutions for customers of hosting and cloud service providers. More than half of the largest managed hosting and cloud service providers use Alert Logic to secure their customer environments, making Alert Logic the de facto standard for securing infrastructure in hosted and cloud environments.

Alert Logic’s Security-as-a-Service solutions provide customers four distinct advantages: market-leading security tools, a fully outsourced and managed SaaS delivery model, integrated 24×7 Security Operations Center (SOC) services to monitor and provide expert guidance, and the ability to deploy wherever a customer has IT infrastructure, including the cloud.



About Alert Logic
Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud, provides solutions to secure the application and infrastructure stack. By integrating advanced security tools with 24×7 Security Operations Center expertise, customers can defend against security threats and address compliance mandates. By leveraging an “as-a-Service” delivery model, Alert Logic solutions include day-to-day management of security infrastructure, security experts translating complex data into actionable insight, and flexible deployment options to address customer security needs in any computing environment. Built from the ground up to address the unique challenges of public and private cloud environments, Alert Logic partners with over half of the largest cloud and hosting service providers to provide Security-as-a-Service solutions for business application deployments for over 2,200 enterprises. Alert Logic is based in Houston, Texas, and was founded in 2002. For more information, please visit www.alertlogic.com.

A policy debate is raging in Europe over cloud computing and those who want to bind the cloud in over-prescriptive regulation threaten to prevent the benefits of the new technology being felt, argues Thomas Boué.

Thomas Boué is director of government relations for Europe, the Middle East and Africa at the Business Software Alliance, a trade association.

A quiet battle of wills has broken out among European policymakers who are pushing competing visions for how to capitalise on the most significant wave of innovation now underway in information technology: cloud computing.

All agree that by creating a new, more efficient architecture for computing, the cloud offers vast economic benefits. It lets enterprises avoid the cost of buying and maintaining some of the IT hardware and software they need to run their operations. Instead, they can have their computing resources delivered over the internet, as infinitely scalable services. For established companies, this creates cost savings that can be reinvested in the core business. For smaller start-ups, it represents one less obstacle on the path to growth.

But while some rightly see the cloud as an opportunity to accelerate commerce and expand global trade in digital services, others harbour more protectionist urges, focused on creating a European fiefdom in the cloud at the expense of global scale.



"Well, it will never happen!" is an underlying rationale when nonprofits fail to engage in risk management practices.

When "it" does happen, leadership's first question often is "Can we (translated: ‘me') be sued?"

At this point their question is neither timely nor relevant. The relevant question is whether the party harmed can recover from the nonprofit. The answer often confirms the "ounce of prevention" principle. To prevent harm and to minimize its impact requires an effective risk management strategy.



What if you could look over the shoulder of every one of your customers as they used your mobile apps, web pages, kiosks, and other digital channels? What could you learn? How might you use what you learn to dynamically adjust your digital experiences?

In the days when web applications were king, this type of insight was doable with simple web analytics and similar tools. Today, continual experience optimization is much more difficult because of:



Yesterday Intel had a major press and analyst event in San Francisco to talk about their vision for the future of the data center, anchored on what has become in many eyes the virtuous cycle of future infrastructure demand – mobile devices and “the Internet of things” driving cloud resource consumption, which in turn spews out big data which spawns storage and the requirement for yet more computing to deal with it. As usual with these kinds of events from Intel, it was long on serious vision, and strong on strategic positioning albeit a bit parsimonious on actual future product information with a couple of interesting exceptions.

Content and Core Topics:

Demand side drivers – No major surprises here, but the proliferation of mobile device, the impending Internet of Things and the mountains of big data that they generate will combine to continue to increase demand for cloud-resident infrastructure, particularly servers and storage, both of which present Intel with an opportunity to sell semiconductors. Needless to say, Intel laced their presentations with frequent reminders about who was the king of semiconductor manufacturing.


http://blogs.forrester.com/richard_fichera/13-07-23 intel_lays_out_future_data_center_strategy_serious_focus_on_emerging_opportunities

Tuesday, 23 July 2013 16:01

All Hail the Data

A report from the National Insurance Crime Bureau (NICB) has revealed that insurance claims resulting from hailstorm damage in the United States increased by a whopping 84 percent from 2010 to 2012.

In 2010, there were 467,602 hail damage claims filed, but by 2012 that number had jumped to 861,597.

All told, over two million hail damage claims were processed from January 1, 2010 to December 31, 2012, the NICB said.

Perhaps not surprisingly the top five states generating hail damage claims during this period were Texas (320,823); Missouri (138,857); Kansas (126,490); Colorado (118,118) and Oklahoma (114,168).



CIOSoftware defined networking is one of the most misunderstood concepts in infrastructure computing. It's a phenomenon that's growing in relevance, but it's still mysterious to many CIOs, particularly those who were not reared in overly technical practice. Many myths still surround SDN. What exactly is the notion behind the technology? How can you apply SDN at your business? And how can your organization benefit from it.

Software-Defined Networking Basics

Essentially, SDN takes the virtualization phenomenon that's been sweeping datacenters around the globe for the past several years and extends it from computing hardware and storage devices to network infrastructure itself. By inserting a layer of intelligent software between network devices (such as switches, routers and network cards) and the operating system that talks to the wire, software defined networking lets an IT professional or administrator configure networks using only software. No longer must he travel to every physical device and configure—or, in many cases, reconfigure—settings.

SDN achieves the same abstraction that hardware virtualization does. With hardware virtualization, the hypervisor inserts itself between the physical components of a computer (the motherboard, main bus, processor, memory and so on) and the operating system. The operating system sees virtualized components and operates with those, and the hypervisor itself translates the instructions coming to these virtualized components into instructions the underlying physical hardware can handle.



TRENTON, N.J. -- From Liberty State Park in North Jersey to Lucy the Elephant at the Shore, the state has a wealth of historic sites along the coast that have weathered the whims of Mother Nature for many years. Some, like Lucy, are more than 100 years old.

These important historic sites require protection both before and after a disaster, when any damage that has occurred needs to be repaired in a historically and environmentally sound way.

FEMA’s Environmental Planning and Historic Preservation Cadre (EHP) plays a critical role in helping municipalities and agencies understand the importance of compliance with environmental and cultural regulations so they may make informed planning decisions when repairing or rebuilding a damaged historic site.  

EHP provides expertise and technical assistance to FEMA staff, local, state and federal partners, and applicants who are tasked with the challenge of preserving historic, cultural and natural aspects of our national heritage. They help applicants understand what is required under the law and how best to meet these requirements. 

FEMA’s goal is to ensure that when FEMA funding is to be made available for the restoration of historic sites, all applicable federal, environmental and cultural statutes are identified and met.

The EHP program integrates the protection and enhancement of a state’s environmental, historic and cultural resources into FEMA’s mission, programs and activities.

Typical environmental and historic preservation laws and executive orders that may apply to an historic restoration project include the Endangered Species Act, the Clean Air Act, the Clean Water Act, the National Historic Preservation Act, and floodplains, wetlands and federal executive orders such as Environmental Justice. Also included are state historic preservation offices.

In a continuing partnership with local and state governments, FEMA seeks, through funding grants, to help states recover from a presidentially declared disaster and EHP is careful to advise all applicants to recognize environmental concerns in order to avoid project delays and permit denials while preserving and minimizing effects on New Jersey’s environmental and historic resources.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.


Large companies have the resources and the incentive to implement risk management systems. With the increase in compliance by medium and small-sized companies, chief compliance officers and internal auditors are developing and implementing risk management systems. I have never been a fan of complicating or confusing compliance and risk management. After all, risk management naturally belongs in the compliance program functions. Creating a whole new risk management function separate from compliance makes no sense.

With this caveat on the structure and operation of a risk management system, I believe that companies should conduct risk assessment and management strategies. When I use the terms risk assessment and management systems, I am referring to overall organizational risks, including business and operational risks, not a specific anti-corruption risk assessment.

A basic risk management system can be developed through an annual collaborative process which requires the participation of all senior management, as well as mangers in each business unit/product or service line. Essentially, a senior risk management group should be charged with the responsibility of identifying the most significant risks facing the organization.



Pushing compliance responsibilities closer to the front lines of a business can help make the overall process of enterprise risk management more efficient and less painful, but without proper planning it can also create new challenges. When processes are adopted or updated, critical compliance tasks may be inadvertently mitigated or cancelled without anyone understanding the impact on the company.

The challenges and benefits of well-planned compliance program execution are discussed in a new book, Enterprise Compliance: The Risk Intelligent Approach from Deloitte‘s Governance, Risk and Compliance Services. The book is organized around three main components of creating a compliance culture—starting with assessing the environment that drives an organization’s compliance risk and requirements and then continuing to the execution and evaluation phases. It also features important questions boards should be discussing with management and discussing among themselves. This article, the second in a series of three, addresses the seven components that comprise the execution aspects of compliance programs. The first article looks at the three facets that shape an organization’s compliance and risk environment: its industry, geography and emerging issues.



Monday, 22 July 2013 13:50

Why the Mob Rules

Computerworld — A Kickstarter project called Tile set out to raise $20,000 to create small, flat, battery-powered stickers that you attach to your stuff, enabling you to find anything with your smartphone.

They've raised more than $1.6 million so far.

But why?

Tracker gadgets have been around for years. They're useful for finding your lost remote control, keys and other objects. But Tile does something incredible that no other tracking product can. Here's how it works.

You attach a tile to your tablet, remote control, dog's collar or you drop it into your purse, backpack or briefcase. Use the smartphone app to register each Tile device -- basically tell the Tile cloud service what object each Tile is associated with.



International travel has many wonderful benefits – one possible risk is the spread of illness into your home, community and where you work.  It can happen in a blink of an eye.  How do illnesses get discovered and tracked?  Good question.  And there is a Global Surveillance System that does just that.

In 2012, the number of international tourist arrivals worldwide was projected to reach a new high of 1 billion arrivals, a 48% increase from 674 million arrivals in 2000. International travel also is increasing among U.S. residents. In 2009, U.S. residents made approximately 61 million trips outside the country, a 5% increase from 1999. Travel-related morbidity can occur during or after travel. Worldwide, 8% of travelers from industrialized to developing countries report becoming ill enough to seek health care during or after travel. Travelers have contributed to the global spread of infectious diseases, including novel and emerging pathogens. Therefore, surveillance of travel-related morbidity is an essential component of global public health surveillance and will be of greater importance as international travel increases worldwide.



Monday, 22 July 2013 13:47

When Your Commute Becomes Derailed

Just yesterday I remarked to my husband that my train, the Hudson line, has been amazingly stable and almost always on time. Especially when you consider that there have been major derailments of the Connecticut (May 17) and the Long Island (June 17) lines of the Metropolitan Transit Authority (MTA).

I should have known better. Just when you think you can take a breather, something is bound to happen, as it did this morning. Normally I would have been listening to the news and traffic report, but I was spending some time with my puppy before rushing to the ferry station. Once there I waited, but no ferry, and the few people who were there didn’t seem to know why. Annoying.

I called my husband and asked him to drop me off at the train station across the Hudson (parking is impossible there). On the train platform, however, I quickly learned that there was a big problem—the derailment of 10 CSX garbage train cars on a narrow portion of track used by the Hudson line. There were no injuries, but that is a whole lot of cleanup, not to mention the two tracks that need to be replaced, according to the conductor I talked to. He estimated it would take at least the weekend to repair the damage.



Monday, 22 July 2013 13:42

What We’re Watching: 7/19/13

By Lars Anderson, Director, Public Affairs

At the end of each week, we post a "What We’re Watching" blog as we look ahead to the weekend and recap events from the week. We encourage you to share it with your friends and family, and have a safe weekend.

Weather Outlook
For many parts of the U.S. it’s been a scorcher all week long, but it looks as though things are finally going to cool off as slightly lower temperatures are expected next week. In the meantime, here are some extreme heat safety tips to keep in mind until the cool down arrives:

  • Cover windows that receive morning or afternoon sun with drapes, shades, awnings, or louvers. (Outdoor awnings or louvers can reduce the heat that enters a home by up to 80 percent.)
  • Know those in your neighborhood who are elderly, young, sick or overweight. They are more likely to become victims of excessive heat and may need help
  • Never leave children or pets alone in closed vehicles.
  • Stay indoors as much as possible and limit exposure to the sun.
  • Consider spending the warmest part of the day in public buildings such as libraries, schools, movie theaters, shopping malls, and other community facilities. Circulating air can cool the body by increasing the perspiration rate of evaporation.
  • Eat well-balanced, light, and regular meals. Avoid using salt tablets unless directed to do so by a physician.
  • Drink plenty of water; even if you do not feel thirsty. Avoid drinks with caffeine and limit intake of alcoholic beverages.
  • Dress in loose-fitting, lightweight, and light-colored clothes that cover as much skin as possible. Avoid dark colors because they absorb the sun’s rays. Protect your face and head by wearing a wide-brimmed hat.
  • Avoid strenuous work during the warmest part of the day. Use a buddy system when working in extreme heat, and take frequent breaks.

For more extreme heat safety tips and information, visit www.Ready.gov/heat.
Our friends at the National Weather Service don’t expect any other severe weather over the next couple of days, but as we know weather conditions can rapidly change.  We encourage everyone to monitor your local weather conditions at www.weather.gov or on your mobile phone at http://mobile.weather.gov.

Photos of Week
Here are a few of my favorite photos from the week. You can find more photos at the FEMA Photo Library.

San Francisco, Calif., July 18, 2013 -- Attendees and participants of the 11th FEMA Think Tank listen and contribute to the discussion facilitated by Deputy Administrator Rich Serino at the San Francisco Tech Shop.
San Francisco, Calif., July 18, 2013 -- Attendees and participants of the 11th FEMA Think Tank listen and contribute to the discussion facilitated by Deputy Administrator Rich Serino at the San Francisco Tech Shop.

Alakanuk, Alaska, July 16, 2013 -- The Alaska State Coordinating Officer Sam Walton and Federal Coordinating Officer Dolph A. Diemont meet with City Manager James Blowe to discuss the FEMA programs.
Alakanuk, Alaska, July 16, 2013 -- The Alaska State Coordinating Officer Sam Walton and Federal Coordinating Officer Dolph A. Diemont meet with City Manager James Blowe to discuss the FEMA programs which will assist in the recovery efforts after severe flooding crippled the entire infrastructure. Federal funding in the form of Public Assistance (PA) is available to state, tribal and eligible local governments and certain nonprofit organizations on a cost sharing basis for emergency work and the repair or replacement of facilities damaged by the flooding in the Alaska Gateway Regional Educational Attendance Area (REAA), Copper River REAA, Lower Yukon REAA, Yukon Flats REAA, and the Yukon-Koyukuk REAA.



IDG News Service — Six British citizens were wrongly detained or accused of crimes as a result of mistakes made by authorities when requesting access to Internet data, the U.K. Interception of Communications Commissioner said.

A report detailing law enforcement's errors in the UK was published as interest in surveillance of ordinary citizens' online activities runs high, in the wake of disclosures about the U.S. National Security Agency's secret surveillance programs.

In 2012, U.K. public authorities submitted 570,135 notices and authorizations for communications data, according to the report published on Thursday. The principal users of this communications data are still the intelligence agencies, police forces and other law enforcement agencies, wrote Paul Kennedy who served as the Interception of Communications Commissioner through last year.



It’s mid-July and for many parts of the United States this means persistent hot and dry weather increases the risk of wildfires.

Some 46 percent of the contiguous United States is currently experiencing moderate to exceptional drought conditions, according to Tuesday’s report from the U.S. Drought Monitor.

The first monthly drought outlook from NOAA’s Climate Prediction Center recently warned that drought in the U.S. Southwest is exceptionally intense and unlikely to break completely, despite some relief from the summer thunderstorm season. Most of the already parched West will likely see drought persist or worsen, NOAA said.

Meanwhile, the Wall Street Journal reports that overgrown forest land poses fire risk to a growing number of communities.

It cites U.S. Forest Service statistics that 65 million to 82 million of National Forest lands are at a “high or very high risk of fire” and are in need of restoration.



Wanna know a secret? Here it is. Chances are, the same reason you’re reading this blog is why many folks at CDC do what they do: a fascination with infectious diseases and a desire to help others. Although the work of CDC employees is frequently glamorized in movies like Outbreak and Contagion, we face the same challenges as any other large, complex organization: communication, logistics, funding, and teamwork. These challenges become especially apparent when outbreaks occur, such as during CDC’s recent response to a dengue outbreak in Angola. Based on our experiences in Angola, this blog will dispel 5 myths about outbreak investigation that are often dramatized by Hollywood.



More and more workers around the world are bringing their personal mobile devices to the office daily, and companies appear to be having trouble keeping up with the trend.

About 60 percent of organizations acknowledged they either don't have a policy that specifies how employees may use their own devices in the workplace (41 percent) or are just planning to write such a policy, a study released on Wednesday from Acronis and the Ponemon Institute has found.

"Even though we're still in the early stages of BYOD [Bring Your Own Device], companies are playing catch-up to where their users are," Anders Lofgren, director of Mobility Solutions for Acronis, told CSOonline.

Even as recently as three years ago, IT departments had an iron grip on the endpoints to their networks. "They could secure and provision a fixed device that was procured by the enterprise," said Ben Gibson, chief marketing officer for Aruba Networks.



Friday, 19 July 2013 17:47

Disaster Planning for Magical Rabbits

I have a pet rabbit at home. His name is Boba Fett, named after the popular bounty hunter character in the Star Wars movies, and he’s a pretty laid-back little guy, as far as pets go. He’s not the type of animal that requires a ton of maintenance and he definitely doesn’t need a formal risk management plan. But according to a recent article in the Washington Post, not all rabbits get off so easily. Evidently not only does the U.S. Department of Agriculture require certain rabbits to be licensed, but their owners must also have a written disaster plan for what they will do with their rabbit in case of emergency. It sounds crazy, but bureaucracy often does, I guess.

According to the article, some years back Marty Hahne, otherwise known as Marty the Magician, got a notice from the USDA that based on a law that requires licenses for “animal exhibitors,” the rabbit Marty used in his magic act needed to be licensed. Marty complied. And then, this summer, the USDA informed him of a new rule from the agency’s Animal and Plant Health Inspection Service (APHIS):



There is no question that April 27, 2011 changed the lives of Alabamians. On that one day, our state experienced more than 60 confirmed tornadoes causing widespread devastation. Soon after, we decided to do all we could to make our state safer in the future.

In the days, weeks and months following the tornadoes, Governor Bentley and I toured the state and heard the personal stories of disaster survivors.  Many of them told us how they only had moments to find safety while praying for their lives and the lives of their loved ones.

They were the lucky ones that day.  No matter how much they had lost, they were grateful to still be here, and live through one of the state’s most devastating disasters.  Unfortunately, more than 250 people lost their lives during that 24-hour span of tornadoes.

Once my staff and I grasped the sheer magnitude of what had just happened, we all knew we had to do something to prevent this from happening again.



Thursday, 18 July 2013 15:54

Giving Alabamians A Safe Place To Go

During the April 2011 tornadoes, Prattville, Ala. resident Ty Story took cover in a closet with his wife Becky and their three daughters using a mattress for extra protection.

“We were about a mile from where it hit,” he said of the EF-3 tornado that destroyed and damaged numerous homes in his community. “We knew it was close to us, but we couldn’t see it because our house is next to a tree line. But you could see all the trees going in different directions from the wind.”

Although the Story family and their home were undamaged, the devastation around their home and community made one decision very easy.  They quickly became one of the 4,267 Alabama families to register for and receive an individual safe room grant from the state of Alabama funded through the Federal Emergency Management Agency’s hazard mitigation program.

“The safety of Alabama’s residents was a main priority of Governor Bentley following the April 2011 storms,” said Alabama Emergency Management Agency Director Art Faulkner, whose agency administered the program. “Our directive was to assist every homeowner and municipality who submitted the required application within the deadline to ensure they would soon have a safe place to go.”

Following federally declared disasters, states are given grant money from FEMA, through the Hazard Mitigation Grant Program, to help their residents and communities be more resilient in preparation for future disasters. The April 27, 2011 event in Alabama resulted in 62 tornadoes creating a path of destruction more than 1,711 miles long and causing more than 250 deaths in the state. 

Due to that devastation, the state was eligible for more than $70 million in mitigation funds.

“We knew we never wanted to face this situation again,” Faulkner said. “We wanted to give Alabama families and communities the resources they needed to be prepared.”

Because the state established priorities for mitigation projects early, FEMA was able to provide up-front funding for program management costs, allowing the state to hire and train grant reviewers early in the process. Then, as grant applications came in from communities throughout the state, reviewers were already in place to handle them.

In addition, FEMA committed staff to work in Alabama for nearly two years to help process the mitigation grant applications, said FEMA Region IV Administrator Phil May.

 “A key component in Alabama’s recovery has been the state’s commitment to implement mitigation measures to lessen the impacts of future disasters,” he said. “This allowed FEMA and state staff to work hand-in-hand during the project application and approval process.”

The partnership between the federal and state government, along with the rapid ability to receive funding wasn’t lost on the Story family, whose storm shelter is now installed underground, through their garage.  The family received 75 percent of the cost through the grant program.

“Having the peace of mind we have now? That’s just huge,” he said. “We knew we wanted one after seeing the damage. But when we heard about the program and getting reimbursement to do this, well that was just a no-brainer. With three girls in school, I’m just glad FEMA and Alabama made this decision.”

Another example of the unified effort was the FEMA and AEMA co-sponsored “Safer Alabama Summit” held in June 2011 on the University of Alabama’s campus, which allowed storm survivors and elected officials to learn more about the importance of mitigation activities and how to make informed decisions on their recovery. The summit led to numerous other mitigation-related outreach meetings and events throughout the state.

In addition to safe rooms and storm shelters, state officials also obligated money to fund generators for critical infrastructure, alert notification systems, and a project to harden portions of the Druid City Hospital’s trauma center in Tuscaloosa that also sustained damages.

Alabama Mitigation Priorities:

  • $63 million for 4,267 individual & 282 community safe rooms/storm shelters.
  • $3.6 million for alert notification systems.
  • $5 million for generators to critical infrastructure facilities.
  • $1.3 million to harden Druid City Hospital’s trauma center.


More and more businesses have been allowing employees to use their personal mobile devices as a primary means of communication in the workplace.  The increased usage of employee-owned smartphones, though convenient, can also pose a serious risk to security; questions may also arise concerning the control and ownership of company data.

It is important for your business to establish strict guidelines for the use of personal mobile devices in the workplace. For example, there should be a clause in company policy allowing for the remote wiping of mobile devices upon termination of employment. Further, company data should be kept separate from personal data, and the use of third-party applications should be kept to a minimum.



Computerworld - Manhattan is one of the best locations in the U.S. for data center network connectivity, but in the era of climate change it is also an increasingly risky location. Even so, major data center provider Telx thinks the benefits of NYC outweigh the risks.

Telx said Wednesday that it is opening its third facility in New York, a 72,000 square-foot data center at 32 Avenue of Americas in a former AT&T building rich in network connections.

There are more than 600 network alternatives available in the building, said Chris Downie, president and CFO of Telx. For many customers, "leveraging access to connectivity" and low latency remains a priority, he said. And having data center facilities close to their Manhattan offices is also a consideration.



A security breach can happen to a business of any size, not just the big ones. In fact, 75% of data breaches are targeted at small and medium sized businesses. The cost of a breach can be significant, and not just financially, but for your reputation as well. With an average cost of $214 per compromised customer record, it is no wonder that within half a year of being victimized by cybercrime, 60% of small businesses close. With the correct Cyber Liability Insurance and these 10-Steps to a Safer Business you and your company do not have to be a victim of a breach in security.



CIO — The thought of a CIO turning to spying technology to peek inside a personal iPhone makes people furious. They fret about an employer remotely reading personal emails and text messages, seeing personal photos and videos, and listening to personal voicemail.

But they would be wrong to worry about such things.

At least that's the message from Ojas Rege, vice president of strategy at MobileIron, a mobile device management software developer.

"There's a ton of confusion out there, and so the trust gap has widened," says Rege. "Employees don't really know what their employer can and can't see. They're just guessing."



Wednesday, 17 July 2013 15:53

How to protect your business information

The biggest information security problem for small businesses is coping with the complexity of their systems when they have no-one with the specialist knowledge on how to protect the data, and maybe no IT specialist at all.

Louise Bennett, Chair of the Information Security Specialist Group at the Chartered Institute for IT (BCS), says it's a significant problem. There are sources of information on the web for dealing with most issues, and there's always the option of hiring a consultant, but any firm that wants to keep its sensitive data secure needs a basic level of understanding in-house.

There is evidence that small firms are suffering; in April the Department for Business and Skills (BIS) published the annual Information Security Breaches Survey, showing that 87% of small companies had suffered a breach in the previous year, with the median number rising from 11 to 17.

Bennett says she thinks it's realistic for a small firm to develop the understanding to place itself in the minority that are not affected.



Wednesday, 17 July 2013 15:44

Why risk management can succeed in IT

This is a counterpoint to the Network World article "Why risk management fails in IT" by Richard Stiennon, chief research analyst at IT-Harvest.

Earlier this week Richard Stiennon published an article that questions the value of risk management in IT, and I would argue that, although risk management presents challenges to IT, best practice-driven approaches leveraging aspects of risk management are essential to good security.

Stiennon's perspective reflects the prevailing view in the media -- supported by valid industry statistics -- that IT security is losing the war against the bad guys. Data breaches are front page news and companies are being fined millions of dollars for losing personal information. Given we have been fighting this battle for so long, we must have made some progress, right?



Wednesday, 17 July 2013 15:42

15 Ways to Screw Up an IT Project

CIO — Paul Simon famously sang that there must be 50 ways to leave your lover. Similar could be said (if not sung) regarding projects: There must be 50 ways to screw up your IT projects. Indeed, ask IT executives and project management experts, as CIO.com did, and they will rattle off dozens of reasons why projects go astray. For the sake of brevity, however, we are starting with the top 15 ways to derail a project--and how to avoid these project management pitfalls.

1. Having a poor or no statement of work. "I've seen many projects encounter troubles due to the lack of a well-defined project scope," says Bryan Fangman, senior project manager at Borland, a Micro Focus Company.



Wednesday, 17 July 2013 15:41

Who Can Pry Into Your Cloud-based Data?

Computerworld — Can anyone access the data that you trust to the safekeeping of a cloud-computing vendor? It's a good question, made all the more relevant by the revelations regarding the National Security Agency's Prism program. So how can you best address these issues in your contract with your cloud vendor?

With cloud computing, data access is inevitably a shared responsibility between the customer and the cloud vendor. Those shared responsibilities need to be addressed in the contract, and most cloud vendors' standard contracts leave something to be desired.

While the cloud vendor is responsible for providing the customer with access to its own data, the cloud vendor should also be contractually obligated to not share the customer's data with others, intentionally or not. This may seem obvious, but there are nuances to be addressed in the following areas:



Wednesday, 17 July 2013 15:22

Making an Agile IT Strategy

An agile enterprise is a flexible, robust organization that is capable of rapid response to unexpected challenges, events, and opportunities. Agile enterprises achieve continuous competitive advantage in serving their customers by following strategies that facilitate speed and change. Enablers of enterprise agility include diffused authority; flat organizational structures; trust-based relationships with customers and suppliers; and, of course, an agile information technology strategy. In this post, I focus on what it takes to have an agile IT strategy.

IT departments that are truly agile, or are at least on the path to becoming so, exhibit several key characteristics. First, the majority of their project teams are taking an agile approach to the full delivery lifecycle. This typically is either a disciplined agile delivery (DAD)-based strategy or a strategy that they formulated themselves that is evolving toward something that looks a lot like DAD. This doesn’t mean that all project teams are agile, but most are and the ones that aren’t are starting to move in that direction. Second, the IT organization natively supports — and more importantly, embraces — agile strategies for cross-solution activities such as portfolio management, operations, enterprise architecture, asset management, enterprise administration, governance, and other activities. Third, the IT organization seeks to optimize all of these activities as a whole, to borrow from lean terminology, instead of suboptimizing around functional silos as they may have in the days of the waterfall/traditional paradigm. Let’s explore each of these characteristics one at a time.



CIO — After more than 4,000 votes were cast, the final Big Data startup rankings are in. Keep in mind that while voting was weighted heavily, it was not the be-all-and-end-all consideration. Other criteria included big-name end users, VC funding, the pedigree of the management team and market positioning.

Here are the final rankings, along with why they finished where they did:



Trend Micro held its first Asia Pacific (AP) Industry Analyst summit on April 9, 2013 in Singapore. The most obvious message for me is that the company is clearly seeking to expand its focus well beyond the “legacy” antivirus market. Throughout the event, Trend Micro emphasized the need for cloud security solutions and the opportunities that exist in the Asia Pacific market. Speakers also highlighted the need to invest in breaking Trend Micro’s image as an antivirus vendor to help capitalize on the market opportunities for enterprise cloud security. 

Below are the two key themes highlighted by Trend Micro during the event and my take on each:

  • Enabling cloud-related security is central to company growth.Security-related concerns remain the most prominent reason that organizations cite for not adopting cloud services.  Recently Cloud Security Alliance (CSA) outlined the “Notorious Nine” threats for 2013, and the top three cloud-related threats include data breaches, data loss and account hijacking. (Source:http://www.zdnet.com/clouds-risks-spur-notorious-nine-threats-for-2013-7000011820/). Forrester’s Forrsights IT Budgets and Priorities Survey conducted in Q4 2012 shows that 30% of organizations in the AP region aim to create a comprehensive strategy and implementation plan for public cloud and other as–a-service offerings over the next 12 months. Cloud-related spending therefore represents a big market opportunity. Security will be central to organization’s cloud strategies, and hence spending. Trend Micro is aiming to meet this nascent demand but must better explain why they’re best positioned.



Intellectual property is an essential part of a company’s bottom line. It encompasses various forms, including patents for useful features that make products more desirable or make manufacturing processes and business methods more efficient and economical; trademarks that protect the names, logos, and symbols used to identify and distinguish a company and its goods and services; trade secrets that protect customer lists, vendor lists, formulations, and the like; copyrights that protect marketing materials, product guides and manuals, audio-visual works, software, information compilations, and artwork; and design patents or trade dress that protect the way products look. Not all forms of intellectual property are important to every company, but some form of intellectual property is important to virtually every company.

Notwithstanding the importance of IP, businesses have overlooked its value until fairly recently. In the 1990s, business strength was focused on tangible assets, with intangible IP being relegated to mention in footnotes. The internet business boom and government regulation changed business thinking. Now companies more typically recognize the importance of IP in business decisions and transactions, and that recognition has increased the demand for IP audits. In a 2011 survey by CPA Global, 77 percent of in-house IP professionals said their companies had a greater understanding of the importance of IP and IP valuation, but 74 percent highlighted the need for more focused IP management strategies. The following discussion describes IP audits, explains why they are  essential for good IP management, and provides information about IP audit costs.



I’m at that point in my life where one of the greatest joys I have is playing tennis with my teenage grandson. I’ve always looked at competition through sports as a great bonding opportunity for fathers and sons.  My grandson is taking lessons once a week at local club near us.  Over the past couple of years, he’s gotten pretty darn good.  To help him practice between lessons, I serve as his “sparring partner”.  We find time to play a couple of times a week together.

When I was younger (i.e. high school and college) I played some racquetball, but never tennis.  What I know about tennis has come from my being an easy mark for “the kid”.  But with my competitive nature, I’ve learned and practiced along the way to the point where I can actually give him a run for his money – oh that’s right, it’s my money.

Anyway, I just got in from playing tennis this evening with my grandson and while I was out on the court “getting schooled” again, I began thinking about how playing tennis can be similar to what we do in crisis management.



Tuesday, 16 July 2013 15:52

The 3 Year Itch

I have been involved in the BCM industry for the past few years – knee-deep in our company’s marketing, branding and social media activities. I also wear a CRM hat and track all the sales and marketing efforts.  On average, we receive a few hundred enquiries for our products from our contact widget on our website.  We get a few hundred more qualified leads from our participation in various industry trade shows. All these sales opportunities are followed up diligently by our Sales team.

When analyzing the CRM database, a very interesting pattern emerges:

The 3-year itch

Prospects with whom we’ve dealt before often return with requests for product and pricing information.  Most of them occur on 36-month cycles. These prospects stay engaged for varying periods – from a single conversation to as long as 6 months. If they decide to buy a competitor’s product the conversation ends – temporarily. They often pop up again in 36 months to start the whole process again.



Tuesday, 16 July 2013 15:48

Sleepless in Philadelphia

Here at FEMA we’re committed to the “Whole Community” approach to emergency management which Administrator Fugate initiated when he arrived. For those of you that haven’t heard of the Whole Community concept, it basically says that FEMA can’t manage emergencies by ourselves; we need to make sure that we’re including the private sector, community organizations, faith-based organizations, state local, and tribal government, the general public, non-profits, schools, our partners in other federal agencies, and almost any other group you can think of. One specific part of the Whole Community idea that we’re really working on is integrating the needs of people with access and functional needs in an inclusive setting and to accomplish this, we’re working collaboratively with our community partners who can bring resources, skills, and expertise to the table.  To support this effort Administrator Fugate created the Office of Disability Integration & Coordination and positions like mine, as the Regional Disability Integration Specialist here in the Region III office in Philadelphia.

A large part of my job is making sure that the access and functional needs of people with disabilities are addressed in an inclusive manner, as well as making connections between emergency managers and disability leaders.  So I want to tell you a little bit about an exciting project we are participating in with our community partners.

Philadelphia, Pa., June 28, 2013 -- LesleyAnne Ezelle, Regional Disability Integration Specialist, FEMA Region III visits the Philadelphia Chapter of the American Red Cross office where they held a Shelter Sleepover Exercise.

On June 28th, 2013 I went to the Philadelphia Chapter of the American Red Cross office where they held a Shelter Sleepover Exercise. The point of the exercise was to test their ability to provide services and support to people with access and functional needs in a general shelter. There were volunteers from the local community, many of whom are active with the Functional Needs Subcommittee of the Southeastern Pennsylvania Regional Task Force.

They asked me to give an overview of effective communication, so I gave a demonstration on the equipment that we now have in our Disaster Recovery Centers (DRC). This equipment can also be used in other settings so that people with access and functional needs can get the same information as everyone else and get it in their preferred method of communication.  FEMA now has 175 accessible communication kits that are used to provide effective communication access in every DRC.

While this technology gives us many new options to communicate more effectively, it was pointed out by one of the shelter ‘clients’ that sometimes a skilled person who can interpret and provide information is needed too. We realize that having trained and knowledgeable shelter staff and access to on-site interpreters, scribes, and personal care attendants is just as important to providing effective and accessible services.  FEMA can offer these services to the state, during a Presidentially-declared disaster, if requested.  By having exercises like this one, both the shelter clients and the shelter volunteers get the opportunity to learn what works, what doesn’t, what may be available and we’re able to find solutions, together, to make the shelter experience truly inclusive and accessible.

One of the things that I found very impressive about this exercise is that it was a good example of the saying “nothing about us, without us” that we use a lot in the advocacy movement when we talk about planning services for people with disabilities. Shelter Sleep Over and other activities in Region III are an example of embracing that philosophy and we are looking forward to many more collaborative learning experiences.


CIO — Mobile devices are working their way into every facet of our lives these days. For instance, according to Accenture Interactive, 72 percent of consumers ages 20 to 40 now use mobile devices to comparison shop while in retail stores.

The problem for retailers? The majority of them leave without making a purchase with their smartphone or tablet; they purchase online—often using a different device, such as a desktop PC.

How do you track the success of your marketing under these circumstances and ensure that you are delivering your customers the best possible experience? BloomReach, which specializes in big data marketing applications, believes big data provides the answer.

BloomReach today took the wraps off BloomReach Mobile, a cross-channel-optimized mobile search and discovery solution built on the company's signature Web Relevance Engine technology.



Computerworld - Given the dire warnings about climate change, some business leaders and IT professionals are pondering this question: How should data center managers handle the crop of so-called 100- and even 500-year storms, coastal floods and other ecological disasters that climatologists predict are heading our way?

Some experts suggest that managers of mission-critical data centers simply need to harden their existing facilities, other observers say data centers need to be moved to higher ground, and a third group advises data center managers to pursue both strategies.

One thing is certain, experts say: Few IT organizations -- even those that suffered or narrowly escaped damage during recent major storms -- are thinking long term. Most IT leaders are, if anything, taking the path of least resistance and least expense.



Many of us don’t hear about a crisis until it hits the newswires, either through social media, news websites or through a posting on a social site we might follow. In some cases, we might not know about a crisis until we see 1st responders racing down the road heading towards and emergency.

Some will automatically see a disaster as a large catastrophe and one of the BCM/DR industry definitions of a disaster is that it’s a sudden, unplanned event that prevents the organization from performing normal operations. Though both a crisis and/or disaster can start well before the public or media even get wind of the problem.
Sometimes a disaster doesn’t begin until after a period of time when a lesser level of operational hindrance has been experienced. Then when the disaster itself occur, the management of the situation will determine the level of crisis; meaning how well the crisis is handled from the perspective of the public, media, stakeholders (vendors, partners etc) and employees.



In 2008, Hurricane Ike devastated the upper Texas coast with many animals lost and many more suffering needlessly.  This storm triggered a request for the Texas A&M College of Veterinary Medicine & Biomedical Sciences to form a deployable veterinary emergency team. 

The Texas A&M Veterinary Emergency Team External Web Site Icon(TAMU VET) is comprised of veterinary faculty, staff, and senior veterinary medical students. Since the inception, the TAMU VET has been deployed for Hurricanes Rita and Gustuv, the 2011 Grimes County Wildfire and Bastrop Complex Wildfire, an Alzheimer’s patient search in Brazos County in 2012, and the 2013 West, Texas fertilizer plant explosion.

TAMU VET was formed in response to an increasing frequency of emergencies and disasters, the pressing need for veterinary support for the canine component of search and rescue efforts, and a societal decision that animals were worthy of care and support during disasters.

When a call to respond to a disaster comes in, an alert is put out to the team via a phone call down system, and everyone responds with their availability to deploy. The goal is to be out the door within four hours of a request to deploy. Working hand in hand with the first responders, one of the most important benefits of TAMU VET is their ability to be on the front lines of a disaster. Not only are they there to support, treat, and assist canine search teams, but the first responders are often the first groups to find or rescue animals that have been involved in the disaster. TAMU VET is able to coordinate the capture and rescue of found animals, and gives first responders a place to bring injured or ill animals.

This triage point for the field allows first responders to do their job and also begins the process of animal rescue and recovery early on. It has become the expectation that TAMU VET will be on the ground in an emergency because everyone realizes that animal issues are an aspect of any disaster. “First responders have told us repeatedly that it helps them do their job when they know we are there to help take care of their canine search teams, but also to take care of animals that might otherwise be ignored, left behind, or rescue delayed until the human response is completed. This is a truly special partnership and is one that we know works,” says Deb Zoran, Associate Professor and TAMU VET Medical Operations Chief at Texas A&M University College of Veterinary Medicine and Biomedical Sciences.

The diverse range of deployments has allowed the veterinary students to participate in serving the citizens of Texas while simultaneously providing professional development through the complex and rapidly changing disaster environment in which they are providing veterinary medical care. The educational value of emergency response deployments led to the development of a required clinical veterinary medical rotation during the fourth year of the veterinary program – the first of its kind in the United States.

The clinical rotation at TAMU is designed to provide veterinary medical students with the knowledge base and skills to assist their communities with planning to mitigate or respond to animal issues during disasters. The rotation is divided into two major parts: preparedness and response. The preparedness component requires students to make a personal preparedness plan, assigns them the task of working through the process of developing a practice preparedness plan, and introduces the students to the concept of developing a county emergency animal sheltering and veterinary medical operations plan. In the response component, students learn risk communications, medical and field triage concepts, and medical operations in austere conditions. They also have the opportunity to spend a day at Disaster City – a local training site for first responders from around the state and the nation to get to understand some of the medical and environmental conditions the first responders must work in.

As a leader in veterinary emergency preparedness and response, TAMU just marked the first anniversary of their required clinical rotation and continues to act as a strong service for animals in a disaster.  For more information, visit the TAMU VET websiteExternal Web Site Icon.


IDG News Service (Miami Bureau) — In another example of the consumerization of IT, people have embraced cloud storage and file sharing services like Dropbox both at home and at work, and CIOs better take notice about this trend, according to a Forrester Research report.

"There is huge business value in these types of services," said Rob Koplowitz, co-author of the study "File Sync and Share Platforms, Q3 2013. "They solve a bunch of business problems."

Dropbox and similar services, with their intuitive and user-friendly interfaces, make it easy and convenient for people to sync files across multiple personal and enterprise devices, including tablets and smartphones, and share these often large files with colleagues, clients and partners, he said.



There's a very old IT problem that's gaining renewed attention lately: The problem of keeping too many copies of data. The analyst firm IDC has quantified the problem and come up with some rather startling statistics:

  • More than 60% of all enterprise disk capacity worldwide is filled with copy data
  • By 2016, spending on storage for copy data will approach $50 billion and copy data capacity will exceed 315 million terabytes
  • In the next 12 months, [IT departments] expect increased use of data copies for app development and testing, regulatory compliance, multi-user access and long-term archival



Risk modeling is a useful tool for business continuity managers, but over-reliance and flawed approaches can create difficulties. By Geary W. Sikich.


Fundamental uncertainties derive from our fragmentary understanding of risk and complex system dynamics and interdependencies. Abundant stochastic variation in risk parameters further exacerbates the ability to clearly assess uncertainties.

Uncertainty is not just a single dimension, but also surrounds the potential impacts of forces such as globalization and decentralization, effects of movements of global markets and trade regimes, and the effectiveness and utility of risk identification and control measures such as buffering, use of incentives, or strict regulatory approaches.

Such uncertainty underpins the arguments both of those exploiting risk, who demand evidence that exploitation causes harm before accepting limitations, and those avoiding risk, who seek to limit risk realization in the absence of clear indications of sustainability.



The wrong words online can come back to haunt you

The case of Justin Carter, the Central Texas teen jailed for over five months as a result of a Facebook comment, is a powerful lesson in just how serious social media has gotten, and why your personal crisis management considerations should include careful censorship of controversial conversation.

Here’s what went down, as described in a HuffPost blog by Ryan Grenoble:

Earlier this year, Carter and a friend got into an Facebook argument with someone regarding “League of Legends,” an online video game with notoriously die-hard fans. Justin’s father, Jack, explained to ABC local affiliate KVUE that at the end of the conversation “[s]omeone had said something to the effect of ‘Oh you’re insane, you’re crazy, you’re messed up in the head,’ to which [Justin] replied ‘Oh yeah, I’m real messed up in the head, I’m going to go shoot up a school full of kids and eat their still, beating hearts,’ and the next two lines were lol and jk [all sic].”

- See more at: http://managementhelp.org/blogs/crisis-management/2013/07/12/jailed-texas-teen-a-social-media-crisis-management-lesson/#sthash.fpMEHyYv.dpuf

Network World — There are two trends happening in the IT hardware market, each gaining momentum but offering very different ways of outfitting data centers.

On the one hand, companies with enormous data centers such as Facebook, Rackspace, Google and Goldman Sachs are creating their own compute, storage and network devices using cheap, commodity components. The pieces are built to a standard - organized by the Open Compute Project (OCP) - to ensure they interoperate, and they are then are assembled to create hardware that is finely tuned to the specific needs of an organization. This "disaggregation" of hardware allows one company to have a system that is optimized for high-storage capacity with low CPU, for example, while another company could customize the hardware for intense reading capabilities, but low writing.



Friday, 12 July 2013 16:57

It’s all in your head

Or is it?


According to MONDAQ.com, Australia’s courts seem to be spending a lot of time considering “psychiatric harm” in the workplace.

While these concerns seem primarily based on conditions “Down Under,” risk management practitioners should be aware that the issue can become global and effect their clients. Similar cases may be coming to a courtroom near you.

In one case, the court ruled that “Employers not necessarily liable for psychiatric harm to employees who are stressed or overworked” ( http://tinyurl.com/k7up53m). In separate decisions, two employees who sustained psychiatric injuries in the course of their employment in Victoria were denied damages in recent decisions of the Supreme Court of Victoria and the Victorian Court of Appeal.

In another case, “Law firm successfully defends against claim of bullying” (http://tinyurl.com/knl7gn2), the court decided that an employee who experienced an overwhelming workload, professional and personal pressure, conflict and a strained relationship with a colleague was found not to have been bullied.

Interestingly, all cases were heard in the same Australian state, Victoria.



Thursday, 11 July 2013 14:21

Developing a Crisis Management Plan

“Houston, we have a problem.”

Even the most professionally run businesses, including law firms, occasionally run into times of crisis.

In the specific example of a law firm, crises can arise in many forms, like issues that compromise operations, financial dilemmas, and ultimately, problems that threaten or damage the integrity and reputation of a firm.

Entertaining thoughts of potential predicaments can be uncomfortable, not to mention daunting. However, as is the case in any type of disaster scenario, it is best to have an anticipatory plan of action in place before catastrophe occurs. Doing so can be the difference between putting out the fire and fanning the flames in times of crisis.



DSD manifesto clarifies “significant risks” and strategies for secure BYOD

David Braue | July 11, 2013
http://w.sharethis.com/images/sharethis_counter.png");" class="stMainServices st-sharethis-counter"> 

Strategies for securely implementing bring your own device (BYOD) policies have been formalised in an extensive document recently published by the Defence Signals Directorate (DSD) that outlines business cases, regulatory obligations and legislation relevant to securely implanting BYOD.

The document, entitled Risk Management of Enterprise Mobility including Bring Your Own Device (BYOD), aims to help readers understand and mitigate the "significant risks associated with using devices for work-related purposes that have the potential to expose sensitive data", according to its authors.

DSD has long held primacy in information-security matters, offering technical certification of products for use in secure environments and offering IT-security guidance for government and non-government bodies through publications such as its Information Security Manual (ISM).

- See more at: http://www.computerworld.com.sg/tech/security/dsd-manifesto-clarifies-significant-risks-and-strategies-for-secure-byod/#sthash.Z2xHiAiO.dpuf

By Sunil Cherian

Business continuity planning (BCP) should cover an organization’s ability to avoid major business disruption from a disaster while addressing the principal concerns of business risk mitigation, and protecting and preventing lost data. Business transactions delivered from the data center / centre pose major challenges to business continuity.

Data center infrastructure and the networks that support it play a prominent role in automating business processes and communication across the organization, customers, partners, suppliers and regulators to ensure the organization continues to run during a disaster. Connectivity in data center infrastructure and the networks can be adversely affected by bottlenecks or complete failure due to network outages, hardware failures, human error and natural disasters.

Application delivery controllers (ADCs) protect these vital corporate assets and keep the network up and running. Below are five capabilities to look for to create a reliable application delivery infrastructure for business continuity planning:



The emerging H7N9 avian influenza virus responsible for at least 37 human deaths in China has qualities that could potentially spark a global influenza pandemic, according to a new study published yesterday (July 11th, 2013) in the journal Nature.

An international team led by Yoshihiro Kawaoka of the University of Wisconsin-Madison and the University of Tokyo conducted a comprehensive analysis of two of the first human isolates of the virus from patients in China. Their efforts revealed the H7N9 virus's ability to infect and replicate in several species of mammals, including ferrets and monkeys, and to transmit in ferrets — data that suggests H7N9 viruses have the potential to become a worldwide threat to human health.

"H7N9 viruses have several features typically associated with human influenza viruses and therefore possess pandemic potential and need to be monitored closely," says Kawaoka, one of the world's leading experts on avian flu.

"If H7N9 viruses acquire the ability to transmit efficiently from person to person, a worldwide outbreak is almost certain since humans lack protective immune responses to these types of viruses," says Kawaoka.



Thursday, 11 July 2013 14:18

EMC 'Bringing the Sexy Back' to Data

CIO — Backup isn't exactly the sexiest area within an IT organization. In many cases, it's perennially understaffed and under-resourced. But as data becomes an increasingly valuable commodity in the enterprise, and the volumes of data generated by the enterprise expand exponentially, backup is buckling under the strain. A new way of thinking about protection storage architecture may be required.

"Imagine a dam with a single, small sluice gate near the bottom, and there's water just gushing over the top," says Guy Churchward, president of Backup and Recovery Systems at EMC. That sluice gate represents your backup platform and the water represents your data. "Backup can't handle the load."

And worse is coming, Churchward says. If you were to pan the camera back from your little dam with water spilling over the top, you'd see 15 other raging rivers rushing toward you.



The title of this article is a question that comes up often in Business Continuity Management industry LinkedIn Group Discussions.  Many planners and practitioners struggle with where BCM in situated in their organizational hierarchy – resulting in a hopeful search for a better solution.

Business Continuity Management is often the homely foster child in many organizations.  (For those not familiar with the US foster-care system, a foster child is removed from his/her natural parents and sent to live with a volunteer ‘foster family’ who receives government funds to provide their care).  Few C-level executive want responsibility for BCM.  There’s little ‘up’ side; it doesn’t make any money, and failure – in either a compliance audit or a real-life disruption – may win a one-way ticket to unemployment.

So the winner of the Business Continuity Management sweepstakes is decided by fiat or by default, depending upon the organization’s culture.



Techworld — Many organizations are still dependent on archaic data centre infrastructures despite the knock on effect they can have on the end-user experience and levels of productivity, according to research released today.

Brocade, which commissioned the survey said the results showed that many organisations were using the same data centre technology that has been in place for the last 20 years.

The study, carried out by Vanson Bourne on behalf of the networking company, found that 91 percent of 1,750 IT decision-makers needed to carry out substantial infrastructure upgrades on their networks if they wanted to meet the demands presented by virtualisation and cloud computing.



Wednesday, 10 July 2013 21:22

BYOD Breeds Distrust Between Workers and IT

CSO — The Bring Your Own Device (BYOD) movement is supposed to boost worker productivity but a study released on Monday said it can also breed distrust between employees and IT departments.

Nearly half of American workers (45 percent) said they're worried about IT accessing personal data on devices they use for work and home, a report by Aruba Networks revealed.

Similar sentiments were expressed by European workers (25 percent) and those in the Middle East (31 percent), said the survey of 3,000 workers worldwide.

In additon, nearly one out of five European workers (18 percent) and more than a quarter of Middle Eastern respondents (26 percent) feared their IT departments would interfere with their private data if they got their hands on the worker's devices.



Wednesday, 10 July 2013 21:20

A Technological Edge on Wildfires

When the winds change, a ferocious forest inferno can make a sharp turn, and the fire crews battling it may need to depend on their eyes and instincts to tell them whether they are in danger.

Sometimes, as appears to be the case in the deaths of 19 elite firefighters in Arizona, it is already too late.

Of course, the best way to fight catastrophic fires is to keep them from growing to catastrophic scale. But that is becoming more and more difficult as global warming raises the likelihood of fires, especially in Western forests. By 2050, the annual extent of forests burned is predicted to rise by 50 percent or more.

So officials and experts are increasingly relying on technology both high and low to counteract the trickery of raging wildfires.

In computer simulations, the United States Forest Service sets tens of thousands of virtual fires — factoring in different weather patterns, topography, vegetation and historical weather patterns. “You would sort of get a map that depicts a likelihood of fire occurrence,” said Elizabeth Reinhardt, an assistant director of fire ecology and fuels for the Forest Service.



Wednesday, 10 July 2013 21:17

Defining The Mobile Security Market

Understanding the terms and technologies in the mobile security market can be a daunting and difficult task. The mobile ecosystem is changing at a very rapid pace, causing vendors to pivot their product direction to meet the needs of the enterprise. These changes in direction are creating a merging and twisting of technology descriptions being used by sales and marketing of the vendor offerings. What we considered “Mobile Device Management” yesterday has taken on shades of containerization and virtualization today.
Mobile antivirus used to be a standalone vision but has rapidly become a piece of the mobile endpoint security market. Where do we draw the lines, and how do we clearly define the market and products that the enterprise requires to secure their mobile environment?

There is a young lady carousing in the Caribbean with designs on south Florida.

Turn on the tv and you hear the name “Chantal.” Once named, the tv news readers tell us we are advised to get our hurricane preparations underway.

Turn on the radio and you hear the same thing.

Pick up a newspaper – yes, there still are newspapers in south Florida – and you not only are encouraged with hurricane preparations but you also get a hurricane tracking map.



CSO — Today's security threats span a broad spectrum of social engineering schemes, international hackers, and insider threats like the recent NSA breach. It's easy to get overwhelmed by all of the potential threats and where money should be spent to keep up, let alone stay ahead of the curve.

"Security functions are getting only 70 percent of the resources that they need to do an adequate job" of securing the business, including hardware, software, services and staff, said Michael Versace, insights director of worldwide risk at IDC. "The hard stuff is in the next 30 percent."

Meanwhile, worldwide spending on security infrastructure, including software, services and network security appliances used to secure enterprise, rose to $60 billion in 2012, up 8.4 percent from $55 billion in 2011, according to Gartner Inc. That number is expected to hit $86 billion by 2016.



CIO — Recently, BPR-Rico Manufacturing decided it was time for a change in its human resource systems.

The Medina, Ohio-based engineering outfit, which builds lift trucks and other material-handling equipment, had been using Sage North America's Abra HR solution. The on-premises deployment was more than a decade old and had acquired some eccentricities. The system would randomly change employee dental insurance deductions to the two-year prior rate. An employee who generally worked a 32-hour week would occasionally flex to 40 hours, but the system would still pay for only 32 hours.

As it happened, Rico Manufacturing already was replacing its paper-based time card system with cloud-based time and attendance software from Kronos. The company decided to tap Kronos to replace its human resources and payroll system as well—and move it to the cloud.



Prolexic has shared information on a popular cyber attack technique, SYN reflection attacks, which can leverage the defense mechanisms of DDoS mitigation devices to increase the strength of the attacks.

SYN reflection attacks are one of the more sophisticated DDoS attack methods and typically require some skill to execute. However, they have recently grown in popularity as they’ve become available on a DDoS-as-a-Service basis via the criminal underground.

“SYN reflection attacks have been around for a long time, but new attack apps make them extremely easy to launch. Even a novice can do it,” said Stuart Scholly, President of Prolexic. “Malicious actors wrap web-based graphical user interfaces around sophisticated scripts and offer them as convenient DDoS-as-a-Service apps that you can launch from your phone.”

SYN reflection attacks are used against targets that support TCP – a core communication protocol that enables computers to transmit data over the Internet, such as web pages and email.



Certifications of one sort or another have been around seemingly forever.  If you are old enough you may remember (some 30 years ago) when there were very few non-institutional IT certifications available.  The certification boom started in the mid 80’s when some of the network operating system providers were trying to establish a base of knowledge competency (or a new revenue stream – depending on your perspective).  At the time, passing some of these certification exams was a joke.  They didn’t prove the competency or skill that they were created to achieve.

Of course most of those certification programs have matured.  They’ve become more challenging – including theoretical as well as practical testing to ensure competency of the individual.  Typically, the rate of change in technology has driven the recertification processes; as new products and technological advancements are revealed, certification qualifications have changed with them.



Monday, 08 July 2013 14:18

Always wear clean underwear

If a risk management practitioner needs a motto over his or her office door to observe on the practitioner’s way out, it should be:

Always wear clean underwear

Now at first blush you may think this scrivener has lost it. While that is generally debatable, I assure you in this instance I am fully in charge of all my facilities.

What is it we – risk management practitioners – do? Bottom line?

We anticipate and plan for the unexpected.

No, I’m not talking about swans of any hue; I don’t believe in black swans as an event that could not be predicted.