Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6682)

CIO — IT walks a fine line between balancing security issues and giving people the tools they need to get the job done. Every day companies move sensitive data around and IT is in charge of securing that data, but what about the little things that tend to fall through the cracks?

According to data from several recent surveys there are a number of things your employees could be inadvertently doing that puts your company's sensitive data and information at risk.

A survey done recently by IPSwitch, an FTP software organization, includes some of the reasons employees are putting sensitive data into places where IT has no control over what happens to it:

...

http://www.cio.com/article/737748/6_Ways_Employees_Are_Putting_Your_Company_s_Data_at_Risk

CSO — A security researcher has shown that hackers, including an infamous group from China, are trying to break into the control systems tied to water supplies in the U.S. and other countries.

Last December, a decoy water control system disguised as belonging to a U.S. municipality, attracted the attention of a hacking group tied to the Chinese military, according to Trend Micro researcher Kyle Wilhoit. A dozen similar traps set up in eight countries lured a total of 74 attacks between March and June of this year.

Wilhoit's work, presented last week at the Black Hat conference in Las Vegas, is important because it helps build awareness that the threat of a cyberattack against critical infrastructure is real, security experts said Tuesday.

...

http://www.cio.com/article/737753/Trend_Micro_Hacker_Threats_to_Water_Supplies_Are_Real

KANSAS CITY, Mo. – With several areas throughout Kansas and Missouri experiencing bouts of late-summer flooding, the Federal Emergency Management Agency (FEMA) is urging residents to stay informed about the potential hazards of flooding.

Floods, especially flash floods, kill more people each year than any other weather phenomenon. This recent spate of severe weather-related events across the Midwestern states serves as a pointed reminder just how dangerous floods can be and how important it is to stay abreast of weather warnings, understand flood terms, and take action by monitoring, listening, preparing and acting accordingly.

Beth Freeman, Regional Administrator for FEMA Region VII urges residents to be constantly aware of their environment and any potential for flooding. "There's no doubt that when people are aware of the dangers and power of flooding, they can take measures to lessen the exposure to danger for themselves and family members," Freeman said. "When you're driving and you see the road ahead is flooded, be safe. It's best to 'turn around, don't drown.' FEMA is monitoring the situation and is on standby to help states if assistance is requested.”

While floods are the most common hazard in the United States, not all floods are alike. Floods typically occur when too much rain falls or snow melts too quickly. While some floods develop slowly, flash floods develop suddenly. 

One of the most dangerous elements of a flood is floodwaters covering roadways, and motorists are urged to never attempt driving through them.  About 60 percent of all flood deaths result from people trying to cross flooded roads in vehicles when the moving water sweeps them away.

While flood risks can indeed be a formidable threat, there are simple steps citizens can take today to reduce their risk to all types of floods. 

If a flood is likely in your area, you should:

  • Listen to your radio or television for information.
  • Be aware that flash flooding can occur. If there is any possibility of a flash flood that could affect you, move immediately to higher ground. Do not wait for instructions to move.
  • Be aware of streams, drainage channels, canyons, and other areas known to flood suddenly. Flash floods can occur in these areas with or without such typical warnings as rain clouds or heavy rain.

If you must prepare to evacuate, you should:

  • Secure your home. If you have time, bring in outdoor furniture. Move essential items to an upper floor.
  • Turn off utilities at the main switches or valves if instructed to do so. Unplug electrical appliances. Do not touch electrical equipment if you are wet or standing in water.
  • Take essential documents (http://www.ready.gov/evacuating-yourself-and-your-family)

If you must leave your home, remember these evacuation tips:

  • Do not walk through moving water. Six inches of moving water can make you fall. If you have to walk in water, walk in areas where the water is not moving. Use a pole or stick to make sure the ground continues in front of you.
  • Do not drive into flooded areas. If floodwaters rise around your car, abandon the car and move to higher ground if you can do so safely. You and your vehicle can be quickly swept away.
  • Six inches of water will reach the bottom of most passenger cars causing loss of control and possible stalling.
  • A foot of water will float many vehicles.
  • Two feet of rushing water can carry away most vehicles including sport utility vehicles (SUVs) and pick-ups.

Additional tips to consider:

  • United Way’s 2-1-1 is a helpful resource before, during and after disasters. Keeping this number and an up-to-date family communication plan handy is a must-do when preparing for emergencies.
  • Keep emergency supplies on hand, such as non-perishable food, medicine, maps, a flashlight and first-aid kit.
  • Use extreme caution when returning to flood damaged homes or businesses.

Become familiar with the terms that are used to identify flooding hazards:

  • Flood Watch: Flooding is possible. Tune in to NOAA Weather Radio, commercial radio, or television for information.
  • Flood Warning: Flooding is occurring or will occur soon; if advised to evacuate, do so immediately.
  • Flash Flood Watch: Rapid rises on streams and rivers are possible. Be prepared to move to higher ground; listen to NOAA Weather Radio, commercial radio, or television for information.
  • Flash Flood Warning: Rapid rises on streams and rivers are occurring; seek higher ground on foot immediately.

The National Weather Service is the official source for weather watches and warnings.

For more information on flood safety tips and information, visit www.ready.gov/floods or the Spanish-language web site www.listo.gov.

For information on how to obtain a flood insurance policy, visit www.floodsmart.gov.

Follow FEMA online at www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Find regional updates from FEMA Region VII at www.twitter.com/femaregion7. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

http://www.fema.gov/news-release/2013/08/06/midwestern-residents-urged-be-aware-flood-dangers

In today’s enterprise, data is the key. It enables a business to make its best decisions and efficiently manage its business processes.

Data is demanded by many departments and must be gathered, sorted, cleaned, managed, analyzed and protected. Because data is often gathered from applications, it likely falls in the realm of IT, where business intelligence and analytics systems are managed. However, what many IT organizations lack is a framework for data governance—a solid set of processes and policies that dictate the way data is supervised and preserved.

The book “Data Governance: Creating Value from Information Assets,” provides a detailed look into information governance; it begins with a chapter on how data governance plays a role in an enterprise, moves through management of metadata, and then explains how to operationalize data quality. Other chapters include:

...

http://www.itbusinessedge.com/blogs/it-tools/data-governance-strategies-strengthen-business-information.html

Wednesday, 07 August 2013 15:47

The Road to the Hybrid Cloud Runs Through PaaS

Most enterprises are far enough into the cloud deployment process to understand that there is more than one type of cloud. At the moment, many organizations are content to spin up a few hosted resources to gain extra storage or run a few key applications. But as cloud strategies become more refined, the style of cloud implemented on both private and public resources and the infrastructure that supports them can have a dramatic impact on future data objectives.

As I’ve pointed out, hybrid architectures are only as good as the private cloud allows them to be, and so far only a handful of organizations are pursuing what leading experts deem to be a true private cloud strategy. Part of this is because the cloud is still an ill-defined concept, but legacy infrastructure can be a major drag as well—particularly when it consists primarily of silo-based, bare-metal architecture. So clearly, the first step in any coordinated cloud strategy is to implement virtual and software-defined infrastructure to the broadest extent possible.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-road-to-the-hybrid-cloud-runs-through-paas.html

Wednesday, 07 August 2013 15:45

IT Evolution

We really need to transform what the American IT workforce is made up of. Instead of teaching COBOL, Pascal, C++, and other elements of technology, we really need to teach how to align business and IT to take advantage of innovation and creative thinking. The way to align business and IT is to focus on the customer experience and the value that they live in that experience.

Instead of IT being a separate business unit, IT needs to be integrated into every business unit. I am by no means advocating breaking IT up into multiples of itself contained within each business unit. I am advocating that IT needs to reside with knowledge of the business and each unit in their strategic planning to assist with how to enable their people and process in a cost effective, simple, agile, and rigorous way. If IT establishes strategy along side of the business, then the execution and results will match. This is opposite of the way it is done today where the business and each unit goes off to develop strategy based upon a vision that IT is not a part of. Likewise, IT, more often than not, sequesters itself and develops its own strategy and execution plan based upon a limited view or knowledge of the vision of the organization. I liken this to picking the route to go on vacation before picking the destination.

...

http://mdjohn.wordpress.com/2013/08/06/it-evolution/

PC World — For small businesses today, there's nothing that can't be done in the cloud. You could plunk down your cash for Basecamp, Yammer, and Google Docs like everyone else, but alternatives to these stalwarts abound. For something that does more, costs less--or both--check out these six Web-based tools, categorized based on their primary functionality.

 

General collaboration: Podio

Podio may still fly under the radar of such behemoths as Basecamp, but it's rapidly emerging as the go-to collaboration tool for a new generation of knowledge workers. Originally a Danish startup, Citrix acquired it last year, and the new features keep on coming.

Designed (like most collaboration systems) to eliminate excessive emailing, the structure is relatively simple: You invite employees into Podio's internal communication network, then create any number of "workspaces" in which they can collaborate. You can admit outsiders on a workspace-by-workspace basis, keeping them out of the broader employee network.

...

http://www.cio.com/article/737697/6_Alternative_Tools_for_Small_Business_Collaboration

For homeland security professionals to be successful in their field, it is critical to stay ahead of prevailing tendencies within the industry. Colorado Technical University recently sponsored a mock exercise, hosted by the Colorado Emergency Preparedness Partnership (CEPP), and attended by personnel from private and public sector institutions to help prepare for a cyber-attack.

During the tabletop exercise, an expert panel addressed propagation and impacts of a cyber-attack from domestic and foreign organizations. This simulated exercise was part of a continued series of emergency preparedness events led by CEPP and this event’s sponsors: Western Cyber Exchange, CTU and the Canadian Consulate.

The cyber-attack scenario began in southern Colorado and spread from local jurisdictions to a national threat, and ultimately a global one. Families, businesses, communities, government services and the critical infrastructure we depend on for our everyday needs suffered the consequences from the simulated attack. Our expert panel, consisting of private and public sector members from the city of Colorado Springs; telecommunications and energy sectors; the state, federal and Canadian governments; addressed the evolving scenario.

...

http://csbj.com/2013/08/06/how-first-responders-train-for-real-life-cyber-threats/

One flood victim in Canmore says he has concerns after learning the province's disaster recovery program is being run by a private company.

Gus Curtis' yard was washed away by Cougar Creek and his home's foundation is exposed and cracked. Until recently Curtis assumed he was working with a government employee on a recovery plan.

In fact, Edmonton-based Landlink Consulting has been contracted to processes flood claims and calculate and distribute payments.

Curtis said an employee shut him down after he asked a few questions. "So I said ‘who is Landlink?’ He paused and said Landlink is a company hired to administer the fund,” Curtis said.

...

 

Disasters happen. And though business and IT leaders like you can’t prevent them, you can curtail the losses and costs that disasters cause — by ensuring that Business Continuity and Disaster Recovery (BC/DR) plans are in place at your organization.

Hurricane season, flooding, tornadoes and other severe weather threats remind us once again just how important it is to be prepared 

For instance, in the event of a disaster, would your IT operations be back to business with the help of data centers that remain running amid the storm, transitioning from generators to utility power in the days following? We explore this possibility further in our recent Forbes.com article “Does Your Data Center Have a Disaster Plan?” with strategies that protect buildings, systems, equipment, and personnel — and also have contingencies for the loss of any or all of them.

...

http://www.forbes.com/sites/centurylink/2013/08/06/from-disaster-to-happily-ever-after-a-roundup-of-recovery-trends

Tuesday, 06 August 2013 17:52

Training children in emergency preparedness

In July 2012, the Federal Emergency Management Agency (FEMA), through Administrator Craig Fugate, announced the following regarding youth disaster preparedness: “Youth have a unique ability to influence their peers and families to be more resilient, and children play an important role in disaster preparedness, during and after a crisis.”

According to FEMA, studies have shown “those households with schoolchildren who brought home preparedness materials are more likely to be prepared on a range of preparedness than households with schoolchildren who did not bring home preparedness materials.”

It is reported that 70% of households receiving preparedness information from their children have an emergency response plan they have discussed with family members compared to the national average of 45%. It appears the best champions for disaster preparedness are our children.

Some training can start at home before they’re old enough to attend school, when your children are of an age they can absorb information, and comprehend what to do with the information. Here are some things you can teach your children to get them started down the path of emergency preparedness:

...

http://journalstar.com/niche/neighborhood-extra/news/training-children-in-emergency-preparedness/article_62bba580-e289-54d2-bce9-713ddf927900.html

Tuesday, 06 August 2013 17:50

Lost in the privacy landscape

Australia’s privacy and data protection laws are hard to explain and often poorly understood. The first challenge is to explain that the Australian Privacy Commissioner sits in the Office of the Australian Information Commissioner (OAIC) and applies laws that the Australian parliament has misleadingly called ‘principles’.

The second challenge is describing how to read principles as laws and fit them together with other provisions in the Privacy Act that clearly are drafted as laws.

And then there’s the difficulty of trying to interpret these provisions when dealing with novel issues such as cross-border cloud deployment and access to personal information held in another jurisdiction (or jurisdictions unknown), geo-tracking of devices, data warehouses, virtualised servers, big data and customer data analytics.

...

http://www.cio.com.au/article/522929/lost_privacy_landscape

With the increase in the use of online services for government transactions, datacentres are a key focus of the government’s green IT strategy and the Green ICT Delivery Unit (GDU), according to its report.  

Over 80% of HMRC’s tax returns are submitted via the internet, suggesting the growing importance of public sector datacentres.

As a result, the Department for Food, Environment and Rural Affairs (Defra) is setting out best practice guidelines for public sector organisations to procure energy efficient datacentre and cloud hosting services. The guidance has been discussed with Intellect, the UK industry body and there have also been discussions with the European Commission (EC) via its EU-wide Green Public Procurement process.

The Greening Government: ICT Annual Report 2013 by Jennifer Rigby, chair of GDU and John Taylor, SRO for Green ICT and CIO at MoD also praised government CIOs and IT staff’s progress in implementing green IT strategies.

...

http://www.computerweekly.com/news/2240203146/Datacentres-are-a-key-focus-for-governments-Green-ICT-Delivery-Unit

Lancope has released a survey indicating that many enterprises possess an unrealistic confidence surrounding the security of their networks.

According to the survey, more than 65 percent of IT/security professionals did not think, or were unsure whether, they had experienced any security incidents within the last 12-18 months.

According to Lancope’s director of security research, Tom Cross, this scenario is not likely. “Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter,” he said. “I would assert that if you’re unsure whether or not your organization has had a security incident, the chances are very high that the answer is yes.”

The survey also revealed that 38 percent believe recent security incidents had no impact on their organization. According to Cross, “even the most basic malware infection has some financial cost to the organization, even if it’s just the cost to clean infected machines. Not to mention the additional serious consequences that can result from a breach, including data loss, customer distrust, regulatory fines and many others.”

...

http://www.continuitycentral.com/news06879.html

A crisis in 2013 vaguely resembles a crisis of 15 years ago. Today, social media can be both a curse and a blessing in an emergency. Managers must understand that with the power of real-time comes a huge responsibility to learn how to use the media responsibly. One piece of misinformation posted on social media during a crisis can start a cascade of panic that is almost impossible to stop. - See more at: http://blog.missionmode.com/blog/3-keys-to-using-social-media-responsibly.html#sthash.CBr4tPjV.dpuf

On July 2, the government of India released the National Cyber Security Policy 2013. This policy extends to a spectrum of ICT users and providers, including home users, SMEs, large enterprises, government and non-government entities. The policy aims to serve as an umbrella framework for defining and guiding the actions related to the security of cyberspace. The policy has been much delayed but is now released amid reports of snooping by the US globally - and ever-increasing threats to India as a country.

The policy defines 14 diverse objectives that provide an overview of the government’s approach to the protection of cyberspace in the country. A few objectives that will have a positive impact on S&R professionals in India caught my attention:

...

http://blogs.forrester.com/manatosh_das/13-08-05-is_india_geared_up_to_handle_the_dynamics_of_cyber_age

Today’s “social age” has brought many changes to the corporate world and increased the competitive threats enterprises have to deal with on an ongoing basis. Traditionally, competition has been upfront and direct with open head-to-head strategies to win customers and market share. But as the world approaches a complete “digital state” the competitive tactics against corporations have never been more threatening or aggressive.

As disruptive, non-traditional business competitors emerge, many of these organizations are adopting tactics that would typically be “off limits” to traditional corporations, including partnering with activist groups to attack and disrupt the market leader to damage the reputation and erode the financial state of the organization.

Many enterprises are no longer simply looking to compete, but actually to protect their operations against the disruptive, aggressive forces these non-traditional competitors are partnering with. To combat these unconventional tactics, traditional corporations are turning to real-time advanced social intelligence to receive deep, multidimensional insight on the tactics and actions.

...

http://www.riskmanagementmonitor.com/protecting-the-enterprise-against-unconventional-competitive-social-risks

Tuesday, 06 August 2013 17:20

Terrorism Risk and Insurers

Ratings agency Fitch has warned that failure to renew the federally backed Terrorism Risk Insurance Program could have a significant impact on the availability and pricing of workers compensation and commercial property insurance coverage.

Insurer credit ratings and the commercial mortgage backed securities (CMBS) market would also be affected.

The report comes as at least 19 U.S. embassies and consulates in the Middle East and North Africa remain closed through the week after the State Department issued a global travel alert to U.S. citizens due to potential terrorist threats.

Fitch notes that workers compensation insurers could be particularly vulnerable to large losses if an extreme terrorist event takes place without the federal terrorism reinsurance program in place:

...

http://www.iii.org/insuranceindustryblog/?p=3344

Tornadoes, hurricanes, wildfires or other natural disasters can bring your business to a screeching halt when the office is damaged or destroyed, and critical infrastructure is offline. Axcient, the leading cloud solution for eliminating application downtime and data loss, today outlined 10 disaster preparedness tips that can help your company prepare and respond to disasters, while keeping the business up-and-running and maintaining vital revenue.

“When Hurricane Sandy hit the East Coast last Fall, it resulted in $62B in damages and economic losses from businesses that were not able to operate because of flooded buildings, power blackouts and damaged communications infrastructure,” said Justin Moore, CEO at Axcient. “However, there were several success stories, where firms had disaster plans in place and were able to leverage cloud-based disaster recovery and business continuity solutions to weather the storm. Dozens of IT providers in Sandy’s path used the latest technology to spin up virtual offices in the cloud to keep employees productive while waiting for primary systems to come back online or be restored.”

These businesses had a clear emergency preparedness plan in place for their personnel and relied on technologies that can deliver real business protection exactly when it’s needed. 

Looking at examples of what enterprises did to successfully weather Hurricane Sandy and other natural disasters, Axcient developed the following 10 Disaster Preparedness Tips for Businesses:

...

http://www.bsminfo.com/doc/axcient-it-emergency-preparedness-businesses-weather-storm-0001?atc~c=771+s=773+r=001+l=a

Monday, 05 August 2013 15:11

Instilling Ethics in a Compliance Program

I continue to be astounded by one simple fact (candidly there are others) – companies do not understand that creating and maintaining an ethical culture improves bottom-line financial performance.  A commitment to ethics as an enhancement to an existing compliance program not only improves performance of the compliance program, but improves corporate profitability and long-term shareholder value.

From my days as a history major, I am reminded of the Luddites and their rejection of technology.  To me, the issue is remarkably similar – companies ignore ethics as a driver of compliance, but more importantly fail to recognize the importance of ethics a means to ensure business success and long-term viability.

There is an abundance of research proving that an ethical culture improves financial performance.  The link appears very logical and intuitive and research confirms the improvement to the bottom line.

...

http://www.corporatecomplianceinsights.com/instilling-ethics-in-a-compliance-program/

Monday, 05 August 2013 15:09

Business Continuity and the use of Robots

For most organisations, business continuity issues have more to do with breakdowns in everyday processes than with incidents in a nuclear reactor. However, events like the most recent catastrophe in Japan have catalysed discussions on the potential for using robots for recovery and continuity – discussions that could progressively include even ‘run of the mill’ incidents. The high radioactivity levels of the Fukushima reactor systems prevented human beings from being able to shut them off early enough to minimise damage. Correctly designed robots on the other hand might have been able to do this: however, while the use of robots in industrial applications and in space exploration is well-known, emergency situations require a different approach to robot programming.

The need to be able to issue simple, natural commands according to the need at hand, and the need for robots to respond to these commands are defining characteristics of these critical situations. Current pre-defined, pre-programmed robot activities do not allow for this. In tape archives for instance, robots organise tape cartridge picking, mounting, and storing, but do not step outside the narrow limits of an orderly process. Such robots are not designed to respond to abnormal situations such as fire or flooding. Recovery robots on the other hand would be expected to handle such events and understand spontaneous commands such as ‘shut the door’ or ‘go down the stairs’.

...

http://www.opscentre.com.au/blog/business-continuity-and-the-use-of-robots/

The all-Flash data center—it used to be considered something of a pipe dream. While solid-state storage has its uses, both costs and the complexity of modern data environments seem to demand mixed storage architectures for the time being. But as costs come down, more storage experts are looking at all-Flash, or perhaps Flash-dominant storage environments.

Storage has always been the laggard in the data-handling relay race, but recently the disparity has become stark. As virtual and cloud environments shift the burden away from processing power and even storage capacity, speed has become the determining factor in high-performance environments. According to Kaminario, more than 90 percent of the performance issues afflicting leading applications these days can be traced to storage. Whether it is web-facing OLTP or Big Data OLAP batches, the I/O culprit is almost always poor random read/write performance in legacy HDD arrays. The results were largely same across Oracle, SQL, DB2, MySQL and even unstructured data sets.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-argument-for-an-all-flash-data-center-becomes-hard-to-ignore.html

Instead of the teacher, I was the student.  I was “grasshopper”.

Recently, I had the opportunity to attend a Dale Carnegie workshop that my employer hosted as part of our employee development program.  The course was titled “How to Say What You Mean to Get the Results That You Want”.

I was pleased (confident) when throughout the class we talked about several topics that we also cover in the Community Emergency Response Team (CERT) Train-the-Trainer curriculum that I’ve been teaching for the past few years.

I thought I’d share with you some of the concepts, suggestions, and thoughts that I left the class with.

...

http://timbonno.wordpress.com/2013/08/02/trying-to-be-a-more-effective-communicator/

Monday, 05 August 2013 14:49

What We're Watching: 8/2/13

Posted by: Dan Watson, Press Secretary, Public Affairs 

At the end of each week, we post a "What We’re Watching" blog as we look ahead to the weekend and recap events from the week. We encourage you to share it with your friends and family, and have a safe weekend.

Photos of the Week
Here are a few of our favorite photos from the past week. Check out our Photo Library for more.

Moore, Okla., July 29, 2013 -- The American flag stands as a sign of strength in the foreground of the devastation left in the wake of the May 20th EF-5 tornado.

Old Bridge, N.J., July 27, 2013 -- FEMA Mitigation specialist Jenai Jordan and External Affairs representative Susan Langhoff provide information on mitigating disasters like Hurricane Sandy at the Home Depot Hurricane Workshop in Old Bridge, New Jersey.

White River, Mich., July 30, 2013 -- Muskegon County Road Maintenance Superintendent Laurie Peterson, views this very dangerous road washout. FEMA Public Assistance and Hazard Mitigation Grants become available following application and inspection and cover a significant portion of the cost of repair.

Weather Outlook
According to the National Weather Service, it doesn’t appear there will be any severe weather threats this weekend.  While there aren’t any significant weather threats at this time, weather conditions can change rapidly. We encourage everyone to monitor their local weather conditions online at www.weather.gov or on their mobile device at http://mobile.weather.gov.

While you’re out and about this weekend, take a few moments to make sure your family’s emergency kit is fully stocked as we head into the peak of hurricane season.  Last week we saw two Tropical Storms -- Dorian in the Caribbean and Flossie in the Pacific. These storms are great reminders that the time to prepare for tropical weather is now. Visit Ready.gov for a list of items that should be in your emergency kit and for safety tips on what to do before, during and after a hurricane.

Public-Private Partnership Conference
This week the Department of Homeland Security and FEMA, in association with the United States Northern Command and the American Red Cross, hosted the “Building Resilience through Public-Private Partnerships” conference.

The conference highlighted successful public-private partnerships, identified coordination gaps between public-private organizations, and engaged both sectors to determine how to further promote teamwork to make our communities and nation more resilient.

Here are a few tweets from the @FEMALive account, which covered live the conference live on Twitter:

Thanks to everyone who was able to participate and follow the discussion online!

For more information on how FEMA engages with the Private Sector, visit www.fema.gov/private-sector.

Have a safe weekend!

http://blog.fema.gov/2013/08/what-were-watching-8213.html

This summer’s floods in Alberta and Toronto highlight the importance of business continuity planning – a key part of any risk management strategy. It keeps employees productive and maintains essential business operations and customer satisfaction during any kind of interruption. However, according to IDC, only 44 per cent of Canadian large businesses, with more than 1,000 employees, had a continuity plan in place as of late 2011. Small businesses, with fewer than 100 employees, were even less prepared, with 25 per cent planning to launch business continuity plans in the next 12 months.

Here are some key steps to make sure your business operations can continue in the event of another major interruption:

1. Have executive buy-in. Support from executives or other senior leadership is critical for the success of a business continuity plan. Planning and execution will require their buy-in and attention to ensure that all processes are managed effectively.

...

http://www.theglobeandmail.com/report-on-business/small-business/sb-tools/top-tens/ten-ways-to-prepare-for-business-disruptions/article13476574/

Friday, 02 August 2013 15:54

NIH Announces Big Dollars for Big Data

Big Data is playing a huge role in medical research—some even believe it will be instrumental in finding a cure for cancer. Though in its early stages, harnessing the power of Big Data obviously has the potential to change medical research in a major way.

The National Institutes of Health apparently agrees. This week, the NIH announced funding for the establishment of six to eight investigator-initiated Big Data to Knowledge Centers of Excellence. The funding will be for up to $24 million per year for four years.

“The centers will improve the ability of the research community to use increasingly large and complex data sets through the development and distribution of innovative approaches, methods, software, and tools for data sharing, integration, analysis and management,” Scientific Computing reports.

...

http://www.itbusinessedge.com/blogs/integration/nih-announces-big-dollars-for-big-data.html

As we approach the peak of hurricane season, catastrophe modeler RMS has warned that storm surge poses a greater risk than hurricane wind.

RMS says its updated North American hurricane model shows there is a 20 percent chance that storm surge loss will be greater than wind loss for any U.S. hurricane that makes landfall. And for the northeast coast of the U.S. the risk is even higher.

Dr. Claire Souch, vice president, model solutions at RMS says:

Our model shows there is a 20 percent chance that storm surge loss will be greater than wind loss for any U.S. hurricane that makes landfall, which rises to almost 40 percent along the northeast coast of the United States – this is a risk the market can no longer afford to ignore.”

RMS’ updated North Atlantic hurricane model suite includes the ability to fully quantify the risk from catastrophic hurricane-driven storm surge.

...

http://www.iii.org/insuranceindustryblog/?p=3339

There is no doubt that companies understand the importance of business intelligence (BI) to supporting the efficient and effective running of the organisation.

Continued economic uncertainty and major industry-changing dynamics like mobility and the shift to digital business put a premium on data and information. Whether it's optimising processes, improving customer service, increasing the accuracy of marketing initiatives, breaking into new markets, or seeking ways to get ahead of the competition, firms recognise that getting the right data to the right person at the right time is a key prerequisite to business success.

However, recognising the importance of data and analytics is one thing. Actually putting in place the processes and tools required to deliver data and analytics in the most efficient and appropriate way to meet the needs of business decision-makers is a different matter:

...

http://www.computerweekly.com/opinion/Forrester-Best-practice-tips-for-business-intelligence-success

Cloud data storage and disparate privacy laws could be hampering companies fighting cyber attacks, according to Seth Berman, UK executive managing director of digital risk management and investigations firm, Stroz Friedberg.

He urged organisations to review cloud services contracts to prevent valuable time being lost when responding to a data breach incident.

“Companies are forced to fight attackers on multiple geographic fronts, but the complexities of the internet cloud and a patchwork quilt of data privacy laws means a prompt response is often difficult,” said Berman.

Cyber incident response plans must take into account any potential restrictions to access, but providers are rarely set up to support a victim's needs to obtain forensic images of their own servers.

...

http://www.computerweekly.com/news/2240203007/Cloud-service-providers-often-not-set-up-for-incident-response

Heightened regulatory scrutiny and greater concerns over risk governance have led financial institutions to elevate their focus and attention on risk management, a new global survey from Deloitte Touche Tohmatsu Limited (DTTL) finds. In response, banks and other financial services firms are increasing their risk management budgets and enhancing their governance programs.

According to Deloitte’s eighth biennial survey on risk management practices, entitled ‘Setting a Higher Bar,’ about two-thirds of financial institutions (65 percent) reported an increase in spending on risk management and compliance, up from 55 percent in 2010.

A closer look at the numbers finds, though, that there is a divergence when it comes to the spending patterns of different-sized firms. The largest and the most systemically important firms have had several years of regulatory scrutiny and have continued their focus on distinct areas like risk governance, risk reporting, capital adequacy, and liquidity. In contrast, firms with assets of less than $10 billion are now concentrating on building capabilities to address a number of new regulatory requirements, which were applied first to the largest institutions and are now cascading further down the ladder.

...

http://www.continuitycentral.com/news06877.html

Online threats and cyber crimes increase with intensity and complexity almost daily. Couple this with the fact that nearly all business functions rely on the Internet and IT in some way, and you have big reasons to fear a failure in your company’s online defenses.

The Department of Homeland Security has identified five main questions that c-level executives should consider when addressing cyber risks. These points are presented in the IT Download, Cybersecurity Questions for CEOs. The informative document covers these key questions and others that company leaders must evaluate in their organization to ensure company data and systems are safe from attack—questions that many executives never think to ask of their IT security team, such as:

  • How many cyber incidents do we detect in an average week?
  • How and when is executive staff notified of a breach or attack?
  • What are our current risks to attack?

According to the document, company leaders should take an active role in risk management discussions:

...

http://www.itbusinessedge.com/blogs/it-tools/five-points-about-cyber-risks-that-ceos-must-consider.html

Friday, 02 August 2013 15:35

How to Smooth IT-Business Friction

CIO — Who loves their IT department? Only one out of 10 have a positive sentiment toward IT support or service, according to a survey by BMC Software. A whopping 63 percent have a negative sentiment, while the rest take a neutral stance.

The vast majority of end-users shake their heads when it comes to IT's ability to respond and resolve to tech problems in a timely manner. The perceived impact this has on worker productivity is pretty bad, too.

"I hate calling the help desk at work," a survey respondent writes. "Not only are they useless, but the guys also do some excessive breathing into the phone."

BMC offers a few things both end-users and IT professionals can do to reduce this friction. End-users can have a "take your techie to lunch day," while IT can deploy a digital ticketing system that drives accountability.

Another potential fix that has been gaining steam lately is the enterprise Genius Bar. Companies such as SAP are taking a page from Apple's hands-on, consumer-friendly approach to solving tech problems. This trend is in the early stages, yet an enterprise Genius Bar has the potential to change the odd-couple relationship dramatically.

...

http://www.cio.com/article/737458/How_to_Smooth_IT_Business_Friction

I swear I could write about BYOD and the potential security problems every day until the foreseeable future. But I have to wonder if we are approaching the risks in the wrong way.

A new study by managed cloud services provider NaviSite found that while 80 percent of 700 IT decision makers agree that BYOD is the “new normal,” only 45 percent have a formal BYOD policy in their workplace.

That number is awfully low when you consider that even though BYOD is being thought of as the “new normal,” it isn’t exactly a new concept. After all, employees having been using personal computers and laptops for business purposes long before there were mobile devices. And mobile devices have now been around in the workspace for several years.

...

http://www.itbusinessedge.com/blogs/data-security/byod-remains-a-security-issue-but-does-apple-have-a-solution-in-the-works.html

Over half of UK IT managers believe a fully outsourced managed security service is necessary to support the roll-out and management of cloud technologies, a survey has shown.

The poll of IT managers across all sectors by Vanson Bourne revealed that 78% of respondents are concerned about how to migrate to online services securely.

“As more people introduce cloud services there may be an increase in the use of security in the cloud,” said the survey report.

The report said it is likely that most businesses are trialling the technologies before taking the next step, especially with an issue as important as security.

Only 5% of all IT managers saw no benefit in using a security as a service provider, but all those in the financial sector recognised the benefit of security services.

Just over two-thirds said security service providers should be held responsible for security breaches, indicating that few are willing to accept the security responsibilities of moving to the cloud.

...

http://www.computerweekly.com/news/2240202914/Security-services-vital-to-support-cloud-say-59-of-IT-managers

Thursday, 01 August 2013 15:13

Disease Spreading At Speed of Flight

Polio, not bird flu

[Updated on 1 August 2013 at end of entry]

Israel has recently reported several cases of polio.

Since Israel inoculates all children and new immigrants with anti-polio vaccine, the appearance of polio should tell risk management practitioners two things:

      One: In order to eradicate a contagious disease, the effort must be worldwide

Two: Communicable diseases can – and are – spread at the speed of flight.

According to Israeli sources ( http://www.israelnationalnews.com/News/News.aspx/), “The strain of polio virus recently discovered in southern Israel is exactly the same kind as the type of virus that is prevalent in Pakistan, and which existed exclusively in Pakistan until recently, reports the Pakistan-based publication Dawn.

“Dr. Nima Abid, a representative of the World Health Organization (WHO) in Pakistan, told Dawn that the virus was "definitely" from Pakistan, since “The virus genotype (genetic make-up) is the same as prevalent in Pakistan and this is what the research has indicated."

“The samples of the virus strain were found in sewage in Cairo, in December last year.

There had been no cases of polio in Egypt for five years previously, and the disease had been eradicated in Israel much before that, said the WHO official.”

Polio is not the only easily transmitted disease that requires international cooperation to eliminate.

...

http://johnglennmbci.blogspot.com/2013/07/erm-bc-coop-disease-spreading-at-speed.html

Thursday, 01 August 2013 15:12

Garbage In, Garbage Out

Last week I wrote about a train derailment on the line I take to work every day. It was the third derailment in only a few months for the MTA. It turns out that two sets of tracks were destroyed as the result of a derailment of 10 cars on a CSX train hauling garbage at night.

The MTA responded promptly and by the next morning had plans in place, using buses and a subway line to get people to work in Manhattan. That was a Friday, and by Monday garbage had been removed from the tracks and one track was replaced so that service could mostly be restored. The second track was back a few days later.

But a recent letter to the editor of our local newspaper gave the incident a new perspective. The reader pointed out that a CSX garbage train makes a trip four times each day to and from the Bronx, through Albany, to Virginia.

He stated, “The garbage is loaded next door to two gas-fired electric generating plants,” and pointed out that “every advanced country is converting garbage to gas for electric production – we are not.” Instead, we are hauling it to faraway locales to be placed in landfills.

...

http://www.riskmanagementmonitor.com/garbage-in-garbage-out/

Thursday, 01 August 2013 15:09

Do 1 Thing: Family Communication Plan

By Cate Shockey

This blog is part of a series, covering a preparedness topic each month from the Do 1 Thing ProgramExternal Web Site Icon . Join us this month as we discuss family communication plans.

For Do 1 Thing this month, it was time to sit down and create a family communication plan. The point is to be able to communicate with family members during a disaster.

On vacation with my family this month, we discussed how we would stay in touch in an emergency situation. Local phone calls can be overloaded in an emergency, so it’s important to choose a person that lives outside of the area to call if you’re not able to reach each other. Because I live in a different state than my family members, it was easy to decide that I would be their out of state contact, and my parents would be mine.

The next step was entering ‘in case of emergency’ numbers (ICE) into our phones. If you are hurt and unable to use your phone, first responders can call your ICE contact for you.

Here are a few things you can do this month to make sure you can stay connected toyour family in an emergency:

  • With the prevalence of social media, many people have found that the best way to communicate in the chaos of an emergency is to check in with others on Facebook, Twitter, and Instagram. In 2012, the American Red CrossExternal Web Site Icon reported that three out of four Americans (76 percent) expect help in less than three hours of posting a request on social media and 40% of those surveyed said they would use social tools to tell others they are safe (up from 24% in 2011).
  • Fill out a family communication plan Adobe PDF fileExternal Web Site Icon at Ready.gov. Keep a copy of your plan in your emergency supply kit or another safe place where you can access it in the event of a disaster.
  • Keep a car charger for your cell phone in your car. That way, if the power goes out, you can still charge your phone.
  • Remember that if your call won’t go through in an emergency, a text message might. Make sure everyone in your family knows how to send and receive text messages.
  • The American Red Cross Safe and WellExternal Web Site Icon website helps families keep in touch during a disaster. In an emergency, visit the website and enter your information as well as find information on others.

Check out Do 1 ThingExternal Web Site Icon for more tips and information, and start putting your plans in place for unexpected events. Are YOU ready?

Leave a Comment! Do you have a family communication plan? Have you ever had to use it?

http://blogs.cdc.gov/publichealthmatters/2013/07/do-1-thing-family-communication-plan/

It should come as no surprise that regulators and organizations alike struggle to set and enforce guidelines for social media activity. It’s not just that the rise of social media is rapidly transforming the way we interact with people, customers, and brands; but also how many ways this transformation is happening.

The core issue is that social media alters the way we as individuals share who we are, merging our roles as people, professionals, and consumers.  As we share more of ourselves on a growing number of social networks, questions quickly surface:

  • How frequently and on what social networks should we post?
  • When should we present ourselves in our professional role versus sharing our personal opinions?
  • Is it okay to be social media friends with co-workers, clients, or your boss?

These are complicated matters for individuals, and absolute conundrums for organizations concerned with how employees behave and interact with others in, and outside of, the workplace. Their questions are even more complicated:

...

http://blogs.forrester.com/nick_hayes/13-07-31-five_common_legal_regulatory_challenges_with_social_media

Thursday, 01 August 2013 15:06

Is it time for object storage to shine?

My previous column touched on the promise of storage virtualisation in an era of “software-defined everything” and other initiatives that promise to make storage much simpler to manage.

One option for time and cost-starved IT managers to rein in their storage spending is object storage.

Object storage, on paper at least, seems like an appealing option. It is radically simpler than traditional storage area networks (SAN) and even network-attached storage (NAS), it scales much better from a capacity standpoint, and it is especially well suited to cost-effectively storing lots of unstructured data – think files, videos, music and images – in this big data era.

Yet, according to our research, the adoption of object storage is a minority activity. In a recent study by 451 Research’s The Info Pro service, out of 275 storage professionals at mid-sized and large organisations, just under a quarter (24%) said they had already deployed object storage.

...

http://www.computerweekly.com/opinion/Is-it-time-for-object-storage-to-shine

Wednesday, 31 July 2013 18:57

This is not a test

FORTUNE -- Manpower -- SWAT teams, bomb squads, K9 units, scores of local police officers, and citizens providing information -- will forever receive credit for bringing down the suspects linked to the Boston Marathon bombings that killed three and wounded hundreds. But there was another, little-noticed participant in the manhunt: an emergency alert platform created by Glendale, Calif.-based Everbridge.

It was Everbridge's system that enabled officers to keep locals informed -- and safe -- as they tore through suburban streets in search of the suspects. Everbridge allows single entities to send thousands of messages at the push of a button, even if cell towers are down. (The system can send texts using Wi-Fi). During Boston's marathon bombings, local companies used the system to verify the safety of employees, hospitals used it to relay information to nurses, and police updated citizens with safety alerts and messages. "We really wanted to limit people being out [on the streets] so that those law enforcement folks could maneuver around the town," says Watertown Fire Chief Mario Orangio. "By getting that message out as quickly as we did, it helped immensely." At one point during the manhunt that resulted in the capture of suspect Dzhokhar Tsarnaev, the Watertown Fire Department sent out 11,000 messages in a 15-minute span using Everbridge, he added.

...

http://tech.fortune.cnn.com/2013/05/06/this-is-not-a-test/

CIO — Your organization will come under attack. It's not a matter of "if." It's a matter of "when." And security is no longer simply an operational concern. As technology has become the central component of nearly all business processes, security has become a business concern. As a result, information security should sit firmly on the boardroom agenda.

"If the worst were to happen, could we honestly tell our customers, partners or regulators that we've done everything that was expected of us, especially in the face of some fairly hefty fines that could be levied by regulators," asks Steve Durbin, global vice president of the Information Security Forum, a nonprofit association that researches and analyzes security and risk management issues on behalf of its members, many of whom are counted among the Fortune Global 500 and Fortune Global 1000.

"We're seeing, I think, not only that boards need to get up to speed on this, but also they need to be preparing their organization for the future," Durbin says. "They need to be determining how they can be more secure tomorrow than they were today."

...

http://www.cio.com/article/734273/CISOs_Must_Engage_the_Board_About_Information_Security

Today I’m going to discuss how a company can mismanage a crisis in a way that makes their plans backfire and blow up.

Of course a crisis cannot always be perfectly planed for or averted. There are a few ways for a social web team to turn a crisis around and even reap the benefits of said crisis.

Recently, Chipotle’s Twitter account was allegedly hacked with several incoherent tweets being published.

...

http://theguaranteedapplicant.wordpress.com/2013/07/30/crisis-management-fake-it-till-you-make-it-week-5/

Cloud computing gives organisations the opportunity to rethink many traditional IT practices, but it may be a particularly good fit for disaster recovery and business continuity.

Network World Editor in Chief John Dix caught up with IBM Distinguished Engineer Richard Cocchiara, who is CTO and the Managing Partner of Consulting for IBM's Business Continuity & Resiliency Services, for his perspective on the subject.

Cocchiara leads a worldwide team who work with clients on systems availability, disaster recovery planning, business continuity management and IT governance.

...

http://www.computerworld.com.au/article/522403/cloud_computing_causing_rethinking_disaster_recovery/

More than three quarters of IT professionals have experienced a data center outage in the past year, a report released on Tuesday by disaster recovery company Zerto said.

In a survey of 356 IT professionals, including IT managers, VMware and sys admins, Zerto found that 42 percent of respondents report to have experienced an outage in the last six months, with 86 percent of those incidents caused by something other than a natural disaster. The top two causes of a data center outage are hardware failure and power loss.

According to the report, 7 percent of companies have no disaster recovery plan at all, which is particularly disturbing when you see the different types of industries the respondents work in, including finance, healthcare, legal, education, pharmaceuticals and manufacturing. In a report from 2011, data center association AFCOM found that more than 15 percent of data centers have no plan for business continuity or disaster recovery.

...

http://www.thewhir.com/web-hosting-news/zerto-finds-7-percent-of-companies-dont-have-disaster-recovery-plan

After investigating alleged steroid use by New York Yankees third baseman Alex Rodriguez, Major League Baseball has reportedly offered him a plea deal. It’s the latest installment in a sad story, with important lessons for companies and workers, both inside and outside the ballpark.

Before allegations of his steroid use surfaced, Rodriguez had become one of baseball’s most storied – and lucrative – franchises and one of the wealthiest players in the game’s history. His annual earnings were $30.3 million according to FORBES’ latest estimates, making him #18 in the magazine’s list of the world’s highest paid athletes. Penalties and fines could mar his future earnings and what should be a hall-of-fame career.

 

 

These are some of the lessons that emerge for corporate America.

...

http://www.cio.com/article/737313/DDoS_Attacks_Getting_Bigger_But_Shorter_in_Duration

The surge of BYOD and mobile devices in general has unleashed havoc in mobile security in the enterprise. IT security managers have been attempting to deal with the fast influx of devices, but most are reeling from the overload of OSes, security issues, vulnerabilities and technologies aimed at securing such devices. In response to this, the National Institute of Standards and Technology (NIST) has provided an informative publication to assist IT organizations in securing mobile devices throughout their life cycles.

The Guidelines for Managing the Security of Mobile Devices in the Enterprise Download breaks down the issues surrounding mobile device security into manageable segments, including:

  • Defining Mobile Device Characteristics
  • Technologies for Mobile Device Management
  • Security for the Enterprise Mobile Device Solution Life Cycle

Within each section are many subsets of information to guide IT security teams in developing their own mobile device security management plan. According to NIST, organizations may not need to use all of the services covered, but services to be considered should include:

...

http://www.itbusinessedge.com/blogs/it-tools/create-a-solid-plan-for-mobile-device-security.html

Wednesday, 31 July 2013 14:51

Are Businesses Rushing to BYOD Too Quickly?

CIO — Are you breaking the law with your BYOD policy?

In a TEKsystems June survey of 3,500 tech professionals, 35 percent of IT leaders (such as CIOs, IT vice presidents and directors) and 25 percent of IT professionals (such as developers, network admins and architects) are not confident that their organization's BYOD policy is compliant with data and privacy protection acts, HIPAA, Dodd-Frank or other government-mandated regulations.

Half of the respondents also believe that 25 percent or more of sensitive data is at risk due to end users accessing this information over personal devices.

These and other alarming findings paint a disturbing picture: The race to embrace BYOD might be outpacing sound business practices.

...

http://www.cio.com/article/737277/Are_Businesses_Rushing_to_BYOD_Too_Quickly_

I’ve mentioned in previous posts that Big Data is more than just big. In order to realize its true value, it must be fast as well.

That means analysis has to approach real-time levels in order to ensure that the final product is relevant to the rapidly changing business environments in which most enterprises find themselves. And therein lies the problem, because while Big Data analytics platforms can be deployed on existing data center infrastructure, producing a real-time architecture will take a bit of work.

Hitachi Data Systems recently completed a study of UK organizations that have implemented Big Data strategies and found that more than half were still relying on outdated or inaccurate information because their legacy infrastructure could not meet the demands of real-time analytics. A key problem remains the stubborn presence of data silos within existing infrastructure, which prevent analytics engines from gaining a true picture of both structured and unstructured data sets. Not to mention, critical data is often kept hidden from decision makers because it can’t be made available on an organization-wide basis.

...

http://www.itbusinessedge.com/blogs/infrastructure/the-big-data-conundrum-is-your-infrastructure-lacking.html

Truly savvy managers know the value of information. It’s the stuff intelligent decisions are borne of. But in recent weeks, the international community and the US Federal Government have been howling over the data collection efforts of the National Security Agency, making arguments as to whether or not those efforts are in the interests of US national security and whether or not data mining is an invasion of individual civil liberties. The concerns being raised may be misplaced. The major concern may not be with the data, but with the information being derived from it.

Information is distilled data. Distillation is a process that profoundly alters the natural state of the data. Anyone who has ever distilled data knows that context, sampling procedures, and data aging all play significant roles in the value of the information derived there from. As managers and executives, we need to examine four key considerations whenever we’re using data and information to make critical business decisions:

...

http://blog.cutter.com/2013/07/30/gathering-intelligence-data-or-information/

Tuesday, 30 July 2013 16:42

ERM: Old concept, new ideas

CSO - Enterprise risk management (ERM) is hardly new. Eric Cowperthwaite, CISO at the nonprofit healthcare organization Providence Health and Services, recalls hearing the term for the first time in the late 1990s, "and it existed before then, even if we didn't call it that," he said.

Indeed, the term goes back several decades, according to Jeff Spivey, who is vice president at RiskIQ, president at Security Risk Management, and international vice president of ISACA.

"My father was involved in risk management beginning in 1968," he said. "What was then called 'risk management' is now called 'enterprise risk management.'"

John Shortreed, a member of the International Organization for Standards, which developed ISO 31000, one of the most prominent frameworks for ERM, says the framework has been "evolving and maturing over the last decade, in response to the increasing risks [in] our world" brought on by such varied factors as interconnectivity, climate change and economic upheaval.

...

http://www.networkworld.com/news/2013/072913-erm-old-concept-new-272302.html

While the tragedies of April 15 and April 18, 2013, are forever etched into the minds of the greater-Boston and MIT communities, 46 participants in the MIT Professional Education course Crisis Management and Business Continuity, had the opportunity to hear first-hand accounts of the events on Boylston Street and MIT’s campus from several key responding organizations, news outlets, an MIT alumnus, and several others on July 18 at the Stata Center.

The panel titled “The Boston Marathon bombings: Exemplary response amid horror,” was moderated by WBUR’s Deborah Becker, and included Edward Davis, Boston Police commissioner; James Hooley, chief of Boston EMS; Dr. Paul Biddinger, chief, Division of Emergency Preparedness, medical director, Emergency Department Operations, Massachusetts General Hospital; Imad Mouline, SB ’91, CTO, Everbridge, a Mass and Emergency Notification software company; Joe Sciacca, editor-in-chief of the Boston Herald; and Peter Casey, programming and news director, WBZ radio. William VanSchalkwyk, managing director, Environment, Health, and Safety Headquarters Office, MIT; and Helen Privett, business continuity manager at GMO, were also on hand.

...

http://web.mit.edu/newsoffice/2013/panel-draws-crisis-management-lessons-from-local-events.html

Colleges and universities are putting the financial and personal information of students and parents at risk by allowing them to submit such data to the school in unencrypted email.

That was a finding in a survey released Monday by Halock Security Labs after surveying 162 institutions of higher learning in the United States.

Half the institutions allowed sensitive documents to be sent to them in unencrypted emails, the survey said, while a quarter of the schools actually encouraged such transmissions.

"Typically, they do what they need to do to comply with regulations, but they're weak on risk management and actively controlling  and managing risk," Terry Kurzynski, a partner with Halock Security Labs, said in an interview.

...

http://www.cio.com/article/737252/Universities_Putting_Sensitive_Data_at_Risk_via_Unsecure_Email

Has a third-party vendor caused a data breach at your organization? If so, did the vendor notify you? If you weren’t notified during — or right after — the investigation you have plenty of company.

A new study conducted by the Ponemon Institute indicates that many business associates don’t notify their organizations of a data breach during the investigation or after determining the cause of the incident. In fact, 47 percent of those polled either have no timeframe for notification or they do not notify the organization at all.

 These facts alone are alarming but can be especially detrimental to an organization in the health care industry, where the new HIPAA Omnibus Final Rule broadens the definition of a data breach and calls for stricter enforcement and greater penalties. The Omnibus Rule took effect in March 2013, although organizations have until September to comply.

...

http://www.corporatecomplianceinsights.com/five-tips-for-minimizing-data-breaches-caused-by-third-party-vendors

A tremendous amount of attention has been lavished on machine-to-machine (M2M) communications. One of its great selling points is its ubiquity. It holds the promise of burrowing into the nooks and crannies of everyday life and providing communications affecting a massive number of mundane uses. It’s a terrific time and labor saver – if things go according to plan.

Believe it or not – and I know this is shocking – things don’t always go according to Hoyle. M2M, if compromised, can turn those rote procedures and promises into real headaches. The Internet of Things can turn into the Internet of Troubles.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/the-great-security-risks-and-rewards-of-m2m.html

It seems like barely a week goes by that there isn’t another development in the software-defined data center.

But as the advancements keep piling up, one thing is becoming clear--or less clear when you think about it. As more and more vendors, developers, systems integrators and data operators and providers enter the field, the more muddled it becomes. What once appeared to be a fairly straight-forward, albeit highly technical, means of extending the benefits of hardware virtualization across both localized and distributed infrastructure is quickly becoming a mish-mosh of platforms, architectures and design philosophies that could very well end up destroying the broad universality that the technology was supposed to engender.

In this way, software-defined tech is no different from the many IT evolutions of the past. Yet it is still painful to see another golden opportunity for widespread infrastructure interoperability slip through the data community’s grasp.

...

http://www.itbusinessedge.com/blogs/infrastructure/software-defined-everything-a-multitude-of-solutions.html

JERSEY CITY, N.J. – ISO announced today revisions to its e-commerce (cyber insurance) product. The E-Commerce Program enhancements from ISO introduce new insurance policies designed specifically for companies with a media liability exposure. Both a "claims-made" and "occurrence" version, each providing defense within limits, are available. ISO is a member of the Verisk Insurance Solutions group at Verisk Analytics (VRSK).

The new policies complement ISO`s existing cyber liability insurance policies: the Information Security Protection Policy (for commercial risks) and the Financial Institutions Information Security Protection Policy (for all financial institutions).

ISO`s media liability policies offer eight separate insuring agreements: media liability; security breach liability; programming errors and omissions liability; replacement or restoration of electronic data; extortion threats; business income and extra expense; public relations expense; and security breach expense. All of them can be written with separate limits and deductibles. Similar to the existing ISO cyber insurance policies, the new media liability policies have associated manual rules and loss costs.

...

http://finance.yahoo.com/news/iso-enhances-cyber-liability-insurance-140102430.html

Recent developments in the cybersecurity landscape have heightened interest in the challenges associated with accurately anticipating and understanding risk, and using that knowledge to better manage organizations.

Enterprises are better delivering risk assessment and, one hopes, defenses, in the current climate of challenging cybersecurity.

Nation-state types of threats may have a very serious impact on organizations. President Obama has directed the National Institute of Standards and Technology to develop a new cybersecurity framework. The administration has sharpened its focus on what can be done to improve cybersecurity throughout the United States' critical infrastructure.

In this podcast, a panel of experts discuss how predicting risks and potential losses accurately is an essential ingredient in enterprise transformation.

- See more at: http://www.ecommercetimes.com/rsstory/78587.html#sthash.uKinWVIy.dpuf

Recent developments in the cybersecurity landscape have heightened interest in the challenges associated with accurately anticipating and understanding risk, and using that knowledge to better manage organizations.

Enterprises are better delivering risk assessment and, one hopes, defenses, in the current climate of challenging cybersecurity.

Nation-state types of threats may have a very serious impact on organizations. President Obama has directed the National Institute of Standards and Technology to develop a new cybersecurity framework. The administration has sharpened its focus on what can be done to improve cybersecurity throughout the United States' critical infrastructure.

In this podcast, a panel of experts discuss how predicting risks and potential losses accurately is an essential ingredient in enterprise transformation.

- See more at: http://www.ecommercetimes.com/rsstory/78587.html#sthash.uKinWVIy.dpuf

Considering potential threats to an organization's reputation as part of the strategic planning process can help reduce such risks and even position a company to enhance its reputation by allowing it to prepare an effective response when an event occurs.

“I think there is a very powerful connection between strategic risk management and reputation and brand management,” said James W. DeLoach, managing director at consultant Protiviti Inc. in Houston.

“As we view certain events over the last several years, we have come to realize even the best household names, the best brands face their moment of crisis. No company is immune to the risk of a crisis,” Mr. DeLoach said.

...

http://www.businessinsurance.com/article/20130728/NEWS06/307289991#

Can you imagine a major industry which suffers a near death experience, angers its entire customer base—wholesale and retail, domestic and international—and yet refuses to publicly apologise and adopt a plan of action that commits the industry to not repeating the mistakes of the past. That is where the banking industry is at right now.

This lack of decisive action on the part of the industry’s leadership will do lasting damage to not only the industry but also to its as yet unforgiving customers and the global economy. Part of the problem is that the industry does not appear to even realise that it is in a crisis—one which has been brought about by a complete loss of public faith in its activities. That is a tragedy.

...

http://ledwidge.wordpress.com/2013/07/28/banks-desperately-need-a-crisis-management-plan/

Monday, 29 July 2013 15:57

The RAID5 delusion

Case in point
I spoke to the head of small company – about 25 employees – who had suffered a RAID5 drive failure. The 4TB RAID was used for file sharing.

A drive failed, reconstruction failed and vendor phone support was disastrous. All data was lost.

But the worst of it was that there was no backup. They believed that RAID5 would protect their data. They were wrong.

What RAID5 is for
RAID5 does offer some data protection assuming it works. But it's main purpose is to protect access to your data. This is why it is popular in enterprise applications where maintaining data access during a failure is of vital concern.

...

http://www.zdnet.com/the-raid5-delusion-7000018639/

While there’s a tendency to think of cloud computing as a nebulous IT experience that provides continuous access to files and applications, the reality of cloud computing is governed much more by the unforgiving laws of physics. In fact, cloud computing is little more than a massive exercise in distributed computing where the location of files and applications matters more than ever.

Given that reality, there’s a lot more interest these days in putting applications in the cloud as near to the core Internet as possible without being locked into a specific carrier for network services.

...

http://www.itbusinessedge.com/blogs/it-unmasked/equinix-makes-case-for-moving-cloud-to-the-network.html

Computerworld — There's a new C-level executive -- the Chief Digital Officer (CDO) -- in the boardroom, charged with ensuring that companies' massive stores of digital content are being used effectively to connect with customers and drive revenue growth.

At first blush, an executive title that includes the word "digital" would seem to encroach on IT's territory. Not so, observers say -- but that doesn't mean tech leaders don't need to be prepared to work closely with a CDO somwhere down the line.

Gartner last year reported that the number of CDOs is rising steadily, predicting that by 2015, some 25% of companies will have one managing their digital goals, according to analyst Mark P. McDonald. (See also CDOs by the numbers.)

While media companies are at the forefront of this movement, McDonald says, all kinds of organizations are starting to see value in their digital assets and in how those assets can help grow revenue.

"I think everybody's asking themselves whether they need [a CDO] or should become one," McDonald enthuses. "Organizations are looking for some kind of innovation or growth, and digital technologies are providing the first source of technology-intensive growth that we've had in a decade."

...

http://www.cio.com/article/737148/Chief_Digital_Officer_Hot_New_Tech_Title_or_Flash_in_the_Pan_

Monday, 29 July 2013 15:51

Cloud EHR Lessons Learned in Haiti

CIO — Healthcare providers in the United States have preconceived notions about electronic health records—namely, that EHR systems haven't lived up to their promise of transforming healthcare by improving efficiency and cutting costs.

The healthcare industry also has preconceived notions about cloud computing, too—namely, that the cloud isn't secure enough for patient data.

Go to Haiti, though, and the story's dramatically different. There are no preconceptions, no tales of IT implementations gone wrong and no government mandates to adopt technology. As one health worker told Pierre Valette, vice president of content communications for cloud EHR and practice management software vendor athenahealth, "They've got nothing to unlearn."

...

http://www.cio.com/article/737151/Cloud_EHR_Lessons_Learned_in_Haiti

We couldn’t let this week end without leaving you with another reminder of the unaddressed risks in BYOD practices. It’s a trend that shows no sign of slowing, as the risks may be multiplying faster than IT’s ability and willingness to take control in some organizations.

In a Fiberlink survey conducted by Harris Interactive among 2,064 U.S. adults earlier this year, respondents answered questions about how they use their personal and work-provided mobile devices, how they regard those devices, and which specific risky activities they have performed with those devices.

What have they been up to? Twenty-five percent had opened or saved a work attachment file into a third-party app like Dropbox. Twenty percent had cut and pasted a work-related email or attachment from company email to personal email. Eighteen percent had accessed websites blocked by company policy. Fifty-six percent reported they had not performed any of these activities. Since this is self-reported, we can assume these numbers are skewed to make the respondents look more chaste than they may really be.

...

http://www.itbusinessedge.com/blogs/governance-and-risk/will-dual-personas-be-the-answer-to-byod-risks.html

A recent study of 35 large organizations found that social data is still “largely isolated from business-critical enterprise apps” and is created in departmental silos.

The Altimeter Group study found that the average enterprise-class company owns 178 social accounts, with 13 departments “actively engaged” on social platforms. That’s creating serious social data silos, and, not surprisingly, there’s very little effort to integrate all this data.

You really didn’t need a crystal ball to see this coming. As long as businesses function in departmental silos, there will be data silos that mimic that structure.

The report also revealed it’s not always easy to integrate this data, attributing the issue to the fact that so many organizational departments touch the data, “all with varying perspectives on the information,” the article states, adding:

“The report also notes the numerous nuances within social data make it problematic to apply general metrics across the board and, in many organizations, social data doesn’t carry the same credibility as its enterprise counterpart.”

When social data is integrated with enterprise data, it’s usually through business intelligence tools (42 percent), followed by market research at 35 percent. CRM (27 percent), email marketing (27 percent) and sensor data (uh? 4 percent) are also points of convergence.

...

http://www.itbusinessedge.com/blogs/integration/enterprise-social-data-isolated-in-departmental-silos.html

Now that energy prices seem to have stabilized once again, there has been a noticeable shift in attitude surrounding the development and design of the next-generation, “green” data center.

It’s not that the IT industry has discarded the concept entirely--indeed, a number of high-profile projects are scheduled to break ground in the next few months--but there is growing disagreement over how to ensure that everyone’s needs are being met, including data providers, data consumers and the environment itself.

A key topic of debate is the use of renewable energy. Whether it’s wind, water, solar, geothermal, etc., questions are surfacing as to whether full or even partial dependence on renewables is right for the data center. It’s important to note that some of the criticisms are coming from leading environmental researchers, not the data center industry.

...

http://www.itbusinessedge.com/blogs/infrastructure/renewable-energy-for-the-data-center-where-when-and-how.html

CIO — Earlier this week, Intel discussed its plans to forever change the data center as we know it.

Intel, a core technology maker, is now aggressively moving from servers into networking and storage and partnering with segment leaders such as Cisco Systems and EMC along the way. This could make the near future rather interesting.

 

Think RAID, But With Cheap Processors

For a while, I was convinced that Intel wouldn't catch this wave. Years ago, Microsoft began an initiative to rethink the data center as kind of a modular server. Applying a RAID-like concept to low-cost processors stood at the center of this effort. Replacing the "D" in RAID with a "P" would give any CMO a heart attack, so the concept never got a catchy name—but, on paper, it was poised to reduce computing costs dramatically.

...

http://www.cio.com/article/737027/How_Intel_Plans_to_Destroy_the_Legacy_Data_Center

By far the majority of reputation crises I’ve been involved in have a very, very important question at the core: how do we avoid fanning the flames? There is a very real danger in communicating about an event of actually doing harm rather than improving the situation. The greatest danger, of course, is bringing a bad story to the attention of others who otherwise would not even be aware of it.

The understandable fear of this I believe is the main cause for the other problem which is “too little, too late.” When actions taken, or messages communicated about a big problem, are seen as coming slowly only as a result of outrage or pressure, then reputation damage can be severe.

This is a dilemma, a clear example of being between a rock and a hard place. And almost everyone wants to know how to make a sure-fire strategy decision that doesn’t cause harm in either direction.

...

http://ww2.crisisblogger.com/2013/07/crisis-strategy-how-to-avoid-fanning-the-flames/

Two months after Hurricane Sandy pummeled New York City, Battery Park is again humming with tourists and hustlers, guys selling foam Statue of Liberty crowns, and commuters shuffling off the Staten Island Ferry. On a winter day when the bright sun takes the edge off a frigid harbor breeze, it's hard to imagine all this under water. But if you look closely, there are hints that not everything is back to normal.

Take the boarded-up entrance to the new South Ferry subway station at the end of the No. 1 line. The metal structure covering the stairwell is dotted with rust and streaked with salt, tracing the high-water mark at 13.88 feet above the low-tide line—a level that surpassed all historical floods by nearly four feet. The saltwater submerged the station, turning it into a "large fish tank," as former Metropolitan Transportation Authority Chairman Joseph Lhota put it, corroding the signals and ruining the interior. While the city reopened the old station in early April, the newer one is expected to remain closed to the public for as long as three years.

Before the storm, South Ferry was easily one of the more extravagant stations in the city, refurbished to the tune of $545 million in 2009 and praised by former MTA CEO Elliot Sander as "artistically beautiful and highly functional." Just three years later, the city is poised to spend more than that amount fixing it. Some have argued that South Ferry shouldn't be reopened at all.

...

http://www.motherjones.com/environment/2013/07/hurricane-sandy-global-warming-flooding

When I was 21, I almost lost several hundred million dollars by threatening to mutilate one of our customers.

In my senior year in college, I worked full time as an intern PM at NetApp NTAP -1%. I spent most of that time at work being groomed and prepared to be a full PM, and given that my background was in cryptography I got pulled into a lot of customer meetings related to security.

One of our customers at the time was undergoing a big change with their security architecture,  and I tagged along with one of the directors to the meeting. I was one of ten PMs giving talks on roadmap and our plans, and I had 30 minutes to convince their CIO and CEO that we could integrate our new systems well with the new security infrastructure they were rolling out.

...

http://www.forbes.com/sites/quora/2013/07/26/what-is-the-most-catastrophic-error-made-by-an-intern-at-a-tech-company/

WASHINGTON, D.C. — U.S. small businesses — widely recognized as the backbone of the U.S. economy — are particularly at risk from extreme weather and climate change and must take steps to adapt, according to a new report from Small Business Majority (SBM) and the American Sustainable Business Council (ASBC).

Titled “Climate Change Preparedness and the Small Business Sector,” the report concludes: “Because small businesses are distinctly critical to the U.S. economy, and at the same time uniquely vulnerable to damage from extreme weather events, collective actions by the small business community could have an enormous impact on insulating the U.S. economy from climate risk.”

Featuring case studies from the retail, tourism, landscape architecture, agriculture, roofing and small-scale manufacturing sectors of the U.S. economy, the Small Business Majority/ASBC report finds:

...

http://www.manufacturing.net/news/2013/07/report-small-businesses-uniquely-vulnerable-to-climate-change-extreme-weather

By David Zahn, FuelQuest

Hurricane season began June 1 and will last for six months. The National Oceanic and Atmospheric Administration (NOAA) predicts 2013 will be an above-average year for tropical storms and hurricanes. NOAA estimates anywhere between 13 and 20 named storms (sustained winds of 39 miles or greater) and between seven and 11 hurricanes (sustained winds of 74 miles or higher), with three to six of those storms possibly becoming at least a Category 3 (111 miles per hour or higher winds).

Contrasted against seasonal averages of 12 named storms, six hurricanes and three major hurricanes, communities, businesses and governments are on notice for 2013.

The devastating, crippling and deadly nature of these storms is without compare. Hurricane Sandy, which hit the New Jersey coast on Oct. 29, illustrates this fact well. According to the National Hurricane Center, Sandy impacted 24 states, caused 72 deaths and generated more than $50 billion in damages. It also left more than 8.5 million customers without power.

...

http://www.csnews.com/top-story-expert_columns-hurricane_preparedness_starts_with_a_storm_-64146.html

“Business Continuity Planning: Is it an Art or a Science?” That discussion rages on, with as much intensity as the chicken-or-the-egg controversy.  But there is no doubt when it comes to Incident Management – there must be an underlying science for the response to be predictable and effective. One key element of that science is the “Causality Chain”, knowledge which can lead to a predictive response (the selection of appropriate strategies, tactics, actions, or plan to invoke) in any disruptive incident.

An understanding of the Causality Chain should start with an understanding of the organization model.  An organization, in its simplest form, can be represented as a collection of interdependent assets – People, Facilities, Processes, Technology and Supply-Chains – all engaged in delivering products and/or services. This is true in any industry; products and services are an outcome in manufacturing, retail, finance, energy, communications, information, services and everything else – including non-profits and government.

...

http://ebrp.net/the-importance-of-causality-chain-in-effective-incident-management/

By Brandon Butler

Network World — Oracle had a busy couple of weeks at the end of June, rolling out a new version of its database software and announcing partnerships with Microsoft, Salesforce.com and NetSuite. In doing so the company who's CEO Larry Ellison at one time bemoaned cloud computing has almost overnight become a major player in the industry. Here's why.

The moves are not just significant for Oracle; the partnerships that the company has garnered are significant to the partnering with Microsoft and Salesforce, too. And they'll also reverberate across the industry to competing companies such as Amazon Web Services and SAP, predicts Holger Mueller, vice president at Constellation Research who recently published a report about these developments. "The bottom line: Oracle technology will play a fundamental role accelerating cloud adoption," he writes.

...

http://www.cio.com/article/736984/3_Things_Oracle_has_Done_to_Become_a_Big_Cloud_Player

Disaster Recovery and Business Continuity are completely different. They are siblings but still two separate and unique topics. Disaster Recovery is technology + process + people for IT systems. Business continuity is people + process for business functions. You can have Business Continuity without Disaster Recovery. The opposite is a total waste of money. If there is no plan for the business to recover and connect to IT systems, you are pouring money down the drain.

In addition, Disaster Recovery is not all about technology. There have been some good discussions about Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) in the industry. However, the linkages to the business functions have not thoroughly been detailed. Even large companies have issue with correlating the IT systems to business functions. In fact, one very large airline I worked with is a perfect example. They named 55 mission critical business functions. IT identified 55 mission critical applications. After some due diligence in aligning business function to applications, only 9 of the applications named by IT supported mission critical business functions and 46 mission critical business functions were not properly supported. So, there were many applications which had clusters, replication, and expensive Disaster Recovery techniques employed that did not need it.

...

http://mdjohn.wordpress.com/2013/07/25/disaster-recovery-business-continuity-operational-recovery-clearing-up-misconceptions/

When a deluge of rain and river water hit Calgary's streets last month, many of the city's businesses were forced to shut their doors and stop employees from coming into work. In fact, an estimated 180,000 workers that live in the downtown core and were forced to evacuate from their homes had no way of getting to work. Some of the country's largest energy corporations were forced to contact staff through social media channels to notify them that their workplaces were no longer accessible. Others asked available staff to log in remotely if they could do so safely. And others set up makeshift satellite offices outside the areas affected by the flood and asked workers to convene at the nearest one instead of overloading the computer systems by logging in remotely all at once.

While the cost of Calgary's floods to local businesses is still being tabulated, the overall economic cost is estimated to be more than $1-billion. Much of that will be related to business losses in the wake of the flood. Tragedies such as the Alberta flood bring to the fore more frequently the often-overlooked issue of risk management and business continuity planning.

...

http://www.canada.com/news/Alberta+floods+vivid+reminder+growing+relevance+business+continuity+plans/8703299/story.html

Thursday, 25 July 2013 15:41

Plan Vs. Technology

Technology is not a Plan. Technology enables a Plan. A Plan coordinates the people and processes that are then enabled by the technology. A replication package only “copies” (I realize it does more than copy, but for simplification purposes that’s what we will call it) bits from one location to another one. How do you decide what to replicate? How do you decide whether there is corruption? How do you handle a hardware failure on one or both of the arrays which are involved in the replication during a disaster? Who declares disaster? Who makes the decision to purchase an array, if necessary? How do you communicate between team members if cell phones and land lines are down? Where do you go to connect if the normal location is inaccessible (blocked off by police, etc.)?

These are the things that a Plan addresses. Apologies for stating the obvious for some. As you can tell, one of my pet peeves is the belief by IT that technology IS the Plan. The same is true for the business assuming that because they think it is “backed up” it is instantly available and synchronized.

...

http://mdjohn.wordpress.com/2013/07/24/plan-vs-technology/

The Wharton School’s Risk Management and Decision Processes Center is joining forces with Zurich Insurance Group in an effort to enhance flood resilience.

In this one-of-a-kind multiyear interdisciplinary approach, Wharton and Zurich, which provides a wide range of insurance services worldwide, will expand upon current research on flood resilience, risk reduction and economic and communal security.

The Risk Management and Decision Processes Center focuses its research on catastrophic risk management as it applies to manmade hazards — floods impact more people across the globe than does any other natural disaster.

“Catastrophic floods — from hurricanes such as Katrina or Sandy, from tsunamis, or from inland flooding as recently happened in Europe—have caused billions of dollars in losses and displaced millions of individuals and businesses in recent years,” Managing Director of the Wharton Risk Center Erwann Michel-Kerjan, who will lead Wharton’s research efforts, said in a statement.

...

http://www.thedp.com/article/2013/07/wharton-partners-to-study-flood-resilience

Data storage has always been a challenge but in recent times it has become harder to manage, purely because of the sheer amount of information organisations are dealing with. This includes structured data from enterprise systems and unstructured data from social networks – all accessed using connected and increasingly, mobile devices.

These trends have raised significant issues for storage managers around how to best manage capacity to cope with the constant influx of data, while optimising performance, managing disaster recovery activities and controlling costs. At the same time, IT managers and other technologists have more choice than ever when it comes to controlling storage infrastructure – including managing all or parts of their storage onsite or in the cloud.

Throughout May and June, IT leaders discussed these issues and more at a series of Computerworld roundtable events in Brisbane, Melbourne, Perth and Sydney, sponsored by IBM.

...

http://www.computerworld.com.au/article/521930/computerworld_lunch_report_future_storage/

Arlington, VA - Today, the Ethics Resource Center released its latest report, National Business Ethics Survey of Social Networkers: New Risks and Opportunities at Work. The study investigates how social networking is affecting the way work gets done, reshaping relationships among workers at all levels of an organization, and altering attitudes about the type of conduct that is acceptable in the workplace.

Major findings show that the more active the social networker, the more likely they are to encounter ethics risks (witness misconduct, feel pressure to compromise standards, and experience retaliation for reporting misconduct). The report also indicates that, despite what many think, social networks are not only for younger employees. Forty-seven percent of active social networkers are under the age of 30, but not far behind, 40 percent are between the ages of 30 and 44.

“Social networking is transforming the office environment in unpredictable ways, with changes that could potentially involve employees at all levels.” said ERC’s President, Dr. Patricia J. Harned. “It is important that those in leadership roles do not fall behind the curve, so they are prepared to act in ways that will seize the opportunities social networking creates, while limiting the risk.”

...

http://www.corporatecomplianceinsights.com/news/three-out-of-four-social-networkers-are-logging-in-on-company-time-ethics-resource-center-reports/

Thursday, 25 July 2013 15:30

12 Predictive Analytics Screw-Ups

Computerworld — Whether you're new to predictive analytics or have a few projects under your belt, it's all too easy to make gaffes. "The vast majority of analytic projects are riddled with mistakes," says John Elder, CEO at data mining firm Elder Research.

Most of those aren't fatal -- almost every model can be improved -- but many projects fail miserably nonetheless, leaving the business with a costly investment in software and time, and nothing to show for it.

And even if you develop a useful model, there are other roadblocks from the business. Elder says that 90% of his firm's projects are "technical successes," but only 65% of that 90% are ever deployed at the client organization.

We asked experts at three consulting firms -- Elder Research, Abbott Analytics and Prediction Impact -- to describe the most egregious business and technical mistakes they're run across based on their experiences in the field. Here is their list of 12 sure-fire ways to fail.

...

http://www.cio.com/article/736882/12_Predictive_Analytics_Screw_Ups

Chances are your organization is so reliant upon IT services that it couldn't function without it. That's why business continuity planning often falls under the purview of the IT department, even though it affects the entire company.

This is both a great thing and a not-so-great thing. On one hand, IT knows that it's covered in the event of a crisis. On the downside, the rest of the company is often left thinking, "Not my problem." So when the time comes for IT to test the disaster recovery models, the rest of the business often won't tolerate being put offline for the sake of business continuity testing. It's no wonder that only 40% of IT organizations have tested their disaster recovery plans in the last 12 months. It's no easy task, but a rock-solid business continuity plan is mission critical for high-functioning, mature companies.

...

http://www.informationweek.com/creative-tests-for-your-business-continu/240158780

Pointing out how poorly you pay your own employees is a crisis management faux pas

So, you set out to create a website, accessible to the public, aimed at helping your employees budget. You have hopes of helping them out, but let’s be real here, you’re also looking to grab you some good PR in the process. Once you get started, however, you realize that there is no way a typical employee at your organization makes enough to live on, even with a second job, and leaving out minor expenses like food, water, and clothing…because those are luxury items, right?

Most of us would scrap the project on the spot, but not McDonald’s! The company, which has already run into a few stumbling blocks while getting acquainted with how the modern web works, must not have thought it was a problem because they went live. As could be expected, the company took a beating in the media, largely as result of the buzz generated following video, from the activists at Low Pay is Not Okay:

- See more at: http://managementhelp.org/blogs/crisis-management/2013/07/23/mcdonalds-callous-crisis-management-mistake/#sthash.M923gTRZ.dpuf

Pointing out how poorly you pay your own employees is a crisis management faux pas

So, you set out to create a website, accessible to the public, aimed at helping your employees budget. You have hopes of helping them out, but let’s be real here, you’re also looking to grab you some good PR in the process. Once you get started, however, you realize that there is no way a typical employee at your organization makes enough to live on, even with a second job, and leaving out minor expenses like food, water, and clothing…because those are luxury items, right?

Most of us would scrap the project on the spot, but not McDonald’s! The company, which has already run into a few stumbling blocks while getting acquainted with how the modern web works, must not have thought it was a problem because they went live. As could be expected, the company took a beating in the media, largely as result of the buzz generated following video, from the activists at Low Pay is Not Okay:

- See more at: http://managementhelp.org/blogs/crisis-management/2013/07/23/mcdonalds-callous-crisis-management-mistake/#sthash.M923gTRZ.dpuf
Wednesday, 24 July 2013 16:15

Dreamworks builds disaster recovery program

If a major earthquake hits Glendale, one of the city's largest businesses, DreamWorks Animation, wants to get back to work as soon as possible — and has partnered with the city on a new program to make that happen.

On Monday, officials from the city of Glendale and the animation studio announced the new partnership, called the "Back to Business" program, during a press conference on DreamWorks' campus on Flower Street.

City Building Official Stuart Tom said the program allows businesses to pre-qualify to perform their own damage assessments with private engineers, who are 'deputized' on a case-by-case basis, in the wake of a disaster.

...

http://articles.glendalenewspress.com/2013-07-23/news/tn-gnp-me-dreamworks-builds-disaster-recovery-program-20130723_1_glendale-water-power-dreamworks-earthquake

Over the past 2½ years, Christchurch's business environment has challenged many assumptions and contracts. In this six-part series, lawyers from Christchurch legal firm Malley & Co look at some of the lessons all businesses can learn. In this article Michael McKay looks at some of the insurance issues.
 
Repairs to earthquake damaged shops on New Regent Street after the Christchurch earthquakes. If a loss in profit was because of damage to a business's property, it was likely to be covered by insurance. If, however, the loss was due to fewer customers visiting the affected area, it may be excluded under another circumstances clause. Photo / File
Repairs to earthquake damaged shops on New Regent Street after the Christchurch earthquakes. If a loss in profit was because of damage to a business's property, it was likely to be covered by insurance. If, however, the loss was due to fewer customers visiting the affected area, it may be excluded under another circumstances clause. Photo / File
 

Insurance is one of the biggest business issues to emerge from the Christchurch earthquakes.

It's led several businesses to consider whether they can claim under their existing policy and whether that policy is still appropriate.

After the earthquakes, it became apparent that many insured and insurers held different views about the scope of their policies. Policy provisions were often untested, and interpretations differed.

...

http://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10902530&ref=rss

Wednesday, 24 July 2013 16:00

Will CSOs Become CROs in the Future?

CSO — Few would deny the chief security officer role has evolved quite a bit in recent years. At many large companies, the heads of both physical and information security now report in to the same person, an enterprise CSO. The pace of change for the function is accelerating along with the ever-changing nature of threats.

Today, many believe CSOs will morph, sooner rather than later, into chief risk officers (CROs), monitoring and mitigating enterprise risks, including those relating to information security and facilities (but excluding financial risks, which are covered by the more traditional CRO function in large companies). At a high level, the new responsibilities include understanding your company's risk profile and risk appetite and then mitigating the risks accordingly.

...

http://www.cio.com/article/736804/Will_CSOs_Become_CROs_in_the_Future_

CSO — A recent study that greatly reduces an often-cited estimate on the economic impact of cybercrime and cyberespionage should not give companies a reason to spend less on security, experts say.

The McAfee-sponsored report, released on Monday, found that Internet-based crime and spying cost the U.S. economy as much as $100 billion a year, not the $1 trillion originally estimated by the Intel-owned security vendor. The study was done in conjunction with the nonprofit Center for Strategic and International Studies.

...

http://www.cio.com/article/736861/Don_t_Be_Fooled_By_Study_s_Dramatically_Lower_Cyberthreat_Estimate_Experts_Say

You work in compliance. Now you are on the horns of a dilemma.  Are you going to become a whistleblower or not?

Serious Misconduct

You have learned of serious misconduct within your organization that has been overtly or tacitly approved by high-level management.   You have alerted those above you –or outside counsel– about the misconduct or have tried your best to put a stop to it.  But neither has worked.  You are appalled by what you have witnessed and may even be concerned with being held accountable if and when the misconduct gets exposed and turns into a civil or criminal action.  You understandably are worried about your reputation, both professionally and personally.  You’re near the end of your rope.  Perhaps, you’ve even spoken out so vehemently that you’ve already lost your job.

...

http://www.corporatecomplianceinsights.com/when-compliance-has-to-consider-blowing-the-whistle-some-pros-and-cons/

On July 22, 2013, a 6.6 magnitude earthquake, followed by hundreds of aftershocks, jolted China’s northwest Gansu Province, one of the country’s most under-developed regions. Ninety four people were initially reported dead, although that number is likely to rise in coming days. Hundreds were injured and some 227,000 people were displaced by the earthquake, which damaged 127,000 homes. Heavy rain is forecast to hit the affected area—potentially affecting rescue and relief efforts and increases chances of landslides or houses collapsing.

The Red Cross Society of China immediately responded to assess needs on the ground and dispatch relief supplies, including tents, family kits, jackets and quilts, and more items are being mobilized from warehouses around the country. A 24-member health Emergency Response Team, including volunteer doctors and psychosocial specialists, have also deployed to the affected area.

China is one of the world’s most disaster-prone countries—with approximately 70% of its cities and half of its population located in disaster-prone areas. Earlier this year, the Red Cross Society of China responded to a 7.0 magnitude earthquake in the hit Sichuan province, which killed 196 people and injured over 13,400.

The International Federation of Red Cross and Red Crescent Societies is closely monitoring the situation together with the Red Cross Society of China.

http://newsroom.redcross.org/2013/07/23/disaster-alert-earthquake-in-chinas-gansu-province/

Wednesday, 24 July 2013 15:51

… addicted to thinking

Every so often I find something that sparks me out of the intellectual wasteland that so much of the debate around risk, BC and resilience seems to have become. One example is the book I recently finished reading - Addicted to Performance by John Bircham and Heather Connolly.

I would recommend this to those interested in risk and resilience thinking.
If your primary approach to risk, BC and resilience is standardised, templated and adhering to conventional wisdom – rather than application of critical thinking – this book is for you. But you may not fully appreciate that.

...

http://www.blog.vrg.net.au/reflection/reviews/addicted-to-thinking/

Company Growth Rate Remains Above 40% as Company Exceeds $43 Million in Annualized Revenue

 

HOUSTON, TX – Alert Logic (www.alertlogic.com), the recognized leader in Security-as-a-Service solutions for the cloud, today announced GAAP revenues for the quarter ending June 30, 2013 of $10.1 million, up 43 percent from the second quarter of 2012, and up 7 percent from the first quarter of 2013. Alert Logic’s annualized revenue under contract in the month of June 2013 exceeded $43 million, and is tracking ahead of the company’s plan to reach a $50 million run-rate by the end of 2013.

Alert Logic realized strong Q2 momentum within the public cloud sector as the company’s release of Threat Manager for Cloud and Log Manager solutions helped secure more than 100 Amazon Web Services customers.

“Our strong growth this quarter keeps us on track to reach our goal of being a $50 million business by the end of 2013,” said Gray Hall, Alert Logic’s president and CEO. “Our new product releases from the second half of 2012 and the first half of 2013 helped fuel our growth this quarter, and we expect a similar boost in the future from the exciting new products and capabilities we plan to launch in the second half of 2013.”

To date, Alert Logic has more than 2,200 customers using its Security-as-a-Service solutions, both via service providers and directly from Alert Logic.

Alert Logic’s notable highlights for Q2 2013 include:

·         Releasing the next generation of Threat Manager, the first fully managed threat management solution deployable in any elastic cloud infrastructure, irrespective of hypervisor and networking architecture.

·         Being named a “Cool Vendor“ by Gartner in its 2013 Security Services report, which recognizes Alert Logic for its innovative business model, intrusion detection, vulnerability assessment, log management and web application firewall Security-as-a-Service solutions and cloud-based architecture.

A privately held company, Alert Logic publicly reports its Generally Accepted Accounting Principles (GAAP) revenue results and growth rates quarterly, in addition to its annualized recurring revenue under contract. Alert Logic’s financial statements have been audited in accordance with GAAP since 2005. All Alert Logic revenue is derived through long-term subscription contracts, consistent with the company’s Security-as-a-Service business model. Alert Logic’s solutions are sold directly to enterprise customers and through a diversified channel of resellers and cloud service provider partners.

Alert Logic specializes in providing a portfolio of Security-as-a-Service solutions for customers of hosting and cloud service providers. More than half of the largest managed hosting and cloud service providers use Alert Logic to secure their customer environments, making Alert Logic the de facto standard for securing infrastructure in hosted and cloud environments.

Alert Logic’s Security-as-a-Service solutions provide customers four distinct advantages: market-leading security tools, a fully outsourced and managed SaaS delivery model, integrated 24×7 Security Operations Center (SOC) services to monitor and provide expert guidance, and the ability to deploy wherever a customer has IT infrastructure, including the cloud.

 

 

About Alert Logic
Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud, provides solutions to secure the application and infrastructure stack. By integrating advanced security tools with 24×7 Security Operations Center expertise, customers can defend against security threats and address compliance mandates. By leveraging an “as-a-Service” delivery model, Alert Logic solutions include day-to-day management of security infrastructure, security experts translating complex data into actionable insight, and flexible deployment options to address customer security needs in any computing environment. Built from the ground up to address the unique challenges of public and private cloud environments, Alert Logic partners with over half of the largest cloud and hosting service providers to provide Security-as-a-Service solutions for business application deployments for over 2,200 enterprises. Alert Logic is based in Houston, Texas, and was founded in 2002. For more information, please visit www.alertlogic.com.

A policy debate is raging in Europe over cloud computing and those who want to bind the cloud in over-prescriptive regulation threaten to prevent the benefits of the new technology being felt, argues Thomas Boué.

Thomas Boué is director of government relations for Europe, the Middle East and Africa at the Business Software Alliance, a trade association.

A quiet battle of wills has broken out among European policymakers who are pushing competing visions for how to capitalise on the most significant wave of innovation now underway in information technology: cloud computing.

All agree that by creating a new, more efficient architecture for computing, the cloud offers vast economic benefits. It lets enterprises avoid the cost of buying and maintaining some of the IT hardware and software they need to run their operations. Instead, they can have their computing resources delivered over the internet, as infinitely scalable services. For established companies, this creates cost savings that can be reinvested in the core business. For smaller start-ups, it represents one less obstacle on the path to growth.

But while some rightly see the cloud as an opportunity to accelerate commerce and expand global trade in digital services, others harbour more protectionist urges, focused on creating a European fiefdom in the cloud at the expense of global scale.

...

http://www.euractiv.com/infosociety/overbearing-data-protection-rule-analysis-529494

"Well, it will never happen!" is an underlying rationale when nonprofits fail to engage in risk management practices.

When "it" does happen, leadership's first question often is "Can we (translated: ‘me') be sued?"

At this point their question is neither timely nor relevant. The relevant question is whether the party harmed can recover from the nonprofit. The answer often confirms the "ounce of prevention" principle. To prevent harm and to minimize its impact requires an effective risk management strategy.

...

http://www.philanthropyjournal.org/resources/managementleadership/risk-management-everyone%E2%80%99s-ounce-prevention

What if you could look over the shoulder of every one of your customers as they used your mobile apps, web pages, kiosks, and other digital channels? What could you learn? How might you use what you learn to dynamically adjust your digital experiences?

In the days when web applications were king, this type of insight was doable with simple web analytics and similar tools. Today, continual experience optimization is much more difficult because of:

...

http://blogs.forrester.com/randy_heffner/13-07-23-digital_customer_experiences_integration_opens_a_world_of_optimization_possibilities

Yesterday Intel had a major press and analyst event in San Francisco to talk about their vision for the future of the data center, anchored on what has become in many eyes the virtuous cycle of future infrastructure demand – mobile devices and “the Internet of things” driving cloud resource consumption, which in turn spews out big data which spawns storage and the requirement for yet more computing to deal with it. As usual with these kinds of events from Intel, it was long on serious vision, and strong on strategic positioning albeit a bit parsimonious on actual future product information with a couple of interesting exceptions.

Content and Core Topics:

Demand side drivers – No major surprises here, but the proliferation of mobile device, the impending Internet of Things and the mountains of big data that they generate will combine to continue to increase demand for cloud-resident infrastructure, particularly servers and storage, both of which present Intel with an opportunity to sell semiconductors. Needless to say, Intel laced their presentations with frequent reminders about who was the king of semiconductor manufacturing.

...

http://blogs.forrester.com/richard_fichera/13-07-23 intel_lays_out_future_data_center_strategy_serious_focus_on_emerging_opportunities

Tuesday, 23 July 2013 16:01

All Hail the Data

A report from the National Insurance Crime Bureau (NICB) has revealed that insurance claims resulting from hailstorm damage in the United States increased by a whopping 84 percent from 2010 to 2012.

In 2010, there were 467,602 hail damage claims filed, but by 2012 that number had jumped to 861,597.

All told, over two million hail damage claims were processed from January 1, 2010 to December 31, 2012, the NICB said.

Perhaps not surprisingly the top five states generating hail damage claims during this period were Texas (320,823); Missouri (138,857); Kansas (126,490); Colorado (118,118) and Oklahoma (114,168).

...

http://www.iii.org/insuranceindustryblog/?p=3331

CIOSoftware defined networking is one of the most misunderstood concepts in infrastructure computing. It's a phenomenon that's growing in relevance, but it's still mysterious to many CIOs, particularly those who were not reared in overly technical practice. Many myths still surround SDN. What exactly is the notion behind the technology? How can you apply SDN at your business? And how can your organization benefit from it.

Software-Defined Networking Basics

Essentially, SDN takes the virtualization phenomenon that's been sweeping datacenters around the globe for the past several years and extends it from computing hardware and storage devices to network infrastructure itself. By inserting a layer of intelligent software between network devices (such as switches, routers and network cards) and the operating system that talks to the wire, software defined networking lets an IT professional or administrator configure networks using only software. No longer must he travel to every physical device and configure—or, in many cases, reconfigure—settings.

SDN achieves the same abstraction that hardware virtualization does. With hardware virtualization, the hypervisor inserts itself between the physical components of a computer (the motherboard, main bus, processor, memory and so on) and the operating system. The operating system sees virtualized components and operates with those, and the hypervisor itself translates the instructions coming to these virtualized components into instructions the underlying physical hardware can handle.

...

http://www.cio.com/article/736739/What_CIOs_Need_to_Know_About_Software_Defined_Networking_

TRENTON, N.J. -- From Liberty State Park in North Jersey to Lucy the Elephant at the Shore, the state has a wealth of historic sites along the coast that have weathered the whims of Mother Nature for many years. Some, like Lucy, are more than 100 years old.

These important historic sites require protection both before and after a disaster, when any damage that has occurred needs to be repaired in a historically and environmentally sound way.

FEMA’s Environmental Planning and Historic Preservation Cadre (EHP) plays a critical role in helping municipalities and agencies understand the importance of compliance with environmental and cultural regulations so they may make informed planning decisions when repairing or rebuilding a damaged historic site.  

EHP provides expertise and technical assistance to FEMA staff, local, state and federal partners, and applicants who are tasked with the challenge of preserving historic, cultural and natural aspects of our national heritage. They help applicants understand what is required under the law and how best to meet these requirements. 

FEMA’s goal is to ensure that when FEMA funding is to be made available for the restoration of historic sites, all applicable federal, environmental and cultural statutes are identified and met.

The EHP program integrates the protection and enhancement of a state’s environmental, historic and cultural resources into FEMA’s mission, programs and activities.

Typical environmental and historic preservation laws and executive orders that may apply to an historic restoration project include the Endangered Species Act, the Clean Air Act, the Clean Water Act, the National Historic Preservation Act, and floodplains, wetlands and federal executive orders such as Environmental Justice. Also included are state historic preservation offices.

In a continuing partnership with local and state governments, FEMA seeks, through funding grants, to help states recover from a presidentially declared disaster and EHP is careful to advise all applicants to recognize environmental concerns in order to avoid project delays and permit denials while preserving and minimizing effects on New Jersey’s environmental and historic resources.

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

http://www.fema.gov/news-release/2013/07/22/role-femas-environmental-and-historic-preservation-unit-disaster

Large companies have the resources and the incentive to implement risk management systems. With the increase in compliance by medium and small-sized companies, chief compliance officers and internal auditors are developing and implementing risk management systems. I have never been a fan of complicating or confusing compliance and risk management. After all, risk management naturally belongs in the compliance program functions. Creating a whole new risk management function separate from compliance makes no sense.

With this caveat on the structure and operation of a risk management system, I believe that companies should conduct risk assessment and management strategies. When I use the terms risk assessment and management systems, I am referring to overall organizational risks, including business and operational risks, not a specific anti-corruption risk assessment.

A basic risk management system can be developed through an annual collaborative process which requires the participation of all senior management, as well as mangers in each business unit/product or service line. Essentially, a senior risk management group should be charged with the responsibility of identifying the most significant risks facing the organization.

...

http://www.corporatecomplianceinsights.com/risk-management-systems-the-new-frontier

Pushing compliance responsibilities closer to the front lines of a business can help make the overall process of enterprise risk management more efficient and less painful, but without proper planning it can also create new challenges. When processes are adopted or updated, critical compliance tasks may be inadvertently mitigated or cancelled without anyone understanding the impact on the company.

The challenges and benefits of well-planned compliance program execution are discussed in a new book, Enterprise Compliance: The Risk Intelligent Approach from Deloitte‘s Governance, Risk and Compliance Services. The book is organized around three main components of creating a compliance culture—starting with assessing the environment that drives an organization’s compliance risk and requirements and then continuing to the execution and evaluation phases. It also features important questions boards should be discussing with management and discussing among themselves. This article, the second in a series of three, addresses the seven components that comprise the execution aspects of compliance programs. The first article looks at the three facets that shape an organization’s compliance and risk environment: its industry, geography and emerging issues.

...

http://deloitte.wsj.com/riskandcompliance/2013/07/22/compliance-risk-management-executing-the-program/

Monday, 22 July 2013 13:50

Why the Mob Rules

Computerworld — A Kickstarter project called Tile set out to raise $20,000 to create small, flat, battery-powered stickers that you attach to your stuff, enabling you to find anything with your smartphone.

They've raised more than $1.6 million so far.

But why?

Tracker gadgets have been around for years. They're useful for finding your lost remote control, keys and other objects. But Tile does something incredible that no other tracking product can. Here's how it works.

You attach a tile to your tablet, remote control, dog's collar or you drop it into your purse, backpack or briefcase. Use the smartphone app to register each Tile device -- basically tell the Tile cloud service what object each Tile is associated with.

...

http://www.cio.com/article/736706/Why_the_Mob_Rules

International travel has many wonderful benefits – one possible risk is the spread of illness into your home, community and where you work.  It can happen in a blink of an eye.  How do illnesses get discovered and tracked?  Good question.  And there is a Global Surveillance System that does just that.

In 2012, the number of international tourist arrivals worldwide was projected to reach a new high of 1 billion arrivals, a 48% increase from 674 million arrivals in 2000. International travel also is increasing among U.S. residents. In 2009, U.S. residents made approximately 61 million trips outside the country, a 5% increase from 1999. Travel-related morbidity can occur during or after travel. Worldwide, 8% of travelers from industrialized to developing countries report becoming ill enough to seek health care during or after travel. Travelers have contributed to the global spread of infectious diseases, including novel and emerging pathogens. Therefore, surveillance of travel-related morbidity is an essential component of global public health surveillance and will be of greater importance as international travel increases worldwide.

...

http://ems-solutionsinc.com/blog/global-surveillance-for-travel-related-disease-affects-your-business-and-you-your-family-at-home-abroad

Monday, 22 July 2013 13:47

When Your Commute Becomes Derailed

Just yesterday I remarked to my husband that my train, the Hudson line, has been amazingly stable and almost always on time. Especially when you consider that there have been major derailments of the Connecticut (May 17) and the Long Island (June 17) lines of the Metropolitan Transit Authority (MTA).

I should have known better. Just when you think you can take a breather, something is bound to happen, as it did this morning. Normally I would have been listening to the news and traffic report, but I was spending some time with my puppy before rushing to the ferry station. Once there I waited, but no ferry, and the few people who were there didn’t seem to know why. Annoying.

I called my husband and asked him to drop me off at the train station across the Hudson (parking is impossible there). On the train platform, however, I quickly learned that there was a big problem—the derailment of 10 CSX garbage train cars on a narrow portion of track used by the Hudson line. There were no injuries, but that is a whole lot of cleanup, not to mention the two tracks that need to be replaced, according to the conductor I talked to. He estimated it would take at least the weekend to repair the damage.

...

http://www.riskmanagementmonitor.com/mta-derailment-lessons-learned/

Monday, 22 July 2013 13:42

What We’re Watching: 7/19/13

By Lars Anderson, Director, Public Affairs

At the end of each week, we post a "What We’re Watching" blog as we look ahead to the weekend and recap events from the week. We encourage you to share it with your friends and family, and have a safe weekend.

Weather Outlook
For many parts of the U.S. it’s been a scorcher all week long, but it looks as though things are finally going to cool off as slightly lower temperatures are expected next week. In the meantime, here are some extreme heat safety tips to keep in mind until the cool down arrives:

  • Cover windows that receive morning or afternoon sun with drapes, shades, awnings, or louvers. (Outdoor awnings or louvers can reduce the heat that enters a home by up to 80 percent.)
  • Know those in your neighborhood who are elderly, young, sick or overweight. They are more likely to become victims of excessive heat and may need help
  • Never leave children or pets alone in closed vehicles.
  • Stay indoors as much as possible and limit exposure to the sun.
  • Consider spending the warmest part of the day in public buildings such as libraries, schools, movie theaters, shopping malls, and other community facilities. Circulating air can cool the body by increasing the perspiration rate of evaporation.
  • Eat well-balanced, light, and regular meals. Avoid using salt tablets unless directed to do so by a physician.
  • Drink plenty of water; even if you do not feel thirsty. Avoid drinks with caffeine and limit intake of alcoholic beverages.
  • Dress in loose-fitting, lightweight, and light-colored clothes that cover as much skin as possible. Avoid dark colors because they absorb the sun’s rays. Protect your face and head by wearing a wide-brimmed hat.
  • Avoid strenuous work during the warmest part of the day. Use a buddy system when working in extreme heat, and take frequent breaks.

For more extreme heat safety tips and information, visit www.Ready.gov/heat.
Our friends at the National Weather Service don’t expect any other severe weather over the next couple of days, but as we know weather conditions can rapidly change.  We encourage everyone to monitor your local weather conditions at www.weather.gov or on your mobile phone at http://mobile.weather.gov.

Photos of Week
Here are a few of my favorite photos from the week. You can find more photos at the FEMA Photo Library.



San Francisco, Calif., July 18, 2013 -- Attendees and participants of the 11th FEMA Think Tank listen and contribute to the discussion facilitated by Deputy Administrator Rich Serino at the San Francisco Tech Shop.
San Francisco, Calif., July 18, 2013 -- Attendees and participants of the 11th FEMA Think Tank listen and contribute to the discussion facilitated by Deputy Administrator Rich Serino at the San Francisco Tech Shop.


Alakanuk, Alaska, July 16, 2013 -- The Alaska State Coordinating Officer Sam Walton and Federal Coordinating Officer Dolph A. Diemont meet with City Manager James Blowe to discuss the FEMA programs.
Alakanuk, Alaska, July 16, 2013 -- The Alaska State Coordinating Officer Sam Walton and Federal Coordinating Officer Dolph A. Diemont meet with City Manager James Blowe to discuss the FEMA programs which will assist in the recovery efforts after severe flooding crippled the entire infrastructure. Federal funding in the form of Public Assistance (PA) is available to state, tribal and eligible local governments and certain nonprofit organizations on a cost sharing basis for emergency work and the repair or replacement of facilities damaged by the flooding in the Alaska Gateway Regional Educational Attendance Area (REAA), Copper River REAA, Lower Yukon REAA, Yukon Flats REAA, and the Yukon-Koyukuk REAA.

 

http://blog.fema.gov/2013/07/what-were-watching-71913.html

IDG News Service — Six British citizens were wrongly detained or accused of crimes as a result of mistakes made by authorities when requesting access to Internet data, the U.K. Interception of Communications Commissioner said.

A report detailing law enforcement's errors in the UK was published as interest in surveillance of ordinary citizens' online activities runs high, in the wake of disclosures about the U.S. National Security Agency's secret surveillance programs.

In 2012, U.K. public authorities submitted 570,135 notices and authorizations for communications data, according to the report published on Thursday. The principal users of this communications data are still the intelligence agencies, police forces and other law enforcement agencies, wrote Paul Kennedy who served as the Interception of Communications Commissioner through last year.

...

http://www.cio.com/article/736674/Bad_Internet_Data_Requests_Led_to_6_Wrongly_Held_Or_Accused_in_UK

It’s mid-July and for many parts of the United States this means persistent hot and dry weather increases the risk of wildfires.

Some 46 percent of the contiguous United States is currently experiencing moderate to exceptional drought conditions, according to Tuesday’s report from the U.S. Drought Monitor.

The first monthly drought outlook from NOAA’s Climate Prediction Center recently warned that drought in the U.S. Southwest is exceptionally intense and unlikely to break completely, despite some relief from the summer thunderstorm season. Most of the already parched West will likely see drought persist or worsen, NOAA said.

Meanwhile, the Wall Street Journal reports that overgrown forest land poses fire risk to a growing number of communities.

It cites U.S. Forest Service statistics that 65 million to 82 million of National Forest lands are at a “high or very high risk of fire” and are in need of restoration.

...

http://www.iii.org/insuranceindustryblog/?p=3325

Wanna know a secret? Here it is. Chances are, the same reason you’re reading this blog is why many folks at CDC do what they do: a fascination with infectious diseases and a desire to help others. Although the work of CDC employees is frequently glamorized in movies like Outbreak and Contagion, we face the same challenges as any other large, complex organization: communication, logistics, funding, and teamwork. These challenges become especially apparent when outbreaks occur, such as during CDC’s recent response to a dengue outbreak in Angola. Based on our experiences in Angola, this blog will dispel 5 myths about outbreak investigation that are often dramatized by Hollywood.

...

http://blogs.cdc.gov/publichealthmatters/2013/07/dengue-in-angola/

More and more workers around the world are bringing their personal mobile devices to the office daily, and companies appear to be having trouble keeping up with the trend.

About 60 percent of organizations acknowledged they either don't have a policy that specifies how employees may use their own devices in the workplace (41 percent) or are just planning to write such a policy, a study released on Wednesday from Acronis and the Ponemon Institute has found.

"Even though we're still in the early stages of BYOD [Bring Your Own Device], companies are playing catch-up to where their users are," Anders Lofgren, director of Mobility Solutions for Acronis, told CSOonline.

Even as recently as three years ago, IT departments had an iron grip on the endpoints to their networks. "They could secure and provision a fixed device that was procured by the enterprise," said Ben Gibson, chief marketing officer for Aruba Networks.

...

http://www.cio.com/article/736596/BYOD_Runs_Wild_at_Most_Global_Companies

Friday, 19 July 2013 17:47

Disaster Planning for Magical Rabbits

I have a pet rabbit at home. His name is Boba Fett, named after the popular bounty hunter character in the Star Wars movies, and he’s a pretty laid-back little guy, as far as pets go. He’s not the type of animal that requires a ton of maintenance and he definitely doesn’t need a formal risk management plan. But according to a recent article in the Washington Post, not all rabbits get off so easily. Evidently not only does the U.S. Department of Agriculture require certain rabbits to be licensed, but their owners must also have a written disaster plan for what they will do with their rabbit in case of emergency. It sounds crazy, but bureaucracy often does, I guess.

According to the article, some years back Marty Hahne, otherwise known as Marty the Magician, got a notice from the USDA that based on a law that requires licenses for “animal exhibitors,” the rabbit Marty used in his magic act needed to be licensed. Marty complied. And then, this summer, the USDA informed him of a new rule from the agency’s Animal and Plant Health Inspection Service (APHIS):

...

http://www.riskmanagementmonitor.com/disaster-planning-for-magical-rabbits/

There is no question that April 27, 2011 changed the lives of Alabamians. On that one day, our state experienced more than 60 confirmed tornadoes causing widespread devastation. Soon after, we decided to do all we could to make our state safer in the future.

In the days, weeks and months following the tornadoes, Governor Bentley and I toured the state and heard the personal stories of disaster survivors.  Many of them told us how they only had moments to find safety while praying for their lives and the lives of their loved ones.

They were the lucky ones that day.  No matter how much they had lost, they were grateful to still be here, and live through one of the state’s most devastating disasters.  Unfortunately, more than 250 people lost their lives during that 24-hour span of tornadoes.

Once my staff and I grasped the sheer magnitude of what had just happened, we all knew we had to do something to prevent this from happening again.

...

http://blog.fema.gov/2013/07/using-mitigation-to-save-lives-alabama.html

Thursday, 18 July 2013 15:54

Giving Alabamians A Safe Place To Go

During the April 2011 tornadoes, Prattville, Ala. resident Ty Story took cover in a closet with his wife Becky and their three daughters using a mattress for extra protection.

“We were about a mile from where it hit,” he said of the EF-3 tornado that destroyed and damaged numerous homes in his community. “We knew it was close to us, but we couldn’t see it because our house is next to a tree line. But you could see all the trees going in different directions from the wind.”

Although the Story family and their home were undamaged, the devastation around their home and community made one decision very easy.  They quickly became one of the 4,267 Alabama families to register for and receive an individual safe room grant from the state of Alabama funded through the Federal Emergency Management Agency’s hazard mitigation program.

“The safety of Alabama’s residents was a main priority of Governor Bentley following the April 2011 storms,” said Alabama Emergency Management Agency Director Art Faulkner, whose agency administered the program. “Our directive was to assist every homeowner and municipality who submitted the required application within the deadline to ensure they would soon have a safe place to go.”

Following federally declared disasters, states are given grant money from FEMA, through the Hazard Mitigation Grant Program, to help their residents and communities be more resilient in preparation for future disasters. The April 27, 2011 event in Alabama resulted in 62 tornadoes creating a path of destruction more than 1,711 miles long and causing more than 250 deaths in the state. 

Due to that devastation, the state was eligible for more than $70 million in mitigation funds.

“We knew we never wanted to face this situation again,” Faulkner said. “We wanted to give Alabama families and communities the resources they needed to be prepared.”

Because the state established priorities for mitigation projects early, FEMA was able to provide up-front funding for program management costs, allowing the state to hire and train grant reviewers early in the process. Then, as grant applications came in from communities throughout the state, reviewers were already in place to handle them.

In addition, FEMA committed staff to work in Alabama for nearly two years to help process the mitigation grant applications, said FEMA Region IV Administrator Phil May.

 “A key component in Alabama’s recovery has been the state’s commitment to implement mitigation measures to lessen the impacts of future disasters,” he said. “This allowed FEMA and state staff to work hand-in-hand during the project application and approval process.”

The partnership between the federal and state government, along with the rapid ability to receive funding wasn’t lost on the Story family, whose storm shelter is now installed underground, through their garage.  The family received 75 percent of the cost through the grant program.

“Having the peace of mind we have now? That’s just huge,” he said. “We knew we wanted one after seeing the damage. But when we heard about the program and getting reimbursement to do this, well that was just a no-brainer. With three girls in school, I’m just glad FEMA and Alabama made this decision.”

Another example of the unified effort was the FEMA and AEMA co-sponsored “Safer Alabama Summit” held in June 2011 on the University of Alabama’s campus, which allowed storm survivors and elected officials to learn more about the importance of mitigation activities and how to make informed decisions on their recovery. The summit led to numerous other mitigation-related outreach meetings and events throughout the state.

In addition to safe rooms and storm shelters, state officials also obligated money to fund generators for critical infrastructure, alert notification systems, and a project to harden portions of the Druid City Hospital’s trauma center in Tuscaloosa that also sustained damages.

Alabama Mitigation Priorities:

  • $63 million for 4,267 individual & 282 community safe rooms/storm shelters.
  • $3.6 million for alert notification systems.
  • $5 million for generators to critical infrastructure facilities.
  • $1.3 million to harden Druid City Hospital’s trauma center.

http://www.fema.gov/news-release/2013/07/18/giving-alabamians-safe-place-go

More and more businesses have been allowing employees to use their personal mobile devices as a primary means of communication in the workplace.  The increased usage of employee-owned smartphones, though convenient, can also pose a serious risk to security; questions may also arise concerning the control and ownership of company data.

It is important for your business to establish strict guidelines for the use of personal mobile devices in the workplace. For example, there should be a clause in company policy allowing for the remote wiping of mobile devices upon termination of employment. Further, company data should be kept separate from personal data, and the use of third-party applications should be kept to a minimum.

...

http://www.insurancefortechs.com/thirdparty-apps-threat-business.html

Computerworld - Manhattan is one of the best locations in the U.S. for data center network connectivity, but in the era of climate change it is also an increasingly risky location. Even so, major data center provider Telx thinks the benefits of NYC outweigh the risks.

Telx said Wednesday that it is opening its third facility in New York, a 72,000 square-foot data center at 32 Avenue of Americas in a former AT&T building rich in network connections.

There are more than 600 network alternatives available in the building, said Chris Downie, president and CFO of Telx. For many customers, "leveraging access to connectivity" and low latency remains a priority, he said. And having data center facilities close to their Manhattan offices is also a consideration.

...

http://www.computerworld.com/s/article/9240857/Forget_Sandy._Telx_still_likes_NYC_for_its_latest_data_center

A security breach can happen to a business of any size, not just the big ones. In fact, 75% of data breaches are targeted at small and medium sized businesses. The cost of a breach can be significant, and not just financially, but for your reputation as well. With an average cost of $214 per compromised customer record, it is no wonder that within half a year of being victimized by cybercrime, 60% of small businesses close. With the correct Cyber Liability Insurance and these 10-Steps to a Safer Business you and your company do not have to be a victim of a breach in security.

...

http://www.insurancefortechs.com/10-steps-safer-business-cyber-security-guide.html

CIO — The thought of a CIO turning to spying technology to peek inside a personal iPhone makes people furious. They fret about an employer remotely reading personal emails and text messages, seeing personal photos and videos, and listening to personal voicemail.

But they would be wrong to worry about such things.

At least that's the message from Ojas Rege, vice president of strategy at MobileIron, a mobile device management software developer.

"There's a ton of confusion out there, and so the trust gap has widened," says Rege. "Employees don't really know what their employer can and can't see. They're just guessing."

...

http://www.cio.com/article/736559/What_Can_Employers_Really_See_on_a_BYOD_Smartphone_or_Tablet_

Wednesday, 17 July 2013 15:53

How to protect your business information

The biggest information security problem for small businesses is coping with the complexity of their systems when they have no-one with the specialist knowledge on how to protect the data, and maybe no IT specialist at all.

Louise Bennett, Chair of the Information Security Specialist Group at the Chartered Institute for IT (BCS), says it's a significant problem. There are sources of information on the web for dealing with most issues, and there's always the option of hiring a consultant, but any firm that wants to keep its sensitive data secure needs a basic level of understanding in-house.

There is evidence that small firms are suffering; in April the Department for Business and Skills (BIS) published the annual Information Security Breaches Survey, showing that 87% of small companies had suffered a breach in the previous year, with the median number rising from 11 to 17.

Bennett says she thinks it's realistic for a small firm to develop the understanding to place itself in the minority that are not affected.

...

http://www.techradar.com/news/internet/policies-protocols/how-to-protect-your-business-information-1166251

Wednesday, 17 July 2013 15:44

Why risk management can succeed in IT

This is a counterpoint to the Network World article "Why risk management fails in IT" by Richard Stiennon, chief research analyst at IT-Harvest.

Earlier this week Richard Stiennon published an article that questions the value of risk management in IT, and I would argue that, although risk management presents challenges to IT, best practice-driven approaches leveraging aspects of risk management are essential to good security.

Stiennon's perspective reflects the prevailing view in the media -- supported by valid industry statistics -- that IT security is losing the war against the bad guys. Data breaches are front page news and companies are being fined millions of dollars for losing personal information. Given we have been fighting this battle for so long, we must have made some progress, right?

...

http://www.computerworld.com.au/article/439774/why_risk_management_can_succeed_it/

Wednesday, 17 July 2013 15:42

15 Ways to Screw Up an IT Project

CIO — Paul Simon famously sang that there must be 50 ways to leave your lover. Similar could be said (if not sung) regarding projects: There must be 50 ways to screw up your IT projects. Indeed, ask IT executives and project management experts, as CIO.com did, and they will rattle off dozens of reasons why projects go astray. For the sake of brevity, however, we are starting with the top 15 ways to derail a project--and how to avoid these project management pitfalls.

1. Having a poor or no statement of work. "I've seen many projects encounter troubles due to the lack of a well-defined project scope," says Bryan Fangman, senior project manager at Borland, a Micro Focus Company.

...

http://www.cio.com/article/736491/15_Ways_to_Screw_Up_an_IT_Project

Wednesday, 17 July 2013 15:41

Who Can Pry Into Your Cloud-based Data?

Computerworld — Can anyone access the data that you trust to the safekeeping of a cloud-computing vendor? It's a good question, made all the more relevant by the revelations regarding the National Security Agency's Prism program. So how can you best address these issues in your contract with your cloud vendor?

With cloud computing, data access is inevitably a shared responsibility between the customer and the cloud vendor. Those shared responsibilities need to be addressed in the contract, and most cloud vendors' standard contracts leave something to be desired.

While the cloud vendor is responsible for providing the customer with access to its own data, the cloud vendor should also be contractually obligated to not share the customer's data with others, intentionally or not. This may seem obvious, but there are nuances to be addressed in the following areas:

...

http://www.cio.com/article/736452/Who_Can_Pry_Into_Your_Cloud_based_Data_

Wednesday, 17 July 2013 15:22

Making an Agile IT Strategy

An agile enterprise is a flexible, robust organization that is capable of rapid response to unexpected challenges, events, and opportunities. Agile enterprises achieve continuous competitive advantage in serving their customers by following strategies that facilitate speed and change. Enablers of enterprise agility include diffused authority; flat organizational structures; trust-based relationships with customers and suppliers; and, of course, an agile information technology strategy. In this post, I focus on what it takes to have an agile IT strategy.

IT departments that are truly agile, or are at least on the path to becoming so, exhibit several key characteristics. First, the majority of their project teams are taking an agile approach to the full delivery lifecycle. This typically is either a disciplined agile delivery (DAD)-based strategy or a strategy that they formulated themselves that is evolving toward something that looks a lot like DAD. This doesn’t mean that all project teams are agile, but most are and the ones that aren’t are starting to move in that direction. Second, the IT organization natively supports — and more importantly, embraces — agile strategies for cross-solution activities such as portfolio management, operations, enterprise architecture, asset management, enterprise administration, governance, and other activities. Third, the IT organization seeks to optimize all of these activities as a whole, to borrow from lean terminology, instead of suboptimizing around functional silos as they may have in the days of the waterfall/traditional paradigm. Let’s explore each of these characteristics one at a time.

...

http://blog.cutter.com/2013/07/16/making-an-agile-it-strategy

CIO — After more than 4,000 votes were cast, the final Big Data startup rankings are in. Keep in mind that while voting was weighted heavily, it was not the be-all-and-end-all consideration. Other criteria included big-name end users, VC funding, the pedigree of the management team and market positioning.

Here are the final rankings, along with why they finished where they did:

...

http://www.cio.com/article/736377/10_Top_Big_Data_Startups_to_Watch_Final_Rankings

Trend Micro held its first Asia Pacific (AP) Industry Analyst summit on April 9, 2013 in Singapore. The most obvious message for me is that the company is clearly seeking to expand its focus well beyond the “legacy” antivirus market. Throughout the event, Trend Micro emphasized the need for cloud security solutions and the opportunities that exist in the Asia Pacific market. Speakers also highlighted the need to invest in breaking Trend Micro’s image as an antivirus vendor to help capitalize on the market opportunities for enterprise cloud security. 

Below are the two key themes highlighted by Trend Micro during the event and my take on each:

  • Enabling cloud-related security is central to company growth.Security-related concerns remain the most prominent reason that organizations cite for not adopting cloud services.  Recently Cloud Security Alliance (CSA) outlined the “Notorious Nine” threats for 2013, and the top three cloud-related threats include data breaches, data loss and account hijacking. (Source:http://www.zdnet.com/clouds-risks-spur-notorious-nine-threats-for-2013-7000011820/). Forrester’s Forrsights IT Budgets and Priorities Survey conducted in Q4 2012 shows that 30% of organizations in the AP region aim to create a comprehensive strategy and implementation plan for public cloud and other as–a-service offerings over the next 12 months. Cloud-related spending therefore represents a big market opportunity. Security will be central to organization’s cloud strategies, and hence spending. Trend Micro is aiming to meet this nascent demand but must better explain why they’re best positioned.

...

http://blogs.forrester.com/manatosh_das/13-07-15-trend_micro_bets_big_on_cloud_security_in_asia_pacific

Intellectual property is an essential part of a company’s bottom line. It encompasses various forms, including patents for useful features that make products more desirable or make manufacturing processes and business methods more efficient and economical; trademarks that protect the names, logos, and symbols used to identify and distinguish a company and its goods and services; trade secrets that protect customer lists, vendor lists, formulations, and the like; copyrights that protect marketing materials, product guides and manuals, audio-visual works, software, information compilations, and artwork; and design patents or trade dress that protect the way products look. Not all forms of intellectual property are important to every company, but some form of intellectual property is important to virtually every company.

Notwithstanding the importance of IP, businesses have overlooked its value until fairly recently. In the 1990s, business strength was focused on tangible assets, with intangible IP being relegated to mention in footnotes. The internet business boom and government regulation changed business thinking. Now companies more typically recognize the importance of IP in business decisions and transactions, and that recognition has increased the demand for IP audits. In a 2011 survey by CPA Global, 77 percent of in-house IP professionals said their companies had a greater understanding of the importance of IP and IP valuation, but 74 percent highlighted the need for more focused IP management strategies. The following discussion describes IP audits, explains why they are  essential for good IP management, and provides information about IP audit costs.

...

http://www.corporatecomplianceinsights.com/ip-audits-what-are-they-why-are-they-important-what-do-they-cost

I’m at that point in my life where one of the greatest joys I have is playing tennis with my teenage grandson. I’ve always looked at competition through sports as a great bonding opportunity for fathers and sons.  My grandson is taking lessons once a week at local club near us.  Over the past couple of years, he’s gotten pretty darn good.  To help him practice between lessons, I serve as his “sparring partner”.  We find time to play a couple of times a week together.

When I was younger (i.e. high school and college) I played some racquetball, but never tennis.  What I know about tennis has come from my being an easy mark for “the kid”.  But with my competitive nature, I’ve learned and practiced along the way to the point where I can actually give him a run for his money – oh that’s right, it’s my money.

Anyway, I just got in from playing tennis this evening with my grandson and while I was out on the court “getting schooled” again, I began thinking about how playing tennis can be similar to what we do in crisis management.

...

http://timbonno.wordpress.com/2013/07/15/getting-beat-by-a-teenager-in-tennis-and-whats-that-got-to-do-with-crisis-management/

Tuesday, 16 July 2013 15:52

The 3 Year Itch

I have been involved in the BCM industry for the past few years – knee-deep in our company’s marketing, branding and social media activities. I also wear a CRM hat and track all the sales and marketing efforts.  On average, we receive a few hundred enquiries for our products from our contact widget on our website.  We get a few hundred more qualified leads from our participation in various industry trade shows. All these sales opportunities are followed up diligently by our Sales team.

When analyzing the CRM database, a very interesting pattern emerges:

The 3-year itch

Prospects with whom we’ve dealt before often return with requests for product and pricing information.  Most of them occur on 36-month cycles. These prospects stay engaged for varying periods – from a single conversation to as long as 6 months. If they decide to buy a competitor’s product the conversation ends – temporarily. They often pop up again in 36 months to start the whole process again.

...

http://ebrp.net/the-3-year-itch/

Tuesday, 16 July 2013 15:48

Sleepless in Philadelphia

Here at FEMA we’re committed to the “Whole Community” approach to emergency management which Administrator Fugate initiated when he arrived. For those of you that haven’t heard of the Whole Community concept, it basically says that FEMA can’t manage emergencies by ourselves; we need to make sure that we’re including the private sector, community organizations, faith-based organizations, state local, and tribal government, the general public, non-profits, schools, our partners in other federal agencies, and almost any other group you can think of. One specific part of the Whole Community idea that we’re really working on is integrating the needs of people with access and functional needs in an inclusive setting and to accomplish this, we’re working collaboratively with our community partners who can bring resources, skills, and expertise to the table.  To support this effort Administrator Fugate created the Office of Disability Integration & Coordination and positions like mine, as the Regional Disability Integration Specialist here in the Region III office in Philadelphia.

A large part of my job is making sure that the access and functional needs of people with disabilities are addressed in an inclusive manner, as well as making connections between emergency managers and disability leaders.  So I want to tell you a little bit about an exciting project we are participating in with our community partners.



Philadelphia, Pa., June 28, 2013 -- LesleyAnne Ezelle, Regional Disability Integration Specialist, FEMA Region III visits the Philadelphia Chapter of the American Red Cross office where they held a Shelter Sleepover Exercise.

On June 28th, 2013 I went to the Philadelphia Chapter of the American Red Cross office where they held a Shelter Sleepover Exercise. The point of the exercise was to test their ability to provide services and support to people with access and functional needs in a general shelter. There were volunteers from the local community, many of whom are active with the Functional Needs Subcommittee of the Southeastern Pennsylvania Regional Task Force.

They asked me to give an overview of effective communication, so I gave a demonstration on the equipment that we now have in our Disaster Recovery Centers (DRC). This equipment can also be used in other settings so that people with access and functional needs can get the same information as everyone else and get it in their preferred method of communication.  FEMA now has 175 accessible communication kits that are used to provide effective communication access in every DRC.

While this technology gives us many new options to communicate more effectively, it was pointed out by one of the shelter ‘clients’ that sometimes a skilled person who can interpret and provide information is needed too. We realize that having trained and knowledgeable shelter staff and access to on-site interpreters, scribes, and personal care attendants is just as important to providing effective and accessible services.  FEMA can offer these services to the state, during a Presidentially-declared disaster, if requested.  By having exercises like this one, both the shelter clients and the shelter volunteers get the opportunity to learn what works, what doesn’t, what may be available and we’re able to find solutions, together, to make the shelter experience truly inclusive and accessible.

One of the things that I found very impressive about this exercise is that it was a good example of the saying “nothing about us, without us” that we use a lot in the advocacy movement when we talk about planning services for people with disabilities. Shelter Sleep Over and other activities in Region III are an example of embracing that philosophy and we are looking forward to many more collaborative learning experiences.

http://blog.fema.gov/2013/07/sleepless-in-philadelphia.html

CIO — Mobile devices are working their way into every facet of our lives these days. For instance, according to Accenture Interactive, 72 percent of consumers ages 20 to 40 now use mobile devices to comparison shop while in retail stores.

The problem for retailers? The majority of them leave without making a purchase with their smartphone or tablet; they purchase online—often using a different device, such as a desktop PC.

How do you track the success of your marketing under these circumstances and ensure that you are delivering your customers the best possible experience? BloomReach, which specializes in big data marketing applications, believes big data provides the answer.

BloomReach today took the wraps off BloomReach Mobile, a cross-channel-optimized mobile search and discovery solution built on the company's signature Web Relevance Engine technology.

...

http://www.cio.com/article/736361/How_Big_Data_Can_Help_Retailers_Optimize_Mobile

Computerworld - Given the dire warnings about climate change, some business leaders and IT professionals are pondering this question: How should data center managers handle the crop of so-called 100- and even 500-year storms, coastal floods and other ecological disasters that climatologists predict are heading our way?

Some experts suggest that managers of mission-critical data centers simply need to harden their existing facilities, other observers say data centers need to be moved to higher ground, and a third group advises data center managers to pursue both strategies.

One thing is certain, experts say: Few IT organizations -- even those that suffered or narrowly escaped damage during recent major storms -- are thinking long term. Most IT leaders are, if anything, taking the path of least resistance and least expense.

...

http://www.computerworld.com/s/article/9240743/Some_data_center_operators_take_their_chances_with_floods

Many of us don’t hear about a crisis until it hits the newswires, either through social media, news websites or through a posting on a social site we might follow. In some cases, we might not know about a crisis until we see 1st responders racing down the road heading towards and emergency.


Some will automatically see a disaster as a large catastrophe and one of the BCM/DR industry definitions of a disaster is that it’s a sudden, unplanned event that prevents the organization from performing normal operations. Though both a crisis and/or disaster can start well before the public or media even get wind of the problem.
Sometimes a disaster doesn’t begin until after a period of time when a lesser level of operational hindrance has been experienced. Then when the disaster itself occur, the management of the situation will determine the level of crisis; meaning how well the crisis is handled from the perspective of the public, media, stakeholders (vendors, partners etc) and employees.

...

http://stoneroad.wordpress.com/2013/07/12/crisis-management-when-does-a-crisis-start/

In 2008, Hurricane Ike devastated the upper Texas coast with many animals lost and many more suffering needlessly.  This storm triggered a request for the Texas A&M College of Veterinary Medicine & Biomedical Sciences to form a deployable veterinary emergency team. 

The Texas A&M Veterinary Emergency Team External Web Site Icon(TAMU VET) is comprised of veterinary faculty, staff, and senior veterinary medical students. Since the inception, the TAMU VET has been deployed for Hurricanes Rita and Gustuv, the 2011 Grimes County Wildfire and Bastrop Complex Wildfire, an Alzheimer’s patient search in Brazos County in 2012, and the 2013 West, Texas fertilizer plant explosion.

TAMU VET was formed in response to an increasing frequency of emergencies and disasters, the pressing need for veterinary support for the canine component of search and rescue efforts, and a societal decision that animals were worthy of care and support during disasters.

When a call to respond to a disaster comes in, an alert is put out to the team via a phone call down system, and everyone responds with their availability to deploy. The goal is to be out the door within four hours of a request to deploy. Working hand in hand with the first responders, one of the most important benefits of TAMU VET is their ability to be on the front lines of a disaster. Not only are they there to support, treat, and assist canine search teams, but the first responders are often the first groups to find or rescue animals that have been involved in the disaster. TAMU VET is able to coordinate the capture and rescue of found animals, and gives first responders a place to bring injured or ill animals.

This triage point for the field allows first responders to do their job and also begins the process of animal rescue and recovery early on. It has become the expectation that TAMU VET will be on the ground in an emergency because everyone realizes that animal issues are an aspect of any disaster. “First responders have told us repeatedly that it helps them do their job when they know we are there to help take care of their canine search teams, but also to take care of animals that might otherwise be ignored, left behind, or rescue delayed until the human response is completed. This is a truly special partnership and is one that we know works,” says Deb Zoran, Associate Professor and TAMU VET Medical Operations Chief at Texas A&M University College of Veterinary Medicine and Biomedical Sciences.

The diverse range of deployments has allowed the veterinary students to participate in serving the citizens of Texas while simultaneously providing professional development through the complex and rapidly changing disaster environment in which they are providing veterinary medical care. The educational value of emergency response deployments led to the development of a required clinical veterinary medical rotation during the fourth year of the veterinary program – the first of its kind in the United States.

The clinical rotation at TAMU is designed to provide veterinary medical students with the knowledge base and skills to assist their communities with planning to mitigate or respond to animal issues during disasters. The rotation is divided into two major parts: preparedness and response. The preparedness component requires students to make a personal preparedness plan, assigns them the task of working through the process of developing a practice preparedness plan, and introduces the students to the concept of developing a county emergency animal sheltering and veterinary medical operations plan. In the response component, students learn risk communications, medical and field triage concepts, and medical operations in austere conditions. They also have the opportunity to spend a day at Disaster City – a local training site for first responders from around the state and the nation to get to understand some of the medical and environmental conditions the first responders must work in.

As a leader in veterinary emergency preparedness and response, TAMU just marked the first anniversary of their required clinical rotation and continues to act as a strong service for animals in a disaster.  For more information, visit the TAMU VET websiteExternal Web Site Icon.

http://blogs.cdc.gov/publichealthmatters/2013/07/veterinary-school-leads-in-emergency-response/

IDG News Service (Miami Bureau) — In another example of the consumerization of IT, people have embraced cloud storage and file sharing services like Dropbox both at home and at work, and CIOs better take notice about this trend, according to a Forrester Research report.

"There is huge business value in these types of services," said Rob Koplowitz, co-author of the study "File Sync and Share Platforms, Q3 2013. "They solve a bunch of business problems."

Dropbox and similar services, with their intuitive and user-friendly interfaces, make it easy and convenient for people to sync files across multiple personal and enterprise devices, including tablets and smartphones, and share these often large files with colleagues, clients and partners, he said.

...

http://www.cio.com/article/736300/Forrester_File_Sync_and_Share_Heats_Up_in_the_Enterprise

There's a very old IT problem that's gaining renewed attention lately: The problem of keeping too many copies of data. The analyst firm IDC has quantified the problem and come up with some rather startling statistics:

  • More than 60% of all enterprise disk capacity worldwide is filled with copy data
  • By 2016, spending on storage for copy data will approach $50 billion and copy data capacity will exceed 315 million terabytes
  • In the next 12 months, [IT departments] expect increased use of data copies for app development and testing, regulatory compliance, multi-user access and long-term archival

...

http://blogs.computerworld.com/data-storage/22451/makin-copies-and-why-not-having-copy-data-management-crushing-your-it-department

Risk modeling is a useful tool for business continuity managers, but over-reliance and flawed approaches can create difficulties. By Geary W. Sikich.

Introduction

Fundamental uncertainties derive from our fragmentary understanding of risk and complex system dynamics and interdependencies. Abundant stochastic variation in risk parameters further exacerbates the ability to clearly assess uncertainties.

Uncertainty is not just a single dimension, but also surrounds the potential impacts of forces such as globalization and decentralization, effects of movements of global markets and trade regimes, and the effectiveness and utility of risk identification and control measures such as buffering, use of incentives, or strict regulatory approaches.

Such uncertainty underpins the arguments both of those exploiting risk, who demand evidence that exploitation causes harm before accepting limitations, and those avoiding risk, who seek to limit risk realization in the absence of clear indications of sustainability.

...

http://www.continuitycentral.com/feature1088.html

The wrong words online can come back to haunt you

The case of Justin Carter, the Central Texas teen jailed for over five months as a result of a Facebook comment, is a powerful lesson in just how serious social media has gotten, and why your personal crisis management considerations should include careful censorship of controversial conversation.

Here’s what went down, as described in a HuffPost blog by Ryan Grenoble:

Earlier this year, Carter and a friend got into an Facebook argument with someone regarding “League of Legends,” an online video game with notoriously die-hard fans. Justin’s father, Jack, explained to ABC local affiliate KVUE that at the end of the conversation “[s]omeone had said something to the effect of ‘Oh you’re insane, you’re crazy, you’re messed up in the head,’ to which [Justin] replied ‘Oh yeah, I’m real messed up in the head, I’m going to go shoot up a school full of kids and eat their still, beating hearts,’ and the next two lines were lol and jk [all sic].”

- See more at: http://managementhelp.org/blogs/crisis-management/2013/07/12/jailed-texas-teen-a-social-media-crisis-management-lesson/#sthash.fpMEHyYv.dpuf

Network World — There are two trends happening in the IT hardware market, each gaining momentum but offering very different ways of outfitting data centers.

On the one hand, companies with enormous data centers such as Facebook, Rackspace, Google and Goldman Sachs are creating their own compute, storage and network devices using cheap, commodity components. The pieces are built to a standard - organized by the Open Compute Project (OCP) - to ensure they interoperate, and they are then are assembled to create hardware that is finely tuned to the specific needs of an organization. This "disaggregation" of hardware allows one company to have a system that is optimized for high-storage capacity with low CPU, for example, while another company could customize the hardware for intense reading capabilities, but low writing.

...

http://www.cio.com/article/736279/Pick_Your_Hardware_Vision_Open_Compute_Project_vs._Data_Centers_in_a_Box

Friday, 12 July 2013 16:57

It’s all in your head

Or is it?

 

According to MONDAQ.com, Australia’s courts seem to be spending a lot of time considering “psychiatric harm” in the workplace.

While these concerns seem primarily based on conditions “Down Under,” risk management practitioners should be aware that the issue can become global and effect their clients. Similar cases may be coming to a courtroom near you.

In one case, the court ruled that “Employers not necessarily liable for psychiatric harm to employees who are stressed or overworked” ( http://tinyurl.com/k7up53m). In separate decisions, two employees who sustained psychiatric injuries in the course of their employment in Victoria were denied damages in recent decisions of the Supreme Court of Victoria and the Victorian Court of Appeal.

In another case, “Law firm successfully defends against claim of bullying” (http://tinyurl.com/knl7gn2), the court decided that an employee who experienced an overwhelming workload, professional and personal pressure, conflict and a strained relationship with a colleague was found not to have been bullied.

Interestingly, all cases were heard in the same Australian state, Victoria.

...

http://johnglennmbci.blogspot.com/2013/07/erm-bc-coop-its-all-in-your-head.html

Thursday, 11 July 2013 14:21

Developing a Crisis Management Plan

“Houston, we have a problem.”

Even the most professionally run businesses, including law firms, occasionally run into times of crisis.

In the specific example of a law firm, crises can arise in many forms, like issues that compromise operations, financial dilemmas, and ultimately, problems that threaten or damage the integrity and reputation of a firm.

Entertaining thoughts of potential predicaments can be uncomfortable, not to mention daunting. However, as is the case in any type of disaster scenario, it is best to have an anticipatory plan of action in place before catastrophe occurs. Doing so can be the difference between putting out the fire and fanning the flames in times of crisis.

...

http://www.thelawplanetblog.com/2013/07/developing_a_crisis_management.html

DSD manifesto clarifies “significant risks” and strategies for secure BYOD

David Braue | July 11, 2013
http://w.sharethis.com/images/sharethis_counter.png");" class="stMainServices st-sharethis-counter"> 

Strategies for securely implementing bring your own device (BYOD) policies have been formalised in an extensive document recently published by the Defence Signals Directorate (DSD) that outlines business cases, regulatory obligations and legislation relevant to securely implanting BYOD.

The document, entitled Risk Management of Enterprise Mobility including Bring Your Own Device (BYOD), aims to help readers understand and mitigate the "significant risks associated with using devices for work-related purposes that have the potential to expose sensitive data", according to its authors.

DSD has long held primacy in information-security matters, offering technical certification of products for use in secure environments and offering IT-security guidance for government and non-government bodies through publications such as its Information Security Manual (ISM).

- See more at: http://www.computerworld.com.sg/tech/security/dsd-manifesto-clarifies-significant-risks-and-strategies-for-secure-byod/#sthash.Z2xHiAiO.dpuf

By Sunil Cherian

Business continuity planning (BCP) should cover an organization’s ability to avoid major business disruption from a disaster while addressing the principal concerns of business risk mitigation, and protecting and preventing lost data. Business transactions delivered from the data center / centre pose major challenges to business continuity.

Data center infrastructure and the networks that support it play a prominent role in automating business processes and communication across the organization, customers, partners, suppliers and regulators to ensure the organization continues to run during a disaster. Connectivity in data center infrastructure and the networks can be adversely affected by bottlenecks or complete failure due to network outages, hardware failures, human error and natural disasters.

Application delivery controllers (ADCs) protect these vital corporate assets and keep the network up and running. Below are five capabilities to look for to create a reliable application delivery infrastructure for business continuity planning:

...

http://www.continuitycentral.com/feature1086.html

The emerging H7N9 avian influenza virus responsible for at least 37 human deaths in China has qualities that could potentially spark a global influenza pandemic, according to a new study published yesterday (July 11th, 2013) in the journal Nature.

An international team led by Yoshihiro Kawaoka of the University of Wisconsin-Madison and the University of Tokyo conducted a comprehensive analysis of two of the first human isolates of the virus from patients in China. Their efforts revealed the H7N9 virus's ability to infect and replicate in several species of mammals, including ferrets and monkeys, and to transmit in ferrets — data that suggests H7N9 viruses have the potential to become a worldwide threat to human health.

"H7N9 viruses have several features typically associated with human influenza viruses and therefore possess pandemic potential and need to be monitored closely," says Kawaoka, one of the world's leading experts on avian flu.

"If H7N9 viruses acquire the ability to transmit efficiently from person to person, a worldwide outbreak is almost certain since humans lack protective immune responses to these types of viruses," says Kawaoka.

...

http://www.continuitycentral.com/news06851.html

Thursday, 11 July 2013 14:18

EMC 'Bringing the Sexy Back' to Data

CIO — Backup isn't exactly the sexiest area within an IT organization. In many cases, it's perennially understaffed and under-resourced. But as data becomes an increasingly valuable commodity in the enterprise, and the volumes of data generated by the enterprise expand exponentially, backup is buckling under the strain. A new way of thinking about protection storage architecture may be required.

"Imagine a dam with a single, small sluice gate near the bottom, and there's water just gushing over the top," says Guy Churchward, president of Backup and Recovery Systems at EMC. That sluice gate represents your backup platform and the water represents your data. "Backup can't handle the load."

And worse is coming, Churchward says. If you were to pan the camera back from your little dam with water spilling over the top, you'd see 15 other raging rivers rushing toward you.

...

http://www.cio.com/article/736179/EMC_Bringing_the_Sexy_Back_to_Data_

The title of this article is a question that comes up often in Business Continuity Management industry LinkedIn Group Discussions.  Many planners and practitioners struggle with where BCM in situated in their organizational hierarchy – resulting in a hopeful search for a better solution.

Business Continuity Management is often the homely foster child in many organizations.  (For those not familiar with the US foster-care system, a foster child is removed from his/her natural parents and sent to live with a volunteer ‘foster family’ who receives government funds to provide their care).  Few C-level executive want responsibility for BCM.  There’s little ‘up’ side; it doesn’t make any money, and failure – in either a compliance audit or a real-life disruption – may win a one-way ticket to unemployment.

So the winner of the Business Continuity Management sweepstakes is decided by fiat or by default, depending upon the organization’s culture.

...

http://ebrp.net/where-should-business-continuity-belong-in-an-organization/

Techworld — Many organizations are still dependent on archaic data centre infrastructures despite the knock on effect they can have on the end-user experience and levels of productivity, according to research released today.

Brocade, which commissioned the survey said the results showed that many organisations were using the same data centre technology that has been in place for the last 20 years.

The study, carried out by Vanson Bourne on behalf of the networking company, found that 91 percent of 1,750 IT decision-makers needed to carry out substantial infrastructure upgrades on their networks if they wanted to meet the demands presented by virtualisation and cloud computing.

...

http://www.cio.com/article/736142/Old_Fashioned_Tech_Behind_Data_Center_Outages

Wednesday, 10 July 2013 21:22

BYOD Breeds Distrust Between Workers and IT

CSO — The Bring Your Own Device (BYOD) movement is supposed to boost worker productivity but a study released on Monday said it can also breed distrust between employees and IT departments.

Nearly half of American workers (45 percent) said they're worried about IT accessing personal data on devices they use for work and home, a report by Aruba Networks revealed.

Similar sentiments were expressed by European workers (25 percent) and those in the Middle East (31 percent), said the survey of 3,000 workers worldwide.

In additon, nearly one out of five European workers (18 percent) and more than a quarter of Middle Eastern respondents (26 percent) feared their IT departments would interfere with their private data if they got their hands on the worker's devices.

...

http://www.cio.com/article/736129/BYOD_Breeds_Distrust_Between_Workers_and_IT

Wednesday, 10 July 2013 21:20

A Technological Edge on Wildfires

When the winds change, a ferocious forest inferno can make a sharp turn, and the fire crews battling it may need to depend on their eyes and instincts to tell them whether they are in danger.

Sometimes, as appears to be the case in the deaths of 19 elite firefighters in Arizona, it is already too late.

Of course, the best way to fight catastrophic fires is to keep them from growing to catastrophic scale. But that is becoming more and more difficult as global warming raises the likelihood of fires, especially in Western forests. By 2050, the annual extent of forests burned is predicted to rise by 50 percent or more.

So officials and experts are increasingly relying on technology both high and low to counteract the trickery of raging wildfires.

In computer simulations, the United States Forest Service sets tens of thousands of virtual fires — factoring in different weather patterns, topography, vegetation and historical weather patterns. “You would sort of get a map that depicts a likelihood of fire occurrence,” said Elizabeth Reinhardt, an assistant director of fire ecology and fuels for the Forest Service.

...

http://www.nytimes.com/2013/07/09/science/getting-an-edge-on-wildfires.html

Wednesday, 10 July 2013 21:17

Defining The Mobile Security Market

Understanding the terms and technologies in the mobile security market can be a daunting and difficult task. The mobile ecosystem is changing at a very rapid pace, causing vendors to pivot their product direction to meet the needs of the enterprise. These changes in direction are creating a merging and twisting of technology descriptions being used by sales and marketing of the vendor offerings. What we considered “Mobile Device Management” yesterday has taken on shades of containerization and virtualization today.
 
Mobile antivirus used to be a standalone vision but has rapidly become a piece of the mobile endpoint security market. Where do we draw the lines, and how do we clearly define the market and products that the enterprise requires to secure their mobile environment?
...

There is a young lady carousing in the Caribbean with designs on south Florida.

Turn on the tv and you hear the name “Chantal.” Once named, the tv news readers tell us we are advised to get our hurricane preparations underway.

Turn on the radio and you hear the same thing.

Pick up a newspaper – yes, there still are newspapers in south Florida – and you not only are encouraged with hurricane preparations but you also get a hurricane tracking map.

...

http://johnglennmbci.blogspot.com/2013/07/there-is-young-lady-carousing-in.html

CSO — Today's security threats span a broad spectrum of social engineering schemes, international hackers, and insider threats like the recent NSA breach. It's easy to get overwhelmed by all of the potential threats and where money should be spent to keep up, let alone stay ahead of the curve.

"Security functions are getting only 70 percent of the resources that they need to do an adequate job" of securing the business, including hardware, software, services and staff, said Michael Versace, insights director of worldwide risk at IDC. "The hard stuff is in the next 30 percent."

Meanwhile, worldwide spending on security infrastructure, including software, services and network security appliances used to secure enterprise, rose to $60 billion in 2012, up 8.4 percent from $55 billion in 2011, according to Gartner Inc. That number is expected to hit $86 billion by 2016.

...

http://www.cio.com/article/736050/5_Security_Bolstering_Strategies_That_Won_t_Break_the_Bank

CIO — Recently, BPR-Rico Manufacturing decided it was time for a change in its human resource systems.

The Medina, Ohio-based engineering outfit, which builds lift trucks and other material-handling equipment, had been using Sage North America's Abra HR solution. The on-premises deployment was more than a decade old and had acquired some eccentricities. The system would randomly change employee dental insurance deductions to the two-year prior rate. An employee who generally worked a 32-hour week would occasionally flex to 40 hours, but the system would still pay for only 32 hours.

As it happened, Rico Manufacturing already was replacing its paper-based time card system with cloud-based time and attendance software from Kronos. The company decided to tap Kronos to replace its human resources and payroll system as well—and move it to the cloud.

...

http://www.cio.com/article/736061/Why_SaaS_HR_Software_Is_Ready_to_Take_Off

Prolexic has shared information on a popular cyber attack technique, SYN reflection attacks, which can leverage the defense mechanisms of DDoS mitigation devices to increase the strength of the attacks.

SYN reflection attacks are one of the more sophisticated DDoS attack methods and typically require some skill to execute. However, they have recently grown in popularity as they’ve become available on a DDoS-as-a-Service basis via the criminal underground.

“SYN reflection attacks have been around for a long time, but new attack apps make them extremely easy to launch. Even a novice can do it,” said Stuart Scholly, President of Prolexic. “Malicious actors wrap web-based graphical user interfaces around sophisticated scripts and offer them as convenient DDoS-as-a-Service apps that you can launch from your phone.”

SYN reflection attacks are used against targets that support TCP – a core communication protocol that enables computers to transmit data over the Internet, such as web pages and email.

...

http://www.continuitycentral.com/news06847.html

Certifications of one sort or another have been around seemingly forever.  If you are old enough you may remember (some 30 years ago) when there were very few non-institutional IT certifications available.  The certification boom started in the mid 80’s when some of the network operating system providers were trying to establish a base of knowledge competency (or a new revenue stream – depending on your perspective).  At the time, passing some of these certification exams was a joke.  They didn’t prove the competency or skill that they were created to achieve.

Of course most of those certification programs have matured.  They’ve become more challenging – including theoretical as well as practical testing to ensure competency of the individual.  Typically, the rate of change in technology has driven the recertification processes; as new products and technological advancements are revealed, certification qualifications have changed with them.

...

http://ebrp.net/are-business-continuity-planning-certifications-moving-forward/

Monday, 08 July 2013 14:18

Always wear clean underwear

If a risk management practitioner needs a motto over his or her office door to observe on the practitioner’s way out, it should be:

Always wear clean underwear

Now at first blush you may think this scrivener has lost it. While that is generally debatable, I assure you in this instance I am fully in charge of all my facilities.

What is it we – risk management practitioners – do? Bottom line?

We anticipate and plan for the unexpected.

No, I’m not talking about swans of any hue; I don’t believe in black swans as an event that could not be predicted.

...

http://johnglennmbci.blogspot.com/2013/07/erm-bc-coop-always-wear-underwear.html

Monday, 08 July 2013 14:16

No plan for planes

Catching up on the news Sunday morning I learn that a plane crash at San Francisco’s airport (SFO) caused cancelled flights across the country.

I live close to two major airports: Hollywood/Fort Lauderdale (FLL) and Miami (MIA).

The local tv stations sent people to interview stranded travelers, asking what they were going to do until flights to SFO resumed.

Not one traveler – not one – planned to do anything other than “hunker down” either at the south Florida airport or at a nearby lodging.

If I had been booked on an SFO-bound flight I would be talking to the airline’s representatives to get a flight to LA or Seattle.

Ahh, but that’s not San Francisco.

...

http://johnglennmbci.blogspot.com/2013/07/erm-bc-coop-no-plan-for-planes.html

By Ray Abide

In the past, I have mostly referred to the activity in which participants are assembled to work through a simulated business continuity event in order to determine their familiarity with the plan, its completeness, and perform their individual roles to recover from a given scenario as a business continuity plan test. Sometimes I have interchangeably used the term ‘exercise’ or ‘simulation’ instead of ‘test’.

...

http://www.continuitycentral.com/feature1083.html

By Barry Shteiman.

Recently a very interesting article on the Armed Forces Communications and Electronics Association website caught my eye: ‘DISA Eliminating Firewalls.’

Although the title seemed provocative at first, the article itself just made me smile.

DISA gets it, it really gets it.

One of the advantages of working with the father of the modern firewall (Shlomo Kramer) is that I have an insider’s perspective on how security has evolved over the years: from the early days of Stateful Inspection firewalls, when perimeter and interdepartmental separation was the focus, to the realization that data (a company’s lifeblood) is the single most important asset to protect. Not this or that network, but the data.

In the AFCEA article, Lt. Gen. Ronnie Hawkins JR explains that network separation, while widely accepted, does not encourage business collaboration, such as easily accessing and sharing content.

...

http://www.continuitycentral.com/feature1084.html

Tripwire, Inc., has announced the first instalment of results from an extensive survey on the state of risk-based security management conducted by the Ponemon Institute. The survey covers risk-based security management program governance and maturity and includes 571 UK and 749 US respondents from the following areas: IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management.

“The findings from this report strongly indicate that risk-based security management is still viewed as an IT or security task instead of a business task,” noted Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Unfortunately, the full value of a risk-based approach to security can only be realized when senior business leaders fully participate in the process.”

...

http://www.continuitycentral.com/news06843.html

Those of us who spend our business lives immersed in the Business Continuity industry swim through a sea of acronyms.  Meanwhile, we are constantly seeking the support and cooperation of colleagues who are often confused by those same acronyms.

We can make understanding easier simply by using real terms instead of acronyms.  But unless we can clearly define those fundamental Business Continuity terms, we still risk confusing our potential supporters and partners.

There are two common terms that are too often used (or confused) interchangeably:  Incident Management and Crisis Management.  They are not the same.  They are related – but have differences in purpose and objectives that ought to make their definitions clear:

...

http://ebrp.net/incident-management-crisis-management-very-different-often-confused/

close up image of a school bus with handicap sign

By Georgina Peacock

When Hurricane Katrina hit, Julie thought she was ready.  She always had an emergency kit prepared because her son Zac needs medical supplies and equipment to keep him happy and healthy. Zac has spina bifida, a major birth defect of the spine; hydrocephalus, which means he has extra fluid in and around the brain; and, a number of food and drug allergies. He has sensitivities to changes in temperature and barometric pressure. Therefore, she always made sure they had a week’s worth of supplies and medicine ready when it was time to evacuate. “There is a very delicate medical balance,” she said.  “When he has an issue, the dominos tend to fall quickly.”

As communities around the Gulf braced for Katrina, Julie’s family left New Orleans for Baton Rouge with their one week reserve of Zac’s medical supplies including catheters, feeding tubes, and special medications. But like most families facing the devastation of this hurricane, they ended up being gone for much longer.  “It was a very challenging time for so many people, but especially for families of children with special health care needs, like ours,” said Julie. “Zac is a unique guy who needs a lot of support.” 

Zac posing in his wheel chair for his baseball team photo“Now, we always keep a one month supply of Zac’s supplies in our emergency kit,” she said. “It’s critical. It’s life and death for us.” Her insurance pays for this stockpile of emergency supplies. She also keeps a document of Zac’s daily needs and medical history in print and electronic format.  This vital document includes:

  • Daily plan of care
  • How to use his medical equipment
  • Recipe for formula
  • Catheterization schedule
  • Allergy information: food and medication allergies, type of reaction, and what to do if he has a reaction
  • Surgeries
  • Diagnoses by body system
  • List of his doctors with contact information
  • Equipment providers
  • Pharmacist
  • Medications and supplies including stock numbers and basic descriptions of products for comparable substitutions
  • Allergy information
  • Insurance information
  • Case manager for his Medicaid waiver
  • Since he is over 18 – legal documentation of  “continuing tutorship” which allows parents to make medical decisions for him.
  • Biographical sketch including his likes/dislikes; hobbies/interests; and triggers-things that will disturb him.

Julie urges families with children who have special needs to know what emergencies are likely in their area. For Julie’s family, they know the areas that flood and prepare for hurricanes and tornados. Also they live in an area that is home to many chemical factories and a nuclear plant, so they prepare for plant explosions, nuclear reactor accidents, and fires.  “Preparing and planning can give you peace of mind,” she said. “Get a kit. Make a plan. Be informed. It applies to everyone, especially to those of us who care for children with special needs.”

Children with Special Healthcare Needs in Emergencies

Children with special healthcare needs may be more vulnerable during an emergency.  They may have difficulty moving from one location to another, urgent or persistent medical needs, difficulty communicating or have trouble with transitioning to different situations. A disaster can present all these difficulties at once. Knowing what to do can help maintain calm in your family and keep them safe.

Please visit the following sites for more resources:

Leave a Comment

Does someone in your family have unique needs? How do you prepare? How have you addressed these needs during an emergency? Share your experiences and tips below.

Georgina Peacock, MD, MPH is a medical officer and developmental-behavioral pediatrician with the Prevention Research Branch in the Centers for Disease Control and Prevention’s National Center on Birth Defects and Developmental Disabilities.  Follow her on Twitter @DrPeacockCDC

http://blogs.cdc.gov/publichealthmatters/2013/07/emergency-preparedness-for-families-with-special-needs/

Further illustrating how important reputation can be to a business enterprise, Paula Deen’s rapidly crumbling empire took another hit this week when Ballantine Books announced that it was cancelling the publication of the celebrity chef’s latest cookbook, Paula Deen’s New Testament: 250 Favorite Recipes, All Lightened Up, which was scheduled to be released in October as the first in a five-book deal signed last year. Even more surprising, was that based on pre-orders alone the book was already Amazon’s number-one best seller (Interestingly enough, the book was replaced at the top spot by another Paula Deen cookbook, Paula Deen’s Southern Cooking Bible.)

The book cancellation brought the total of business deals killed by Deen’s admission that she had used racial slurs in the past to 12. According to the Consumerist, the tally includes:

...

http://www.riskmanagementmonitor.com/paula-deen-and-the-impact-of-reputation-risks

Business Continuity Management (BCM), like most corporate programs, is often plagued by common mistakes; these common mistakes also apply to the Business Impact Analysis (BIA. The following are some common mistakes that need to be addressed to ensure that the BIA is effective:

1. Minimal Management Support – Senior management must buy in to the need for continued maintenance of the BCP program. The program requires on-going resources to ensure that the program is funded and there are dedicated resources assigned across the organization. The people who head up the BCP program must have the requisite training, as well as the skills to provide leadership, prioritize tasks, communicate with stakeholders, and manage the program.

...

http://stoneroad.wordpress.com/2013/07/01/12-tips-trips-traps-the-business-impact-analysis-bia/

CHICAGO--When Hurricane Katrina struck the states near the Gulf of Mexico in August 2005, human resources at Target Brands Inc. was right in the middle of handling the crisis for the well-known retailer.

The company managed to get the cash registers up and running in a very short time, but it was left with the question of who would run them, Terri Howard, who worked for Target then and is now senior director of FEI Behavioral Health in Milwaukee, recalled.

In a crisis, “HR's role is strategic. It is to make sure that your folks are taken care of,” Howard said June 19 at the Society for Human Resource Management's Annual Conference & Exposition.

That has numerous ramifications, she said. In the aftermath of Hurricane Katrina, banks were closed and ATMs weren't working due to power failures, so “we had to fly in cash to pay people, which had implications for compensation,” Howard said. There also were questions about employees with health insurance going to health care providers who were out of network temporarily, she said, and whether the employees would be charged copays.

...

http://www.bna.com/hr-play-strategic-n17179874840/

Tuesday, 02 July 2013 11:44

Data outside the data centre

The data centre gets the spotlight when organisations look to improve their management and storage of data, but a growing proportion of the information in the average enterprise is found at its branch offices and on end-user devices.

Security vendor Symantec, for example, estimates that around 46% of the data in most enterprises is found outside their data centres. The volume of data outside the safe perimeter of the data centre is growing at a rapid rate, thanks to the rise of mobility and cloud computing.

In addition, many companies still maintain Windows file servers and low-end storage arrays in branch offices, so users can access applications and data without having network bottlenecks slow them down. This exposes companies to both data storage risks and inefficiencies.

...

http://www.itweb.co.za/index.php?option=com_content&view=article&id=65329:Data-outside-the-data-centre&catid=69

Mobile devices such as smartphones, laptops and thumb drives are becoming increasingly vital to productivity, but your organization’s data could be at risk if one of these devices is lost or stolen. The amount of protected health information (PHI) that is transported through mobile environments is staggering and healthcare organizations have a responsibility to investigate security incidents and report PHI exposures. To protect the organization and its patients, it is crucial that IT staffs and privacy and security officers know what to do if a breach is suspected.

Having even a simple incident response plan in place that focuses on rapid identification and a coordinated response gives healthcare organizations important advantages in the fight against cyber crime. First, a plan allows IT to greatly reduce the time between the discovery of a possible exposure and the identification of any data that was compromised. Reduced response time can keep the data loss to a minimum and assists the organization in providing mandatory notification within the time frame allowed. In addition, a formal process gives IT the ability to quickly limit unauthorized access to the network and sensitive data, thus limiting the amount of information that may be exposed.

...

http://healthitsecurity.com/2013/07/01/managing-a-health-data-breach-with-a-response-plan/

Disaster can strike in an instant. Whether it is weather-related, man-made or due to some other cause,disasters often occur with little or no warning. That's why creating and implementing an emergency-preparedness plan could mean the difference between saving your business and losing it all.

At the heart of every successful plan is clear communication. Mobile devices such as smartphones andtablets can help ag retailers and their employees connect with each other and authorities, spreading critical information in a time of crisis. Helping to keep the lines of communication open are dozens of mobile appsspecifically designed for emergency preparedness. I’ve researched the most commonly used ones and compiled them in this handy list (in no particular order):

...

http://www.croplife.com/article/34563/10-best-apps-for-emergency-preparedness

The year 2013 will be a turning point in how governments around the world view the threat of floods in a new age of extreme weather events.

India, Nepal, Canada and many countries in Europe have experienced huge losses over the last two months due to intense precipitation that has triggered extreme flooding affecting millions of people’s well-being and livelihoods.

The shocking loss of life in India underlines how vitally important it is that we start planning for future scenarios far removed from anything that we may have experienced in the past.

When we look at the worldwide escalation in economic losses from disasters over the last five years, it is clear that our exposure to extreme events is growing and this trend needs to be addressed through better land use and more resilient infrastructure as we seek to cope with population growth and rapid urbanisation.

...

http://www.trust.org/item/20130701083848-mav3e/

Kylie Fowler got controversial when she spoke last month to an audience of asset management and configuration management professionals at the BCS CMSG Conference in London about the five constants she always encounters in her 10-plus years of working as an IT asset management consultant.

While these constants may always hold true, and her advice on how to deal with them held some surprises.

She counselled the audience always to listen to their data - “your data has a huge amount to tell you if you use it correctly,” she said.

...

http://www.theregister.co.uk/2013/07/01/it_asset_management_five_constants/

Monday, 01 July 2013 14:45

HP Secures Data Migration To The Cloud

With the explosion of data in the enterprise and the ability to use as-a-service storage models, important security-level practices are undermined and organisations lose sight of potential threats. In the absence of these standards, IT teams are struggling to identify and assess potential risks, opening their organisations to catastrophic security breaches.

The new HP Cloud Security Risk and Controls Advisory Services, part of the HP Converged Cloud Professional Services Suite, deliver choice, confidence and consistency to customers by combining expertise from across HP, supporting the management of data risk, identification of vulnerabilities and maintenance of compliance with IT governance. This provides clients with solutions that protect their information before it migrates to or from the cloud, whether it is a public cloud, private cloud or hybrid deployment. As a result, organisations can reassign IT resources from spending time on manual tasks to focusing on innovation.

...

http://biztech2.in.com/news/cloud-computing/hp-secures-data-migration-to-the-cloud/161042/0

No business today is immune from the ravages of storms and power outages – not to mention earthquakes, fires or other unforeseen disasters that can strike in a minute.

Although all companies need a disaster recovery plan, insurance agents have an even greater obligation to put one in place to enable them to operate after a catastrophe to handle the claims of hard-hit clients.

Here are five tips to keep in mind when developing a plan for confronting disaster and for keeping your agency operating through tough times.

...

http://www.insurancejournal.com/magazines/features/2013/07/01/296795.htm

Disaster Recovery as a Service (DRaaS) backs up the whole environment, not just the data.

"Most of the providers I spoke with also offer a cloud-based environment to spin up the applications and data to when you declare a disaster," says Karyn Price, Industry Analyst, Cloud Computing Services, Frost & Sullivan. This enables enterprises to keep applications available.

Vendors offer DRaaS to increase their market share and revenues. Enterprises, especially small businesses are interested in the inexpensive yet comprehensive DR solution DRaaS offers. There are cautionary notes and considerations too that demand the smart businesss attention before and after buying into DRaaS.

...

http://www.csoonline.com/article/735737/3-things-to-consider-before-buying-into-disaster-recovery-as-a-service

Yesterday I was interviewed by NPR for a program airing this weekend about PR and reputation problems caused by racism. It’s always good for someone who helps others prepare for media interviews to do a real one themselves to bring some lessons home. I wasn’t too happy with the interview despite having prepared by thinking through key messages.

In case you catch the story, and some of what I said is included, here is how I intended to answer the question.

1. It’s always about credibility.

While there isn’t a denial, or he said/she said in this case, people are still looking at Paula closely to see if she is to be believed. No doubt trust and respect for at least some has been shaken by revelation of her past attitudes and behavior. Now they are looking to see if she is telling the truth and can rebuild trust. Sincerity is everything. Sadly, I think Paula is very much lacking in this right now with bungled apology, standing up the Today Show, a rocky performance there, and as far as I know, no real action taken–just words. Sincerity and credibility, like all things trust related, are judged more by actions than words.

...

http://ww2.crisisblogger.com/2013/06/what-advice-to-give-those-involved-in-reputation-wrecks/

Federal chief information security officers (CISOs) know that it isn’t a matter of whether their agency will be subject to a cyber-attack; it is a question of how frequently the attacks will occur. 

But, the real concern that keeps CISOs awake at night is wondering when one of the attacks succeeds -- and they know one eventually will -- whether it will successfully compromise the network and disrupt operations, or even worse, result in stolen sensitive, classified or personally identifiable information (PII). 

The traditional approach to addressing common system and network vulnerabilities, which includes placing the problem in silos based on the particular type of attack or its target, is no longer enough to meet the challenges posed by today’s hackers and cyber criminals. Instead, the federal cyber-security landscape requires that agencies take an enterprise approach to cyber risk management, and to do so, CISOs must be able to understand and visualize the human and technology interactions that impact the agency in cyberspace. That’s where analytics can help.

...

http://www.gsnmagazine.com/node/30287?c=cyber_security

With the operational complexities and regulations businesses face today, basic computer services and support may not be enough to allow them to keep pace with their competition. Myriad regulations and a multitude of other activities make it difficult for any contemporary organization to survive (let alone thrive) without people who can design and implement increasingly specialized systems…and keep them up and running. Of course, before the first piece of that IT infrastructure has even been identified, someone has to determine the company’s goals and build the guidelines that will help achieve those objectives.

Those are several of the roles solution providers should be involved in. Businesses need someone to be their architect; not just for system design but also to develop the policies and programs that must be in place to automate their processes. For example, before customer-related information and business-critical data can be safely and securely stored using a cloud backup solution, someone has to determine which files, records and other details need to be saved.

...

http://thevarguy.com/blog/be-information-security-specialist-your-customers-need

Any cyber attack can bring unprecedented damage to a company, but can these damages be quantified in financial terms? This year, experts at B2B International calculated the damages stemming from cyber-attacks based on the results of a survey of companies around the world.

The survey titled, 2013 Global Corporate IT Security Risks survey, found that the average cost incurred by large companies in the wake of a cyber attack is a whopping $649,000. To arrive at the most accurate picture of costs, B2B included only incidents that had occurred in the previous 12 months. Additionally, the assessment was based on information about losses sustained as a direct result of security incidents.

...

http://www.cxotoday.com/story/649000-the-cost-of-a-cyber-attack-on-business/

From the smallest business decisions to the largest ones, risk influences all that we do. But taking a risk is not exactly like spinning a roulette wheel, where luck is the primary ingredient for success. With use of the right tools, risks can carefully be calculated, controlled and managed, greatly reducing the variable of bad luck.

Many successful CFOs today are accounting for the impact of outside forces – from regulatory changes, interest rates, supply chain and other operational events to natural disasters and even consumer sentiment – to inform, shape and govern their corporate strategies.

While the nature of the finance function has historically been to analyze past performance, risk is inherently forward-looking. CFOs must move beyond their traditional domain and use performance indicators and risk to predict the future. By discovering hidden patterns of risk rooted within their ledgers and spreadsheets – and integrating risk with financial management – CFOs can provide critical linkages between strategy and execution and stay ahead of the curve.

...

http://www3.cfo.com/article/2013/6/risk-management_fuessler-big-data-ibm-predictive-analytics-dmv

A quarter of European insurers say it’s hard to find knowledgeable, qualified risk management staff, compared to 16% of their US counterparts.

 

European insurers are becoming increasing troubled by the lack of knowledgeable, qualified risk managers in the talent pool, according to research from State Street.

According to its survey, carried out by the Economist Intelligence Unit in April, 25% of European insurers said they found it difficult to find the right sort of risk manager, compared to 16% of US insurers.

The dearth of suitable talent is concerning, given 89% of insurance executives said improving the assessment and pricing of risk was a challenge.

In addition, 80% of respondents globally viewed balancing liquidity and reserve adequacy as a challenge, and almost a third (29%) said their companies have divested lines of business since the start of the financial crisis due to new capital requirements or risk management considerations.

...

http://www.ai-cio.com/channel/RISK_MANAGEMENT/Is_There_a_Risk_Management_Talent_Drought_in_Europe_.html

CSO — Securing important corporate or personal information has never been more challenging. Every day, new vulnerabilities are discovered, more breaches are reported and we all become less secure. Just look at the headlines, whether it is Anonymous latest attack, state sponsored Cyber espionage or warfare, criminal activity or just someone being exploited by five year old malicious code that still finds victims, the picture metaphor is of a snowball rolling downhill and getting bigger and bigger as it rolls.

Currently, we have a broken model and the state of security continues to spiral downwards. The main root of the issue is that the economics aren't aligned correctly to ensure accountability and responsibility. As a result, we have less security, higher costs, and greater pressure to opt for convenience over security and a fundamental failure to provide proper alignment and transparency to either company or government information security. Without making fundamental changes we are destined to have an ongoing erosion of our security which also translates into an erosion of our privacy and national security.

...

http://www.csoonline.com/article/735575/3-reasons-why-america-s-security-model-is-broken

CALGARY — The flood crisis is a wake-up call for Calgary companies to adopt flexible work arrangements.

With the city in disarray this past week and the downtown closed for business, many companies may find this a spark to put in place telework programs that can prove invaluable not only during crises, but on a more regular basis, said Dr. Laura Hambley, Calgary-based industrial/organizational psychologist with The Leadership Store.

“Having employees well practiced and equipped to work from home, or telework, is an excellent business continuity strategy. In fact, it should be a key component of such plans whenever possible,” she said.

Companies who already have a flexible work policy in place, seamlessly work through natural disasters without losing productivity while keeping safe in their homes, she said.

...

A series of violent storms put Aaron Titus, disaster coordinator for the New Jersey branch of Mormon Helping Hands, through his paces last summer. He coordinated the dispatching of several hundred volunteers to about 300 locations to help remove damaged trees. The effort was so taxing that he doubted one person would be able to successfully coordinate large-scale disaster mitigation smoothly in all cases.

“I realized, if you try to do it as a single individual, you’re never going to be able to,” Titus said.

In response, he developed an early version of Crisis Cleanup, a free open source mapping tool that allows disaster relief organizations to coordinate cleanup and rebuilding efforts after catastrophes. The system’s undergone successive modifications since, and today members of volunteer disaster relief organizations logon to the tool and input data into an assessment form about a resident who needs help. This data includes the resident’s address and the type of incident, like flooding, tree removal or food delivery. That information then generates icons on a dynamic map alongside the assessment form.

...

http://www.emergencymgmt.com/disaster/Crisis-Cleanup-Mapping-Tool.html

In the May issue of Risk Management, Emily Holbrook reported on the prevalence of food fraud in restaurants and supermarkets around the world. Characterized by counterfeit or purposely mislabeled foods used by unscrupulous producers looking to make a quick buck, food fraud manifests itself in many ways. Sometimes its as unsettling as pig rectum in place of calamari or horse meat for hamburger, while other times its farm-raised fish sold as “fresh-caught.” Regardless of the nature of the deception, customers are put at risk. Not only are they conned into buying more expensive items, but they can also be exposed to pathogens or toxins that they would have no reason to expect in their food.

The New York Times recently reported about instances of fake vodka laced with bleach to lighten its color or olive oil contaminated with engine oil to extend the supply and increase profits. It turns out that food fraud is more widespread than most people realize.

...

http://www.riskmanagementmonitor.com/the-cost-of-food-fraud-or-does-this-vodka-taste-like-bleach

Granted, the drop hedcq is bad grammar, but it works for the military and it could – most likely would – work for any organization.

The military is very big on roll calls and knowing who is present and who is absent – in the latter case, also why the person is absent.

The military roll call is done in reverse pyramid fashion.

On the bottom is the squad. This can be maybe 4 to 10 people.

Next is the platoon. A platoon is composed of several squads.

Moving on up there are companies, each having several platoons; then – well, the graphic shows it all.

...

http://johnglennmbci.blogspot.com/2013/06/erm-bc-c00p-sound-off.html

Friday, 28 June 2013 16:41

Tips For Surviving A Mega-Disaster

The U.S. is ready for tornadoes, but not tsunamis.

That's the conclusion of a panel of scientists who spoke this week on "mega-disasters" at the American Geophysical Union's science policy meeting in Washington, D.C.

The nation has done a good job preparing for natural disasters like hurricanes and tornadoes, which occur frequently but usually produce limited damage and relatively few casualties, the panelists said. But government officials are just beginning to develop plans for events like a major tsunami or a large asteroid hurtling toward a populated area.

The difference between a disaster and a mega-disaster is scope, the scientists say. For example, Hurricane Sandy was defined as a disaster because it caused significant flooding in New York and New Jersey last year, says of the U.S. Geological Survey. But the flooding was nothing like what happened to California in the winter of 1861 and 1862, she says.

"It rained for 45 days straight," Jones says, creating a lake in the state's central valleys that stretched for 300 miles. The flooding "bankrupted the state, destroyed the ranching industry, drowned 200,000 head of cattle [and] changed California from a ranching economy to a farming economy," she says.

...

http://www.npr.org/2013/06/28/195630480/tips-for-surviving-a-mega-disaster

Enterprises need to assess the risks of cloud computing and have clarity on data protection and security responsibilities when contracting cloud services to avoid another “2e2 disaster”, a cloud lawyer has said.

Cloud is not a magical solution that will fix all of IT’s problems and customers must understand that the service they get depends on what they pay for, Frank Jennings, cloud lawyer at DMH Stallard told Computer Weekly at the annual Cloud World Forum 2013 event.

“If you are a big blue chip company paying more for the cloud service, you may get a higher level of protection, but if you are a small enterprise, your contract doesn’t provide enough value to the cloud service provider,” Jennings said.

...

http://www.computerweekly.com/news/2240186940/Follow-best-practices-while-contracting-cloud-services-warns-lawyer

Thursday, 27 June 2013 15:07

The three key stages to managing risk

Risk arises because of uncertainty about the future. It could involve the possibility of economic or social loss, or incur damage or delay. Risk management provides a structured way of assessing and dealing with future uncertainty. This leads to more efficient and effective decisions, greater certainty about the future and reduced risk exposure.

In every procurement transaction a degree of risk is involved, although most of the time it is not recognised and expressed as such. This is true for simple purchases, for example, ordering a meal or a bottle of wine in a restaurant. It is especially true when ordering complex goods or services, where the specification is not pre-determined, the outcomes are unsure, and the provider unknown.

...

http://blog.supplymanagement.com/2013/06/the-three-key-stages-to-managing-risk/

Thursday, 27 June 2013 15:06

Hurricane watch? There's an app for that

Emergency preparedness applications are a growing trend in smart phone technology.

It’s hurricane season in Louisiana, and that means people will keep a watchful eye on the Gulf of Mexico. Preparing should go farther than that, however. Local, state and national disaster relief organizations flood their websites with emergency information. Smart phones allow the information to be more accessible with the development of emergency-related mobile apps.

The American Red Cross last year launched six mobile apps — Tornado, Hurricane, Shelter Finder, First Aid, Earthquake and Wildfire.

The Red Cross of Central Louisiana used the hurricane app for the first time when Hurricane Isaac threatened Central Louisiana. The app monitors local conditions, and aids in storm preparations. One feature allows users to find help or let others know they are safe.

...

http://www.thetowntalk.com/article/20130627/NEWS01/306270022/Hurricane-watch-There-s-an-app-that

Thursday, 27 June 2013 15:04

Eight Tips for Implementing a DR Program

Unlike Dorothy in The Wizard of Oz, IT doesn’t have to worry about “lions and tigers and bears, oh my!” Tornados, however, are a shared problem, not to mention hurricanes, earthquakes, blackouts and blizzards. When disaster strikes, it may be tempting to close your eyes and repeat “there’s no place like home,” but unless you have a pair of ruby slippers, the following are better tips to get you safely back to Kansas.

#1 – Distance Matters

Select a disaster recovery location that is far enough away that it won’t be affected by whatever brings your own systems offline.

Florida Hospital, a member of the Adventist Health System, is the nation’s largest privately-owned hospital with 17,600 employees and 2,230 physicians working at 22 campuses. The hospital has its own disaster recovery (DR) site just a few miles from its primary data center in Orlando, but since its primary concern is hurricanes, it also selected a managed SunGard DR site that is 1000 miles up the coast in a location that won’t likely be hit by the same storms.

...

http://www.enterprisestorageforum.com/backup-recovery/eight-tips-for-implementing-a-dr-program.html

A seeming innocuous phrase that sounds as if it could be the name given to a downtown district of a sprawling metropolis or a local sports team, “Five Nines” actually refers to a desired level of system availability.

Ever since man began to create and use more complex machines and tools he has been locked in an eternal battle to keep them working and to improve their performance. But the emergence of cloud computing has freed many companies from the daily tussle between hardware, software, random events and erratic connectivity.

The idea of Five Nines is a classic case of an essentially contested concept, and the debates that whirl across the internet over its validity as a concern of modern businesses demonstrate that it cuts to the very heart of the direction that cloud services are heading in.

But can such a contentious subject be of any use to you and your business?

...

http://www.business2community.com/tech-gadgets/how-important-is-the-concept-of-five-nines-to-your-business-0535399

Thursday, 27 June 2013 15:01

Benefits of cloud-based disaster recovery

An effective business disaster recovery plan is like building or travel insurance - you don't realise how important it is until adversity strikes.

Unexpected events that disrupt normal business activity can have a major impact on operations, staff and customers. Having in place a comprehensive plan to deal with such events is a vital part of effective management.

When it comes to their IT systems, many large companies tackle disaster recovery (DR) by establishing an offsite facility that can support business systems should a catastrophe strike. Critical applications and data is replicated in this facility and kept in a state of readiness at all times.

Smaller companies, however, often find they cannot readily afford such an approach. The overheads associated with purchasing and maintaining duplicate hardware and applications that may never be used make it a very expensive option. Add the extra IT management requirements and this approach to DR moves even further out of reach.

...

Often the employees at a small to mid-size business feel they already have their hands full just running day to day operations. But what if a worst case scenario were to strike?

It’s not pleasant to think about, but necessary to do so. Consider the small businesses that have seen their offices washed away in the recent Alberta floods, or seen their employees stranded and displaced – or worse. How will the business pull together and survive the disaster, while communicating a plan of action to its employees?

When it comes for disaster planning there are few organizations in the world that have as much experience as the U.S. Federal Emergency Management Association (FEMA), an agency under the department of Homeland Security. So we’re looking to Robert Jensen, the principal deputy assistant secretary for public affairs at Homeland Security, for some strategies for disaster recovery communications planning.

...

http://www.itbusiness.ca/news/3-secrets-of-disaster-response-learned-from-hurricane-sandy/37084

I think that small and mid-size businesses are the most underserved in the information security market today. These companies have not paid the necessary attention to information security, and the data indicates they will pay a steep price for not doing more.

Robert Plant, writing for the Harvard Business Review on June 4, 2013, spoke very plainly and clearly on the need for the CSO in companies today. Mr. Plant in his blog writes:

“First off, if the company doesn't have a CSO and the chief executive thinks the "S" has something to do with sustainability, just fire him. If it does have a CSO and the CEO chooses to eliminate that position, do the same thing, because it's the wrong answer. While you're firing him, inform the CEO that data security is the number one critical need for U.S. corporations today, and that the CSO is kind of like the chairman of the Joint Chiefs of Staff. You wouldn't get rid of the chairman of the joint chiefs in wartime.”[1]

...

http://blogs.forrester.com/edward_ferrara/13-06-26-small_and_mid_size_business_have_security_issues_too

Business leaders and IT professionals don't often like to think about contingency plans. It seems like the more a company plans for a disaster, the more it expects one to occur. This attitude doesn't necessarily cause arrogance or ignorance, but what it can result in is too little attention paid to business continuity plans, of which disaster recovery is a significant component. Denying the problem doesn't make it any less likely to occur, but it can mean taking a harder hit to business-critical functionality if it does. These businesses, in addition to those that do seek out extensive disaster recovery plans, should be aware of the strengths of enterprise cloud computing.

Part of what will drive security and business continuity improvement in enterprise clouds is the oversight inherent in the cloud computing model, according to the Jacksonville Business Journal. Cloud service providers and adopters enter into agreements in which CSPs are responsible for protecting another business' resources, be it data, infrastructure or IT. Further developments in cloud partner programs will only increase the number of businesses that are directly responsible for upholding the integrity of another's networked resources.

...

http://www.peakcolo.com/news/enterprise-clouds-expand-disaster-recovery-possibilities

Techworld — Dutch water experts have teamed up with IBM to launch a new initiative called Digital Delta, which will investigate how to use Big Data to prevent flooding.

The Netherlands is a very flat country with almost a quarter of its land at or below sea level, and 55 percent of the Dutch population is located in areas prone to flooding. The government already spends over 7 billion in water management every year, and this is expected to increase 1-2 billion by 2020 unless urgent action is taken.

While large amounts of data are already collected, relevant data can be difficult to find, data quality can be uncertain and with data in many different formats, this creates costly integration issues for water managing authorities, according to IBM.

...

http://www.cio.com/article/735496/IBM_Uses_Big_Data_to_Improve_Dutch_Flood_Control

Wednesday, 26 June 2013 18:03

DDoS: A 'Perfect Weapon' for Attackers

Distributed-denial-of-service attacks are the perfect weapons for cybercriminals and political adversaries. And Prolexic CEO Scott Hammack says any organization with an online presence should brace itself for attacks.

"As the world becomes more chaotic - which I do believe it will be - there will be more and more disenfranchised countries or people," Hammack says during an interview with Information Security Media Group [transcript below]. "This is a perfect weapon," he says.

And as the attacks get more sophisticated, defending against them gets more challenging, Hammack says. Today's attacks are increasingly using standard Internet security mechanisms, such as secure sockets layer protocol, to defeat online-outage defenses, he says.

...

http://www.govinfosecurity.com/ddos-perfect-weapon-for-attackers-a-5859

Wednesday, 26 June 2013 18:02

An Executive's Guide To Security Risks

The following guest post is by Dwayne Melancon, CISA, chief technology officer, Tripwire, an IT security software company.

The SEC is getting pretty explicit about information security risk. You have to identify it, you have to declare it, and you have to manage it.  The problem is, a lot of the CEOs I talk with have no clue what they are accepting when they sign off on information security risk.

Sometimes, they blindly accept the cryptic recommendations from their chief information security officers (a.k.a., CISO).  Sometimes, their guts tell them there may be a problem, but they don’t know which questions to ask to figure out what’s really going on.  In both cases, I think it’s a problem that senior business managers are accepting risks they don’t fully understand.  How can this represent the best interests of your stakeholders?

...

http://www.forbes.com/sites/groupthink/2013/06/26/an-executives-guide-to-security-risks/

Wednesday, 26 June 2013 17:58

Resilience Lessons from Hurricane Sandy

Yesterday I spent the day with a number of people from across the nation looking at what lessons can be learned from the Hurricane Sandy Experience.  The key person putting this event together was Steven Flynn.  Because he was able to get grant funding to support the work he could sponsor the travel for a variety of people to attend.  Generally he drew on people from other major metropolitan areas that have been doing catastrophic planning and also have significant risks.  I liked the mix of attendees.  Due to the significant business interruptions to the NY/NJ ports there was a number of other port authority representatives in attendance.  

The first panel of the day was a federal one that spoke to what they learned from the Hurricane Sandy Experience.  See my notes below.  Please note that this is what I could capture, certainly not a verbatim record for what was said.

...

http://www.emergencymgmt.com/emergency-blogs/disaster-zone/Resilience-lessons-from-hurricane-sandy-062613.html

When it comes to compliance risk, board members know the drill all too well. Every six months or so, they receive a new report indicating that everything is mostly under control.  So it’s no wonder they’re surprised when a compliance issue blows up – and it’s no wonder they’re asking tougher questions of compliance executives with every passing quarter.

As regulatory oversight continues to grow, the challenge of dealing with compliance risk will only become more pressing.  It’s not just an item on the agenda – compliance is its own agenda these days.  Given the pace and scale of change, both compliance executives and boards are increasingly concerned that old, reactive ways of managing compliance may cause them to fall behind the competition — or leave them exposed to new regulatory and reputational risks.

If your organization is looking to increase its Risk Intelligence quotient through full-spectrum compliance, three broad areas will command your attention:  Environment, execution, and evaluation.

...

http://www.corporatecomplianceinsights.com/when-the-board-comes-calling-about-compliance-a-risk-intelligent-approach

Wednesday, 26 June 2013 16:50

Wading through a PR crisis

So, what do you do when the sky caves in, as it has in the last week for Savannah culinary personality Paula Deen? What do you do when the past comes knocking in a most unfavorable way? What are the steps for digging out from under a public relations disaster?

Without speaking directly to the still-unfolding Deen contretemps, Jennifer Abshire, of the Savannah public relations firm that bears her name, said there are three basic rules for dealing your way out of any PR crisis.

“If you’re looking at a crisis, I think dealing with it directly is extremely important,” Abshire said Monday. “I do, however, believe that a simple statement is sufficient. And I think the most important thing for anyone who has dealt in crisis PR is to immediately get as much good news out as possible of the wonderful things the client or person has done to help the community.”

...

http://savannahnow.com/sean-horgan-and-mary-carr-mayle/2013-06-25/wading-through-pr-crisis#.Ucsb39iDmJQ

This was only an exercise.

Police, firefighters and medical technicians swarmed onto the grounds of Canopy Oaks Elementary on a cloudy Friday morning.

They lined up stretchers and plastic kiddie pools in the parking lot behind the school. They set up washing stations to rinse hazardous chemicals off the 15 high school students who spilled into the breezeway in the middle of the school grounds, and doused the students with fire hoses.

Sheriff's deputies interviewed the students one at a time, and one of them admitted there was a bomb in a car parked out front.

The Big Bend Regional Bomb Squad arrived and deployed remote-control robots with mechanical arms that shattered windows and ripped doors off a beat-up Dodge Stratus parked out front.

Friday’s “chemical chaos” drill involved 10 agencies — from Leon County Schools to the Florida Department of Law Enforcement and the hazardous materials unit of the Tallahassee Fire Department. Evaluators followed them every step of the way, taking notes and film that will help them analyze their performance and look for ways they could respond better in the event of a real disaster.

...

http://www.tallahassee.com/article/20130625/NEWS01/306250011/-Chemical-chaos-drill-chance-practice-response-disaster

LAFAYETTE — Sussex County amateur radio operators recently concluded a 24-hour emergency preparedness drill that saw them contact more than 2,600 other operators throughout North America and overseas.

The annual exercise, conducted this past weekend in Lafayette, afforded members of the Sussex County Amateur Radio Club an opportunity to showcase their craft to the public and, just as importantly, contributed to the group's ongoing partnership with the Sussex County Office of Emergency Management.

"We want the community to know that in the event of an emergency, we will be ready to assist in any way we can," said John Santillo, the group's president. "While people often think that cell phones or other communications technologies have replaced ham radio, we can provide vital communications in an emergency that others can't."

...

http://www.njherald.com/story/22687960/2013/06/26/ham-radio-operators-test-emergency-preparedness

The day you need business continuity planning isn’t the day to start thinking about implementing a program.

In the wake of devastating flood waters that hit Calgary and parts of southern Alberta, many organizations in Wild Rose Country have had to flip the switch on their continuity plans to ensure operations continue on as close to normal as possible.

That’s not easy, given the scope of the damage. How bad is the flooding? One need look no further than the city’s iconic Saddledome, home of the Calgary Flames, which filled with water like a giant bathtub up to row 10.

According to estimates from the Calgary Chamber of Commerce, somewhere between 150,000 and 180,000 people work in the city’s downtown core, and the city has a $120-million a day economy. That’s a huge number of displaced employees with a giant price tag, and Calgary Mayor Naheed Nenshi says it will likely be mid-week before most employees can return downtown. It’s hard to imagine the city returning to business as usual this week at all.

- See more at: http://www.hrreporter.com/blog/Editor/archive/2013/06/25/dont-have-a-business-continuity-plan-start-working-on-it-today#sthash.ozTfxrRt.dpuf

 

In my career as an asset manager, and as a manager of financial risk, I have learned that all good risk management is done upfront, before the first purchase is made or product is sold.  Secondarily, good risk management relies on the concept of feedback, i. e., are the results expected at inception happening?  If not, are they happening in a way that makes us doubt the margin of safety that we thought we had?

...

http://www.valuewalk.com/2013/06/risk-management-lessons-from-the-insurance-industry/

Technology problems at the state level last Thursday prevented effective town participation in the 2013 Statewide Severe Weather Exercise, which was executed over two days last week.

The Department of Emergency Services & Public Protection (DESPP) simulated a severe ice storm affecting the west and northwest portion of the state, Region 5 of the Division of Emergency Management and Homeland Security (DEMHS). This was the second year for the drill, which was enacted as part of Governor Dannel P. Malloy’s emergency preparedness and planning initiatives after the severe storms that impacted the region during the previous year.

Towns could elect to participate either Thursday, June 20 or Saturday, June 22.

According to a notice provided to the towns by DESPP, the simulation was supposed to give the region, “an opportunity to exercise DEMHS Region 5’s Regional Emergency Support Plan with the other 4 DEMHS Regions participating in support roles.”

...

http://www.registercitizen.com/articles/2013/06/25/news/doc51c9b5c239342226337290.txt

To control costs and optimize insurance availability an overwhelming number of risk managers feel their organization must conduct deeper research into their risk to reap the full benefits of analytics, according to an online survey taken by insurance broker Marsh.

Nearly 80 percent of risk managers attending a Marsh webinar, "Using Data and Analytics for Optimal Risk Management," says their companies need to take a closer examination of risk-related data.

Of companies employing a risk manager, close to 44 percent say they do not have a set dollar-amount threshold for unexpected losses and 29 percent do not know if their company is aware of how much risk they can take on—about the same number that do quantify and share risk information with their insurance managers.

...

http://www.propertycasualty360.com/2013/06/25/marsh-survey-80-of-risk-managers-say-deeper-risk-r

When I left off last time, I mentioned that the 60/40 principle is an effective one for business continuity and disaster recovery planning. First, I set out an ambitious goal of a comprehensive, organization-wide program built around industry standards and best practices, leveraging the right automation tools and the right vendors and suppliers…and that would also be able to kill any audit. And then I took 40% off the top and made that our end-goal. Then, a funny thing happened…

...

http://blog.sungardas.com/2013/06/business-continuity-and-disaster-recovery-planning-how-to-get-your-organization-moving-in-the-right-direction-part-2/

Aligning to strategic objectives and assessment of BCMS performance

London - June 19, 2013 - Attenda Limited, the Business Critical IT company, today announced that it has been accredited with the new ISO 22301 International Standard for Business Continuity Management.

Published in 2012, the new ISO 22301 standard replaces the equivalent British Standard, BS 25999; introducing important changes including the role of top management in Business Continuity, the alignment to the strategic objectives of the organisation and the assessment of performance of the Business Continuity Management System (BCMS).

Attenda has been working for the past twelve months to align its business to the ISO 22301 standard, carrying out detailed assessments of the organisation and technology elements and processes, including a number of scenario based exercises with the Crisis Management Team.

As Matt Gordon-Smith, Director of Security, Attenda says, "We have a well-developed and mature approach to crisis management; the intention being to reduce the risk of an incident affecting our ability to do business and to allow faster recovery in the event that something does happen."

The ISO 22301 accreditation is an important component in Attenda's managed services and cloud delivery, further endorsing its business critical IT capability. All Attenda Clients will benefit from the assurance provided by this certification; and additionally, they will be able to access a range of Business Continuity and Disaster Recovery Consulting Services from Attenda, based upon this standard.

Dave Austin, Director, Operational Resilience (Oprel), who has led the international team developing the new standard and has acted as an advisor to Attenda, comments "Attenda has not only ensured that it has stringent measures in place for disaster recovery, but it has also given detailed consideration to the key information that could prevent access to the primary information sources during and after a crisis, to ensure that it can recover faster and more effectively."

In addition to ISO 22301, Attenda has been working closely with BSI on an on-going basis, to attain re-accreditation of all of its other ISO certifications including ISO 9001, ISO 27001 and ISO 20000.

Matt Gordon-Smith adds, "As an integral part of our Business Critical IT approach, we understand that Business Continuity reaches into all parts of the organisation, and must be embedded into our culture. The addition of this new ISO standard to our portfolio of accreditations reinforces our commitment to delivering Peace of Mind for our clients."

 
- See more at: http://www.attenda.net/news/prdetails.aspx?prid=128#sthash.iy1iHPtO.dpuf

Aligning to strategic objectives and assessment of BCMS performance

London - June 19, 2013 - Attenda Limited, the Business Critical IT company, today announced that it has been accredited with the new ISO 22301 International Standard for Business Continuity Management.

Published in 2012, the new ISO 22301 standard replaces the equivalent British Standard, BS 25999; introducing important changes including the role of top management in Business Continuity, the alignment to the strategic objectives of the organisation and the assessment of performance of the Business Continuity Management System (BCMS).

Attenda has been working for the past twelve months to align its business to the ISO 22301 standard, carrying out detailed assessments of the organisation and technology elements and processes, including a number of scenario based exercises with the Crisis Management Team.

As Matt Gordon-Smith, Director of Security, Attenda says, "We have a well-developed and mature approach to crisis management; the intention being to reduce the risk of an incident affecting our ability to do business and to allow faster recovery in the event that something does happen."

The ISO 22301 accreditation is an important component in Attenda's managed services and cloud delivery, further endorsing its business critical IT capability. All Attenda Clients will benefit from the assurance provided by this certification; and additionally, they will be able to access a range of Business Continuity and Disaster Recovery Consulting Services from Attenda, based upon this standard.

Dave Austin, Director, Operational Resilience (Oprel), who has led the international team developing the new standard and has acted as an advisor to Attenda, comments "Attenda has not only ensured that it has stringent measures in place for disaster recovery, but it has also given detailed consideration to the key information that could prevent access to the primary information sources during and after a crisis, to ensure that it can recover faster and more effectively."

In addition to ISO 22301, Attenda has been working closely with BSI on an on-going basis, to attain re-accreditation of all of its other ISO certifications including ISO 9001, ISO 27001 and ISO 20000.

Matt Gordon-Smith adds, "As an integral part of our Business Critical IT approach, we understand that Business Continuity reaches into all parts of the organisation, and must be embedded into our culture. The addition of this new ISO standard to our portfolio of accreditations reinforces our commitment to delivering Peace of Mind for our clients."

 
- See more at: http://www.attenda.net/news/prdetails.aspx?prid=128#sthash.iy1iHPtO.dpuf

Sgt. Jesus M. Villahermosa Jr. has been a deputy sheriff with the Pierce County, Wash., Sheriff’s Department since 1981. Villahermosa served 15 months as the director of campus safety at Pacific Lutheran University in a contract partnership where he worked on all security aspects related to staff and student safety. He has been on the Pierce County Sheriff’s SWAT Team since 1983, and he currently serves as the point man on the entry team.

In 1986, Villahermosa began his own consulting business, Crisis Reality Training. He has primarily focused on the issues of school and workplace violence.

In this Q&A, Villahermosa addresses how schools can be better prepared and secure for an active shooter emergency.

...

http://www.emergencymgmt.com/safety/School-Security-Planning-and-Response-Active-Shooter.html

IDG News Service - The French government's accounts payable system, Chorus, is back online after a four-day outage, the French State Financial Computing Agency (AIFE) said Monday.

An accident at a data center operated by French servers and services company Bull on Wednesday affected Chorus's storage systems hosted there. That incident took the core of Chorus, an SAP system with 25,000 users, offline, although another application, Chorus forms, continued to serve its 30,000 users.

The server room's fire extinguishing system was accidentally triggered following an error by one of Bull's subcontractors, resulting in simultaneous damage to several major components of a storage bay holding Chorus data, the agency said.

Bull had little to say about the accident.

...

http://www.computerworld.com/s/article/9240300/Data_center_outage_takes_French_state_financial_system_offline_for_four_days

The Editor interviews Troy Dahlberg, Douglas Farrow and Ginger Menown, Advisory Services Forensic Partners with KPMG LLP.

Mr. Dahlberg is a Partner in New York with the firm’s Forensic Practice. Troy has more than 30 years of experience providing accounting, auditing and consulting services to companies in many industries. 

Mr. Farrow is a Partner in the firm’s Forensic Practice and has over 25 years of experience assisting corporations, attorneys and their clients with a wide spectrum of financial, economic and accounting matters.

Ms. Menown is a Partner in Houston with the firm’s Forensic Practice. She has over 20 years of experience providing services in dispute resolution, investigations, mergers and acquisitions, valuation, financial advisory and auditing.

Editor: Please give us an overview of disaster situations that you have helped clients manage.

Dahlberg: We have assisted clients affected by the 9/11 terrorist attack, Oklahoma bombing, Japanese earthquake, Hurricane Irene and more recently Superstorm Sandy. Our work primarily involves economic accounting or other financial assistance to the companies that have been impacted by the disaster.

Farrow: For instance, we are currently assisting organizations of a wide range of sizes and industries that have suffered losses and/or incurred extra costs as a result of Superstorm Sandy. We are coordinating claim programs with management’s recovery plan, compiling cost data and assisting with quantifying economic and financial losses that companies have sustained as a result of the storm. In the past, we have worked on insurance claims in the tens and hundreds of millions of dollars for companies in diversified industries as a result of natural disasters such as earthquakes, floods and hurricanes.

...

http://www.metrocorpcounsel.com/articles/24446/crisis-management-and-disaster-recovery-matter-experienced-forensic-advisors

The European Commission is seeking leading lights in the arena of cloud services to help sketch out a contract framework so that customers don't get tied into murky deals.

At least, this is the principle that Steelie Neelie Kroes, vice president of the EC outlined in a blog today, ahead of the European Cloud Partnership Steering board in Estonia next month.

"One of the big barriers to using cloud computing is a lack of trust," she said. "People don't always understand what they're paying for, and what they can expect."

"I think you should be able to know what you're getting and what it means - and it should be easy to ensure that the terms in your contract are reasonable: open, transparent, safe and fair."

...

http://www.theregister.co.uk/2013/06/24/ec_cloud_panel/

Here, we are going to talk about with regards to the fact that business interruption insurance and exactly why every business ought to be ready for this surprising.

Business interruption insurance must be a crucial part of any enterprise owner’s strategy. Business interruption insurance behaves as a assisting technique for your organization when it is closed down resulting from unpredicted situations like rental destruction, accidents or maybe just about any unanticipated challenges.

Business interruption insurance provides satisfactory insurance plan whenever your customers are certainly not for action and definitely will help you spend on-going costs. Like this, you’ll get some time throughout fixing your organization. Smaller businesses that don’t invest in the following insurance might endure closure in the near future because spending regarding growing is past their own fiscal total capacity.

...

http://lamulana.com/?p=88

Monday, 24 June 2013 16:05

The Supply Chain After the Disaster

When disaster planning for the supply chain, people rarely talk about what happens when parts and devices are damaged but not ruined. However, in the aftermath of the Japanese earthquake and tsunami, the Thailand floods, and the hurricanes and tornadoes in the US, it's high time for this conversation to start happening in a big way.

Reverse logistics and repair are crucial parts of disaster recovery efforts. Fortune 500 electronics manufacturers will have to rebuild production equipment. Individual consumers will want their under-warranty cars, laptops, and phone replaced. Third-party vendors will be salvaging and reselling scrapped parts.

Let's take Hurricane Sandy, just because it's still fresh in many people's minds. In February, the National Insurance Crime Bureau raised its estimate for the number of vehicles damaged by the storm to 250,500. That number is still based on preliminary figures and could change as more insurance claims are processed. Many of those cars have been cleaned up and may be back on the market under the "good but previously damaged" label. Many others have turned up without such a label.

...

http://www.ebnonline.com/author.asp?section_id=1061&doc_id=264827&itc=velocity_ticker

The result is included in a recent survey of more than 3,000 employers by Zywave, a provider of software as a service technology solutions for the insurance and financial services industry. It was conducted during the first quarter of 2013.

The survey showed 53 percent of employers are very or somewhat concerned about post-accident cost control while 50 percent are concerned about risk control in the form of accident prevention. However, when asked for the most effective measure they take to control workers' comp costs, having a safety-minded culture was mentioned by 69 percent of respondents, although only 26 percent rank safety incentives as effective or highly effective. Also, 34 percent say they do not have a written safety manual.

...

http://www.riskandinsurance.com/story.jsp?storyId=533354392&topic=Main