Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6683)

We’ve established that workplace violence is a very real issue facing society today. We’ve also covered the importance of forming a crisis management team while providing guidelines for establishing one within your organization. Next up in our “Workplace Violence” blog series? Highlighting a few critical steps involved in formulating an effective response to workplace violence incidences. Let’s count down six things all organizations should consider as part of their comprehensive emergency action plans.

...

http://blog.sendwordnow.com/workplace-violence-six-things-every-organization-should-consider

Tuesday, 02 August 2016 00:00

Data recovery & a murder investigation…

From laptops thrown in the river to hard drives that have been damaged in an attempt to destroy any evidence of wrongdoing, Kroll Ontrack’s engineers and consultants have successfully assisted hundreds of law enforcement and government agencies, law firms and corporations to recover evidential data that was pivotal for their case.

Computer forensics is the science behind the investigation of computer media while data recovery is the technique used for the retrieval of data from a damaged media. For a comprehensive investigation to be carried out, both capabilities will have to be used in most cases. Data recovery techniques will be used to retrieve critical data from the target media and then forensic methodologies will be applied to analyse the data most critical to the case.

In many instances the media at the centre of an investigation, either as the tool used to commit a crime or a repository of evidence of a crime, might be damaged or unreadable due to reasons such as intentional damage, technical failure, fire or water among many others.

...

http://blog.krollontrack.co.uk/survival-stories/data-recovery-a-murder-investigation/

An employee notification system can revolutionize the way you communicate with your personnel. The benefits of having a notification system available for your staff are numerous. They’re better informed, safer, and the system creates a sense of transparency that workers appreciate from their management.

Your system should provide a variety of features to simplify and streamline communication efforts with your team. To get the most out of your employee notification system, you can leverage its key features like the mobile app, your dedicated emergency number, groups, and HR system synchronization – among others.

...

https://www.alertmedia.com/getting-the-most

Every enterprise is becoming a data business. Data is the lifeline that guides intelligent decision making, enabling enterprises to effectively serve their customers. The rise of data has led to the modernization of data infrastructure, with Apache Hadoop as a critical foundational element for data storage and processing. Designed as a multi-workload platform, Apache Hadoop, along with related Apache projects, enables real-time insight, robust interactive analysis, and deep data mining.

In a connected world of Internet of Things (IoT), social networking, and online transactions, the capability to capture, monitor, and rapidly process information is becoming essential for modern enterprises. A new model has emerged, the Lambda Architecture, for storing and processing large amounts of data-in-motion and data-at-rest. In many cases, it includes support for complex event processing with applications such as Apache Kafka and Storm, near-real-time analytics with Apache Spark Streaming, interactive SQL with Apache Hive, machine learning with Apache Spark, and data persistence and batch analytics with the Hadoop Distributed File System (HDFS) and MapReduce.

...

http://blogs.cisco.com/datacenter/hdpwithucs

A new study by Ponemon Institute and Gemalto has gone a long way in pinpointing the reasons why so many organizations struggle with cloud security. One of the findings in The 2016 Global Cloud Data Security Study is that our approach to cloud security doesn’t follow the organization’s regular security practices. While that isn’t the only finding in the study, I believe that the other issues build off that one point.

The majority of respondents said they struggle with controlling or restricting end-user access and protecting sensitive data, and find that they are unable to apply conventional information security in cloud environments or to inspect their cloud providers for compliance concerns directly – all areas that you’d expect in-house security practices to cover.

But here is the particular finding that I think strayed the most from conventional security practices. The study revealed that those in charge of an organization’s security aren’t involved in the cloud adoption or migration process. Again, could you imagine that being the case for other security matters? It could be that decision makers think that security in the cloud is controlled by the provider, but do you want someone else to be in charge of the security of your data? Especially with this revelation: Encryption isn’t pervasive in the cloud. Peter Bernstein addressed this finding in a Cloud Security Resource article:

...

http://www.itbusinessedge.com/blogs/data-security/why-cloud-security-remains-a-challenge-for-most-organizations.html

(TNS) — A Zika outbreak in Miami has led to 10 more local cases spread by mosquitoes in the same neighborhood north of downtown and identified last week as having been the source of the nation’s first locally transmitted cases, Florida Gov. Rick Scott announced on Monday.

Scott said he called on the federal Centers for Disease Control and Prevention to dispatch an Emergency Response Team to Miami to help the state’s health department in their investigation of the local cases believed to have been spread in a one-square-mile area in early July.

“Florida has a proven track record of success when it comes to managing similar mosquito-borne viruses,” Scott said in a written statement. “We will continue to keep our residents and visitors safe utilizing constant surveillance and aggressive strategies, such as increased mosquito spraying, that have allowed our state to fight similar viruses.”

...

http://www.emergencymgmt.com/health/Florida-Governor-Asks-CDC-Emergency-Response-Team-Zika.html

(TNS) — A chilling scenario has repeatedly played out across the country: A gunman enters a workplace, school, movie theater or other venue with dozens of potential victims and indiscriminately opens fire.

Most recently, a lone gunman armed with an assault rifle killed 49 people and wounded 53 more in an attack at a Miami nightclub popular with the gay community.

After the sad reality of another mass shooting sinks in, questions regarding motive and gun control soon emerge. But school administrators and business owners also must tackle another question: What can be done to prepare?

...

http://www.emergencymgmt.com/training/Recent-Tragedies-Spark-Interest-in-Active-Shooter-Training.html

(TNS) — Instability in the Brazilian government is raising fears about the nation’s preparedness to keep the Olympic Games safe from terrorism in the age of ISIS.

“Brazilians have and continue to struggle to manage the situation, but it’s not really clear what’s going to end up happening,” said Bradley Schreiber of Homeland Security Solutions, a former senior adviser at the U.S. Department of Homeland Security. “The turnover in government and other domestic security challenges, obviously we’re always concerned about that because that could potentially distract from other larger international issues.”

In May, Brazilian President Dilma Rousseff’s powers were suspended pending the outcome of an impeachment trial, with an acting president now performing her duties.

...

http://www.emergencymgmt.com/safety/Rio-Instability-Stirs-Fears-Attack-Terror-Experts-Say.html

Tuesday, 02 August 2016 00:00

Insurers Ready for the Summer Olympics

Opening ceremonies for 2016 Summer Olympics in Rio de Janeiro are just days away and amid crime, security and public health concerns, it is the global insurance industry that provides the critical risk coverage needed for this sporting event to go ahead.

More than 10,000 athletes from 206 countries will come together in Rio to participate in a total of 665 events which are expected to attract up to 500,0000 international spectators as well as a considerable number of domestic tourists.

Approximately $1 billion in insurance is in place for this event, via a policy purchased by the International Olympic Committee (IOC), Business Insurance reports.

...

http://www.iii.org/insuranceindustryblog/?p=4527

The Business Continuity Institute - Aug 02, 2016 12:01 BST

Communication issues have, for the first time ever, been named as the top reason for UK businesses to invoke recovery services, according to a new study by Sungard Availability Services. Having increased by a third, issues arising from data communications or telecom failures now account for over 25% of all total invocations, and resulted in the highest level of communication problems since the annual analysis began over two decades ago.

The Availability Trends Report noted that while invocations due to technology dropped by 71%, workplace issues, in which the office environment is rendered inaccessible, leapt up by a substantial 37% – the biggest jump since 2009. Overall however, the number of downtime incidents, in which staff are unable to work from their usual office or access business critical systems, remained largely the same – with only a 5% decrease compared to 2014’s figures. Despite the minor drop, these findings have given rise to fresh concerns that organisations are still not investing adequate resources in maintaining business availability for that most important of resources – their people.

Companies therefore need to take a holistic approach to their continuity and resilience strategies. As well as recovering their mission critical technology and IT systems, they also need to ensure their ability to limit downtime for their workforce. The increased take-up of Disaster Recovery as a Service offerings, as well as a rise in investment for dedicated workspaces demonstrate that businesses are realising the need to invest in comprehensive and robust recovery strategies that will address their people, not just their systems. Such a holistic focus will enable organisations to meet ever-growing customer and stakeholder demands for both consistent and constant levels of availability.

The threat that communication failures pose to organizations is something that is echoed in the Business Continuity Institute's annual Horizon Scan Report which has consistently identified IT and telecom outages as a top three threat to organizations. The latest report revealed that 77% of business continuity professionals expressed concern at the prospect of this kind of threat materialising.

Commenting on the Availability Trends Report, Daren Howell, senior manager solutions marketing – availability, recovery and continuity at Sungard Availability Services, said: “From reputational damage to missing out on sales and the subsequent loss of customer trust; the cost of downtime is simply too high for modern businesses to contemplate. With ever more demanding customers, recovery and continuity has become a lynchpin in enterprise success."

Unfortunately, crisis happens. Recently, all too often.  Many companies are not fully prepared to communicate rapidly and effectively in a crisis. This second of a 2-part blog series covers the common mistakes all business continuity and disaster recovery professionals should avoid to avert disaster and foster resiliency.

 ...

http://blog.sendwordnow.com/seven-deadly-sins-of-emergency-notification-part-two

In June 2014 the Adams County, Colo., Communications Center (Adcom911) went live with an LTE network in the 700 MHz band 14 spectrum. In so doing, it became the first successful Early Builder in the congressionally mandated FirstNet program, an effort to deploy and operate a nationwide dedicated public safety broadband network.

Much has been learned since Adams County made its early entry into FirstNet, the First Responder Network Authority. “The most important lesson here is that if this is done right, it works,” said Adcom911 Executive Director Joel Estes. “It really is a significant improvement for public safety people out in the field.”

Getting there is no small feat, however, as other Early Builder projects have shown. Funded in part by the Broadband Technology Opportunities Program administered by the National Telecommunications and Information Administration, these programs make it clear that public safety authorities can expect to meet a range of technical and cultural hurdles on the road to FirstNet deployment.

...

http://www.emergencymgmt.com/disaster/Setting-the-Stage.html

Monday, 01 August 2016 00:00

Data Quantity Or Data Quality

When we look at ways businesses embark on marketing campaigns, we can see that quantity is regarded as a good thing.

Lots of traffic - good. Viral posts are the Holy Grail: they generate thousands of page views every hour. Likes and shares: the more the merrier.

And from all of that traffic and social interest, the business hopes for a high quantity of leads and conversions.

...

https://channels.theinnovationenterprise.com/articles/data-quantity-or-data-quality

More than half of this year’s $14.8 million in cash settlements for violating data privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) involved cases in which offenders failed to conduct proper risk assessments.

As the stakes for ignoring those risk assessments continue to grow, officials at software developer AvePoint are pointing to a tool they developed in conjunction with the International Association of Privacy Professionals (IAPP), which can help make the process of conducing those reviews more consistent and efficient.

...

http://mspmentor.net/msp-mentor/privacy-audit-tool-could-help-guard-against-hippa-breach-fines

As you’ll have no doubt seen in the press, Orlando, Fla.-based backup company Replibit was recently acquired by eFolder. It's not a surprising move, as eFolder was lacking its own solution for disaster recovery (DR). So, what is so special about Replibit?

There are a few core technologies that make Replibit interesting:

...

http://mspmentor.net/blog/why-you-need-take-your-backup-and-disaster-recovery-max

Top FEMA Officials Available for Interviews to Discuss Extreme Heat Safety Tips, Urge Residents to Download FEMA Smartphone App Designed to Help Families Before, During, and After Disasters


Washington – The Federal Emergency Management Agency (FEMA) is urging residents across the nation to take steps now to prepare their families and communities for extreme heat, by reviewing important safety information and downloading the FEMA smartphone app. 

The National Weather Service announced today that “dangerously hot and humid conditions are expected this week across a large portion of the nation.” Additionally, NOAA’s Climate Prediction Center’s latest outlooknotes that most of the continental United States is facing elevated chances of well-above-average summer temperatures. According to the Centers for Disease Control & Prevention, heat kills more people than hurricanes, lightning, tornadoes, earthquakes and floods.

To help Americans stay safe during extreme heat, FEMA urges residents to consider taking the following actions in affected areas:   

  • Postpone outdoor games and activities and limit exposure to the sun.
  • Drink plenty of water and avoid caffeine; limit alcoholic beverage intake.
  • Dress in loose-fitting, lightweight and light-colored clothing.
  • Spend the warmest part of the day in temperature-controlled buildings such as libraries, schools, movie theaters, shopping malls, or community facilities.
  • Check on family, friends, and neighbors who do not have air conditioning and who spend much of their time alone.

FEMA also urges residents to download and use the free FEMA app, which provides valuable safety tips to help families prepare for and recover from more than 20 natural and man-made hazards. The FEMA app enables users to receive weather alerts from the National Weather Service for up to five locations across the nation, making it easy to follow severe weather that may be threatening family and friends.  The app also provides family communication plans, customizable checklist of emergency supplies, and maps of open shelters and disaster recovery centers. The app is available on the Apple App Store and on Google Play.

What:  Interview opportunity with FEMA officials to share information on how to stay safe during extreme heat and FEMA’s updated Smartphone App

Who:  FEMA Director of External Affairs Josh Batkin

          FEMA Director of Public Affairs Rafael Lemaitre  

          FEMA Director of Individual and Community Preparedness Helen Lowman

When:  Upon request

RSVP:  To schedule a media interview contact the FEMA News Desk at 202-646-3272 or FEMA-News-Desk@fema.dhs.gov


###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blogwww.twitter.com/femawww.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Monday, 01 August 2016 00:00

Storm Debris Will Fuel Power Plant

(TNS) - Out of sight, out of mind. That's how many of us may feel after fallen trees and branches have been hauled away from our homes.

But what will become of all that tree debris culled by last week's destructive storm?

Pakou Ly, a spokeswoman for the city of Duluth, Minn., said most of it will be chipped and hauled, ton by ton, to Minnesota Power's Hibbard Renewable Energy Center, where it will be used to generate steam for the neighboring Verso paper and recycling mills, as well as renewable energy for local electric customers.

The plant can consume up to 40 semitrailer loads of biomass fuel per day, said Amy Rutledge, manager of corporate communications for Minnesota Power and its parent company, Allete.

...

http://www.emergencymgmt.com/disaster/Storm-debris-will-fuel-power-plant.html

(TNS) - About 50 first responders from around the Hill Country gathered at Schreiner University on Thursday to discuss successful practices and lessons learned from various critical incidents.

Gregory Pratt, a training coordinator with the Federal Bureau of Investigation — San Antonio division, said similar conferences like these are conducted throughout the state and country each year.

“This gives every department involved training on any event involving an active shooter or a similar situation,” Pratt said. “Our bureau offers supportive resources like victim assistance, crime scene management, crisis and media management.”

...

http://www.emergencymgmt.com/training/First-responders-take-part-in-FBI-training.html

(TNS) - A new smartphone app is aimed at keeping Kanawha County residents up to date on emergency news and prepared in the event of local disasters.

The app, KC Ready, was a joint effort by Kanawha County Emergency Management and Metro 911. Dale Petry, director of Emergency Management, said that KC Ready is a valuable resource to have when disaster strikes in the county or when residents simply want to prepare for the worst.

KC Ready can help clear the Metro 911 phone lines for those with emergencies as well, Petry said. The app does this by sending push notifications to its users about weather situations and traffic accidents using Metro 911’s live feed, so that a large number of residents don’t call in to report the same problem.

...

http://www.emergencymgmt.com/disaster/KC-Ready-app-intended-to-be-mobile-resource-during-disasters.html

According to the results of a recent survey of 3,476 IT and IT security practitioners worldwide, just one third of all sensitive corporate data stored in cloud-based applications is encrypted.

The survey, conducted by the Ponemon Institute and commissioned by Gemalto, also found that 73 percent of respondents said cloud-based services and platforms are important to their organization's operations, and 81 percent said they will become more important over the next two years.

Just over a third (36 percent) of respondents said their companies' total IT and data processing needs are met using cloud resources today, and that's expected to increase to 45 percent over the next two years.

...

http://www.esecurityplanet.com/network-security/only-a-third-of-sensitive-data-stored-in-cloud-based-applications-is-encrypted.html

News  •  Jul 29, 2016 11:59 BST

​Businesses vulnerable due to shortage of cyber security talent

 

There is serious talent shortage crisis impacting the cyber security industry according to a new report published by Intel Security, in partnership with the Center for Strategic and International Studies (CSIS). 82% of respondents to a global survey admit to a shortage of cyber security skills, with 71% of respondents citing this shortage as responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets.

The Hacking the Skills Shortage Report highlighted that the demand for cyber security professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. Despite a quarter of respondents confirming their organizations had lost proprietary data as a result of this skills gap, there are no signs of it abating in the near-term. Respondents estimate an average of 15% of cyber security positions in their company will go unfilled by 2020.

The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously, and this starts by making sure resources are available to combat the threat. Such is the level of the threat that cyber attacks and data breaches were identified as the top two concerns to business continuity professionals in the BCI's Horizon Scan Report, which also identified availability of talents / key skills as a top ten concern.

The Hacking the Skills Shortage Report analysed four dimensions that comprise the cyber security talent shortage, which include:

Cyber security spending: The size and growth of cyber security budgets reveals how countries and companies prioritize cyber security. Unsurprisingly, countries and industry sectors that spend more on cyber security are better placed to deal with the workforce shortage.

Education and training: Only 23% of respondents say education programmes are preparing students to enter the industry. This report reveals non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons, may be a more effective way to acquire and grow cyber security skills. More than half of respondents believe that the cyber security skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities.

Employer dynamics: While salary is unsurprisingly the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer’s IT department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.

Government policies: More than three-quarters (76%) of respondents say their governments are not investing enough in building cyber security talent. This shortage has become a prominent political issue as heads of state in the US, UK, Israel and Australia have called for increased support for the cyber security workforce in the last year.

A shortage of people with cyber security skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”

The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cyber security talent shortage,” said Chris Young, senior vice president and general manager of Intel Security Group. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line.

Many organisations report that they are improving their disaster recovery capabilities, and that their confidence in being prepared for a disaster has increased. Still, there is much work to be done in ensuring adequate preparation and protection.

The cost of a business interruption, whether due to network attack, data breach or natural disaster, can be a rude awakening. An estimation of system downtime costs when a data disaster strikes takes into consideration not only productivity losses, missed sales opportunities and staff’s hourly time, but also less quantifiable impacts such as damage to corporate image and customer confidence. This highlights the growing need for additional protection against business interruptions.

...

http://blog.krollontrack.co.uk/pieces-of-interest/leveraging-virtualisation-business-continuity/

CIOs at fast-growing and dynamic enterprises are frantically trying to keep pace with business demands, as email, enterprise apps and offsite storage are increasingly moving to cloud.

As more companies migrate data and applications to the cloud, connectivity to and from cloud is very critical.

Traditional connections require long-term contracts, fees and may or may not be secure. This may slow down user experience, and in turn, business growth.

...

http://www.cyrusone.com/blog/better-cloud-connection-elastic-interconnection/

The world of emergency management is becoming increasingly interconnected and interdependent, and as the emergency management profession grows, the risks become more complex. From 9/11 and Katrina in the past to the Cascadia fault in the future — how and with what is the emergency manager in the future going to … manage?

Nobody is more interested in that question than academia. After all, most emergency manager positions require a college degree as well as training and experience in the field. The number of programs offering degrees has increased from just a few in 1995 to almost 300 today.

The debate has been one of consistency and content — what knowledge and skills should emergency management higher education programs integrate into their curriculums to meet the future challenges of the profession?

...

http://www.emergencymgmt.com/training/Meeting-Future-Emergency-Managment-Challenges-Through-Education.html

With over 1 billion people, a more than 7 percent annual growth rate and business-friendly government policies, India offers vast potential for success in the marketplace that few companies can afford to overlook. However, before committing a significant amount of time, talent and financial resources expanding operations into India, know this: While the rewards can be great, so can the risks.

Successful navigation of India’s tax and regulatory environment requires a deeper strategy than simply “follow the laws.” A holistic compliance strategy requires a thorough understanding of the country’s marketplace, business culture and regulatory environment.

...

http://corporatecomplianceinsights.com/top-4-trade-compliance-strategies-business-india/

(TNS) - As temperatures soared into the 90s again Wednesday, locals stuck by fans and air conditioning and dipped in pools and ponds trying to ride out the latest wave of sweltering heat.

Some professions are shown no mercy, however.

Late Wednesday morning as the mercury just touched 90 degrees, a fire on a South Lawrence porch was reported when residents smelled smoke and dialed 911.

Crews raced to 90-92 Jamaica St., where the single-alarm blaze in a two-story, two-family house was quickly knocked down. Fire investigators quickly determined the fire was caused by careless disposal of cigarettes. While there were no injuries, porches on the first and second floors were scorched.

...

http://www.emergencymgmt.com/disaster/Dangerously-Hot-As-mercury-rises-so-do-fire-hazards-health-risks.html

Today’s business has a lot of storage and data options. And, requirements around data control are going to continue to grow and evolve. With that in mind – let’s touch on one aspect of the IT and data center administrative process that some organizations hate to discuss: data migrations.

What if you need to move a massive amount of data? What if it’s not as simple as just re-mapping a storage repository? In some cases, you might be migrating entire storage vendors to align with specific business strategies. Either way – when dealing with critical corporate data – you need to have a plan. So, here are 8 steps to creating an enterprise data migration plan:

...

http://www.datacenterknowledge.com/archives/2016/07/28/creating-enterprise-data-migration-plan/

(TNS) - Like many Minnesota Power employees, Stefanie Stollenwerk received a phone call shortly after 3 a.m. last Thursday.

It's not uncommon for the utility to face emergency situations and have to deploy crews at all hours. But this wasn't an ordinary emergency. It was what officials now say is the most damaging storm to hit Duluth's power grid in at least half a century.

"I've been working here 18 years and I've never seen a storm like this," said Stollenwerk, the utility's manager of transmission and distribution support services. "When I got the call, I told my husband that I wasn't sure when I was going to see him again."

For the past week, Stollenwerk and a team of Minnesota Power officials have worked around the clock at the company's Herbert Service Center on Arrowhead Road, coordinating the behind-the-scenes emergency response and power restoration efforts in Duluth, Rice Lake and many other Northland communities.

...

http://www.emergencymgmt.com/disaster/Minnesota-Power-provides-behind-the-scenes-look-at-storm-response.html

During a crisis, effective communication is one of the keys to mitigating damage and maintaining your organization’s reputation. A crisis is a time to be open, honest, and engaging. In our hyper-connected world, there is no sense in trying to hide from the media, your customers, or the public at large.

That being said, crisis communication can be tricky. An organization that, let’s say, tweets something controversial or experiences a customer data breach suddenly becomes a target for extreme public scrutiny. In the wake of such events, social media users take to Twitter, Facebook and other platforms to post comments, complaints and jabs.

As the online negativity piles up, many organizations might feel compelled to start deleting negative comments in an attempt to save face. But in reality, this simple step might be doing more harm than good.

...

https://www.rockdovesolutions.com/blog/should-you-delete-negative-social-media-comments-in-your-crisis-response

The Business Continuity Institute - Jul 29, 2016 11:59 BST

There is serious talent shortage crisis impacting the cyber security industry according to a new report published by Intel Security, in partnership with the Center for Strategic and International Studies (CSIS). 82% of respondents to a global survey admit to a shortage of cyber security skills, with 71% of respondents citing this shortage as responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets.

The Hacking the Skills Shortage Report highlighted that the demand for cyber security professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. Despite a quarter of respondents confirming their organizations had lost proprietary data as a result of this skills gap, there are no signs of it abating in the near-term. Respondents estimate an average of 15% of cyber security positions in their company will go unfilled by 2020.

The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously, and this starts by making sure resources are available to combat the threat. Such is the level of the threat that cyber attacks and data breaches were identified as the top two concerns to business continuity professionals in the BCI's Horizon Scan Report, which also identified availability of talents / key skills as a top ten concern.

The Hacking the Skills Shortage Report analysed four dimensions that comprise the cyber security talent shortage, which include:

Cyber security spending: The size and growth of cyber security budgets reveals how countries and companies prioritize cyber security. Unsurprisingly, countries and industry sectors that spend more on cyber security are better placed to deal with the workforce shortage.

Education and training: Only 23% of respondents say education programmes are preparing students to enter the industry. This report reveals non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons, may be a more effective way to acquire and grow cyber security skills. More than half of respondents believe that the cyber security skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities.

Employer dynamics: While salary is unsurprisingly the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer’s IT department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.

Government policies: More than three-quarters (76%) of respondents say their governments are not investing enough in building cyber security talent. This shortage has become a prominent political issue as heads of state in the US, UK, Israel and Australia have called for increased support for the cyber security workforce in the last year.

A shortage of people with cyber security skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”

The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cyber security talent shortage,” said Chris Young, senior vice president and general manager of Intel Security Group. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line.

Wear a smartwatch and you could cause a data breach that brings your organization to its knees. Install an anti-virus product on any one of your endpoints and you could compromise the security of key enterprise applications.

Smartwatches and certain anti-virus products are just a small sample of the growing number of shocking application security threats. Just like more familiar application security threats such as code injection, cross site scripting and buffer overruns, the threats they pose can be critical.

This article discusses five emerging application security threats:

  • PIN and password inference software
  • Mobile app collusion
  • Anti-virus software
  • JavaScript ransomware
  • Voice-activated attacks

...

http://www.esecurityplanet.com/hackers/5-freaky-application-security-threats.html

Zscaler is warning organizations to plan ahead for security threats and network performance issues linked to coverage of the Olympic Games, which commence on 5th August in Rio.

Cybercriminals are aware that users will be searching for convenient ways to stay up-to-date with the latest sporting action, forcing enterprises to roll out revised security policies that ensure the security of users watching, searching for, or downloading associated sporting coverage.

Most critically, organizations need to consider their exposure to phishing and malware attempts, exploitation of mobile applications and how this will impact business continuity. ThreatLabZ research from past events found that 80 percent of ‘Olympic’ web domains were found to be scams or spam, pinpointing the need for increased business vigilance.

...

http://www.continuitycentral.com/index.php/news/technology/1300-exploring-the-issues-that-the-olympic-games-challenges-businesses-with

Thursday, 28 July 2016 00:00

The Real Value of Lawyers to Compliance

The legal profession is transforming itself, especially in the area of compliance. Lawyers are an invaluable part of a compliance program. They provide important perspective and understanding of risk, they help a company to assess and navigate legal risks and they interface with regulators and enforcement agencies.

The most effective compliance programs usually are built around a strong partnership between a chief compliance officer and a general counsel. They are natural partners, assuming that egos do not get in the way, and should work together to advance the company’s compliance program.

Lawyers have two very specific benefits that should be incorporated into an effective compliance program.

...

http://blog.volkovlaw.com/2016/07/real-value-lawyers-compliance/

Charleston, W.Va. — If you were affected during the June storms and have questions about legal issues such as repair contracts, working with contractors, replacing wills and other legal documents, you might be eligible to get free legal counseling from a group of West Virginia lawyers who have volunteered limited legal help.

Disaster legal Services provides legal assistance to low-income individuals who, prior to or because of the disaster, have little recourse to legal services as a consequence of a major disaster.

A partnership among the Federal Emergency Management Agency (FEMA), the West Virginia State Bar, and Legal Aid of West Virginia provides eligible callers 24/7 access to a toll free legal hotline, 877-331-4259. Callers may leave a message and will be matched with a local attorney.

Local legal aid providers might help you with:

  • Assistance with FEMA and other government benefits available
  • Assistance with life, medical, and property insurance claims
  • Help with home repair contracts and contractors
  • Replacement of wills and other important legal documents lost or destroyed in the disaster
  • Consumer protection issues such as price-gouging and avoiding contractor scams in the rebuilding process
  • Counseling on mortgage-foreclosure problems
  • Counseling on landlord-tenant problems

There are some limitations on disaster legal services. For instance, if a case might produce a fee, or where attorneys are paid as part of a court settlement, you’ll be referred to a local lawyer.

 
State/Tribal Government or Region: 
Thursday, 28 July 2016 00:00

Do You Know the Current Business Climate?

Understanding how the business climate is changing  will allow to you start looking at how you may need to change your recovery and resiliency strategies.

I was recently talking with my father who was in the convenience store and gasoline distribution business his entire career. We were talking about planning and how the business climate changes over time. He mentioned that when pay-at-the-pump devices first came to stations, his company resisted implementing them. Their convenience store model was to get customers to walk into the store to pay so they would purchase additional items. Their money was not made on gas sales, but on the sale of store items (beverages, candy, etc.). My father was an advocate of putting the new pumps in. He saw it as being more important than just having customers walk into the store, but instead making sure that customers were comfortable using the store for both gas purchases and quick stops for other items. If they got in the habit of using a different store to get gas because of pay-at-the-pump, they would likely stop at that store for drinks and other items as well. The result: a lost customer.

Do you know how your business climate may be evolving? Do your current processes or paradigms still meet customer needs and desires? In previous blogs and presentations, we have encouraged those in continuity planning to learn about their business processes. Understanding how the business climate is changing – and how business processes and functions may be changing along with that – will allow to you start looking at how you may need to change your recovery and resiliency strategies.

Consider the items below as you identify how your business may be changing.

...

http://www.mha-it.com/2016/07/current-business-climate/

We know that ransomware is a menace for just about everyone, but the health care industry has been hit unusually hard by this particular type of attack. In fact, according to Solutionary’s Security Engineering Research Team (SERT) Quarterly Threat Report for Q2 2016, the health care industry represented 88 percent of all ransomware detections during the second quarter.

Think about that number for a moment. Ransomware seems to be everywhere, yet, 88 percent of detections were in one industry. Education and finance were second and third, at 6 and 4 percent, respectively.

Now, it must be noted that we may not be getting the full picture, as Solutionary threat intelligence communication manager Jon-Louis Heimerl told SC Magazine, after pointing out that the analysis was based on actual ransomware activities:

 
...

AUSTIN, Texas – Two important deadlines are ahead for Texans who are considering a loan through the U.S. Small Business Administration for recovery from the May-June storms and flooding.

Most survivors who registered with FEMA for disaster assistance were contacted by the SBA with information on the agency’s low-interest disaster loans, as well as instructions on how to complete the loan application.

The deadline to submit the application for physical damage is Aug. 10. The deadline for businesses to submit a loan application for economic injury is March 11, 2017.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property, offering low-interest disaster assistance loans to businesses of all sizes, private nonprofit organizations, homeowners and renters.

Survivors may apply online using the electronic loan application via SBA’s secure website at disasterloan.sba.gov/ela.

Disaster loan information and application forms are also available from SBA’s customer service center by calling 800-659-2955 or emailing disastercustomerservice@sba.gov. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339. For more disaster assistance information or to download applications, visit sba.gov/disaster.

Completed applications should be mailed to:

U.S. Small Business Administration
Processing and Disbursement Center
14925 Kingsport Rd.
Fort Worth, TX  76155

SBA loan applications should be submitted even as disaster survivors await an insurance settlement. The loan balance is reduced by the settlement. SBA loans may also be available for losses not covered by insurance.

The SBA encourages Texans who suffered damage or loss from the May-June storms and flooding complete the SBA loan application they received. There is no obligation to take a loan if offered. If approved, and a survivor does not accept the loan, it may make one ineligible for additional federal assistance.

  • Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence.

  • Homeowners and renters may borrow up to $40,000 to repair or replace personal property.

  • Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans—called Economic Injury Disaster Loans—to small businesses and most private nonprofit organizations of all sizes.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Download fema.gov/mobile-app to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

Your organization probably already has more data than it knows what to do with. Yet, it's quite likely you're overlooking, disregarding, unaware of, or unable to access important information that could directly affect analyses and business outcomes.

It doesn't matter what your universe of data is -- enterprise data or a combination of internal and external data sources -- important nuggets of information may be missing.

"Companies are collecting more data, but often struggle with what to do with it," said Dave Hartman, president and founder of technology advisory firm Hartman Executive Advisors. "Data can be extremely overwhelming in its raw form."

...

http://www.informationweek.com/big-data/big-data-analytics/12-types-of-data-it-cant-afford-to-overlook/d/d-id/1326399

U.S. hotel group Kimpton Hotels & Restaurants and U.K. mobile operator O2 both recently acknowledged potential data breaches. In Kimpton's case, the attack appears to be similar to other recent point-of-sale breaches at hotel chains including Hyatt, Omni, Starwood and Hilton, while in O2's case an undisclosed number of customer accounts were exposed by password reuse.

Kimpton Hotels yesterday announced that it was "recently made aware of a report of unauthorized charges occurring on cards that were previously used legitimately at Kimpton properties."

"As soon as we learned of this, we immediately an investigation and engaged a leading security firm to provide us with support," the company stated. "We are committed to swiftly resolving this matter. In the meantime, and in line with best practice, we recommend that individuals closely monitor their payment card account statements."

...

http://www.esecurityplanet.com/network-security/o2-kimpton-hotels-investigate-data-breach-claims.html

(TNS) - With the recent, long-awaited arrival of the Elizabethtown Fire Department’s new custom-built engine, the focus of the department will now be shifting from the “pound of cure” to the “ounce of prevention,” in the form of a community risk reduction program.

“You’ve heard the saying ‘if it’s predictable, it’s preventable’,” said Fire Chief Nick West. “We can predict the potential for fires, so now we’re looking at ways to prevent them.”

The community risk reduction program is comprised of three components:

...

http://www.emergencymgmt.com/disaster/Elizabethtown-Fire-Department-Implementing-New-Risk-Reduction-Program.html

Today’s networking layer has become one of the most advanced infrastructure components in the data center. We are far beyond simple network route tables and ensuring data traffic patterns. Now, we’re creating contextual policies around information, users, applications, and entire cloud infrastructure components. We’ve created automation at the networking layer; and have even completely abstracted the data and control plane via next-generation SDN.

Administrators today are tasked with creating a much smarter networking layer. One that is capable of keeping up with some of the most advanced business and IT demands. In a recent Worldwide Enterprise Networking Report, IDC pointed out that virtualization continues to have a sizable impact on the enterprise network. IDC expects that these factors will place unprecedented demands on the scalability, programmability, agility, analytics capabilities, and management capabilities of enterprise networks. They predict that in 2016, overall enterprise network revenue will grow 3.5 percent to reach $41.1 billion.

It’s really no surprise that these new types of technologies will have major impacts around the entire enterprise networking layer. Most of all – these systems will change the way business create go-to-market strategies and where next-generation networking technologies can make an impact.

...

http://www.datacenterknowledge.com/archives/2016/07/27/navigating-data-center-networking-landscape/

Organizations with responsibility for private health data have paid $18.7 million so far this year to settle cases alleging their systems for protecting patient data were inadequate.

In all, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights has resolved nine cases, with settlements ranging in size from $25,000, to $3.9 million.

This year’s largest settlement to date for violations of the Health Insurance Portability and Accountability Act (HIPAA) was leveled at Feinstein Institute for Medical Research, where a laptop stolen from a car contained electronic protected health information (ePHI) belonging to roughly 13,000 patients and research participants.

...

http://mspmentor.net/msp-mentor/2016-hipaa-breach-penalties-total-187-million

Many organizations are not responding to the continuing spread of “Shadow IT” and cloud use with appropriate governance and security measures, and more than half do not have a proactive approach, according to research released Tuesday. The 2016 Global Cloud Data Security Study, compiled by the Ponemon Institute on behalf of Gemalto, shows that nearly half of all cloud services (49 percent) and nearly half of all corporate data stored in the cloud (47 percent) are beyond the reach of IT departments.

The report is drawn from a survey of more than 3,400 IT and IT security practitioners from around the world. It shows only 34 percent of confidential data on SaaS is encrypted, and members of the security team are only involved in one-fifth of choices between cloud applications and platforms.

IT departments are making gains in visibility, with 54 percent saying the department is aware of all cloud applications, platforms, and infrastructure services in use, up from 45 percent two years ago. Also, the number of respondents saying it is more difficult to protect data using cloud services fell from 60 to 54 percent, however those gains were offset by more broadly reported challenges in controlling end-user access.

...

http://www.datacenterknowledge.com/archives/2016/07/26/nearly-half-corporate-data-departments-control/

Wednesday, 27 July 2016 00:00

Battles in the Fight Against Ransomware

Ransomware, or the encrypting of a victim’s data until a ransom is paid, is one of the scariest of the many scary things companies face. And health care organizations should be a bit more frightened because, for some reason, this sector is the main target of these hackers.

Data from Solutionary says that health care organizations are 114 times more likely to be the target of ransomware than financial firms and 21 times more likely than educational institutions. Put another way: The firm tracked these exploits and found that health care was targeted 88 percent of the time, though it represented only 7.4 percent of its client base, according to Network World.

The security firm offers three possible explanations for the inordinate amount of attacks on health care companies: The high number of non-profit health care organizations suggests that budgets are low and security not as up to date or sophisticated, and these organizations simply have a lot of data to target and much of it is life and death. The criticality of the data makes it more likely that executives will feel compelled to do anything, including paying a ransom, to regain control.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/battles-in-the-fight-against-ransomware.html

Wednesday, 27 July 2016 00:00

Paper Data: What You Need To Know

Developing an effective big data strategy for your organization is hardly a simple task. Considering how many different aspects of your company you have to weigh, along with the vast amounts of data at your disposal both now and in the future, deploying big data solutions can feel overwhelming. However, there are certain parts of your business that you may be overlooking. For obvious reasons, so much emphasis has been placed on digital files and data that many incorrectly assume that’s all they need to work with. The usual thinking goes along these lines -- if it’s not digital, it’s probably not worth my time. But that’s more of a shortsighted view of using big data. Though it may not be the cutting edge technology businesses love to employ, paper data can be just as important.

Unfortunately, paper data is too often overlooked and under appreciated. As HK Bain, the CEO, President, and Director of Digitech Systems puts it, the data taken from paper documents and files is the 'forgotten element' of most big data strategies. Perhaps it shouldn’t be surprising that many organizations adopt this mindset. After all, paper is the past. We don’t have as much of a need to print out physical documents and store them in filing cabinets. Digital is the here and now. Those filing cabinets have been replaced with hard drives and cloud servers. That’s all there is to it. At least that’s what many businesses say, and for big data to be truly useful, what would paper data actually bring to the table? Quite a lot, in fact, and organizations that fail to account for paper data may be missing out on some valuable insights.

...

https://channels.theinnovationenterprise.com/articles/paper-data-what-you-need-to-know-pdwyntk

Unfortunately, crisis happens. Recently, all too often. Many companies are not fully prepared to communicate rapidly and effectively in a crisis. This first of a 2-part blog series covers the common mistakes all business continuity and disaster recovery professionals should avoid to avert disaster and foster resiliency.


SINS 1-4

ONE:  Failing to make users aware of your crisis communication method or system.  

A good example of this is the use of email for non-routine alerts. The increasing threat of phishing emails and hackers means your user base has a healthy mistrust of unfamiliar messages.

In fact, your IT Department may spend significant time educating employees on the dangers of suspicious emails.  Staff may be encouraged to only open emails from known senders. So if you send an emergency alert from an email account that they have never seen before, they might delete it without ever seeing the content.

...

http://blog.sendwordnow.com/seven-deadly-sins-of-emergency-notification

Although major hacks generate news headlines, most companies and institutions quietly contend ongoing web-based probes and attacks, with the average CISO at the largest businesses managing ecosystems of 50-75 vendors in hopes of catching security breeches.

Level 3, a leading telecom and Internet services provider (also one of the world’s dozen-plus tier one, or backbone networks), has innovated a different solution, one that uses predictive behavior mapping to help stop attacks before they can happen.

...

http://www.forbes.com/sites/jonathansalembaskin/2016/07/26/what-if-your-isp-could-stop-cybercrime-before-it-happened/

Tuesday, 26 July 2016 00:00

P&C Insurers Face Lower Profit Margins

High insured losses from natural catastrophes, challenges from the personal auto business and pricing competition will make it more difficult for the property and casualty industry to maintain the favorable underwriting results it has seen for the past three years, according to S&P Global Market Intelligence.

In its U.S. P&C Insurance Market Report, S&P predicts an increase in the industry’s statutory combined ratio to 99.5% in 2016 from 97.6% in 2015 and reduction of pretax returns on equity to 8.7% from 10.8%—or to 7.5% from 9.9% when adjusting for the impact of prior-year reserve development.

“Profit margins are projected to be much narrower than they have been in the last few years, unless something dramatic happens,” report authors Tim Zawacki, senior editor and Terry Leone, manager of insurance research at S&P Global Market Intelligence said in a statement. “While insurers have wisely accounted for the fact that they haven’t been able to depend on investment gains to subsidize underwriting losses, they still need to practice restraint as they seek growth.”

...

http://www.riskmanagementmonitor.com/pc-insurers-face-lower-profit-margins/

Business analysts or product owners developing software requirements in a regulated industry have surely encountered the challenges that come with defining and managing regulatory compliance requirements. And unfortunately, those requirements are among the most critical to get right. Faulty compliance requirements not only put your projects at risk, but they can put your organization itself in a dangerous position legally and financially.

Understanding the challenges associated with defining and managing high-quality regulatory compliance requirements is the first step to doing just that. Here are six challenges that top the list:

...

http://corporatecomplianceinsights.com/compliance-demands-complicate-software-requirements/

Cognitive computing is starting to impact the enterprise by changing the way data is analyzed and the manner in which employees and customers interact with computerized systems. This is happening across various industries, ranging from healthcare and retail to banking and financial services. Since I have been delving into the financial area of late, I wanted to provide a glimpse into how banks and other financial institutions are utilizing cognitive applications and commercial solutions within their organizations.

...

http://blog.cutter.com/2016/07/26/cognitive-based-solutions-for-assessing-risk-in-banking-and-finance/

How mature is your organization when it comes to business continuity? Does your business continuity management (BCM) program crawl, walk or run? From self-governed to synergistic, we have identified six levels of BCM maturity that most companies fall into. What is your organization’s level? Here is our breakdown:

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/1293-six-levels-of-business-continuity-maturity

OpenStack, the open source project that allows enterprises to run an AWS-like cloud computing service in their own data centers, added support for containers over the course of its last few releases. Running OpenStack itself on top of containers is a different problem, though. Even though CoreOS has done some work on running OpenStack in containers thanks to its oddly named Stackanetes project, that project happened outside of the OpenStack community and the core OpenStack deployment and management tools.

Soon, however, thanks to the work of Mirantis, Google and Intel, the OpenStack Fuel deployment tool will be able to use Kubernetes as its orchestration engine, too. Ideally, this will make it easier to manage OpenStack deployments at scale.

“With the emergence of Docker as the standard container image format and Kubernetes as the standard for container orchestration, we are finally seeing continuity in how people approach operations of distributed applications,” said Mirantis CMO Boris Renski. “Combining Kubernetes and Fuel will open OpenStack up to a new delivery model that allows faster consumption of updates, helping customers get to outcomes faster.”

...

https://techcrunch.com/2016/07/25/openstack-will-soon-be-able-to-run-on-top-of-kubernetes/

Stephen Cobb from ESET wrote a blog post last week discussing the security of today’s computer-driven vehicles and the threat of malware infection. Cobb specifically talks about what is called jackware, which he described as:

malicious software that seeks to take control of a device, the primary purpose of which is not data processing or digital communications. . . . So think of jackware as a specialized form of ransomware. With regular ransomware, such as Locky and CryptoLocker, the malicious code encrypts documents on your computer and demands a ransom to unlock them. The goal of jackware is to lock up a car or other device until you pay up.

Cobb made a point that I think we need to start talking about more often and that is the insecurity of the Internet of Things (IoT). Actually, Cobb called it the Internet of Insecure Things. It is clear to see why security of these devices has to become a higher priority: a Vodafone study found that more than 75 percent of businesses find IoT is a critical part of their tech infrastructure, but they recognize the risks involved:

...

http://www.itbusinessedge.com/blogs/data-security/are-we-prepared-for-the-coming-threats-with-the-iot.html

Now, the Proactive Notifications and Alerting feature in Citrix Director is equipped with 7 more alerting categories and a new policy “User Policy” type, to monitor and troubleshoot user-specific scenarios.

The proactive notifications and alerting feature introduced in Director with the release of XenDesktop 7.7 helps administrators keep an eye on XenDesktop environment. Configuring simple Notification Policies, specifying environment thresholds, then leaving the rest to Director and Monitoring Service to notify the administrator when a threshold breaches. This way the administrator can then take action to resolve the issue at an early stage.

...

https://www.citrix.com/blogs/2016/07/25/7-new-categories-in-director-for-proactive-notifications-alerts/

Tuesday, 26 July 2016 00:00

Beyond the Public-Private Cloud Divide

The cloud is getting bigger, the data center is getting smaller, and it would seem these two trends are destined for one conclusion: migration of virtually all enterprise workloads to third-party infrastructure.

But with such a broad and diverse IT ecosystem in the world today, is such an absolute transition inevitable? And is it reasonable to assume that while most of our data activities will move to the cloud, the really important stuff will remain behind the firewall, thus increasing the value of owned-and-operated infrastructure to a substantial degree?

There certainly is no shortage of voices calling for an all-cloud infrastructure, even for highly regulated industries like banking and health care. As Stephen Garden of consulting firm CorpInfo told SiliconANGLE recently: “Any company that is launching today — they would never consider building a traditional data center.” Since these are the start-ups that are disrupting traditional industries with nimble, data-driven business models, it stands to reason that established firms should get on the bandwagon as well, before they are left in the dust. And indeed, Garden says many of his established clients are reaching the same conclusion: that the cost of building and maintaining on-premises infrastructure simply does not produce an adequate return.

...

http://www.itbusinessedge.com/blogs/infrastructure/beyond-the-public-private-cloud-divide.html

CDC country office sign in Liberia

Countries need to be prepared to handle emergencies. Having the right laws in place is an important part of the preparation.

When laws are not clearly defined, responders can have a hard time figuring out what to do during a public health emergency and who has the authority to take action. When a deadly disease outbreak hits, this can have devastating consequences.

Liberia knows firsthand what can happen when laws don’t match the needs in the field. Their experience with the recent Ebola epidemic exposed gaps in legal authority during the response. This is one reason why Liberia’s government recently reached out to the GHSA Public Health Law Project. The project team is helping them document issues that could be improved by updating Liberia’s public health law, which was last fully revised in 1976.

Advancing the Global Health Security Agenda

Bucket of bleach for washing of hands before entering public buildings and entering counties

Ebola preventive measures in Liberia: Buckets of bleach to wash hands before entering public buildings and entering counties.

The GHSA Public Health Law Project takes a close look at how the law can help (or hinder) countries as they prepare to handle public health emergencies through the Global Health Security Agenda (GHSA). Right now, over 50 countries around the world are working through the GHSA to improve their ability to prevent, detect, and rapidly respond to infectious disease threats. The GHSA Public Health Law Project currently covers nearly half of the GHSA countries. The team helps analyze the laws of a country and provides training to country officials to help them understand the importance of law as a public health tool.

The team begins its work by gathering information about existing laws and talking to experts about how public health law works in their country. In Liberia, the team found that people felt unclear about their roles during the Ebola response. As one country health official told the team, “There is confusion about roles in an emergency and enforcement. What is the role of the police? The ministry of health? The military? [This] needs to be better defined.”

Public Health Law in Liberia

Before the CDC team arrived in Liberia, the Ministry of Health’s Legal Counsel were already taking the lead to help modernize the law. This is a massive undertaking that the Government of Liberia hopes to accomplish as soon as possible.

The Liberian Ministry of Health’s (MOH) Legal Counsel and CDC’s Country Office Director invited the CDC project team to help them reach this goal through research and analysis of where there may be gaps in the law. The project team worked with a team from the University of North Carolina’s School of Government, who were invited for public health law support by Liberia’s Chief Medical Officer.

CDC Public Health Law team

From Left to Right: Jeff Austin (University of North Carolina), Emily Rosenfeld (CDC), Akshara Menon (CDC), Tomik Vobah and Aimee Wall (University of North Carolina)

Liberia will be able to use the information gathered by the team as they update their public health law. Once the laws are updated, the next step is making sure people are aware of them. A county health official laid out the problem he saw in Liberia: “Fundamentally, what is wrong is that the public health law is not widely known.” This official had been a practicing doctor for 11 years, but he had only read Liberia’s public health law for the first time two weeks prior to talking with the team.

Planning for the Future

The GHSA Public Health Law Project is being done collaboratively between CDC’s Center for Global Health and the Public Health Law Program. The project is compiling the laws from these countries into a single, searchable database to give a more complete picture of the legal landscape relating to the GHSA. The legal data obtained from this project will be a valuable resource when countries want to update their public health laws.

This initial legal mapping phase is only the beginning. What is really vital is how countries will use this information to help guide their work. The law can be an effective tool in meeting global health security goals and protecting people’s health — not only when a crisis hits, but every day.

A couple of weeks ago I was asked to present at the Business Continuity Institutes regional forum in Liverpool, the aim of the presentation me and my colleague gave was to ask the question;

Do you consider data security as part of your business continuity plan?

Surely it is isn’t it?

But you may be surprised at just how many people don’t believe it is. With IT BCP, we look at the big problems and large incidents, the complete failure of a system, the loss of a computer room or the loss of a building, however like with so many things in IT, it’s the little things that can get you and these little things sometimes slip the net.

It’s those perceived “little things” that we wanted to look at with the audience and share why in our opinion data security should be a significant part of your IT continuity plans.

...

https://techstringy.wordpress.com/2016/07/25/is-data-security-a-business-continuity-issue/

We all face a number of risks every day. Yet, we do not respond to each and every risk. We engage in risk-ranking our responses. Some are more risk than others and some are more catastrophic than others. So, we engage in risk ranking each day and allocate our time and attention accordingly.

The same applies, or should apply, when managing a compliance program. Resources are limited and compliance officers face a variety of risks. It is important, however, to rank these risks and then allocate time, attention and resources in accordance with these risk rankings.

The Justice Department and the SEC understand exactly how such a process works and expects to see risk-ranking systems incorporated in a compliance program. Once a company engages in risk ranking then the compliance officer is justified in assigning more resources to higher risk and reducing resources to lower risk activities. Assuming that such strategies are applied consistently and documented, there is no way the government will second-guess or recalculate risk ranking procedures.

...

http://blog.volkovlaw.com/2016/07/importance-risk-ranking-compliance/

Regular and informative communication with your staff keeps the pulse of your organization beating. Employees value transparency, connectedness, and being in the know. When you, as an organization, make an active effort to communicate with your people when an incident occurs, or when an announcement affects their well-being, they know that their time, safety, and security are being respected.

Investing in an employee notification system such as AlertMedia enables you to streamline important communications to your staff—the people that make up and run the heart of your organization.

So, how can you use an employee notification system to best reach and connect with your employees?

Educate your employees, your audience. 

...

https://www.alertmedia.com/guide-to-employee-notifications

Since my AC is on the fritz today and it’s going to be 100 degrees-plus in the Washington, DC, metro area, I thought now would be a good time to take a look at what’s been happening in data center cooling lately.

It turns out, quite a bit.

Probably the most significant development for future data facilities is Google’s deployment of artificial intelligence (AI) to manage cooling equipment at some of its hyperscale centers. Light Reading’s Brian Santo reports that the DeepMind platform has already produced a 15 percent improvement in power consumption, which, for Google, translates into millions of dollars saved per year. DeepMind, developed in Britain and acquired by Google in 2014, uses pattern recognition and intuitive algorithms to not only monitor and adjust cooling conditions but even recognize what information it lacks to make informed decisions and guide sensor deployment and other structural upgrades. Google says it is now looking to deploy DeepMind across its global data footprint.

...

http://www.itbusinessedge.com/blogs/infrastructure/data-center-cooling-advancing-on-multiple-fronts.html

Knowledge assets are critical to any business remaining functional and competitive, yet this data is routinely exposed to the risk of theft and overlooked in cybersecurity risk management. According to a new report from the Ponemon Institute and law firm Kilpatrick Townsend & Stockton, the organizations are increasingly ineffective at safeguarding data like trade secrets, product design, development or pricing, and other proprietary information.

As breach notification laws, regulatory requirements, and reputation considerations draw more focus to cybersecurity surrounding personal data of customers or personnel, businesses are leaving more risk on the table regarding their most valuable assets, and that risk has a notable price tag.

In the past year, the average cost of remediating these attacks was about $5.4 million, and half of respondents estimated the maximum cost would range over $250 million, with seven out of ten placing it over $100 million. What’s more, on average, respondents believe only 35% of the losses resulting from knowledge asset theft would be covered by their current insurance policies.

...

http://www.riskmanagementmonitor.com/cybersecurity-risks-to-proprietary-data/

(TNS) - York County, Pa., commissioners approved a five-year contract Wednesday worth more than $2.1 million for maintenance of the county's emergency management systems.

The deal with Patriot Communications, LLC in Elkton, Maryland, on behalf of the county's Department of Emergency Services, which encompasses 911 and emergency management, runs from Aug. 1, 2016 until July 31, 2021.

The system had been maintained through multiple contracts of various lengths by Harris Corp., which is still in charge of switching the county's radio system from T-Band to 700 MHz.

Eric Bistline, the department's executive director, said the maintenance contract was put out for bid to receive competitive offers even though the department isn't required to do so.

...

http://www.emergencymgmt.com/disaster/County-approves-2-million-emergency-system-contract.html

(TNS) - Nicholas County’s new schools superintendent said Thursday that three of the county’s schools — Summersville Middle, Richwood Middle and Richwood High — won’t be able to reopen their buildings in time for the Aug. 19 start of classes there and that she doesn’t know if they can be reopened at all.

Donna Burge-Tetrick said she’s aiming to have all three schools’ students start on schedule, but she’s still working on how to accomplish that. She noted that the plan could include portable classrooms and/or sharing of other school facilities between two separate schools’ students, like how Kanawha County’s public school system is temporarily sending displaced Herbert Hoover High students to Elkview Middle.

Burge-Tetrick’s revelation that three more West Virginia school buildings won’t reopen on time in the wake of the late-June flooding continues to reverse the prior notion — based on other school officials’ past statements — that all flood-affected schools were likely to start classes on schedule for the upcoming school year.

...

http://www.emergencymgmt.com/disaster/3-more-flooded-WV-schools-wont-open-on-time-if-ever.html

Charleston, W.Va – All survivors who sustained damage or losses from the June flooding can get help from local Disaster Recovery Centers (DRCs).

If you need an accommodation or assistance due to a disability, please notify Federal Emergency Management Agency (FEMA) staff at the time of registration or anytime throughout the assistance process.

Survivors can meet face-to-face with various agencies and service providers at each DRC. All FEMA DRCs are equally accessible to people with disabilities and provide assistance tools. Use the DRC Locator at http://asd.fema.gov/inter/locator/home.htm to find the DRC closest to you.

The DRCs meet Rehabilitation Act standards:

  • Every disaster survivor has equal access to disaster registration information and assistance.
  • DRCs offer effective communication options including: captioned phones, iPads with video remote interpreting; American Sign Language interpreters upon request; amplified telephones and listening devices for people with hearing loss; phones that display text; and magnifiers for people with vision loss.
  • FEMA documents are available in both Braille, large print, and other formats upon request.

FEMA assistance does not impact government benefits such as food stamps, Medicaid, Social Security, or other benefits.

Follow these links to access informational videos in ASL:

Additional information on West Virginia’s disaster recovery can be found by visiting: www.DisasterAssistance.gov; the flood pages at www.WVflood.com; fema.gov/disaster/4273; twitter.com/femaregion3; and fema.gov/blog.

The Weather Network identified in a March report four “terrifying disasters waiting to happen.”

One was deadly, exploding lakes in Africa. These are rare events known as limnic eruption and happen when CO2 builds up over time from nearby volcanic activity. Another potentially catastrophic event would be the onset of giant space rocks hitting the Earth.

This would be a global catastrophe, because particles in the atmosphere would block up to 70 percent of sunlight for the first couple of years. Besides that, particles suspended in the stratosphere would warm, stripping the Earth of about 55 percent of its ozone layer.

Two of the potential catastrophes would take place in the U.S., including the eruption of the supervolcano that rests beneath Yellowstone National Park. The report said that if the volcano were to erupt, it would produce enough ash to bury nearby cities and dust those on the coasts. The good news is that the last time this happened was 70,000 years ago and the “repeat” time would be 700,000 years.

...

http://www.emergencymgmt.com/disaster/Is-the-Cascadia-Subduction-Zone-a-Ticking-Time-Bomb.html

Over the years I’ve noticed a trend of increased data loss during the summer months. Extreme heat and summer storms are often the culprits behind these losses.

Knowing this is a common problem, computer users need to pay special attention to protecting their valuable data. From intense heat to major natural disasters, there are a variety of potential problems that can lead to summer data disasters. By taking proactive steps to ensure proper data protection you will be better prepared to quickly recover from a data loss situation.

Summer storms can cause major data loss problems – but don’t forget about other common weather-related issues like overheating. A few simple steps can help you prepare for summer and avoid the headaches caused by weather-related data loss.

...

http://blog.krollontrack.co.uk/pieces-of-interest/data-loss-doesnt-break-for-the-summer/

CHARLESTON, W. Va. – Disaster assistance grants approved for homeowners and renters affected by June 22-29 severe storms, flooding, landslides and mudslides, has reached more than $46.4 million, less than a month after President Obama issued a major disaster declaration for West Virginia.  

That total includes Federal Emergency Management (FEMA) grants of nearly $27.5 million in housing assistance, more than $5 million in other needs assistance and $924,000 in public assistance. In addition, more than $13 million in low-interest disaster loans from the U.S. Small Business Administration (SBA) have been provided to West Virginians.

Nearly 7,600 households and businesses have registered with the FEMA to date. Disaster assistance for individuals may include grants to help homeowners and renters pay for temporary housing, essential home repairs, personal property replacement, and serious disaster-related needs.

FEMA Public Assistance Grants provide funding to state, tribal, and local governments, and certain types of private, non-profit organizations. These monies help communities quickly respond to and recover from major disasters or emergencies declared by the president.

The SBA, one of FEMA’s partners in disaster recovery, approved 200 low-interest disaster loans to businesses, homeowners and renters. SBA disaster loans may cover repairs, rebuilding, as well as the cost of replacing lost or disaster-damaged real estate and personal property. SBA has staff on hand at all FEMA Disaster Recovery Centers (DRCs) to assist survivors, one-on-one.

In addition, the SBA operates three Business Recovery Centers (BRCs) to enable storm-impacted businesses to meet individually with SBA representatives and find out how a low-interest disaster loan can help them recover.

The BRCs are located at:

Greenbrier County

Greenbrier Valley Economic Development Corp.

804 Industrial Park, Suite 5

Maxwelton, WV  24957

Hours:  Monday – Friday, 8 a.m. to 5 p.m.

Kanawha County

Charleston Area Alliance

1116 Smith St.

Charleston, WV  25301

Hours:  Monday – Friday, 8:30 a.m. to 5 p.m.

Nicholas County
Summersville Village Hall
Conference Room
400 N. Broad St.
Summersville, WV 26651

Hours:  Monday – Friday, 8:30 a.m. to 4 p.m.

Federal disaster assistance for homeowners, renters and businesses is now available to residents of 12 counties: Clay, Fayette, Greenbrier, Jackson, Kanawha, Lincoln, Monroe, Nicholas, Pocahontas, Roane, Summers, and Webster.

FEMA-contracted housing inspectors have completed nearly 6,000 inspections of disaster-damaged properties to verify damage. Currently, there are 17 inspectors in the field.

FEMA encourages all survivors who sustained disaster-related damage or losses to apply online at DisasterAssistance.gov or by phone (voice, 711 or relay service) at 800-621-3362. (TTY users should call 800-462-7585.) The toll-free lines are open 7 a.m. to 10 p.m. seven days a week. Multilingual operators are available.

In support of the State of West Virginia, FEMA has deployed 144 Disaster Survivor Assistance (DSA) personnel to canvass storm-damaged neighborhoods. To date, 15 teams of DSA workers have visited 12,325 homes in severely storm-damaged neighborhoods. They are equipped to register survivors with FEMA and answer their questions about disaster assistance.

The State and FEMA operate Disaster Recovery Centers (DRCs) in the affected areas. The centers report 5,017 visitors to date.  DRCs  are  open  Monday  through  Saturday,  8 a.m. to 6 p.m. Closed Sundays. An easy-to-use DRC Locator is available at http://asd.fema.gov/inter/locator/home.htm

Other help available to individuals:

  • For those who lost work as a result of the storms, Disaster Unemployment Assistance (DUA) is available. New claims for DUA must be filed within 30 days of the date of the announcement of availability of DUA, according to the following schedule:

  • July 27, 2016: Greenbrier, Kanawha and Nicholas Counties.
  • July 29, 2016: Clay, Fayette, Monroe, Pocahontas, Roane, Summers and Webster Counties.
  • August 4, 2016: Jackson and Lincoln Counties.

For more information, visit Work Force West Virginia at workforcewv.org

  • Free disaster legal assistance is available to West Virginia storm survivors. This service offers counseling on insurance claims, landlord-tenant issues, home-repair contracts, the replacement of legal documents destroyed by the storm and other legal matters. Call the toll-free hotline 877-331-4279.
  • Survivors may be eligible for Disaster Supplemental Nutrition Assistance (D-SNAP) benefits through the Virginia Department of Health and Human Resources. D-SNAP benefits can be used to buy food, but cannot be used for alcoholic beverages, tobacco or non-food items. Storm survivors can apply for these benefits from July 25 through 31. More information is available at www.dhhr.wv.gov

Disaster assistance grants from FEMA are not taxable income and will not affect eligibility for Social Security, Medicare and other federal and state programs. Disaster grants are just that – grants that do not have to be paid back to the government.

For more information about SBA loans, call SBA’s Disaster Assistance Customer Service Center at 800-659-2955, email disastercustomerservice@sba.gov, or visit http://www.sba.gov/disaster.  TTY users may call 800-877-8339. Applicants may also apply online using the Electronic Loan Application (ELA) via SBA’s secure website at https://disasterloan.sba.gov/ela.

FEMA’s Hazard Mitigation Assistance programs have a variety of tools to assist with general program questions and issues, to new initiatives, such as Climate Resilient Mitigation Activities and upcoming learning opportunities


Hazard Mitigation Assistance Guidance

FEMA's Hazard Mitigation Assistance (HMA) grant programs provide funding for eligible mitigation activities that reduce disaster losses and protect life and property from future disaster damages including the Hazard Mitigation Grant Program (HMGP), Pre-Disaster Mitigation (PDM), Flood Mitigation Assistance (FMA). The current version of the Hazard Mitigation Assistance Guidance and Addendum (February 27, 2015) is available in the FEMA Library. 

Hazard Mitigation Assistance Program Digest

The HMA Program Digest is an easy-to-read, easy-to-use, summary of the basic HMA program elements. The Digest includes program changes resulting from the publication of the Hazard Mitigation Assistance Guidance, issued February 27, 2015.

Climate Resilient Mitigation Activities and Benefit Cost Analysis Tools

FEMA has developed a Climate Resilient Mitigation Activities (CRMA) specific webpage, which includes information on published guidance, Benefit Cost-Analysis tools, webinar slide decks and other resources. The CRMA include green infrastructure methods, expanded ecosystem service benefits, and three flood reduction and drought mitigation activities: Aquifer Storage and Recovery, Floodplain and Stream Restoration, and Flood Diversion and Storage. 

Upcoming Webinars on Federal Procurement Requirements

FEMA is offering a procurement webinar for HMA programs. Registration is required, and must be done in advance.  Register by contacting Lilah Haxton at lilah.haxton@fema.dhs.gov.  Limited spaces are available (~50/webinar).

HMA Webinar:  Procurements under FEMA Awards Requirements for Recipients and Subrecipients When Procuring Services and Supplies with Funding under Stafford Act Grant Programs

 Dates and Times (all times are Eastern)

  • Wednesday, August 3rd                  2:30pm – 4:30pm 
  • Thursday, August 18th                    2:30pm – 4:30pm
  • Tuesday, August 30th                     2:30pm – 4:30pm

Environmental and Historic Preservation

Unified Federal Review aims to coordinate environmental and historic preservation reviews to expedite planning and decision-making for disaster recovery projects. This can improve the federal government’s assistance to states, local and tribal governments, communities, families and individual citizens as they recover from future presidentially-declared disasters.

Other information, to include laws, guidance and relevant documents pertaining to Environmental Planning and Historic Preservation can be found on FEMA.gov.

Other Resources

In July, FEMA held a workshop with the State and Tribal Hazard Mitigation Officers. At this workshop, several federal agencies provided information on their programs that could also help support mitigation activities. Links to the programs discussed at the workshop are provided below:

U.S. Department of Housing and Urban Development’s Green Infrastructure Report

U.S. Department of Agriculture’s Rural Development summary of Major Programs

U.S. Department of Environmental Protection Green Infrastructure website

National Voluntary Organizations Active in Disaster

Center for Disaster Philanthropy can help communities identity additional resources to complete projects.


FEMA’s Hazard Mitigation Assistance programs have a variety of tools to assist with general program questions and issues, to new initiatives, such as Climate Resilient Mitigation Activities and upcoming learning opportunities.  


Hazard Mitigation Assistance Guidance

FEMA's Hazard Mitigation Assistance (HMA) grant programs provide funding for eligible mitigation activities that reduce disaster losses and protect life and property from future disaster damages including the Hazard Mitigation Grant Program (HMGP), Pre-Disaster Mitigation (PDM), Flood Mitigation Assistance (FMA). The current version of the Hazard Mitigation Assistance Guidance and Addendum (February 27, 2015) is available in the FEMA Library. 

Hazard Mitigation Assistance Program Digest

The HMA Program Digest is an easy-to-read, easy-to-use, summary of the basic HMA program elements. The Digest includes program changes resulting from the publication of the Hazard Mitigation Assistance Guidance, issued February 27, 2015.

Climate Resilient Mitigation Activities and Benefit Cost Analysis Tools

FEMA has developed a Climate Resilient Mitigation Activities (CRMA) specific webpage, which includes information on published guidance, Benefit Cost-Analysis tools, webinar slide decks and other resources. The CRMA include green infrastructure methods, expanded ecosystem service benefits, and three flood reduction and drought mitigation activities: Aquifer Storage and Recovery, Floodplain and Stream Restoration, and Flood Diversion and Storage. 

Upcoming Webinars on Federal Procurement Requirements

FEMA is offering a procurement webinar for HMA programs. Registration is required, and must be done in advance.  Register by contacting Lilah Haxton at lilah.haxton@fema.dhs.gov.  Limited spaces are available (~50/webinar).

HMA Webinar:  Procurements under FEMA Awards Requirements for Recipients and Subrecipients When Procuring Services and Supplies with Funding under Stafford Act Grant Programs

 Dates and Times (all times are Eastern)

  • Wednesday, August 3rd                  2:30pm – 4:30pm 
  • Thursday, August 18th                    2:30pm – 4:30pm
  • Tuesday, August 30th                     2:30pm – 4:30pm

Environmental and Historic Preservation

Unified Federal Review aims to coordinate environmental and historic preservation reviews to expedite planning and decision-making for disaster recovery projects. This can improve the federal government’s assistance to states, local and tribal governments, communities, families and individual citizens as they recover from future presidentially-declared disasters.

Other information, to include laws, guidance and relevant documents pertaining to Environmental Planning and Historic Preservation can be found on FEMA.gov.

Other Resources

In July, FEMA held a workshop with the State and Tribal Hazard Mitigation Officers. At this workshop, several federal agencies provided information on their programs that could also help support mitigation activities. Links to the programs discussed at the workshop are provided below:

U.S. Department of Housing and Urban Development’s Green Infrastructure Report

U.S. Department of Agriculture’s Rural Development summary of Major Programs

U.S. Department of Environmental Protection Green Infrastructure website

National Voluntary Organizations Active in Disaster

Center for Disaster Philanthropy can help communities identity additional resources to complete projects.


(TNS) — The Burlington, Iowa, City Council voted this week to accept initial plans for a flood mitigation project that will change significantly the face of the city's riverfront during the next two decades.

Plans will come back for official council approval in January or February before the firms can take bids. Construction would start in July 2017.

Long-term plans shown in renderings and a fly-through video show a splashpad, floating dock, shade structures and trees. But most of what's shown in the video and renderings is 15 or 20 years down the road and would require additional funding, City Manager Jim Ferneau said.

...

http://www.emergencymgmt.com/disaster/Burlington-Council-OKs-Flood-Mitigation-Plans-Sidewalk-Cafes.html

CHICAGO – The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) wants individuals and families to be safe when faced with extended periods of high temperatures.

The National Weather Service (NWS) has issued excessive heat warnings and advisories in areas throughout the Midwest.  Heat indexes in excess of 100 degrees can be expected.  It is essential residents take necessary precautions to avoid the harmful impacts of the high temperatures.

“A combination of high temperatures and high humidity can create a dangerous situation for you and your family,” said FEMA Region V Administrator Andrew Velasquez, III. “Learn and put into practice the steps you should follow during periods of extreme heat.  Remember to check in on family, friends, and neighbors especially those who are elderly, disabled or have functional needs to ensure they are safe.”

Extreme heat brings with it the possibility of heat-induced illnesses, including severe sunburns, heat cramps, heat exhaustion and even heat stroke. Understand your symptoms, and take the appropriate actions, seeking medical attention if your conditions are severe.

During extremely hot weather, you should take the following precautions:

  • Become familiar with the emergency plans of your community, school and workplace.
  • Stay indoors as much as possible and limit exposure to the sun.
  • Consider spending the warmest part of the day in public buildings that are air conditioned.
  • Drink plenty of water.
  • Dress in loose-fitting, lightweight, and light-colored clothes.
  • Check on family, friends, and neighbors who do not have air conditioning.
  • Never leave children or pets alone in closed vehicles.
  • Avoid strenuous work during the warmest part of the day.
  • Know the symptoms of heat-related illnesses and seek medical attention if your conditions are severe.

Find other valuable tips by downloading the free FEMA app today, available on the Apple App Store and Google Play. The FEMA App helps you learn what to do before, during, and after emergencies with safety tips & localized weather alerts from the National Weather Service.

Follow FEMA online at twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at twitter.com/craigatfema.  The social media links provided are for reference only.  FEMA does not endorse any non-government websites, companies or applications.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Google has brought online its first West Coast cloud data center, promising US and Canadian cloud users on or close to the coast a 30 to 80 percent reduction in latency if they use the new region instead of the one in central US, which was closest to them before the new region launched.

This data center in Oregon isn’t the first Google data center on the West Coast. The company has had a data center campus in the Dalles, Oregon, for a decade. The launch means this is the first time Google’s cloud services are served out of Oregon in addition to other Google services, such as search or maps.

With the new cloud data center online, the company said its cloud users in cities like Vancouver, Seattle, Portland, San Francisco, and Los Angeles should expect to see big performance improvements if they choose to host their virtual infrastructure in the new region, called us-west1.

...

http://www.datacenterknowledge.com/archives/2016/07/20/google-launches-its-first-cloud-data-center-on-west-coast/

One of the cloud’s early promises was that it wouldn’t matter to the users where the physical servers that store and process their data are located. While that’s still true for many users, as cloud providers tackle what they all say is the next wave of cloud adoption, its acceptance and growing use by big companies and government agencies, cloud data center location starts to matter more and more.

Companies in heavily regulated industries aren’t free to store their own and their customers’ data anywhere they like, while the last several years have seen a stronger regulatory focus specifically on data sovereignty and data privacy in several countries, including Germany, Russia, and Brazil

This means cloud providers that want to ride that wave of enterprise cloud adoption have to ensure they have cloud data centers close to the companies they hope to serve. Microsoft execs confirmed this much on the company’s quarterly earnings call Tuesday.

...

http://www.datacenterknowledge.com/archives/2016/07/20/nadella-well-build-cloud-data-centers-wherever-demand-takes-us/

The initial phase of the cloud transition is nearly done, with more than three-quarters of enterprises pushing at least a portion of their workload to public infrastructure.

As expected, however, most of this is non-critical data and applications and is largely limited to storage and backup services rather than production workloads. So it stands to reason that the next leg of the cloud journey will involve mission-critical workloads – the stuff that sets the corporate suite’s hair on fire if it should cease to function for any reason.

This is why the growth of cloud computing is likely to slow down some as we approach the next decade. It’s not that the enterprise is growing tired of the cloud or is starting to see more of its flaws (yes, the cloud does have flaws), but that future deployments will have to be handled with more care as the stakes get higher. Not only will cloud services have to be more resilient going forward, but they will be increasingly optimized from the ground up to suit highly targeted processes, which takes time and coordination between users and providers.

...

http://www.itbusinessedge.com/blogs/infrastructure/tread-carefully-into-the-mission-critical-cloud.html

Thursday, 21 July 2016 00:00

Cybersecurity: Time For A Paradigm Shift

Morgan Stanley Blue Papers, a product of our Research Division, involve collaboration from analysts, economists and strategists across the globe and address long-term, structural business changes that are reshaping the fundamentals of entire economies and industries around the globe.

Given the growing severity and frequency of cyberattacks, it’s no surprise that organizations of all sizes are spending more money to shore up their digital defenses. The market for cybersecurity products and services is expected to surpass $60 billion in 2016, and that figure could double by 2020.

Unfortunately, more security doesn’t necessarily mean better security. In fact, the current strategy of most organizations—layering on many different technologies—is not only proving ineffective, it is overly complex and expensive. “The status quo is not sustainable,” says Keith Weiss, head of U.S. software coverage for Morgan Stanley. Even as companies spend more on security, losses related to cybercrime have nearly doubled in the last five years.

...

http://www.forbes.com/sites/morganstanley/2016/07/20/cybersecurity-time-for-a-paradigm-shift/

I would think that the one area in the network infrastructure that is a security priority for IT and security administrators is privileged accounts that control access to servers, firewalls, applications, and so on. There is a reason why so few people in any organization hold login credentials for these accounts. Can you imagine how much damage can be done if too many people had access to this sensitive hardware and software and their login information ended up in the wrong hands? As TechTarget pointed out:

In the wrong hands, privileged accounts represent the biggest threat to enterprises because these accounts can breach personal data, complete unauthorized transactions, cause denial-of-service attacks, and hide activity by deleting audit data.

Having a solid privileged account management (PAM) system in place is vital not only in terms of security, but also for meeting industry compliances and regulations. That makes the results of a new Thycotic study, which found that too many companies are failing at PAM security enforcement, particularly troublesome. As explained on Thycotic’s blog post about the study:

...

http://www.itbusinessedge.com/blogs/data-security/more-than-half-of-companies-are-failing-at-pam-security.html

Thursday, 21 July 2016 00:00

What We All Can Learn From Pokemon Go

At this point, anyone with access to a smartphone or any media source has heard of Pokemon Go, Nintendo’s augmented reality game for smartphones. The game requires players to go outside and explore their surroundings in order to find and catch new Pokemon. The app exploded onto the scene, with over 20 million daily active users after only one week in the app store.

There have been countless articles flooding the internet since the game’s release on July 6th discussing the unintended side effects of people playing the game. These can include people not looking where they’re going and falling, criminals luring players into secluded areas, etc. While these effects can all turn into (and likely already are) entire discussions on their own, there is one undeniable fact about Pokemon Go. It’s popular. Really popular. But what is it that is so appealing about the app? And how can we use the lessons from its immediate and extraordinary success to improve our own industries and solutions?

...

http://www.everbridge.com/what-we-all-can-learn-from-pokemon-go/

The first half of 2016 saw at least six individual billion-dollar insured disaster events globally, three of which occurred in the United States, according to Aon Benfield’s Global Catastrophe Recap: First Half of 2016.

Four of these events crossed the multi-billion dollar threshold ($2 billion and greater).

Screen Shot 2016-07-20 at 11.20.52 AM

As seen in the chart above the most costly event was a series of earthquakes that struck Japan’s Kumamoto prefecture in April with total insured losses—including losses due to physical damage and business interruption—expected to total in excess of $5 billion.

...

http://www.iii.org/insuranceindustryblog/?p=4513

Industries on average experience 3.2 non-fatal occupational injuries per 100 full-time workers, according to the U.S. Bureau of Labor Statistics. Some industries have nearly four-times this rate. Similar statistics exist for workplace illnesses and, unfortunately, fatalities. Could analytics be a solution for lowering these statistics?

Companies today gather huge volumes of operational and enterprise data, plus they have access to myriad sources of external data such as weather, traffic and social media. Unfortunately, this data is normally stored and analyzed in siloed data systems that are scattered across the enterprise. There are, however, steps a chief safety officer (CSO) can take to apply analytics to all available data to reduce incidents and, therefore, safety-related costs.

Here are five steps CSOs and other safety leaders can take to be smarter about data and safety.

...

http://www.riskmanagementmonitor.com/5-analytics-tips-for-your-chief-safety-officer/

Last week, Nevada data center provider Switch sued the state’s energy regulators and utility NV Energy, asking for $30 million in damages for getting what it feels was a raw deal on an agreement it made last year to buy renewable energy for its data centers.

The lawsuit is just the last development in the conflict between the company, the utility, and the Public Utilities Commission of Nevada that’s been ongoing since at least 2014, when Switch started pursuing renewable energy for its enormous data center operations in the state, which include an existing campus in Las Vegas and another one under construction in Reno.

The conflict illustrates a problem with procuring renewable energy for data centers – and other high-load energy users – that exists in many states across the country. Energy markets, regulations, and delivery systems for the most part have not been set up to enable these customers to get enough energy from renewable sources to satisfy their needs.

...

http://www.datacenterknowledge.com/archives/2016/07/20/data-center-provider-switch-suing-nevada-nv-energy/

The financial services sector is increasingly taking interest in a new, innovative and potentially disruptive technology that could revolutionize how the industry operates. This technology, known as Distributed Ledger Technology (DLT) or blockchain, was borne out of the operational platform behind bitcoin transactions and, according to many technology companies, is the future of the financial services sector. DLT is touted as an emerging technology that can provide a transparent way to digitally track the ownership of assets, speed up transactions, facilitate secure payment processing and electronically initiate and enforce contracts. With growing competition from financial technology companies, banks and traditional financial services entities are taking a closer look at how DLT can improve the efficiency, speed and security of financial transactions. As a result, DLT is quickly becoming a game changer for financial institutions looking to develop applications, standards and best practices to improve data management and security.

At a very high level, DLT is a data structure that creates a digital ledger of transactions that can be distributed through a network of computers, allowing details of the transaction, or the transaction’s database, to be accessed, viewed and potentially updated by a number of different parties. This differs from the traditional, centralized ledger system, where a single party was responsible for maintaining the details of the transaction. DLT allows companies to be registered on the distributed ledger, links those companies to real world identities and provides a historical record of all documents shared and compliance activities undertaken by each registered user.

...

http://corporatecomplianceinsights.com/waiting-fog-clear-blockchain-technology-regulatory-compliance/

Along with all the positives, the Industrial Revolution brought us congested cities, polluted rivers and urban ghettos. The automobile brought smog, road fatalities and a heavy dependence on the oil economy. While some may wish for a return to an idyllic rural pre-industrial lifestyle with horse-drawn transportation, there is no going back.

It’s the same with cloud storage. The cloud is a fact of life in enterprise data storage—whether storage managers like it or not. There is no returning to the old days of vast internal data centers holding row upon row of storage arrays. And yet cloud storage problems abound.

Here are the top ten tips for dealing with them.

...

http://www.enterprisestorageforum.com/storage-management/top-ten-tips-to-address-cloud-storage-problems-1.html

LinkedIn, the social network for the professional world that was in June acquired by Microsoft, has announced a new open design standard for data center servers and racks it hopes will gain wide industry adoption.

It’s unclear, however, how the initiative fits with the infrastructure strategy of its new parent company, which has gone all-in with Facebook’s Open Compute Project, an open source data center and hardware design initiative with its own open design standards for the same components. When it joined OCP two years ago Microsoft also adopted a data center strategy that would standardize hardware on its own OCP-inspired designs across its global operations.

Yuval Bachar, who leads LinkedIn’s infrastructure architecture and who unveiled the Open19 initiative in a blog post Tuesday, told us earlier this year that the company had decided against using OCP hardware when it was switching to a hyperscale approach to data center deployment because OCP hardware wasn’t designed for standard data centers and data center racks. That, however, was in March, before LinkedIn was gobbled up by the Redmond, Washington-based tech giant.

...

http://www.datacenterknowledge.com/archives/2016/07/19/linkedin-pushes-own-data-center-hardware-standard/

Wednesday, 20 July 2016 00:00

Datacenter Security Attracts More Investors

Efforts to lock down security in datacenters continue to expand as operators seek to assure enterprise customers they can meet increasingly strict regulatory and other data governance rules even as operations are scaled. That requirement is generating interest among investors as security threats grow.

Among the growing number of internal datacenter security specialists is Guardicore, which announced a $20 million funding round on Tuesday (July 19) it will use to expand development of its datacenter security platform. Cisco System's (NASDAQ: CSCO) investment arm joined the funding round along with existing investors, Battery Investors and 83North.

Guardicore, which operates out of Tel Aviv, Israel, and San Francisco, said it has so far raised $33 million for product research and development on its datacenter security platform. Guardicore and others are pitching real-time threat detection capabilities in the datacenter, including bots and so-called advanced persistent threats launched by sophisticated hackers.

...

http://www.enterprisetech.com/2016/07/19/datacenter-security-attracts-investors/

It is pretty evident at this point that modern data architectures are going to rely heavily on solid state storage for the bulk of their operations. But hard drives will still draw many specialty applications in which raw capacity and low price points are highly valued.

With so many options on the table, however, it can sometimes be difficult to determine exactly what kind of storage the enterprise should deploy, and in what quantities. For this reason, many organizations will seek to cover all the bases when it comes to storage by making sure that the appropriate resources are available somewhere in either the local data center or on the cloud.

Increasingly, the enterprise will be able to turn to high-end consumer and prosumer solutions, which are becoming more powerful by the day. Seagate, for instance, recently released a series of devices under the Guardian portfolio that push capacity to 10 TB, equal to its enterprise-class helium-filled drives that hit the channel just a few months ago. The line consists of the 7200 rpm BarraCuda Pro, aimed at high-end desktop applications, along with the IronWolf NAS solution and the SkyHawk drive for surveillance applications. The IronWolf device is the most promising for the data center, being targeted at always-on environments and featuring the company’s AgileArray technology for enhanced drive balance and reduced vibration in high-capacity deployments.

...

http://www.itbusinessedge.com/blogs/infrastructure/hard-drives-are-still-an-option-in-the-data-center.html

(Bloomberg) — EMC shareholders approved the merger with Dell with 98 percent of the votes, clearing a key hurdle on the way to finalizing the largest technology merger in history.

EMC, the maker of storage products, said nearly all shareholders voted in favor, based on a preliminary tally unveiled at a special meeting to decide the deal, according to a company statement. The merger is on track to close under the original terms, EMC said. Previously EMC said the deal would close by October. It’s still subject to regulatory approval from China.

“The board evaluated numerous alternatives to enhance shareholder value with an eye on execution and certainty and concluded that our proposed merger with Dell is by far the best outcome,” Joe Tucci, EMC chairman, said during the meeting, which was webcast.

...

http://www.datacenterknowledge.com/archives/2016/07/19/emc-shareholders-approve-dell-merger-with-98-percent-of-votes/

Data breaches are getting more sophisticated, more common, and more expensive; the average cost of a breach has reached $4 million, up 29% in the past three years. No organization, regardless of size or industry, can afford to ignore information security. The shortage of qualified cybersecurity personnel, combined with modern organizations preferring to outsource ancillary functions so they can focus on their core competencies, has resulted in many organizations choosing to outsource part or all of their cybersecurity operations, often to a managed security services provider (MSSP).

There are many benefits to outsourcing information security, including cost savings and access to a deeper knowledge base and a higher level of expertise than is available in-house. However, outsourcing is not without its pitfalls, and there are issues that organizations should be aware of when choosing a cybersecurity vendor. This article will discuss five best practices for outsourcing information security.

...

http://www.datacenterknowledge.com/archives/2016/07/19/five-best-practices-for-outsourcing-cybersecurity/

Wednesday, 20 July 2016 00:00

How to Prevent Browser-Borne Malware

More than a million new malware threats are unleashed every single day. Firewalling, content scanning, virus scanners, intrusion detection, URL safe lists and regular software patching can help you mitigate the risk of attack.

As new threats appear, it can take time before software manufacturers become aware they exist. So, you can never guarantee 100% protection.

In much the same way, search engines have the same problem detecting new malware, which means they cannot keep pace with the number of unsafe websites. And it’s only a matter of time before a member of your staff visits a site that could potentially harm or spy on your enterprise IT infrastructure.

...

https://www.citrix.com/blogs/2016/07/19/how-to-prevent-browser-borne-malware/

Wednesday, 20 July 2016 00:00

The MSP's Guide To Closing SaaS Deals

So, you’re looking to start or improve your efforts in selling SaaS solutions? The first thing to understand is that selling SaaS isn’t intrinsically different from selling anything else. All the old sales rules still apply broadly to SaaS; it’s merely a matter of tweaking the finer details of your techniques to give yourself the best chance of closing more cloud deals. Below, we outline a handful of minor adjustments to some tried-and-true sales tactics that will help you make software-as-a-service solutions a winning part of your portfolio.

Teach, Don’t Sell

The best way to build trust is to become a resource for unbiased technical information. Your clients should feel free to ask you questions about technology without fearing that their inquiries will instantly become sales calls. This is especially true when it comes to cloud-based applications, such as Google Apps, Dropbox or Salesforce. Instead, act as a source of impartial information about SaaS products. Gather a list of common questions about these Saas apps and build a solution-centric FAQs about your cloud offerings on your website. These FAQs should describe what a SaaS solution does and how it differs from an on-premise solution, as well as some general pricing information. If you have them, link to case studies that provide a story of other customers finding success with cloud-based applications. All these efforts will help position you as a thought leader and provide confidence among your client base of your expertise.

Want to go the extra mile? Host an educational webinar that allow clients and prospects to observe your SaaS portfolio and ask real-time questions. For tips on hosting rockstar webinars, check out Datto’s recent eBook: Events Made MSPeasy.

...

http://mspmentor.net/blog/msps-guide-closing-saas-deals

(TNS) — Damage from last week's major flooding in parts of northwestern Wisconsin is now estimated at more than $30 million, and the state is considering whether to request a federal disaster declaration.

Assessments of flood damage also are continuing in parts of east-central and northeastern Minnesota, which also were hit by rainfall in excess of 8-10 inches a week ago. The rain sent creeks and rivers out of their banks, and caused damage to highways, local roads and some homes.

Wisconsin emergency management officials reported Monday receiving preliminary estimates of nearly $29 million in public infrastructure damage from eight counties, as well as the Bad River Band of Lake Superior Chippewa and the Wisconsin Department of Natural Resources.

...

http://www.emergencymgmt.com/disaster/NW-Wisconsin-flood-damage-estimate-tops-30-million.html

CEOs who don’t work in the telecoms or IT sectors may not have paid much attention to the Culture, Media and Sport Committee’s investigation into cybersecurity, which was triggered by last October’s cyber-attack on TalkTalk. That might be a mistake.

 

The Committee’s report, published on17 June, concludes with two recommendations that have critical implications for anyone who leads an enterprise and has legal responsibility for its behavior – whether that enterprise is private or public, large or small.

 

First, it suggests that a portion of CEO compensation should be linked to effective cybersecurity. To quote: “To ensure this issue [cybersecurity] receives sufficient CEO attention before a crisis strikes, a portion of CEO compensation should be linked to effective cybersecurity, in a way to be decided by the Board”. How that will be implemented will no doubt give endless hours of entertainment to remuneration committees and provide lawyers with yet another lucrative revenue stream.

...

http://www.infosecurity-magazine.com/blogs/will-linking-executive-pay-to/

Ransomware is one of the hottest topics in computing, data and internet security and has gained momentum over the last few months. Now, more than ever before, users – home and business users alike – are being aggressively targeted.

When a computer is infected, is there a chance of regaining the valuable data? Can this be done by the user himself? Perhaps by the company’s IT staff? Or even by data recovery specialists like Kroll Ontrack?

...

http://blog.krollontrack.co.uk/making-data-simple/can-get-data-without-paying-ransom/

Compliance training, when not executed properly, can prove to be costly to organizations. Very often, compliance violations are not because of willful offenders, but ill-informed or unwitting employees who might not have paid attention or did not understand the implications of a particular action.  Today, most organizations opt for online compliance training, as it is cost-effective, practical and can also be monitored easily. However, online courses can be boring and uninspiring if they are not engaging the participants.  As a result, the learning may not be complete and as desired.

However, with simple elements in an online course and the right learning strategy, you can make courses effective and learner-friendly, as well as engaging.  At the same time, you can also ensure that the participants complete all course modules without skipping and thereby missing important content. Given below are some important elements I have identified, based on my experience developing online compliance courses for leading organizations.

...

http://corporatecomplianceinsights.com/make-sure-online-compliance-training-works/

What would you expect residents of Sydney to be doing Sunday afternoon and evening, 5 June 2016? Watching the big fight? In a way, they were. Storms hit the city and real clouds slugged it out with virtual clouds.

Nature scored points and something of a knockout in the first round, taking out some of Amazon’s Sydney web services and data centre facilities.

Amazon virtual clouds staged a comeback and had services back up and running by the next morning. In the meantime, end-users went to social media to complain about the breakdown and lack of business continuity.

Worrying enough perhaps, but sometimes it takes far less than giant storm clouds to bring communities to their knees, as the following example shows.

...

http://www.opscentre.com/real-clouds-vs-virtual-clouds/

Data breaches are getting more sophisticated, more common, and more expensive; the average cost of a breach has reached $4 million, up 29% in the past three years. No organization, regardless of size or industry, can afford to ignore information security. The shortage of qualified cybersecurity personnel, combined with modern organizations preferring to outsource ancillary functions so they can focus on their core competencies, has resulted in many organizations choosing to outsource part or all of their cybersecurity operations, often to a managed security services provider (MSSP).

There are many benefits to outsourcing information security, including cost savings and access to a deeper knowledge base and a higher level of expertise than is available in-house. However, outsourcing is not without its pitfalls, and there are issues that organizations should be aware of when choosing a cybersecurity vendor. This article will discuss five best practices for outsourcing information security.

...

http://mspmentor.net/guest-bloggers/5-best-practices-outsourcing-cybersecurity

ransomware infographic, ransomware and healthcare

Cybersecurity is top of mind for every hospital IT person these days. Cyberattacks can come from a myriad of sources and expose patient data, or with ransomware, can put patients’ health at risk by blocking access to EHRs.

A few facts:

  • 11 million patient records have been breached so far in 2016
  • Ransomware attackers often charge up to $17,000 to return access, and that cost doesn’t include the impact of downtime on your IT team and the hospital in general
  • The Department of Health and Human Services recently released ransomware guidelines to help hospitals fight these insidious attacks


When it comes to ransomware, you need to get the attention of people in your department and throughout the hospital system.  We have prepared a white paper, Protecting Your Hospital from Ransomware, which covers six steps to thwart a would-be attacker.

...

http://www.everbridge.com/ransomware-infographic/

Phoenix is fast approaching. As proud sponsors of Disaster Recovery Journal (DRJ) Fall World 2016, we look forward to discussing our latest technologies and best practices at the conference. Our software innovators and enterprise consultants for Business Continuity Management (BCM) and Governance, Risk & Compliance (GRC) will join customers to share valuable insights and case studies. Strategic BCP’s participation at DRJ Fall World will include:

Breakout Session, Regulatory Agencies: Friend or Foe of the Banking Industry?, on Monday, Sept. 19 from 4:45 to 5:15 PM PST. Strategic BCP’s Christopher Duffy (Chief Innovation Officer and Vice President of Professional Services) will join Jay Geppert from PlainsCapital Bank, Wayne Stadnik from TCF Bank, and David Underwood from United Bankshares. This roundtable discussion will include perspectives from several premier financial institutions. Insights include expanding cloud technology, vendors, and cyber security concerns. Learn more

General Session, A BC Professional’s Survival Guide: Five Steps to Avoiding the Axe and Prospering, on Wednesday, Sept. 21 from 8:15 to 9:15 AM PST. Joining me will be Keith Cantando (CBCLA), manager of Global Business Resiliency at Cisco Systems—a Strategic BCP customer and user of our ResilienceONE BCM software. We will present a five-step process to survive and thrive as a BC professional. Proven methods, tools, and activities utilized by hundreds of the most-successful professionals in the industry will be discussed—along with the biggest pitfalls to avoid. This session is geared towards all levels of experienced professionals. Learn more

Software discussions and demos during exhibit hours at Booth #505-507, where our team of BCM and GRC consultants will offer insights and answer questions. We will showcase the latest capabilities in ResilienceONE including Advanced Dependency Mapping Processes, Plan Workflow Visualization, and Integrated Mobile Solutions.

Private advisory consultations, where Enterprise Consultants from our Professional Services division will be on hand to discuss their capabilities and successes for: Business Impact Analysis (BIA); Staff Augmentation; BIA & BC Plan Auditing; Compliance Validation; Continuity & Risk Governance; Risk Mitigation Strategies; and BC Lifecycle Management.

See why Strategic BCP was positioned as a “Leader” in Gartner’s Magic Quadrant for Business Continuity Management Planning Software three years in a row.

More information about Strategic BCP can be found here.

Don’t forget to follow us on Twitter at the conference @strategicBCP or with the hashtag #drjfall.

I hope to see you in Phoenix!

AUSTIN, Texas — FEMA is looking to hire Texas residents as temporary employees to help with the state’s recovery from the past year’s storms and flooding.

FEMA is hoping to hire as many as 14 people—mostly in Austin and Houston but with a few positions in Denton and Bon Wier—to fill a variety of temporary positions working on disaster recovery.

“FEMA always seeks to employ local residents in its disaster recovery operations,” said Federal Coordinating Officer William J. Doran III, who is in charge of FEMA’s operations in Texas. “Not only does this help the economy recover by putting people to work, but these employees bring a wealth of local knowledge to the organization.”

Temporary local hires may be employed for 120-day terms, which may be extended up to one year maximum. They do not get hiring preference for other federal jobs as a result of their temporary employment. Selected health benefits are offered for these positions.

The wages vary depending on the nature of the work being performed and are set based on the prevailing wages of the state and locality. The positions range from administrative work to media relations.

Most temporary workers can be hired under a streamlined process instead of a competitive process. They must be 18 years old, have graduated high school or obtained a GED and have the appropriate qualifications for their positions. They will also be required to undergo a standard credit and criminal background check.

“We try to give preference to people who have actually suffered damage or losses from the disaster,” Doran said. “Many current FEMA employees began their careers as local hires.”

To find out more about the positions available and to apply, visit the Texas Workforce Commission’s website at workintexas.com.

For more information on the Texas recovery, visit the FEMA webpage at fema.gov/disaster/4272 or visit the Texas Division of Emergency Management website at txdps.state.tx.us/dem. Follow FEMA on Twitter @femaregion6.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Tina Esposito of Advocate Health Care diiscusses the basics of developing a big data strategy in healthcare, emphasizing the importance of aligning analytics strategies with overall business objectives and detailing her organization's experiences. Recorded at the 2016 Big Data & Healthcare Analytics Forum in San Francisco.

...

http://www.healthcareitnews.com/video/big-data-byte-basics-analytics-strategy

“Show me an IT professional who can predict the exact timing, size, method, and location for their next data center and I will show you someone with a defective crystal ball. That’s the nature of this industry,” says Data Center World speaker Jack Pouchet, the VP of marketing development and energy initiatives for Emerson Network Power.

Change has always been the cornerstone of technology, and that has never been more apparent than today. The sheer amount of data being generated by Internet users is reason alone that the data center of today must change. Pouchet will address other key emerging trends he expects to substantially impact future data centers are built and designed at Data Center World, Sept. 12-15 in New Orleans. Here’s a sneak peek.

 

The Cloud of Many Drops

More and more companies are looking beyond virtualization and to the cloud to address underutilization of computing resources, and for good reason. A 2015 study by Stanford’s Jonathan Koomey, found that enterprise data center servers still only deliver, on average, between 5 and 15 percent of their maximum computing output over the course of a year. A surprising 30 percent of physical servers had been comatose for six months or more. Enter the shared services cloud arena. The fact that companies can now offload space-consuming applications and non-critical workloads to shared space means fewer data center builds and a little breathing room. “That allows for more intelligent decisions on the core building they already have,” said Pouchet.

...

http://www.datacenterknowledge.com/archives/2016/07/18/five-key-emerging-trends-impacting-data-centers-2016/

Tuesday, 19 July 2016 00:00

BCI: The heat is on!

The Business Continuity Institute - Jul 19, 2016 16:12 BST

Flooding, blizzards, storms. These are perhaps the type of events that first spring to mind when we think of adverse weather, but conditions on the other end of the scale can also have a major impact. So as the UK experiences its hottest day of the year so far, we need to consider what effect this could have on our organizations.

Of course there will be many businesses that love this weather – beer gardens will be thriving, as will ice cream sellers, supermarkets will experience a spike in the sales of barbecue equipment, and garden centres will be enjoying a roaring trade. But for many organizations, a heatwave can be extremely disruptive.

study by the Charles Darwin University in Australia last year estimated that the impact caused by heat stress in the workplace was costing the Australian economy AUS$6.9 billion each year. And it's not just those working outside that are affected by the heat, the study found that indoor workers were impacted as much as outdoor workers. In total, 70% of respondents to their survey stated that heat stress reduced their productivity at work.

So how could your organization prepare for a heatwave?

First of all you need to think about the health aspects, especially when you consider that the 2003 heatwave cost the lives of almost 70,000 across Europe, and put an enormous strain on healthcare services. While your staff may be fit and healthy, and therefore not considered 'at risk', high temperatures can still take their toll. Ensure your staff have a comfortable working environment with cooling measures in place such as air conditioning or fans, and encourage staff to keep hydrated. Make sure there is a plentiful supply of drinking water.

Transport infrastructure can also become disrupted as rail tracks buckle, flights are unable to take off and roads begin to melt etc, so it may be worth considering whether staff need to travel, or could more flexible arrangements be put in place that allow them to work elsewhere.

As the office heats up, so could the IT infrastructure. Make sure that you have effective arrangements in place to keep all your IT equipment below the temperature that could stop it working. Ideally your servers should be kept in a temperature controlled environment. Turn off any equipment that could generate heat if it is not needed.

The UK has experienced 14 of the 15 hottest years on record since 2000, so this isn’t a problem that is going to go away any time soon. Organizations need to prepare themselves for the likelihood of a heatwave, and more importantly prepare themselves for the consequence of such an event.

Andrew Scott is the Senior Communications Manager at the Business Continuity Institute who joined after a brief stint working as the Press Officer for a national health charity. Prior to that he had over ten years at the Ministry of Defence working in a number of roles including communications and business continuity. During this time he also completed a Masters in Public Relations at the University of Stirling. Andrew took his CBCI exam in November 2014 and passed with merit.

The Business Continuity Institute - Jul 19, 2016 14:19 BST

Despite failing, last Friday's attempted coup d’état in Turkey proved revolutionary. It did so not politically, but in the way that news was shown. The days when the only source of information during an emergency consisted in a few reporters risking their lives among shots fired and crowds marching are over.

Yes, there were indeed brave correspondents in Ankara and Istanbul that provided regular updates with great passion, but they were only a fraction of the information channels available through the night. Thus, while many news agencies kept showing images of a closed bridge, it was possible to read the reactions of those on the grounds on Twitter, with people uploading videos of the crowd pushing back against the army on Periscope. An English native speaker filming from the centre of the protest even went as far as to ask online users to translate the crowd's chants in real time, which Turkish online users did. All of this went on while the Turkish President – Recep Tayyip Erdogan – was giving a speech from an unknown location via Facetime.

Of course not all of the news reported on these websites was accurate. At one point for example, President Erdogan was in Greece, Germany, Italy and the UK at the same time, four different users told. However, using common sense, one could disregard the bad pieces of information and get a rather accurate picture of the state of things on the ground.

This is obviously not the first time that online platforms play a part in providing news during a crisis. The Boston Police Department used Twitter during the 2012 bombing to give directions to people, the first video from the Brussels attacks was uploaded on social media, and it is well known how these websites played a part in the Arab Spring. Yet, this is the first time that I switched off the television to follow the news exclusively on my smartphone, reported by regular people, who had become ad-hoc correspondents.

I do not have the presumption to say that traditional media is not useful anymore, very far from that, but the news landscape has changed dramatically in the last few years, becoming more complex and confusing perhaps, but definitely more exciting.

Gianluca Riglietti is currently a Research Assistant at the Business Continuity Institute, where he provides support in managing publications and global thought leadership initiatives. He graduated at King’s College London in 2015, completing a Master’s in Geopolitics, Territory and Security.

Today, renewable energy as core part of a company’s data center strategy makes more sense than ever, and not only because it looks good as part of a corporate sustainability strategy. The price of renewable energy has come down enough over the last several years to be competitive with energy generated by burning coal or natural gas, but there’s another business advantage to the way most large-scale renewable energy purchase deals are structured today.

Called Power Purchase Agreements, they secure a fixed energy price for the buyer over long periods of time, often decades, giving the buyer an effective way to hedge against energy-market volatility. A 20-year PPA with a big wind-farm developer insures against sticker shock at the pump for a long time, which for any major data center operator, for whom energy is one of the biggest operating costs, is a valuable proposition.

Internet and cloud services giants, who operate some of the world’s largest data centers, are privy to this, and so is the Pentagon. The US military is second only to Google in the amount of renewable energy generation capacity it has secured through long-term PPAs, according to a recent Bloomberg report.

...

http://www.datacenterknowledge.com/archives/2016/07/18/appetite-for-data-center-services-powered-by-clean-energy-on-the-rise/

Jason Collier looks at the difficulties that SMBs often experience when developing IT disaster recovery and business continuity plans and claims that switching to a hyperconverged approach will solve many of the issues.

Disaster recovery and business continuity are becoming increasingly significant to the well-being of today’s small and medium sized businesses (SMBs) but, while disaster recovery and business continuity are closely aligned, they are not identical. Disaster recovery is the process of restoring lost data, applications and systems following a profound data loss event, such as a natural disaster, a deliberate data breach or employee negligence. Business continuity takes it a step further with the aim of not only recovering the computing environment but recovering it swiftly and with zero data loss.

A good business continuity plan for a company of any size consists of two key elements: an always-on infrastructure for running critical applications on-premises and a good backup and disaster recovery plan with reasonable recovery point objectives (RPO) and recovery time objectives (RTO) in case an unforeseen incident affects the primary site.

...

http://www.continuitycentral.com/index.php/news/technology/1273-improving-disaster-recovery-and-business-continuity-for-small-and-medium-sized-businesses-using-a-hyperconverged-infrastructure-approach

When you sit down with a prospective client to discuss migrating data to the cloud, the client will likely point to the grabby headlines promising amazing cost savings. Here's where you look the client in the eye and say, “Short term or long term?”

That’s not a rhetorical question. In fact, it goes to the heart of one of the top reasons why enterprises and small and midsize businesses are rapidly embracing cloud computing. In study after study, IT professionals mention their desire to reduce costs as being among their chief reasons for taking the plunge.

But MSPs would do well by their clients to broaden the conversation. Not only will it play to the many strengths that experienced services providers can offer, but it can help avoid potentially unpleasant conversations later on when the client tallies up its initial costs and comes back to you with a litany of complaints.

...

http://mspmentor.net/cloud-services/why-focusing-cost-could-cost-you-dearly

Left to their own devices, a lot of users play fast in loose with data backup. They’ll back up when they remember or ignore backups altogether because they haven’t quite processed the consequences of data loss. But taking this approach to business data can have devastating consequences, and MSPs should make sure their customers are aware of the very real costs of data loss, be it as a result of a security incident, natural disaster or some other reason.

A 2014 study by Vanson Bourne for EMC estimated the worldwide total of data loss at $1.7 trillion – not too far from the gross national product of Canada, currently estimated at $1.83 trillion.

It’s such a massive number that your customers may look at it as more of an abstraction than something they can truly grasp. So let them try these costs on for size instead: The average cost of a lost or stolen record increased12 percent in 2015 to $154 from the previous year, according to a study conducted by Ponemon Institute for IBM. The average per-incident cost rose 23 percent to $3.8 million.

...

http://mspmentor.net/blog/consequences-neglecting-data-backup

(TNS) - The Wisconsin Department of Transportation reported Thursday that it may take months to fully reopen flood-damaged highways in Bayfield, Ashland and Iron counties. Damage from the flooding — caused by 8 to 10 inches of rain that fell Monday into Tuesday — is estimated at more than $10.5 million in Iron County alone.

U.S. Highway 2 between Ashland and Hurley, U.S. Highway 63 near Grand View in Bayfield County and State Highway 13 between Ashland and Mellen remained closed Thursday because of washouts.

Those three closures are forcing lengthy detours for drivers in the region — and the floodwaters washed away many other town, county and state highways.

WisDOT reported Thursday that damage assessments of state highways are still underway. On Highway 2, water levels near Odanah were still too high to fully assess the damage as of Thursday afternoon, WisDOT spokeswoman Diana Maas reported.

...

http://www.emergencymgmt.com/disaster/Some-flood-damaged-highways-in-Northwestern-Wisconsin-may-be-closed-for-months.html

(TNS) - Chicago police, firefighters and paramedics conducted two active shooter drills Thursday at Wrigley Field, testing how they would react to gunmen opening fire in the stadium.

About 200 first responders were faced with this scenario: Two gunmen get through Gate J near the left-field bleachers and start shooting, resulting in a mass-casualty situation.

As the drills began, music, cheers and game announcements were interrupted by sudden gunfire and screaming using simulated ammunition and fake victims.

Deputy Fire Commissioner Mark Nielsen said the script called for the gunmen to shoot security guards and get access into the stands to shoot people on a fictitious game day. About 100 volunteers posed as fans in the stands, including off-duty police officers, Cubs employees and members of the city's Community Emergency Response Team.

...

http://www.emergencymgmt.com/training/Drill-at-Wrigley-tests-emergency-response-to-gunmen-in-stadium.html

You might remember a blog from our own Todd Brannon called “All about that BaaS” which outlined a jointly tested reference architecture for “Backup as a Service” with Commvault software. That engagement advanced Commvault to preferred solution partner status to deliver our joint customers a solution that is fully tested for compatibility with Cisco UCS servers and also comes with a 24/7 support model. The solution is targeted for enterprise and cloud service providers and consists of Commvault software running on the Cisco UCS C3000 series of storage optimized servers providing secondary storage. A lot can happen in a year when participating in Cisco’s Solution Partner Program and I am excited to share with you the latest developments around Data Protection and our continued partnership with Commvault.

...

http://blogs.cisco.com/datacenter/commvault-data-protection-for-hyperconverged-environments

(TNS) - Time constraints often add pressure and emergency medical technicians (EMTs) deal with death’s deadline measured on the second hand of a life’s clock.

Through practiced repetitious drillings, EMTs hone lifesaving measures into second nature responses and gain readiness for any predicament by training for the worst, morbid scenarios.

On Wednesday, EMTs engaged in active shooter training at the North Carolina National Guard Armory on Stadium Drive, practicing the proper procedures for providing medical attention and extraction to shooting victims in the midst of hostile environments, still surrounded by threats.

...

http://www.emergencymgmt.com/training/Training-nerves-in-case-of-chaos-EMTs-engage-in-active-shooter-training.html

ATLANTA, Ga. – With FEMA’s updated free app you can get weather alerts from the National Weather Service for up to five locations across the nation. You can receive alerts on severe weather happening anywhere in the country, even if your phone is not located in the area. That makes it easy to follow severe weather that may be threatening your family and friends, especially now as the height of hurricane season approaches.

“Emergency responders and disaster survivors are increasingly turning to mobile devices to prepare for, respond to and recover from disasters,” said Craig Fugate, FEMA administrator. “This new feature empowers individuals to assist and support family and friends before, during, and after a severe weather event.”

Mobile apps are an essential way to receive the life-saving severe weather warnings. According to a recent survey by Pew Research, 40 percent of Americans have used their smartphone to look up government services or information. Additionally, most smartphone owners use their devices to keep up to date with breaking news and what is happening in their community. Every minute counts when severe weather threatens. These alerts are another tool in the toolbox to build a nation that’s ready, responsive, and resilient.

The new weather alert feature adds to the app’s existing features: a customizable checklist of emergency supplies, maps of open shelters and Disaster Recovery Centers, and tips on how to survive natural and manmade disasters. Some other key features of the app include:

  • Safety Tips: Tips on how to stay safe before, during, and after over 20 types of hazards, including floods, hurricanes, tornadoes and earthquakes

  • Disaster Reporter: Users can upload and share photos of damage and recovery efforts

  • Maps of Disaster Resources: Users can locate and receive driving directions to open shelters and disaster recovery centers

  • Apply for Assistance: The app provides easy access to apply for federal disaster assistance

  • Information in Spanish: The app defaults to Spanish-language content for smartphones that have Spanish set as their default language

The FEMA app is available for free in the App Store for Apple devices and Google Play for Android devices. For more information visit https://www.fema.gov/mobile-app. If you already have the app downloaded, you can update it so the weather alerts take effect. To learn more about the FEMA app, visit: The FEMA App: Helping Your Family Weather the Storm or in Spanish at Spanish: The FEMA App: Helping Your Family Weather the Storm

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

ATLANTA, Ga. – Newly revised preliminary digital flood insurance rate maps for the coastal Georgia areas of Bryan, Chatham, Liberty and McIntosh counties will be available for residents to review at four public open houses the week of July 18-22. Flood maps show the extent to which areas are at risk for flooding, and when updated maps become effective they are used to help determine flood insurance and building requirements.

The open house provides residents of these coastal areas the opportunity to see the preliminary maps, learn about their risk of flooding, and ask questions about what the new maps will mean for their property. Residents can meet one-on-one with specialists who will be available to talk about flood insurance, engineering, building permits and more. Home and business owners, renters, realtors, mortgage lenders, surveyors and insurance agents are encouraged to attend the open house.

The open houses will be held between 5:00 and 7:30 p.m. The open house dates and locations are:

July 18, 2016

Bryan County

John W. Stevens Wetlands Education Center

240 Cedar Street

Richmond Hill, GA 31324

July 19, 2016

Chatham County

Savannah Technical College (Savannah Campus)

Eckburg Auditorium

5717 White Bluff Road

Savannah, GA 31405

July 20, 2016

Liberty County

Liberty County Performing Arts Center

2140 East Oglethorpe Highway

Hinesville, GA  31313

July 21, 2016

McIntosh County

Darien City Hall

106 Washington Street

Darien, GA 31305

The new preliminary maps were developed through a partnership among the counties, their municipalities, the Georgia Department of Natural Resources and the Federal Emergency Management Agency. They are based on updated modeling data and show more accurate flood hazard risk better than older maps. The ultimate goal is protecting property owners and the community from the risks associated with flooding. Over time, flood risks change due to construction and development, environmental changes, watershed conditions, and other factors. Flood maps are updated periodically to reflect these changes.

By law, federally regulated or insured mortgage lenders require flood insurance on buildings that are located in areas at high risk of flooding. Standard homeowners, business owners, and renters’ insurance policies typically don’t cover flood damage, so flood insurance is an important consideration for everyone. Flood insurance policies can be purchased from any state licensed property and casualty insurance agent. Visit www.floodsmart.gov or call 888-379-9531 for more information about flood insurance and to locate a local agent.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

According to the results of a recent survey of 150 IT decision makers at U.K. organizations with between 200 and 1,000 employees, fully 58 percent of surveyed companies acknowledged having suffered data breaches in the last two years.

The survey, conducted by Vanson Bourne and commissioned by GFI Software and Infinigate UK, also found that 37 percent of those attacks were deliberate acts that came from within the company, and 49 percent were deliberate acts from outside the company.

In response, 81 percent of respondents said preventing data breaches and increasing cloud security are among their organization's top priorities, and 89 percent respond to high-profile breaches by reviewing their current IT security posture.

...

http://www.esecurityplanet.com/network-security/58-percent-of-businesses-in-the-u.k.-were-breached-in-the-past-two-years.html

As some of you may know, we’ve been discussing the Data Loss Index (DLI) for a while. On this occasion I’d like to focus on some of the repeat trends we keep seeing throughout time and among the many participating countries.

During the period of April to June 2016 we received over 3,000 anonymous entries of people who had lost data in their devices.

Reasons, types of devices and operating systems differed, however there were underlying similarities in the types of problems experienced.

...

http://blog.krollontrack.co.uk/the-world-of-data/what-are-the-devices-most-affected-by-data-loss/

With Starbucks and Apple logos so common in movies and TV shows that they’re practically unnoticeable, product placement for enterprise technology is the hot marketing challenge of the day.

As we ROFLed watching the season-three finale of Mike Judge’s Silicon Valley, it was hard not to notice the gigantic black rack bearing a green rectangle sitting in the cluttered garage of the Pied Piper/Bachmanity headquarters that doubles as the startup’s data center and triples as Jared’s bedroom.

HBO’s brilliant satirical take on the San Francisco Bay Area tech scene is where converged infrastructure vendors have found their perfect place for product placement.

But compared to the subtle appearances of SimpliVity’s OmniCube on the show – that’s what the much dreaded “box” Pied Piper was forced to build by its promptly ousted CEO Jack Barker was based on – the appearance Hewlett Packard Enterprise’s Synergy on the season finale is a rather clunky feat of enterprise product placement.

...

http://www.datacenterknowledge.com/archives/2016/07/15/can-pied-piper-really-afford-hpes-composable-infrastructure/

(TNS) - Have an emergency, but cannot call 911? In Camden County, N.J., help can still be summoned - with a text message to 911.

Camden County officials demonstrated the system - the first of its kind statewide to go live - Thursday afternoon at the county police communications center in Lindenwold.

Here, in the radio room, dispatchers seated before monitors can communicate via texts to learn details of the emergency and send help, Freeholder Jonathan Young said.

Rob Blaker, the county's public safety director, said the capability to text 911 went live March 13, but was not publicized pending statewide implementation. Since then, the county system has received about 130 emergency texts.

...

http://www.emergencymgmt.com/next-gen-911/Camden-County-rolls-Out-Text-911-Program.html

Paul Kudray believes that there are five human qualities which are shared by many resilience professionals. In this article he describes these essential skills; see if you agree with his assessment...

You may already know about my love for the resilience profession; I’ve written about it before. For a large part, my love affair is founded on mutual interests and a personality / character / skills match: I quite literally was born to do this!

I use the word ‘resilience’ to encompass all of us who work in and across business continuity management, emergency and disaster management, crisis management and those who provide disaster relief. To me, it doesn’t matter which resilience discipline or section you work in, the strengths and skills needed remain fairly constant.

So what are the key skills and strengths required to be great at our profession? What are the human qualities that make us great at what we do?

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/1268-the-five-essential-skills-of-the-bcm-professional

For early- to mid-stage B2B software and SaaS companies, selling in to the enterprise is hard. Getting a lot of enterprise customers to pay for your solution on a repeated and long-term basis without seeing your sales growth stall out at $15-25 million ARR? That’s really hard.

Welcome to the challenging world of enterprise sales.

Companies like Salesforce, Workday, NetSuite and athenahealth found lasting B2B sales success and turned their companies into pillars of the enterprise SaaS ecosystem. But the majority of private enterprise companies still face this Mount Everest of a challenge. Many factors can slow a company’s B2B sales progress, including competitive challenges, timing issues and product deficiencies.

...

https://techcrunch.com/2016/07/14/the-3-biggest-sales-mistakes-enterprise-software-companies-make/

In intellectual property management, mistakes can be extremely costly, and are, unfortunately, easy for an IP manager to make. The stakes are high: these could cause your company to lose its intellectual property (IP) rights, or worse, may result in competitors obtaining those rights.

Here are the Top 10 IP management slip-ups that can increase these threats to your company:

...

http://www.riskmanagementmonitor.com/protect-your-company-from-intellectual-property-risks/

(TNS) - This is part of a continuing series about Washington state’s lack of preparation for a major earthquake.

All that separates Long Beach Elementary from the Pacific Ocean is a half-mile expanse of flat, sandy ground dotted with restaurants, hotels and shops catering to tourists. When the next Cascadia megaquake strikes, the 250 students at the school will face a choice Washington officials would rather not think about.

They can try to outrun the inevitable tsunami and reach high ground two miles away. Or they can hunker down in a two-story building that wasn’t designed to withstand an unstoppable wall of water. “It’s a nightmare I hope I never have to face,” said Principal Todd Carper. “Our current plan is a ‘go upstairs and hope’ situation.”

When it comes to protecting Washington schoolchildren from earthquakes and tsunamis, hope often substitutes for dollars and steel, The Seattle Times has found.

...

http://www.emergencymgmt.com/disaster/We-should-be-screaming-with-outrage-State-does-little-to-protect-schoolkids-from-earthquake-tsunami.html

Amazon Web Services' Matt Wood, the general manager of product strategy at AWS who has overseen the recent spate of IT-oriented services from the company, unveiled expanded database migration and replication services at the Amazon Summit 2016 in Santa Clara on July 13.

SAP Adaptive Server Enterprise -- formerly Sybase -- has been added to the list of on-premises systems that customers may migrate into the cloud or, as in some cases, migrate away from the cloud. That list already included the Oracle and Microsoft SQL Server proprietary systems.

In addition, migrations from Oracle data warehouses and Teradata warehouses into Amazon Red Shift are now supported by AWS Database Migration Service. Wood also announced that Amazon is adding data replication one-click type of service. It was previously part of the database migration service, but in that context, it was turned off once the task of duplicating a company's database to a target system in the cloud had been completed.

...

http://www.informationweek.com/cloud/aws-expands-database-migration-service-adds-replication/d/d-id/1326264

Friday, 15 July 2016 00:00

BCI: The threat of climate change

The Business Continuity Institute - Jul 15, 2016 15:05 BST

Climate change is happening now, with 14 of the 15 hottest years on record occurring since 2000, and the impacts of it are already being felt in the UK. This is according to the Committee on Climate Change's Adaptation Sub-Committee which has published a new report to show that urgent action is required to address climate-related risks.

The ‘UK Climate Change Risk Assessment Evidence Report’, which the Business Continuity Institute contributed to, sets out the most urgent risks and opportunities arising as a result of climate change. Changes to the UK climate are likely to include periods of too much or too little water, increasing average and extreme temperatures, and sea level rise. The report concludes that the most urgent risks for the UK resulting from these changes are:

  • Flooding and coastal change risks to communities, businesses and infrastructure.
  • Risks to health, wellbeing and productivity from high temperatures
  • Risk of shortages in the public water supply, and water for agriculture, energy generation and industry, with impacts on freshwater ecology.
  • Risks to natural capital, including terrestrial, coastal, marine and freshwater ecosystems, soils and biodiversity.
  • Risks to domestic and international food production and trade.
  • Risks of new and emerging pests and diseases, and invasive non-native species, affecting people, plants and animals.

Climate change was not considered an immediate threat in the BCI's latest Horizon Scan Report, but it is perhaps one to look out for in the future, at least according to a third of respondents to a global survey. We have already seen an increase in the disruption to businesses caused by flooding, and this could very well get worse in the future.

Lord Krebs, Chairman of the Adaptation Sub-Committee of the Committee on Climate Change, said: “The impacts of climate change are becoming ever clearer, both in the United Kingdom and around the world. We must take action now to prepare for the further, inevitable changes we can expect. Our independent assessment today, supported by the work of hundreds of scientists and other experts, identifies the most urgent climate change risks and opportunities which need to be addressed. Delaying or failing to take appropriate steps will increase the costs and risks for all UK nations arising from the changing climate.

There are more data centers in the US than anywhere else, and until at least three years ago, building a data center in the US was less risky than building one in any other country. According to recent risk analysis of global data center locations by a real estate services firm, however, that’s no longer the case.

US ranks third in electricity costs, fifth in ease of doing business, 15th in available network bandwidth, and 36th in corporate tax environment. These and six other characteristics add up to US being the 10th least risky data center location today, according to the firm.

The same report, Cushman & Wakefield’s Data Centre Risk Index, put the country at the top of the list just three years ago. Since 2013, US has been overtaken by four Nordic countries, as well as Switzerland, UK, Canada, Singapore, and South Korea.

...

http://www.datacenterknowledge.com/archives/2016/07/14/report-us-no-longer-lowest-risk-data-center-location/

Ransomware as you may recall is malware that makes its way into your system and holds your data to ransom by encrypting it with a key that you do not have.

Your data doesn’t go anywhere. It sits in your system, but you can’t use it anymore – or at least not until you pay off the blackmailers or find another solution.

Now, hackers have gone a step further with a fake version that relies purely on panicking you into paying up.

...

www.opscentre.com/security-risk-now-followed-fake-risk/

Spoiler Alert: The first paragraph contains spoilers for the first episode of season two of Mr. Robot. If you want to avoid the spoilers, skip to the second paragraph.

Mr. Robot’s reputation for being timely and not stupid about hacking was reinforced in the opening episode of season two of the series.  During the episode, the hacker group fsociety hit E(vil) Corp with a ransomware attack. Although the ransom demand window that opened on E Corp’s computer screens had some oddities, PhishMe reports that, in general, the hacking scenario seen in the episode was fairly realistic. Good thing for the script writers that E Corp didn’t have CryptoDrop installed in their security system because if they had, it’s very likely the ransomware attack would have failed.

Mr. Robot (the character) thinks outside the box – way outside. A team of researchers at the University of Florida’s Florida Institute for Cybersecurity Research led by Nolan Scaife and Patrick Traynor also think outside the box only they don’t hack your system, they stop the hackers. The team has developed an early-warning detection system called CryptoDrop that stops ransomware from encrypting all of your files.

...

http://www.forbes.com/sites/kevinmurnane/2016/07/14/real-life-mr-robots-dropped-a-stop-on-ransomware-but-mr-robot-scriptwriters-didnt-get-the-memo/

The United Nations has kicked-off a new multi-year campaign that aims to reduce disaster losses, improve management of disaster risk, and save lives.

“Despite many successes there are still far too many lives being lost in predictable events because of failures to deploy early warning systems, learn lessons from past events and to grasp the growing threat of climate change and its impact on extreme weather events including storms, floods and drought,” said Robert Glasser, the UN Special Representative for Disaster Risk Reduction.

The new ‘Sendai Seven campaign’ is an advocacy initiative to encourage implementation over the next seven years of the Sendai Framework for Disaster Risk Reduction, which was adopted by UN Member States in 2015 in the northern Japanese city after which it was named, and consists of seven targets and four priorities for action that aim for the substantial reduction of disaster risk and losses in lives, livelihoods and health and in the economic, physical, social, cultural and environmental assets of persons, businesses, communities and countries.

...

http://www.continuitycentral.com/index.php/news/resilience-news/1265-un-launches-disaster-risk-management-campaign

Vodafone has published its fourth annual IoT Barometer Report: a global survey of business sentiment regarding innovation and investment in the Internet of Things, the term used to describe the evolution of a new generation of devices and processes using connected network intelligence to deliver advanced capabilities. The survey was conducted by Circle Research in April and May 2016 and involved more than 1,096 companies across Australia, Brazil, Canada, China, Germany, India, Ireland, Italy, Japan, The Netherlands, South Africa, South Korea, Spain, Turkey, the UAE, the UK and the USA.
The 2016 Vodafone IoT Barometer Report found that:

  • 89 percent of companies investing in IoT have increased their budgets over the last 12 months;
  • 76 percent of all companies interviewed believe that taking advantage of IoT technologies will be critical for the future success of any organization; 
  • 63 percent of IoT adopters are seeing ‘significant’ returns on investment, up from 59 percent in last year's report; and
  • IoT investment now accounts for 24 percent of the average IT budget, on a par with cloud computing or data analytics.

...

http://www.continuitycentral.com/index.php/news/technology/1264-iot-goes-mainstream-and-business-continuity-managers-need-to-understand-the-implications

Digital Realty Trust has become the third major US-based data center provider to buy enough renewable energy to offset 100 percent of its US colocation data center power consumption. The company has agreed to buy about 400,000 megawatt-hours of energy per year from a wind farm operator, according to a statement issued Wednesday, which will offset energy consumed by facilities where the company provides colocation and interconnection services, the footprint that consists mostly of facilities it gained through the acquisition of Telx.

The agreement is the latest sign that renewable energy is becoming more and more important to data center customers, and that data center providers increasingly view the ability to power their facilities with renewable energy as a competitive advantage. Renewable energy has also become price competitive with regular grid energy, making it even more attractive to data center operators from business perspective.

Until recently, such long-term utility-scale data center power purchase agreements had been signed exclusively by web and cloud giants, such as Google, Facebook, and Microsoft. Last year, however, Equinix, the world’s largest data center provider, and Switch, a smaller but important provider, announced the first big renewable energy deals in the industry.

...

http://www.datacenterknowledge.com/archives/2016/07/13/wind-deal-to-offset-digitals-entire-us-data-center-power-consumption/

Cloud security remains a top concern for many companies, especially when business units acquire cloud services independent of the IT department. To help illustrate the problems such practices can create, the Cloud Security Alliance (CSA) has compiled its list of “The Treacherous 12: Cloud Computing Top Threats in 2016.”

The 2016 Top Threats release mirrors the shifting ramifications of poor cloud computing security decisions up through the managerial ranks,” the CSA report said.  “Instead of being an IT issue, it is now a boardroom issue. The reasons may lie with the maturation of cloud, but more importantly, most likely from higher strategic decisions by executives in their cloud adoption strategic decisions.”

HOUSTON – Law firms have been duly warned in recent years that their systems have been attacked (hacked) and breached and that the attacks will likely escalate and intensify. Recent developments present very real evidence that these warnings, from many sources, including the F.B.I., have been accurate and even understated. These developments should be a loud and clear wake-up call to law firm management to intensify efforts to secure the treasure trove of highly confidential, sensitive, proprietary and often privileged client and employee information. After all, client confidentiality is the life’s blood of any attorney’s practice.

* The FBI began warning firms that they were specifically being targeted by organized cybercriminals as early as 2009, and in 2011 invited 200 of the largest law firms to discuss the rise in sophisticated cyber-attacks targeted at law firms. Part of the reason for this is that law firms often present an easier target than some of their clients; if a hacker wants to steal sensitive information from a company, he may have better luck going after that company’s outside counsel.

* 2015 was the first year that the legal sector appeared on Cisco’s annual ranking of industries targeted by hackers—debuting at number 6. Law firms’ clients are taking notice. Many financial institutions now require law firms to complete checklists and subject themselves to audits of their information security apparatus.

...

http://www.forbes.com/sites/riskmap/2016/07/13/is-cyber-risk-an-existential-threat-to-the-legal-sector/

(TNS) - Rae Ann Brutger stood on her doorstep and wept.

The tornado had shoved her home 10 feet off its foundation, leaving her living room at a crazy tilt. She surveyed the damage, stepping cautiously over the smashed snowman figurines she had spent decades collecting and the family photos that had spilled out of an off-kilter cupboard.

“I sincerely realize it could have been much worse,” she said, wiping her eyes and nodding toward her neighbor’s place. The tornado that ripped though the Litchfield mobile home park flattened the double-wide trailer next door, leaving it an almost unrecognizable twist of metal.

The twister was one of four that roared through central Minnesota Monday afternoon, part of a storm that dumped up to 9 inches of rain in spots across north central Minnesota, washing out roads, overrunning highways, leaving neighborhoods in tatters and raising fears of flash flooding across the region.

...

http://www.emergencymgmt.com/disaster/Flooding-worries-rising-day-after-tornadoes-strike-in-central-Minn.html

In our fast-moving digital age, many organizations are still struggling with an “analog” approach to crisis management, using hard-copy documents and tabletop exercises to prepare for the next potential emergency.

This makes training employees particularly difficult, because both businesses and the threats they face are growing and evolving all the time. It is nearly impossible to constantly update hard-copy crisis management plans—let alone repeatedly disseminate them to hundreds or even thousands of employees.

It’s no wonder that many companies are incorporating technology into their crisis management prep as often as possible.

Here, we look at four ways technology can benefit your organization’s crisis management training efforts:

...

https://www.rockdovesolutions.com/blog/4-ways-to-improve-crisis-management-training-with-technology

There are multiple areas of potential risk in data center environments that can cause incidents resulting in an insurance claim. Risks include:

  • Accidents that damage the facility
  • Potential for workplace injuries
  • Business risks from downtime events that impact the data center’s or its customers’ business continuity.

Organizations depend on 24 x 7 x 365 IT infrastructure availability to ensure that services to customers/end-users are available whenever needed.

...

http://www.datacenterknowledge.com/archives/2016/07/13/lowering-data-centers-exposure-insurance-claims/

Charleston, W.Va.– In the face of disaster, the people of West Virginia have come together with courage and compassion to ask “How can I help?”

The main needs now are cash donations and volunteers.

Although there has been an outpouring of financial support already to help flood survivors more is needed. Cash donations enable nonprofit organizations to purchase what disaster survivors need most. Buying the items from local businesses helps the economy recover. No gift is too small.

West Virginians and people from throughout the nation have donated thousands of hours of labor to help the many affected folks who are elderly, disabled, living on fixed incomes or otherwise overwhelmed by the flood’s after effects. But more volunteers are needed.

There are many organizations that need donations and are looking for volunteers and at least two comprehensive groups focused on West Virginia flood recovery. The West Virginia Chapter of  National Voluntary Organizations Active in Disasters (WVVOAD) represents dozens of faith-based, community, nonprofit and non-governmental organizations active in flood response and recovery. wvflood is a new website updated by Volunteer West Virginia, the state’s Commission for National and Community Service, in partnership with WV VOAD with the support of the Office of Governor Earl Ray Tomblin. Anyone who can make a cash donation or volunteer may do so at the WVVOAD or wvflood websites.

Unfortunately, disasters tend to attract con artists who will take advantage of well meaning people. Donate to legitimate national or local organizations. Beware of solicitations to help survivors from people or groups who may sound sincere but you haven’t verified. If you are unsure or uncomfortable about the intentions of anyone you encounter, please contact local law enforcement. If you suspect fraud please call the West Virginia consumer protection hotline 800-368-8808.

Finally, be ready to stick around  for the long haul. The work of recovery lasts a lot longer than the media attention. There will be a need for donations and volunteers to help West Virginia recover for many months, even years, to come.

Even if you’re not ready to take any action at this time, you may find recovery information and survivors can find out about and ask for assistance by visiting either of the websites:

#wvflood http://wvflood.com/about/Pages/default.aspx

or VOAD https://wvvoad.communityos.org/cms/

Additional information on West Virginia’s disaster recovery can be found by visiting fema.gov/disaster/4273, twitter.com/femaregion3, twitter.com/FEMA and fema.gov/blog.

The National Crime Agency has published its ‘Cyber Crime Assessment 2016’, outlining the immediate threat to UK businesses from cyber crime. This is the first cyber crime assessment produced jointly by the NCA and industry partners.

The NCA reports that the accelerating pace of technology and criminal cyber capability currently outpaces the UK’s collective response to cyber crime, calling for stronger collaborative working between government, law enforcement and, crucially, business to reduce vulnerabilities and prevent crime.

The assessment shows that cyber crime activity is growing fast and evolving, with the threats from distributed denial of service (DDoS) and ransomware attacks increasing significantly in 2015.

...

http://www.continuitycentral.com/index.php/news/technology/1261-uk-national-crime-agency-publishes-cyber-crime-report

One of the most common concerns raised by business continuity managers is the difficulty of getting senior management support. In this article Brad Law MBCI, provides five ideas for making progress in this tricky area.

It seems nowadays that most of our working hours are spent in meetings, writing emails, calling back those voicemails and working on that endless proposal that you know is already 15 slides too long. So the last thing on your mind is trying to convince your boss that a resilient and concise business continuity plan is something 'we should focus on this quarter' and, let’s face it, they're thinking the same thing too. However, maybe it's time to ponder how you and your boss would cope without a task orientated, simple to use, business continuity plan. Below are my five tips on where to start and how to finish that conversation:

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/1260-five-tips-for-convincing-your-ceo-to-focus-on-business-continuity

Wednesday, 13 July 2016 00:00

Global Risk Report 2016

By Ben J. Carnevale

Given the continuity and compliance objectives of this website, it is not too often that we don’t have the topics of global risk, risk management and risk mitigation discussed in this blog.  And, this posting will be no exception to that pattern.

This posting intends to provide an additional lens of insight into the world of perceived risks present in the global environment of the world in which we work, play and live.

This posting will offer a great reference source reading about global risk, how it might affect your company’s long term strategic growth and planning process or perhaps, even influence how your purchasing team builds its global supply base to support its platform of building faster, better and cheaper into this year’s purchasing plan and strategy.

With so many doing so much self-directed research on search engines and social media to help address problems and identify solutions, in many cases as much of 70% of the decision-making process is now over before potential clients are ready for a conversation with a data center’s executive- or sales team.

Today’s data centers face a very different buyer’s journey where the traditional marketing and sales playbooks have been severely disrupted.

Why? People got tired of being interrupted by obnoxious marketers and sales reps. So fed up that it’s fueled massive changes in consumer preferences that have powered selective-consumption platforms like iTunes, Netflix, SiriusXM, and TiVo.

...

http://www.datacenterknowledge.com/archives/2016/07/12/are-data-centers-and-msps-like-oil-and-water-or-peanut-butter-and-jelly/

There is an ongoing national conversation around the relationship between law enforcement and various civilian populations. In talking to friends of diverse ethnic backgrounds, it has become clear to me that my perceptions and how I go about my daily activities are different from some of my friends and acquaintances. This blog is not to comment on that, but rather to relate it to our business risk assessment.

There is not a single risk profile. Depending on the type of business, facility location, public perceptions, etc., the same event may be more or less likely to occur or may have a different impact. This may be an obvious statement, but how many of us in the risk or business continuity area evaluate the actual risks to our organization rather than looking at risk in the same old way or with the same bias? The following are items or areas to consider. While not necessarily complete, this list may prompt thoughts specific to your organization.

...

http://www.mha-it.com/2016/07/actual-risks-organization/

The Internet of Things (IoT) is a hot button topic. Experts, users and commentators are worried about keeping it secure. Progress – or at least news – is being made, however. During the past few weeks, several announcements have been made, suggesting that the industry is hard at work at putting people’s fears to rest.

The highest profile announcement was made late last week: Security firm Avast Software acquired AVG, another security firm, for $1.3 billion. The acquisition is designed in part to enable Avast to move into the IoT security space. If the deal closes, the combined company will have a presence in about 400 million endpoints, including about 160 million mobile devices.

The second announcement, which was also made last week, is that SAP and WISeKey, a Swiss company, are collaborating. According to Engineering.com, WISeKey offers a managed cryptographic root of trust (RoT) that can be recognized by both applications and operating systems. The trust level can be extended to IoT devices using SAP’s HANA platform.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/companies-are-working-hard-to-make-the-iot-more-secure.html

The Business Continuity Institute - Jul 13, 2016 15:30 BST

No business is too small to evade a cyber attack or data breach, and businesses across all industries are impacted by this threat. In fact, more than 50% of SMBs across North America have been breached in the last 12 months, according to a new study commissioned by Keeper Security, and conducted by the Ponemon Institute.

The 2016 State of SMB Cyber Security Report noted that only 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective. Confidence in SMB cyber security posture is so low primarily because personnel, budget and technologies aren't sufficient. The Business Continuity Institute’s latest Horizon Scan Report showed that small businesses are no different to larger organizations when it comes to determining the greatest threat they face – in both cases it was cyber attack and data breach.

The most prevalent attacks against smaller businesses are web-based and involve phishing and social engineering breaches. Widely adopted technologies such as anti-virus are still useful, but they cannot be depended on to protect against exploits and cyber attacks. Three out of four SMBs reported that exploits have evaded their anti-virus solutions.

The study found that SMBs have a major lack of control and visibility when it comes to employee password security. Strong passwords and biometrics are believed to be an essential part of a security defence, yet 59% of respondents say they have no visibility into employees' password practices and hygiene, and 65% do not strictly enforce their documented password policies.

"SMBs were being highly targeted by hackers and the rate at which breaches are occurring is alarming. Cyber attack prevention is now everyone's responsibility," said Darren Guccione, CEO and Co-Founder of Keeper Security. "As both frequency and size of data breaches increases, SMBs must face the reality that a material adverse financial impact on their business is a real possibility. An SMB does not require a significant IT budget to protect their business. Training employees and utilizing essential security technologies such as password management, firewalls and anti-malware are straightforward, yet extremely effective ways for SMBs to mitigate cyber risk."

"We've conducted many surveys on enterprise cyber security in the past but this unique report on SMBs sheds light on the specific challenges this group faces," said Dr Larry Ponemon, Chairman and Founder of the Ponemon Institute. "Considering the size of the SMB market in the United States alone, this information can be useful to diminish the risk of breach to millions of businesses."

It stands to reason that larger organizations would be more at risk of embezzlement by employees, but the reverse has been shown to be the case. Organizations with fewer than 150 employees are particularly at risk, accounting for 82% of all embezzlement cases, Hiscox found in its new report, Embezzlement Study: A report on White Collar Crime in America. Smaller organizations with tight-knit workforces are particularly vulnerable because of the trust and empowerment given to employees.

Incorporating employee theft cases active in the U.S. federal court system in 2015, the study found that 69% represented companies with less than 500 employees. Perpetrators are often “regular people who are smart, well-liked, and those you’d least expect to steal,” according to Hiscox. How does a trusted employee become a criminal? Motivations can range from financial pressure to a belief that they are underpaid by the company.

Employees with more tenure, access and control over finances are found to take the largest amounts. While the type of fraud can vary by industry, what is consistent is access to funds. In fact, managers were found more likely to steal than other employees.

...

http://www.riskmanagementmonitor.com/smaller-companies-more-vulnerable-to-employee-theft/

(TNS) - With an uptick in active shooter incidents nationwide, emergency medical personnel are increasingly faced with the decision of standing by until police clear the scene or jumping in and potentially saving more lives.

“As a rule … we wait for police to arrive on scene, and they let us know when it's safe to enter,” Acting EMS Chief Robert Farrow said.

He said sending paramedics into potentially unsafe scenes would require careful calculation.

“The benefit is you save more lives,” Farrow said. “The downside for public safety… is you put yourself at a higher level of high risk.”

...

http://www.emergencymgmt.com/safety/-Local-paramedics-train-for-active-shooter-scenes.html

Severe thunderstorms accounted for the lion’s share of U.S. natural disaster losses in the first half of 2016, according to Munich Re.

Of the $17 billion in U.S. economic losses ($11 billion insured) caused by natural catastrophes in the first half of 2016, some $12.3 billion ($8.8 billion insured) were due to a series of storms in Texas and neighboring states, including destructive hailstorms in Dallas and San Antonio, and severe flooding in the Houston metro area.

Winter storms and cold waves were the next most costly U.S. peril in the first half causing insured losses of $1.5 billion, followed by flood and flash flood events with $1 billion in insured losses.

...

http://www.iii.org/insuranceindustryblog/?p=4507

Wednesday, 13 July 2016 00:00

Matching the Cloud to the Workload

Cloud providers want enterprise workloads, and the enterprise wants to push more data and applications to the cloud. Sounds like a perfect match, doesn’t it?

Well, yes and no. While it is true that enterprise-class cloud deployments are expanding at a steady clip, and more of these are taking on real production workloads rather than bulk storage and data backup, many organizations are still struggling with the generic nature of cloud resources.

For decades, the enterprise has had the luxury of crafting highly customized infrastructure whenever it was necessary. It was one of the perks of building and maintaining your own data environment. This is certainly possible in the cloud, of course, but it often comes at a higher cost, since the economies of scale are not the same as with generic workloads. Where there is a need in business, however, there is usually someone willing to fulfill it, and the cloud industry is rapidly transitioning from a basic level of functionality that caters to consumer tastes toward the more specialized requirements of the enterprise.

...

http://www.itbusinessedge.com/blogs/infrastructure/matching-the-cloud-to-the-workload.html

(TNS) - Senon Selgado’s family rode out floods before in their home near Texas' Blanco River, but Memorial Day weekend of 2015 was different. The water rose too high, too quickly. By the time his granddaughter and her children threw on their clothes and called 911, emergency workers had advised them to climb onto the roof.

But they couldn’t — not with Senon’s wife, Maria Isabel Selgado, in a wheelchair.

Tim and Elizabeth Darnell, neighbors and leaders of the nearby Hill Country Church, helped rescue the Selgados from the floodwaters. But the family is among hundreds who have been unable to rebuild since then, according to the Blanco River Regional Recovery Team, the nonprofit helping survivors of the May 2015 floods that killed 14 in Central Texas and left more than 2,100 Hays County homes damaged or destroyed.

The Selgados received $18,000 from FEMA and, desperate to find cheap fixes for a destroyed home, found a couple of guys on Craigslist to do tiling and roofing, they said.

...

http://www.emergencymgmt.com/disaster/Recovery-team-asks-for-help-as-disaster-fatigue-affects-flood-rebuild.html

(TNS) - When a Virginia Beach woman’s abusive ex-boyfriend showed up at her house shortly after she applied for an emergency restraining order, she wasn’t sure how to get help.

A call to 911, or an attempt to get away, might trigger a violent reaction from him. So she texted the emergency number instead. She included her address, a description of the man, and the fact that she had just filed for the order and he had not been served with it.

Police arrived within minutes, and a potentially violent situation was averted in February, said Stephen Williams, Virginia Beach’s director of Emergency Communications and Citizen Services.

...

http://www.emergencymgmt.com/next-gen-911/Text-to-911-off-to-successful-start-in-Virginia-Beach.html

The Zika virus recently claimed its first victim in the Continental US, taking the life of an as-yet-unidentified pensioner in Salt Lake County, Utah. Although Zika has been around since the 1940s, it is only during the last few years that it has really exploded, and its spread across Americas has been a tremendous cause for concern, particularly with the Rio Olympics coming up.

As with all contagions, one of the most pressing challenges for its containment is understanding where it will spread. Obviously, it is not enough simply to deal with a disease once it has infected an area. Infectious disease physician at Toronto-based St. Michael’s Hospital, Kamran Khan notes that one thing is true of the spread of infectious diseases: ‘If you start to analyze the situation when an outbreak occurs, you’re already too late.’

This is particularly true of Zika, as there is still so little known about the disease. The disease is often symptomless, with just 1 in 4 of those with the disease developing them. The most worrying aspect of the virus is the birth defects it causes, such as abnormally small heads and brain damage. From what we know about the disease so far, it is transmitted by the Aedes aegypti and Aedes albopictus mosquito, neither of which are found in Utah. The majority of cases in America have been travel related, which means finding a pattern to its spread is exceptionally difficult. The only treatment available at the moment is also ‘mosquito management’ - an indiscriminate, costly, and wasteful program of insecticide spraying in areas with a large population of the mosquitos in question, the environmental impact of which is hard to ascertain.
...

https://channels.theinnovationenterprise.com/articles/how-data-is-being-used-to-contain-the-spread-of-zika

Like energy, growth in data center water consumption in the US has slowed down since about a decade ago.

A recent US government study for the first time made an attempt to quantify water consumption of all data centers in the country. The study focuses primarily on data center energy consumption, but it also uses its electricity consumption estimates to extrapolate the amount of water it takes to power and cool data centers.

Water is one of two major resources data centers consume, and this fact drew a lot of public attention last summer, as the drought in California grew especially acute. While, thanks to this past winter’s El Niño, water levels in the state’s reservoirs are higher than they have been in years, the drought continues, and water consumption by the state’s various industries, including the high-tech industry, continues to be an important issue.

...

http://www.datacenterknowledge.com/archives/2016/07/12/heres-how-much-water-all-us-data-centers-consume/

Wednesday, 13 July 2016 00:00

Cognitive Risk Framework for Cybersecurity

Cybersecurity has gotten a great deal of attention these days for two reasons: 1) billions of dollars are being spent in response to a growing threat in cybersecurity and 2) there has been a real lack of meaningful and sustainable success in preventing hackers from stealing data.

Every organization is vulnerable to attack and no matter the amount of money spent hardening the enterprise, threats continue to escalate. This phenomenon is called the Cyber Paradox. The definition of a paradox: “something (such as a situation) that is made up of two opposite things and that seem impossible but is actually true or possible.” How is it that incremental investments in security have not impacted the marginal cost of cyber risk? The answer may surprise you:

...

http://corporatecomplianceinsights.com/cognitive-risk-framework-cybersecurity/

Additional complicating factors include the necessary balances between different parts of the chain and the extension of supply chains to include many different external partners.

However, as supply chains are the way many enterprises differentiate themselves from competitors, managers will have to take the bull by the horns and ensure supply chain resilience. But what kind of resilience?

There are different definitions of what resilience in supply chains concerns. One point of view is that a supply chain will break at some time and that building in resilience is about minimising the damage through:

  • Resistance. The impact of a disruption is either avoided or contained. For example, you organise different modes of transport to avoid being blocked by a rail strike (avoiding a general problem) or you reroute all your truck deliveries to contain the impact of major roadworks (containing a specific problem).
  • Recovery. You repair a breakdown or fix a problem, stabilise your supply chain and return to normal or at least steady performance, as soon as possible. For example, having decided to use just one supplier for a certain good or service, if the supplier stops supplying, you scramble to find and bring on board an alternative supplier.

...

http://www.opscentre.com/supply-chain-resilience/

Wednesday, 13 July 2016 00:00

How data corruption works

Modern drives have advanced at an astounding rate in recent years, but despite all these innovations, media corruption still remains an issue in today’s data recovery industry. Before we delve into the deeper issues associated with media corruption, we need to understand what causes corruption and how it can be diagnosed within the context of data recovery.

What is media corruption?

Media corruption can be described as the loss or change of computer data during transmission or retrieval.

What causes media corruption?

Corruption is often caused when the data transfer process is interrupted or disturbed. This can be caused by electronics failure, power surges or internal mechanical problems.

...

http://blog.krollontrack.co.uk/making-data-simple/data-corruption-works/

Meeting DOT Compliance and other related Federal requirements in 2016 (and beyond) will continue to be one of the major challenges facing internal risk management teams in the transportation industry.

And as if the transportation industry was not already a business full of more than enough risk factors, this posting will present recent trends very likely to add to that risk list and broadly impact transportation enterprises (e.g. trucking) the rest of 2016 and long into 2017.

There’s no longer much question about whether federal health authorities are serious about cracking down on technology solutions providers that don’t take cybersecurity seriously.

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) has agreed to pay $650,000 to settle “potential violations” of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), after patient data was stolen from a smartphone.

...

http://mspmentor.net/msp-mentor/it-services-provider-pays-650k-hipaa-breach-fine

A funny but expected phenomenon is hitting the nascent 5G market: Providers and vendors are announcing tests, choosing sides and generally building hype long before anyone knows precisely what 5G is.

CNET’s Roger Cheng reported today that Verizon has made what appears to be a broad announcement regarding its path forward on 5G. The company has established radio specifications for 5G with its vendors that put in place “a common blueprint for everyone regarding the network infrastructure, processors and devices.”

The reality is that 5G standards are still in the formative stages. According to Franz Seiser, the vice president of Core Networks and Services at Deutsche Telekom, standards are important, but achieving global standards will also be central to realizing the full potential of the emerging technology: “There is a huge competition but we need to be very careful about not ending up with fragmentation if some [in the industry] are moving too fast and too far. We need global standards,” Seiser explained.

...

http://www.itbusinessedge.com/blogs/data-and-telecom/which-came-first-the-technology-or-the-standard.html

Tuesday, 12 July 2016 00:00

DevOps Done Right, the First Time

The benefits of converting to a DevOps model of IT operations are becoming plainer by the day, but the process of converting today’s management stack to an agile architecture is still mired in confusion.

DevOps alone, of course, will not make you agile, but it is a key enabling technology that allows for much of the continuous development and IT automation that will finally allow organizations to shed the hands-on control of data infrastructure to focus on more productive activities.

In today’s fast-paced economy, DevOs will not only be the preferred means of pushing new services to users, it will be the only way. As Datamation’s Andy Patrizio notes, the six-month or more time lag between request and fulfilment for new services simply will not cut it, particularly now that the cloud has provided a convenient alternative to IT. Under a DevOps model, everyone with a stake in the application – which includes developers, users, infrastructure managers and even the bean counters – gets a seat at the table to determine the scope and nature of the project and its implementation within the data ecosystem. In this way, services not only play a more pivotal role in the business process, but multiple eyes can track their progress to see exactly how they can be made more relevant or powered down if necessary.

...

http://www.itbusinessedge.com/blogs/infrastructure/devops-done-right-the-first-time.html

There are three things you need in order to turn a technology concept into a viable revenue-generating services business:

  1. The market opportunity. The stars need to be aligned and momentum needs to be in your favor.
  2. The building blocks. The vision to capitalize on enabling technology. The tight-knit plan to get you to where you need to be, and the GTM speed to get there quickly and efficiently.
  3. Execute, automate and scale. In today’s modern era, speed-to-market has never been more important, and scale is critical to long-term business success. Think not only about how you can implement, but how can you automate.

...

http://mspmentor.net/blog/turning-data-protection-services-cash-cow

AUSTIN, Texas – Businesses and nonprofit organizations that sustained damage or losses from the May-June storms and floods can apply for a low-interest disaster loan from the U.S. Small Business Administration to help with their recovery.

“SBA disaster loans are the major source of federal disaster recovery aid,” said Federal Coordinating Officer William J. Doran III, who is in charge of FEMA’s operations in Texas. “The interest rates are low—as low as 4 percent for businesses and 2.625 percent for nonprofits for the life of the loan.”

SBA offers two types of disaster loans to businesses, small agricultural cooperatives, aquaculture and most nonprofits, including faith-based ones: physical disaster loans and economic injury disaster loans.

Physical disaster loans are used to repair or replace damaged buildings and business assets. Economic injury disaster loans help small businesses, small agricultural cooperatives, aquaculture businesses and most private nonprofits meet financial obligations they cannot meet because of the disaster.

Business owners may also be eligible to refinance existing liens or mortgages.

SBA low-interest disaster loans for businesses have several advantages:

  • SBA requires no collateral for both physical loans or economic injury loans less than $25,000. SBA requires the borrower to pledge as collateral only what is available, plus satisfactory credit and the ability to repay.
  • Applicants don’t have to wait for insurance settlements to obtain loans.
  • Loans are written for a length of time appropriate to the type of loan, but SBA may make adjustments in the length of the loan to lower the monthly payments. Loan amounts and terms are set by SBA and are based on each applicant’s financial condition.
  • SBA offers mitigation loans to help pay for improvements to reduce potential for future damage. These mitigation funds are available for up to 20 percent of the total amount of disaster damage.
  • SBA never charges an application fee or points for its disaster loans.

By law, SBA business loans cannot exceed $2 million.  If a business is a major employer, SBA may waive the limit.

The deadline to file for a physical damage disaster loan is August 10. The deadline for an economic injury disaster loan is March 11, 2017.

No one is obligated to accept a loan if approved. SBA gives applicants six months to decide whether to accept a loan.

Applicants may apply online using the electronic loan application via SBA’s secure website at DisasterLoan.sba.gov/ela.

Disaster loan information, application forms and a list of counties eligible for assistance are available online at SBA.gov/disaster, from SBA’s Customer Service Center at 800-659-2955 or by emailing DisasterCustomerService@sba.gov. Individuals who are deaf or hard of hearing may call 800-877-8339.

SBA representatives are also available at disaster recovery centers to provide information about disaster loans, the application process or help completing an SBA application. To find the nearest one, go online to the disaster recovery center locator at asd.fema.gov/inter/locator.

Completed applications can be mailed to:
U.S. Small Business Administration
Processing and Disbursement Center
14925 Kingsport Rd.
Fort Worth, TX  76155

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

No matter what precautionary measures schools take, there are many risks and “fires” that need to be put out on a daily basis. To keep staff and students safe and to protect school assets, a proactive approach to mitigating risk in schools is a necessity. The keys to a successful risk management program include careful, strategic planning while taking all relevant and potential factors into consideration, but how can administrators get started?

By identifying potential risks and applying a process to assess them, schools can focus on their objectives more clearly, including top priorities like student and employee wellbeing. Effective risk management reduces the disruption of a student’s education, damage to a school’s reputation, lost time, stress from managing incidents, and the potential risk of legal intervention in an increasingly litigious world. School administrators can explore these strategies as they strive to enhance their risk management initiatives:

...

http://www.riskmanagementmonitor.com/prioritizing-risk-management-strategies-in-schools/

Joint External Evaluation team in Washington DC

The Joint External Evaluation Team joins U.S. Department of Health and Human Services (HHS) and U.S. Department of Agriculture (USDA) colleagues in front of the Humphrey Building, Washington DC, May 2016

A team of evaluators takes an independent look at our systems

The Story Behind the Snapshot

At first glance, this photo taken on a set of concrete steps in Washington, D.C., may look like an ordinary group shot—but it took an extraordinary series of events to make it happen.

The photo shows colleagues from U.S. Department of Health and Human Services (HHS) and U.S. Department of Agriculture (USDA) standing alongside a team of 15 international experts from 13 different countries, known as the Joint External Evaluation Team. The team had been invited by the U.S. government to assess how well the country is prepared to prevent, detect, and respond to major public health threats. The goal was to receive an independent and unbiased evaluation of our capabilities.

We would never have arrived at this moment without these things: a wake-up call, a historic agreement, and a renewed commitment to work together to protect the world’s health.

 

Leading up to now: A brief timelineInternational Health Regulations: Protecting People Everyday

Near the turn of this century, the emergence of diseases like severe acute respiratory syndrome (SARS) and H5N1 influenza was a big wake-up call and showed the world more clearly than ever that a health threat anywhere is a threat everywhere — what affects one country affects us all.

Eleven years ago, countries came together to sign the International Health Regulations (IHR), a historic agreement which gave the world a new framework for stopping the spread of diseases across borders. The IHR obligates every country to prepare for, and report on, public health events that could have an international impact.

However, five years after the IHR went into effect, nearly 2/3 of countries were still unprepared to handle a public health emergency.

Two years ago, the Global Health Security Agenda (GHSA) gave countries common targets they can work toward to stop infectious disease in its tracks. This led to the need for the Joint External Evaluation Team, an independent group that travels to countries to report on how well public health systems are working to meet global health security goals.

Last October, the Centers for Disease Control and Prevention (CDC) and the Office of the Assistant Secretary for Preparedness and Response (ASPR) began working together to arrange for the team to visit the U.S.

In May, the team’s five-day visit took place. Two days were spent in Washington, D.C., assessing federal response capabilities. The remaining three days were spent at CDC, because the agency works in nearly all of the 19 technical areas included in the evaluation.

On the final day of their visit in Atlanta, the evaluation team shared their preliminary results.

What the team found

They recognized the high level of scientific expertise within CDC and other federal agencies, and the excellent reporting mechanisms managed by the federal government.

They also identified opportunities for improvement in some areas, such as:

  • Combining and utilizing data from multiple surveillance systems, including systems that monitor human, animal, environmental, and plant health
  • Conducting triage and long-term medical follow-up during major radiological disasters
  • Communicating risks quickly and consistently with communities across the country

They specifically recognized the challenges any federal public health system faces, and advised the U.S. to continue improving the understanding of the IHR among different federal and state agencies. Their observations will help drive improvements for programs throughout CDC and the nation.

The U.S. requested this unbiased review of its response capabilities and hopes that the entire world will do the same. Like other countries who have undergone this process, the U.S. will soon share the final report of the Joint External Evaluation with the public.

For More Information

The Business Continuity Institute - Jul 08, 2016 10:33 BST

More than half of UK office workers say their employers have provided no cyber security awareness training leaving organizations vulnerable to malicious intrusion into their IT systems, according to a study by ISACA.

You wouldn't invest in security for your home and then leave the key to the front door under the welcome mat and the alarm code written on a post-it note next to the control panel. Yet this is effectively how some people treat their IT security. For example, The Cyber Security Perceptions study found that 14% of respondents have used an easy-to-guess password to save time, 16% have shared their password with others, 15% have used a USB stick that wasn’t theirs, and 11% skipped the opportunity to use multi-factor authentication because it wasn’t convenient.

The study also revealed that more than one in three respondents (36%) say they could not confidently define a phishing attack - a scam in which someone poses as a reputable organization in email, IM or social media messages in order to solicit information - and one in five (19%) have fallen prey to phishing emails. Additionally, when asked to priortise between a fast internet connection and a secure one, 1 in 3 chose speed.

The Cyber Resilience Report, recently published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations need to take it seriously, and this begins with educating employees so they know what they can do to help prevent an attack from happening.

It is critically important that we create awareness in cyber security and in multiple roles within an organization,” said Christos Dimitriadis, chair of ISACA’s board of directors. “The human factor is critical when creating cyber security capability, and education based on practical guidance is key to reducing the related business risks.

Consumers are confident - perhaps overly so - in their own abilities to keep their data safe. But these findings show that a gap exists between perception and reality. By failing to educate employees, organizations are leaving themselves more vulnerable to attack,” said Dimitriadis. “Ransomware, for example, is a fast-growing threat and phishing attacks are commonplace. Employees should be taught what these terms mean and the role they play in defending against them. Starting with better education and training in the workplace, we can help to improve safety and security online.

Tuesday, 12 July 2016 00:00

BCI: Brexit - identifying your exposure

The Business Continuity Institute - Jul 06, 2016 16:31 BST

The uncertainty regarding Brexit continues and I have been pretty much glued to the news, watching each twist and turn of the aftermath including this week’s EU summit, the disintegration of the Labour party, and the start of the Conservative leadership election. Being in Scotland, there is the added dimension of Scotland’s place in Europe and Nicola Sturgeon’s overture to EU leaders to try and ensure that Scotland remains within the EU. As I have heard in the news, there is no playbook for Brexit or contingency plan - we live in uncertain times and we do not know how this will end.

From a business continuity or crisis management point of view, Brexit is reinforcing what we have always said. If there is an identified threat, it is a good idea to have a contingency plan. It appears that there isn't one, and nobody has thought about it. Secondly, it is good to have a crisis management team who can manage the incident. Until Labour and the Conservatives sort themselves out, we don’t have a team of people to manage the incident. The chaos and uncertainty we have at the moment is a symptom of not having a team to manage the incident or a plan to work to!

When I wrote last week’s blog (Brexit - the opportunity?) I suggested that you carry out a risk assessment looking at your company’s exposure to Brexit. If you haven’t done already, I suggest you do so. I recommend looking at what is our worst case, best case and most likely case, and then develop appropriate risk mitigation measures.

I think once this is done, you should start to look at your business model, supply chain and your organization’s exposure to Brexit. I think as you look at things in detail, you may find your exposure is deeper than you think.

Some issues you may want to consider:

1. Is your business model dependent on access to the EU common market as it is at the moment? Easyjet is very dependent on the EU Open Skies Agreement and so is thinking of moving its headquarters elsewhere in Europe as the UK may not be part of that agreement in the future. The agreement is also held with the USA, and so it may affect transatlantic carriers such as BA and Virgin.

2. As the UK is a major financial centre, how might changes to the status of UK financial intuitions impact your organization? This may have a knock on impact to your pension funds, investments and the ease of doing business with Europe.

3. How many EU staff does your organization employ? What might be their status if we leave the free movement of people within the EU, might they have to go back to their country of origin? I very much hope this is unlikely, but we should plan for this risk. Secondly perhaps many of them may return, fearing this may happen or feeling unwelcome within the UK, leaving your organization haemorrhaging experienced and skilled staff.

4. Have you mapped your supply chain exposure to Europe? There is the possibility of having to revert to World Trade Organization Tariffs. Does your organization understand what these are and what the impact would be of additional cost on your business model? As there may not be free movement of goods, this could delay delivery of goods or parts to the UK and the delivery of your products to customers within Europe.

5. If you are using IT cloud services or software as a service how might they be affected by Brexit. Might the UK government say that all personal data should be located within the UK as opposed to it being housed within the EU? This could be an opportunity if you can house your company’s personal data anywhere! If data must be housed in the UK this could lead to an increase in price of services as demand will go up and it will take some time to increase supply.

There are so many questions and at the moment very few answers! As a start, I suggest you try to understand your organization’s exposure to Brexit and once this is known, then you can begin to put into place how your organization may deal with the different possible impacts.

Charlie Maclean-Bristol is a Fellow of the Business Continuity Institute, Director at PlanB Consulting and Director of Training at Business Continuity Training.

During my trip to the Enfuse 2016 conference in May, I had a conversation with Paul Shomo, senior technical manager, Strategic Partnerships with Guidance Software. One of the things we talked about was the importance of companies taking a more data-centric approach to information security.

When we think about breaches, Shomo explained, malware and how it breaks through the network is what often comes to mind. To that end, social engineering is the primary tool for injecting malware. Hackers rely on the vulnerabilities of humans and software systems to break through the perimeter quickly, which gives them the ability to move around the network with ease. The malware and the hacker’s infiltration can go on for months without detection, and users have no idea, Shomo added:

Hackers don’t leave a lot of evidence like regular users do, so people don’t think enough about investigating breaches in terms of what users are doing on the network. A lot of times you can’t tell the difference between a hijacked user account that’s controlled externally versus an inside threat.

...

http://www.itbusinessedge.com/blogs/data-security/why-companies-should-consider-data-centric-security.html

Cloud computing is the future of services, but most MSPs aren’t sure how to get there or how to get started. Amazon and Microsoft seem like the easy choice, but is the “one-size-fits-all” cloud really the right fit for your business? Commodity cloud has an unprecedented speed of delivery; there is no doubt about that. You swipe your credit card, and--viola--you’re done. But what’s next?

Try asking Amazon for advice, and you’ll start to see your professional service fees stack up high enough to give your accounting department a conniption. For a company that originally sold books online, you’d figure they ‘d be more than happy to help educate their customers on how to be successful. ... Unfortunately, this isn’t the case.

That’s why companies like Rackspace have an entire business around managing other companies’ clouds. But how can the MSP get the same level of service and “fanatical support” without forking over thousands of dollars each month to a middleman (who may be competing for end user business)?

...

http://mspmentor.net/blog/commodity-cloud-right-fit-your-msp

The result of the UK referendum was clear, more than a million people tipped the scales in favour of Leave. There will be at least a two-year period (some say five) before the UK decouples from the EU. It will be a time of profound uncertainty and many are concerned about its effects on cyber-security and data privacy.

Cyber crime

So are we likely to see an uptick in cyber-crime as a result of Brexit? Whatever the outcome of UK negotiations with the EU, this will be a period of change and for hackers change creates opportunities. As Ken Munro at Pen Test Partners says: “Scammers are nothing if not opportunistic, any point of change creates an opportunity for phishing attacks…there is a potential for invoice fraud, scammers can step in.”

Ilia Kolochenko, CEO at High-Tech Bridge based in Geneva has another concern:
“A recession in the economy may cause serious problems in all industries, including cybersecurity. It's not only about potential lack of new investments and corporate income, but also about more aggressive competition on the market.”

...

http://www.continuitycentral.com/index.php/what-does-brexit-mean-for-data-privacy-and-cyber-security

Last year, CIO, CSO and PricewaterhouseCoopers released a new Global State of Information Security survey, which polled more than 10,000 executives from 127 countries about IT security. The results were a mixed bag, with security incidents up 38% over 2014 but corresponding budgets rising only 24%.

The survey reflected broad thinking about how companies are trying to defend themselves from hackers as well as employees, the most often cited sources of security compromises. But despite the continued growth in hacks and other security incidents, there were some important signs that security threats aren’t being taken seriously enough at the executive level. For one, the poll found that only 45% of boards participate in overall security strategy.

...

http://www.forbes.com/sites/williamsaito/2016/07/01/its-time-to-think-of-cybersecurity-as-a-business-enabler/

Friday, 08 July 2016 00:00

Step by step guide to a tape migration

What does a typical tape migration process look like?

There is no standard tape migration project as every project is different. Several factors such as the amount of tapes, the formats used, the associated software and hardware solutions, the specific requirements of the business, etc. all play into the specific needs of the company.

However, it is safe to say that any project should include, at the very least, four major components: consultation, proof of concept, tape processing and project completion.

...

http://blog.krollontrack.co.uk/making-data-simple/step-step-guide-tape-migration/

Thursday, 07 July 2016 00:00

FEMA Warns of Disaster-Related Fraud

(TNS) - As thousands of West Virginians are at their most vulnerable after a 1,000-year flood event, the Federal Emergency Management Agency (FEMA) is warning of scammers who may attempt to cheat flood victims.

A FEMA media release said scammers may pose as inspectors, government officials, volunteers or contractors.

"These people may try to obtain personal information or collect payment for disaster assistance or repairs," the release said.

FEMA offered these tips:

...

http://www.emergencymgmt.com/disaster/FEMA-warns-of-disaster-related-fraud.html

The demand for high performance computing (HPC) is escalating in high compute workloads such as high traffic front-end fleets, MMO gaming, media processing transcoding and High Performance Computing (HPC) applications like seismic analysis for oil and gas, or trading in financial services.

Once reserved for the computational fluid dynamics of transportation vehicle design and seismic processing of the energy industry, HPC now supports high-frequency trading in financial services and enables more effective patient treatment in the healthcare industry.

Demand for HPC is growing faster than many corporate in-house data centers can accommodate, and enterprise IT teams don’t want to sacrifice convenient access to colocation facilities in order to access high density power and cooling solutions.

...

http://www.cyrusone.com/blog/high-density-data-centers-support-hpc-anywhere/

(Bloomberg) — Amazon’s cloud computing division remains “committed” to opening a London data center by early next year, even after the British public’s vote for the UK to leave the EU.

It will also offer local customers the option of hosting data in Germany or Ireland, a company executive said Thursday.

“Demand for all our services is growing across all Europe. For us it’s business as usual,” Stephen Orban, head of enterprise strategy at Amazon Web Services, said in an interview at a customer conference Thursday in Frankfurt.

...

http://www.datacenterknowledge.com/archives/2016/06/30/amazon-committed-uk-data-center-opening-despite-brexit/

(TNS) -- When public safety experts say "this is a good thing," it's usually a lesson worth learning.

Such was the case last week with a string of tornadoes that raked north-Central Illinois, including Pontiac, where seven people were injured.

"Thank God for today's technology because I think that helped saved a lot of lives," Livingston County Sheriff Tony Childress told The Pantagraph. "Everybody seemed to get warning about this storm and were able to seek safety. This could have been a whole lot worse."

Pontiac Mayor Bob Russell agreed. "When you see all of the damage here, the fact that nobody was hurt more seriously is a miracle."

...

http://www.emergencymgmt.com/disaster/Illinoois-Tornado-Warning.html

Pandemic planning seems to be a low profile area at the moment but if you think your organization is safe from a pandemic, think again. Ann Pickren overviews the subject and looks at what to include in your business continuity and disaster recovery plans.

Introduction

Unlike a regionally defined epidemic, a pandemic is capable of spreading virtually anywhere on the planet. This means that a pandemic may not only impact your staff and operations, but could compromise businesses all along your supply chain, your customer base, remote plants and much more.

Pandemics have come and gone for centuries, with the modern world suffering three major influenza pandemics in the last century (1918, 1957 and 1968). The 1918 influenza pandemic lasted three years, killing more than 50 million people, making it one of the deadliest natural disasters in human history.

...

http://www.continuitycentral.com/index.php/news/business-continuity-news/1237-pandemic-planning-don-t-take-your-eye-off-the-ball

The recent suicide bombing in Istanbul and the Paris bombing last November killed and injured innocent bystanders and sent shockwaves around the globe. Such attacks also cause organizations to question international travel out of fear of putting their key executives and employees in harm’s way.

As the risk profile changes in some locations that were once considered safe, it is critical to reassess and more deeply examine company programs to protect business travelers abroad.

First of all, for companies and their insurance advisors, there is no substitute for great advance planning. If a company is contemplating overseas travel and can establish well in advance that there exists a need for key person insurance, the coverage is easier to obtain and more cost effective. The reality is that the heightened awareness around a dangerous trip often results in an insurance need being developed or uncovered with little notice. When this need arises, the underwriting process migrates from the traditional life and disability insurance market to the playing field of high limit or specialized risk underwriters.

...

http://www.riskmanagementmonitor.com/protecting-key-executives-in-global-hot-spots/

Wednesday, 06 July 2016 00:00

FEMA: Beware of Disaster Related Fraud

CHARLESTON, W.va – West Virginians whose homes were damaged in the recent storms and flooding may encounter people attempting to cheat them by posing as inspectors, government officials, volunteers or contractors. These people may try to obtain personal information or collect payment for disaster assistance or repairs.

Please keep in mind that Federal Emergency Management Agency (FEMA) employees DO NOT solicit or accept money from disaster survivors. Many legitimate disaster assistance employees may visit your property such as insurance agents, damage inspectors and West Virginia Division of Homeland Security and Emergency Management (WV DHSEM), FEMA and U.S. Small Business Administration staff.

Here are some tips to remember to safeguard against fraud:

  • Ask to see ID badges. All FEMA representatives will have a laminated photo ID. A FEMA shirt or jacket is not proof of identity. If you are unsure or uncomfortable with anyone you encounter, please contact local law enforcement.

  • Safeguard personal information. Be cautious when giving personal information such as Social Security or bank account numbers to anyone. FEMA will only request an applicant’s bank account numbers during the initial registration process. However FEMA inspectors will require verification of identity.

  • Beware of people going door-to-door. People knocking on doors at damaged homes or phoning homeowners claiming to be building contractors could be con artists, especially if they ask for personal information or solicit money.

  • Federal workers do not solicit or accept money. FEMA and SBA staff never charge applicants for disaster assistance, inspections or help to fill out applications. FEMA inspectors verify damages, but do not involve themselves in any aspect of the repair nor recommend any contractor.

  • FEMA Disaster Survivor Assistance teams may be in your community providing information and assisting people in registering with FEMA or updating their files. The teams coordinate their activities with local emergency managers and make local law enforcement agencies aware of their presence. The teams always consist of at least two people, and may include employees of WV DHSEM as well as FEMA. They will always be wearing FEMA or WV DHSEM shirts and laminated photo IDs. Disaster Survivor Assistance teams never ask for or accept payment for their services.

Always use licensed and bonded contractors and ask for credentials. Use West Virginia contractors if you can. You can verify a West Virginia contractor’s license online at wvlabor.com/newwebsite/Pages/contractor_searchNEW.cfm. Never pay for anything in advance of work being done.

The consumer protection hotline for the Attorney General’s office is 1-800-368-8808.

Consumer Protection & Anti-Trust Division

P.O. Box 1789,

Charleston, WV 25326

Toll-Free: 1-800-368-8808

Phone: 304-558-8986

Fax: 304-558-0184

consumer@wvago.gov

If you have knowledge of fraud, waste, abuse or allegations of mismanagement involving disaster relief operations, call the FEMA Disaster Fraud Hotline at 866-720-5721.

Disaster survivors in Clay, Fayette, Greenbrier, Kanawha, Monroe, Nicholas, Roane, and Summers counties may be eligible for FEMA’s Individual Assistance program. Survivors in those counties can register for FEMA Individual Assistance online at DisasterAssistance.gov or by calling the FEMA helpline at 800-621-FEMA (3362), which is video relay service accessible. People who are deaf, hard of hearing or who have difficulty speaking may call TTY 800-462-7585. Lines are open 7 a.m. to 10 p.m. local time until further notice.

For more information on West Virginia’s disaster recovery, visit fema.gov/disaster/4273,  twitter.com/FEMA, facebook.com/FEMA and fema.gov/blog.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462- 7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

(TNS) -- The Delray Beach, Fla., Police Department wants its residents to know: They're watching.

The department begins construction next week of a control room on the second floor of the police department, where cameras strategically placed throughout the city will feed live images to officers. The goal, as part of a three-phase plan, is to watch the city more closely to prevent and deter crime.

"We're not Big Brother and this is not '1984,' " said Capt. Thomas Mitchell, who heads the investigative unit and is overseeing the technology initiative. "This is a prevention tool."

Several city buildings — such as City Hall and the police department — have been equipped with security cameras for years, but there has never been a central location to view the surveillance footage.

...

http://www.emergencymgmt.com/safety/385055081.html

Wednesday, 06 July 2016 00:00

Abdicating Responsibility

Sorry I’ve been quiet on the blog post front but I’ve had a hectic few weeks involved in all kind of interesting conversations and events (even manning the booth at a couple of them), what’s been noticeable at these events is the amount of similar discussions I’ve had with businesses of all sizes, from small to large and all that’s in between and there’s been some interesting areas of commonality.

Over the next few weeks I’d like to share some of those with you. Up first has been something really interesting that has gone right to the top of my list and actually it came to light again this week when in a meeting with one of my favourite CIO’s. For this post let’s call him Bill (can’t share his or his companies name on this occasion), but Bill is a very astute CIO, very well connected, spends time doing all the things that you would expect, what is always interesting is when I bring something to the table he hasn’t thought about before.

Today was one of those rare treats, as I was sharing with him my last few weeks and some of the fascinating chats I’ve had, so what caught Bills interest?

...

https://techstringy.wordpress.com/2016/06/30/abdicating-responsibility/

While the long-term impact of Britain’s vote to exit the European Union remains to be seen, the immediate impact is uncertainty, which is rarely a good thing for any market, including the data center market.

Some of the biggest data center providers in Europe saw that immediate impact of uncertainty in their stock performance right after the referendum’s outcome was announced last Thursday. Equinix, Digital Realty Trust, and Interxion stock value dropped immediately, and while US-based Equinix and Digital have since recovered – Digital’s stock was actually trading higher than ever in the afterhours on Wednesday – the Netherlands-based Interxion had yet to regain its pre-referendum level.

As far as Brexit’s possible long-term impacts, among the chief concerns are potential expenses associated with compliance with whatever new regulations the UK establishes if and when its process of severing from the EU is completed, data center customers adjusting their infrastructure location strategies, the status of data center industry workers in the UK who are EU citizens but who do not have British passports, and whether or not British tech and financial-services industries, both of which have historically been a big source of revenue for data center providers and equipment vendors, will continue to see the same level of investment they have seen in the past.

...

http://www.datacenterknowledge.com/archives/2016/06/30/brexit-may-impact-data-center-market/

Wednesday, 06 July 2016 00:00

Cyber Criminals attack on Third Parties

When enterprises such as health insurance providers and supermarket chains hold millions of customer names together with social security numbers or credit card details, they become preferred targets for hackers.

One successful attack can garner huge amounts of valuable data, and beats launching millions of attacks at one end-customer per attack (even if that were possible).

The same holds true for businesses, instead of private customers. If you have not asked the following information security questions to your third party service suppliers, now is the time.

Third party suppliers can hold a surprisingly large amount of information about businesses like yours, and about your customers too.

...

http://www.opscentre.com/cyber-criminals-attack-third-party/

Many of today’s businesses are faced with the challenge of identifying and deploying an IT infrastructure that allows them to maintain control of their applications and data, while still being cost effective and flexible. That’s why many organizations are adopting a hybrid IT model that enables them to move some applications to the cloud, while keeping others in a more controlled setting. There is no one-size-fits-all solution, and the IT environment or combination of environments that is right for your organization will largely depend on your requirements, resources, finances and comfort level.

Cloud Hosting

Businesses are increasingly deploying to cloud environments for a multitude of reasons. The cloud generally offers the fastest time to market, and organizations can rapidly deploy software and technologies without the upfront capital-intensive investment in new infrastructure. Cloud providers typically offer many features that can be purchased a la carte, and it is easy to increase or decrease compute capacity rapidly. Companies are turning to the cloud for everything, from testing and development to hosting of full production applications. In addition to speed of deployment and flexibility, leveraging these environments generally requires less investment in human capital.

Other considerations:

  • Does the cloud environment have the level of redundancy required?
  • Does the cloud environment have the level of security required?
  • Can I select the level of connectivity I need, as well as specific carriers?
  • How much control do I have, and should I deploy a public or private cloud?
  • As I grow my business, at what point does the cloud become too costly?

...

http://blog.dft.com/finding-the-right-it-infrastructure-strategy-for-your-business

In today’s digital age, it’s no surprise that many organizations leverage their intranets as a place to house emergency response plans, workplace safety protocol and other important documents. After all, every employee has access to the intranet, which must make it the ideal place to house business-critical planning materials, right? Not exactly.

Today, more than 50 percent of organizations use website announcements, including intranet postings, to communicate with employees during an emergency or crisis situation. However, using your intranet for business-critical communication presents several problems. One of the biggest is that this approach is much more time-intensive than other methods, especially mobile safety apps. And during any emergency—whether a worksite accident, severe weather, IT outage or anything in between—your organization needs to respond as quickly and effectively as possible.

Let’s examine some of the ways that using a mobile app, rather than a company intranet, provides time savings for your safety programs:

...

http://www.rockdovesolutions.com/blog/time-savings-of-using-a-mobile-app-vs-intranet-for-your-safety-programs

In a new Radware survey 84 percent of US and UK information technology executives at companies that had not faced ransom attacks said they would never pay a ransom; however, 43 percent of respondents from companies that had been attacked said that ransoms had been paid. This is one of the findings from Radware’s 2016 Executive Application & Network Security Survey. Radware polled more than 200 IT executives across the US and UK for the study.

The study found that US companies were far more willing to admit that they would pay a ransom. Among US firms who had not been attacked, 23 percent indicated they were prepared to pay a ransom, in contrast to the 9 percent in the UK.

Companies that paid ransoms reported an average of $7,500 in the US and £22,000 in the UK.

“This is a harbinger of the challenging decisions IT executives will face in the security arena,” said Carl Herberger, Radware’s Vice President of Security Solutions. “It’s easy to say you won’t pay a ransom until your system is actually locked down and inaccessible. Organizations that take proactive security measures, however, reduce the chance that they’ll have to make that choice.”

In addition to the responses to ransom attacks, the survey also found that companies see work-from-home arrangements as an increasing risk. The survey found a big jump in changes to telecommuting policies, with 41 percent of respondents saying they have tightened work-from-home security policies in the last two years.

...

http://www.continuitycentral.com/index.php/news/technology/1233-how-often-do-organizations-pay-attackers-after-ransom-attacks

Tuesday, 05 July 2016 00:00

The Importance of Executive Sponsorship

The most commonly cited obstacle to Business Continuity (BC)/Disaster Recovery (DR) program success is a lack of management support, and this is for good reason. New and non-established BC Management (BCM) programs have to overcome serious inertia in order to succeed.

Full-Time Equivalents

Business continuity is not a core competency of most organizations and few employ a full-time team of BCM professionals. According to the 2014 CI/KPMG benchmarking survey, the majority of organizations have between 0 and 2 FTEs dedicated to primary BC/DR functions:

...

http://www.missionmode.com/importance-executive-sponsorship/

When natural disasters strike, news stories frequently cover damage to homes and consumers, but businesses often experience greater losses, ranging from physical destruction to downtime. A key element for firms to survive in a disaster scenario is the development and deployment of a strong business continuity (BC) plan.

Evolve IP, a cloud services company based in Wayne, Pennsylvania, warns that now is not the time for businesses to become complacent about their business continuity plans because of the historical patterns of two related events: El Nino and La Nina. Both of these conditions occur when the Pacific Ocean and the atmosphere sustain significant temperature changes.

The most recent El Niño season was the worst in two decades, causing billions of dollars in damages and losses. But now comes La Nina. The last significant La Niña was tied to record winter U.S. snowfall, spring flooding across the country, and drought conditions in the south and Midwest. The National Oceanic and Atmospheric Administration (NOAA) says there is a 75 percent chance that La Niña will be in place by the fall and potentially last up to three years. This one could result in larger hurricanes making U.S. landfall; that would have a significant impact on hundreds of thousands of businesses.

...

http://www.itbusinessedge.com/blogs/smb-tech/la-nina-could-be-the-next-big-threat-to-business-continuity.html

(TNS) -- When a glitch in phone company systems left Baltimore without 911 service for over an hour last week, The Baltimore Sun wanted to know how often such outages occur.

Public records made it clear that the outage wasn't unique, but much of the information about problems with 911 is confidential, making it difficult to figure out just how often the emergency phone system is out of action. The secrecy highlights the 911 system's strange role as a critical lifeline to police and fire departments, but one that is almost entirely run by private companies.

The Federal Communications Commission requires phone companies to submit reports about outages that affect a large number of people or that last for a long time. But the agency doesn't release the reports because they could contain proprietary information about how the companies set up their networks. When the Government Accountability Office investigated outages in 2015, it didn't even bother to look at the reports. Investigators wrote in a footnote that they saw no point in reviewing data they couldn't talk about publicly.

...

http://www.emergencymgmt.com/next-gen-911/Outage-Service-Secrecy.html

Hackers are not only an issue for celebrities with embarrassing photos they don’t want made public. Large corporations are also victims of cybersecurity breaches, and it is an ongoing problem that needs a solution. Trade secrets, internal emails, even unremarkable communications between colleagues can be accessed by criminals and become a major crisis. As recently as May 27, 2016, MySpace passwords were stolen for a price of $2,800, putting the company in a bad light and users at risk.

Cybersecurity breaches can happen at any time to any company. The Security Solutions VP of AT&T, Jason Porter, stated “In 2015, 62 percent of organizations reported having security breaches. Forty-two percent of these businesses said the negative impact on their business was significant. Yet 66 percent of organizations have no effective incident response plan.” Don’t wait until your business is targeted to resolve this problem and protect your valuable data from outside hackers.

The following are tips to help businesses avoid cyber attacks and protect their valuable data:

...

http://corporatecomplianceinsights.com/fortify-business-crippling-cyber-attacks/

Even as government agencies slowly move to the cloud, most end users’ organizations are enjoying many benefits of moving to the cloud. To be successful, each must understand the security controls deployed at each cloud provider. They also need to understand what dedicated security devices are defending, data and applications, and each unique architecture (and potential loopholes). Below are just a few factors cloud and applications vendors should consider when helping end users or government agencies when moving to the cloud:

...

http://www.forbes.com/sites/moorinsights/2016/06/30/security-must-lead-the-cloud-migration-conversation/

See below for webinar slides from Active Shooters to Office Closures: Effectively Communicating with Your Employees where James Green, Business Continuity Program Manager, PSCU, discussed how his organization communicates with employees during emergencies and daily operational activities.

...

http://www.everbridge.com/webinar-slides-active-shooters-to-office-closures/

The Republican National Convention (RNC) is taking place in my hometown, Cleveland, OH, in just a few short weeks. I can feel the energy and excitement everywhere I go. Of course, that energy has been amplified by the fact that the Cavs just brought home the first major sports title in 52 years, but, regardless, the city is buzzing.

Even though most people are excited to see this scale of an event take place in Cleveland – and, let’s be honest, finally have the opportunity to show everyone why the nickname ‘mistake by the lake’ no longer applies – the entire city and nearly all organizations that operate here will be disrupted.

How? Well, access for one thing:

...

http://perspectives.avalution.com/2016/another-example-of-why-business-continuity-planning-matters/

Friday, 01 July 2016 00:00

BCI: Brexit - the opportunity?

The Business Continuity Institute - Jul 01, 2016 10:24 BST

Are business continuity managers internal optimists, and do we really believe that we will be effected by an incident? Do we peddle our profession secretly believing, or hoping, that it will never happen to us and that our plans will never be implemented? This has happened to me. I, until the very last moment, believed that ‘remain’ would prevail and I didn’t need to worry about the vote.

There was recently a section on the 1 o’clock news when a number of pollsters and punters gave their predictions for the vote, and almost all said they believed that remain would win. Even a farmer who had four pigs, two named after remain politicians and two named after the leave campaign, including one called ‘Boar-is’, and raced them every day to predict who would win, said the remain campaign would win as remain pigs won more races. I was so sure Brexit would never happen that I hadn’t even bothered to write a business continuity bulletin on the subject. The people in the BC Training office recycled a Scottish Independence bulletin to cover the subject.

Perhaps I was not the only business continuity person who was of this mind-set. I was at the East Midlands BCI forum on the day of the vote, and there was very little talk of the referendum, perhaps we were all fed up of the agro associated with it, and absolutely no talk of any contingency plans for Brexit.

So what should we be doing, as business continuity people, to deal with this new situation? If, like me, you haven’t prepared for this, then let me share a few thoughts:

A good incident tool is to plan for different scenarios taking into account all the different variables. Will it be the two year exit under Article 50 which will be fast and unpredictable, or will it be a slower negation, which gives us time to prepare? What is our exposure to European trade and how might if effect our staff if they are EU, non UK, citizens? There is also the extra dimension of a further Scottish referendum. As the news people would say, we are in uncharted territory, so I think you have to look at all variables and all possible options.

We should then look at what is our worst case, best case and most likely case, and develop appropriate risk mitigation measures. These should be agreed by top management and the organisation should monitor events as they occur and adjust the mitigation measures as the situation changes.

In all crises or incidents there is always an opportunity and the smart business continuity manager will recognise this. As David Cameron warned, we have now jumped out of the plane and we cannot clamber back into the cockpit, so we must embrace the change and look for the opportunity that this new world brings. Maybe it is also for me to review my business continuity plan, because as we tell everyone else, the incident we don’t want to happen could occur tomorrow!

Charlie Maclean-Bristol is a Fellow of the Business Continuity Institute, Director at PlanB Consulting and Director of Training at Business Continuity Training.

The average cost of a data breach for companies surveyed has grown to $4 million, a 29% increase since 2013, with the per-record costs continuing to rise, according to the 2016 Ponemon Cost of a Data Breach Study, sponsored by IBM. The average cost hit $158 per record, but they are far more costly in highly regulated industries—in healthcare, for example, businesses are looking at $355 each, a full $100 more than in 2013. These incidents have grown in both volume and sophistication, with 64% more security incidents reported in 2015 than in 2014.

Ponemon wrote:

Leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach–saving companies nearly $400,000 on average (or $16 per record). In fact, response activities like incident forensics, communications, legal expenditures and regulatory mandates account for 59 percent of the cost of a data breach. Part of these high costs may be linked to the fact that 70 percent of U.S. security executives report they don’t have incident response plans in place.

With so much on the line, more and more companies and consumers continue to search for whom to hold accountable for cybersecurity failures, and the message is becoming clearer: executives need to get serious or watch out.

...

http://www.riskmanagementmonitor.com/holding-executives-accountable-for-cybersecurity-failures/

(TNS) - A severe weather event during Burlington Steamboat Days was used Tuesday afternoon as a situational example for Des Moines County to discuss how they would respond in an emergency.

If tornadoes, flooding and power outrages were to occur during a major community event - how would county agencies work together to mitigate the disaster?

The almost 80 business leaders, public officials and safety officers participating in the Federal Emergency Management Agency's training course worked through how their different agencies would respond when faced with infrastructure damage and personal injury across the county.

...

http://www.emergencymgmt.com/training/Steamboat-Days-serves-as-real-world-example-in-disaster-prep-for-FEMA-group.html

Symantec makes security software for the enterprise market. They also sell a line of products for the consumer market under their Norton brand. All of their anti-virus products use the same core engine and that engine has been found to have high level and potentially devastating security vulnerabilities. Symantec SYMC +1.18% has patched these vulnerabilities and if you are using a Symantec or Norton anti-virus product you should make sure your software is upgraded right now.

The vulnerabilities in Symantec’s core engine were uncovered by a team at Google's GOOGL +0.27% Project Zero and made public in a blog post by Tavis Ormandy. According to Ormandy

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.

...

http://www.forbes.com/sites/kevinmurnane/2016/06/29/if-you-are-using-security-software-from-symantec-or-norton-you-should-upgrade-immediately/

It might sound like something that lurks in damp soil, but process ROT is actually becoming a widespread problem for many organizations.

Process ROT occurs when established business processes become hampered by redundant, obsolete and trivial (ROT) information. It’s something that’s happening within large numbers of organizations, yet many are not aware that it is occurring, nor are they aware of the potential risk and compliance implications.

ROT becomes a business problem because humans tend to be natural information-hoarders. Throughout organizations, people tend to collect and store large volumes of documents and other materials and are very reluctant to ever delete them.

...

http://corporatecomplianceinsights.com/does-your-organization-suffer-from-process-rot/

A series of cyber fraud attacks targeting financial institutions through the SWIFT global messaging system has prompted an industrywide review of IT security measures and has highlighted the rising risk of cyber fraud against financial institutions in Southeast Asia and beyond. SWIFT has responded with a five-part customer security program to reinforce the security of the global banking platform, yet its CEO has warned “there will be more attacks.”

Cyber fraud risk is heightened in developing countries that often lack the technological resources to detect and thwart such attacks, while geopolitical dynamics also play into the risk equation. In light of these factors, Access Asia views Southeast Asia as a region of heightened risk for cyber fraud targeting financial institutions due to socioeconomic conditions, proximity to suspected centers of cyber fraud operations in North Korea and China and the existence of strong transnational criminal networks.

Indeed, one of the most recent cases to come to light involves an attempted attack on Vietnam’s Tien Phong Bank (TP Bank), while the money trail of an $81 million cyber heist from the State Bank of Bangladesh’s account at the New York Federal Reserve in February has been traced to the Philippines. Hong Kong (which lies on the periphery of Southeast Asia) is the reported end of the money trail for a US$2 million cyber theft on an Ecuadorian bank in early 2015, while the Philippines was also the target of an earlier attack in October 2015.

...

http://corporatecomplianceinsights.com/cyber-fraud-on-the-rise-in-southeast-asia/

COMMUNICATIONS PLANS AND SCHEDULES

Regina Phelps recently joined forces with Everbridge and recorded a webinar that explores in-depth strategies for improving your disaster and crisis management. Previously in part four of this five part series, Regina discussed what a governance document and a communication matrix are, and what their content should be. If you missed part four, you can access it here

In this installment of the series, Regina discusses communications plans, as well as why and how to build a communications schedule.

...

http://www.everbridge.com/improving-disaster-and-crisis-management-with-timely-communication-and-response-part-5/

(TNS) - The people handling security for the nation’s busiest malls and amusement parks are no longer retired cops. They are a 24-year veteran of the FBI, a former CIA operative and the onetime chief of counterterrorism for Scotland Yard.

The theme-park industry’s annual security bill, already roughly $250 million a year, is expected to grow by more than $100 million over the next few years, according to one consultant. Disneyland, Universal Studios Hollywood and SeaWorld all installed metal detectors outside their gates for the first time in December.

“Lone wolf” shootings, including those at the Pulse nightclub in Orlando, Fla., this month, and in San Bernardino in December, have forced businesses to shoulder more of the cost and responsibility of securing America against terrorism.

...

http://www.emergencymgmt.com/safety/Cost-of-keeping-America-safe-from-lone-wolf-shootings-shifts-to-business.html

Government and technology are far apart as cultures. Government is deliberate. A wise leader does not subject his roads, power grid and economy to whimsy. He plans everything. Technology is experimental. Technology is Leonardo da Vinci taking a half-dozen naps each day. Technology is making things work now and worrying about the consequences later. Government creates lists, policies and protocols to ensure the bathrooms are stocked with the correct number and type of shampoo, towels and soap. Technology doesn’t like taking showers. Technology is Steve Jobs wearing the same thing every day and only eating fruit. Technology wears an unruly beard. Government wears a tie that’s approved by a policy that was written by a committee following six years of research.

But, alongside society, government’s conservative ways are relenting. Once fearful of inviting criticism, a nudge from the economy has left government willing to ask the public for help. And most importantly, the popularization of technology means the public can help and people are empowered by digital tools. The result is that civic tech — the place where government interests intersect with community-minded activists who are ready to donate their time and talents — is the public sector’s fastest-moving innovation inlet.

People are collaborating across institutional boundaries. The markets and organizations that support civic tech are growing wiser and better organized. Government is opening its doors and converting opponents into allies. Technology itself is exciting — there are scores of new inventions each day — but the civic tech movement, in its immaturity, leaves untouched even more territory, more potential to realize its simple directive of making the nation’s cities, counties and states better places to live.

...

http://www.govtech.com/How-Civic-Interests-Are-Helping-Shape-Government-Innovation.html

Despite the many potential benefits of big data analytics, the unrestrained creation and retention of data has the potential to bury organizations under a mountain of legal, regulatory and operational challenges. According to IDC, by the year 2020, about 1.7 megabytes of new information will be created every second for every human on the planet. Meanwhile, MIT Technology review estimated that only 0.5 percent of all the data we’re creating is ever analyzed. While most organizations would benefit by increasing this percentage, it’s clear that “dark data” – the information organizations collect and store, but fail to use for other purposes – is mostly debris that serves only to increase infrastructure costs and expose organizations to risk and liability, especially when this data flows beyond the firewall.

Organizations of all sizes and types now typically share information via unified communications, including instant messages, social media channels and text messages, and they rely on third-party information vendors to host and manage their data in the cloud. Unfortunately, such activities can expose organizations to the risk of significant fines and reputational damage because today’s evolving legal and regulatory environment makes organizations potentially responsible for information exposed by third parties. In fact, regulations such as SOX and BCBSS 239, along with evolving privacy laws, have now made compliance departments equally responsible with legal departments for the health of their organizations.

The symbiotic relationship is clear: Compliance investigations can quickly become legal issues and vice versa. This is especially true when it comes to data hosted, managed or controlled by third parties. For example, if an employee posts information about an employer on social media sites and that information falsely influences or encourages an action by a consumer that causes damage, the employer can be held liable. In addition, if a retailer receives data from a market research firm that did not follow EU privacy regulations in gathering that data, the retailer can be sanctioned for any use or retention of that data.

...

http://corporatecomplianceinsights.com/saga-continues-data-creation-data-consumption-data-exposure/

Data security and information governance are critical responsibilities of an IT team, especially when it comes to business intelligence (BI) and analytics strategies. But IT’s goals, needs and objectives as it relates to big data usage are at a stark contrast to their business user counterparts, who, thanks to the self-service movement, require agility and open access.

Business users tasked with analyzing big data to help their companies make timely and more meaningful decisions require immediate access to a wide variety of sources, including multi-structured, semi-structured and unstructured repositories. But IT professionals, who are the ones with their feet to the fire when it comes to data governance and protection, would rather make information available on an as-needed basis.

IT’s concerns around data security and governance are perfectly understandable given that much of the data needed for analysis contains unprotected personally identifiable data (e.g., Social Security numbers), sensitive personal data (e.g., medical records) and commercially sensitive data. And recent research by the Association of Corporate Counsel found that a significant number of corporate data breaches (30 percent) are due to employee error. With the insider threat so prominent in organizations across industries, making information widely available to business users can be a frightening concept.

...

http://corporatecomplianceinsights.com/simple-mask-data-becomes-governance-superhero/

Avanan researchers recently detected a massive ransomware campaign targeting Office 365 users, which was first launched on June 22, 2016.

The attack used phishing emails to distribute the Cerber ransomware, which encrypts users' files and demands a ransom (via both a warning message and an audio file) of 1.24 bitcoins (approximately $790) to decrypt the files.

"This attack seems to be a variation of a virus originally detected on network mail servers back in early March of this year," Avanan chief marketing officer Steven Toole wrote in a blog post examining the attack. "As it respawned into a second life, this time Cerber was widely distributed after its originator was apparently able to easily confirm that the virus was able to bypass the Office 365 built-in security tools through a private Office 365 mail account."

...

http://www.esecurityplanet.com/malware/massive-ransomware-attack-hits-microsoft-office-365-users.html

Wednesday, 29 June 2016 00:00

Rising to the Digital Business Challenge

The job of the CIO is more challenging—and more promising—than ever

The convergence of cloud, mobile, big data analytics and IoT has led to a dramatic increase in complexity, disrupted legacy IT infrastructures, and escalated fears over data security. To keep pace with digitally empowered employees, business ecosystems and customers alike, IT leaders are re-thinking the way business is done in today’s digital economy.

The stakes couldn’t be higher. According to MIT Sloan research, organizations that successfully adapt in today’s digital world are 26 percent more profitable than their industry peers, driving new levels of productivity and efficiency.

A few short weeks ago, IT leaders from Exelon, Morgan Stanley and New York Presbyterian shared insights and lessons learned from their decision to say YES to Digital Business on the main stage at Citrix Synergy 2016 with Citrix President and CEO, Kirill Tatarinov. Though they each herald different industry sectors, each company shared some common threads for digital business transformation.

...

https://www.citrix.com/blogs/2016/06/29/rising-to-the-digital-business-challenge/

Humans have a tendency to make things more complicated than they really are. To capture the flavor of my sentiment, all you need to do is watch the beginning scenes of “History of the World, Part I” by Mel Brooks (Here) to see how simple life was in the early history of man.

Returning to the serious subject of compliance, there are some who argue that compliance is a lot simpler than professionals and commentators tend to describe. I am an advocate for simplicity as a way to ensure adoption of compliance strategies. Complexity can be a barrier to effective compliance strategies.

For years, companies have segregated audit and compliance functions. Do not get me wrong – audit and compliance serve complementary but different purposes. I understand that.

...

http://blog.volkovlaw.com/2016/06/convergence-audit-compliance-functions/

Wednesday, 29 June 2016 00:00

You can’t kill email

New technology is emerging at ever-increasing speeds, transforming how we communicate, collaborate and manage our day-to-day responsibilities. As soon as we get a strong grasp on the latest workplace technology, an even newer solution surfaces.

This trend is especially evident in communications technology. Among the many recent entries are so-called “email killers,” which aim to replace a form of communication to which all of us have grown accustomed. The makers of these new collaboration tools call email a “legacy” technology — unwarrantedly trying to tarnish its image. But, in fact, all of us rely on email heavily throughout the work week. Contrary to what is often suggested in the press, email usage is still very much on the rise. Users trust it, are familiar with it and leverage it all day, every day, in their business and personal lives.

Radicati’s most recent Email Statistics Report estimates that by 2019, the number of worldwide email users will exceed 2.9 billion — that’s up 10 percent from 2015. Additionally, the number of business emails sent and received per user per day is also projected to increase, suggesting global email will rise 14 percent over the same period.

...

https://techcrunch.com/2016/06/28/you-cant-kill-email/

Wednesday, 29 June 2016 00:00

BC Program Capability – Objective or Not?

We may not want to admit it, but we are a biased species – whether in the positive or negative. I know some beautiful young people who only see their faults and some mature adults who can’t see their faults at all. We become accustomed to the current state. I live in the Phoenix metro area. What friends and family in other parts of the country think is hot is a nice day to me. Temps in the 100s are normal and expected for us in the summer months – we are used to it. Last week it was hot – and not just hot through my Phoenix filter (it was in the 110s, with a high of 117). But, no matter what I am accustomed to, I recognize that a temperature in the 100s is hot, even though those of us in Phoenix look at the low 100s as a cooling trend in June and July.

When it comes to our business continuity programs, we can often get used to the current state and lose our objectivity. When you look at the current state of your business continuity program, are you, your auditors and your management looking at it objectively or with a filter or bias?

Possibly the best tool to use is a set of objective metrics. Identifying and using the proper metrics will assist in keeping the assessment of the BC program in your organization valid. There are commercial tools for doing this – MHA has one that we think is easy and useful (see www.mha-it.com/bcmmetrics). Even basic self-generated spreadsheets can be helpful. The question is, what are the correct metrics to use? Here are a few we think are important.

...

http://www.mha-it.com/2016/06/business-continuity-program-capability-objective-not/

CHARLESTON, W.v. – As skies clear and the floodwaters recede, responders, volunteers and teams dedicated to assisting West Virginians devastated by flooding have been arriving and making a difference. The West Virginia Voluntary Organizations Active in Disaster (WV VOAD) have been working with state and local emergency managers and officials to coordinate resources through its network of disaster relief agencies. They have been asking kind-hearted individuals seeking ways to help disaster survivors to make a donation to the WV VOAD Disaster Relief Fund or register as a volunteer. Financial donations are the best way to support the effort at this time. Donations will be used to support the disaster related needs of families through a network of voluntary agencies and a statewide disaster relief fund.

Financial donations are accepted and more information can be found at: https://wvvoad.communityos.org.

Volunteers wishing to help more directly with flood response and recovery can register online at www.volunteerwv.org. Volunteer West Virginia has partnered to match volunteers with organizations statewide to assist with response and recovery. When road hazards are clear and needs are identified, a volunteer coordinator will contact registered volunteers to schedule a volunteer shift or overnight deployment.

State and federal officials have announced the opening of a Disaster Recovery Center (DRC) with tentative plans to open more. DRCs are one-stop shops for eligible storm survivors to provide one-on-one, face-to-face help from local, state and non-government organizations. Representatives from the U.S. Small Business Administration (SBA) will also be present to provide information on low-interest loans and help applicants complete disaster loan applications for homeowners, renters and businesses of all sizes.

A DRC has been established at the Kanawha County Crede Warehouse 3300 Pennsylvania Ave. in Charleston, WV 25302. The center will be open seven days a week from 7 a.m. – 7 p.m. Additionally, a Mobile Disaster Recovery Center (MDRC) in Greenbrier County is open from 7 a.m. – 7.p.m until Friday with additional hours to be determined. The center is currently located at 65 West Main St. in White Sulfur Springs, WV 24986.  

However, individuals do not have to visit a Disaster Recovery Center to register for assistance. If you have been affected by flooding and need assistance, visit DisasterAssistance.gov or register with your smartphone at m.fema.gov. For those without access to the internet, FEMA has a toll-free number at 1-800-621-FEMA (3362) or (TTY) 1-800-462-7585 for the deaf or hard of hearing.

To learn more about Disaster Recovery Centers, go to FEMA.gov/disaster-recovery-centers.

FEMA officials have reported that over $290,000 of federal funding has been approved for individuals and households affected by the disaster. 2,600 individual registrations have already been received, 800 of which have already been referred to inspectors. Federal disaster assistance for individuals and families can include money for rental assistance, essential home repairs, personal property loss and other serious disaster-related needs not covered by insurance.

For more information on West Virginia’s disaster recovery, visit fema.gov/disaster/4273, twitter.com/FEMA, facebook.com/FEMA and fema.gov/blog.

DEBRIS REMOVAL TIPS

Storm and flooding-related debris is eligible for pickup and disposal by the county or municipality if residents place the following types of debris on the public right-of-way in front of their property for pick-up. When placing debris at the roadside, residents should be careful not to cover or impede access to utility meters or mailboxes.

Residents opting for curbside pick-up must separate debris into categories:

  • Vegetative debris (tree limbs, shrubs, etc.)

  • Construction/Demolition debris

  • White goods (appliances, etc.)

  • E-goods (TV’s, electronics)

  • Household hazardous (cleaning solutions, automotive chemicals, etc.)

  • DEBRIS HANDLED BY CONTRACTORS: Some homeowner’s insurance policies may cover debris removal. Residents are reminded that if they choose to hire their own contractor, they should not place that debris on the right-of-way. The cost of debris disposal is typically included in the contractor’s estimates. Homeowners should review their insurance policies to determine if their policy covers debris removal. Under no circumstances will reconstruction debris or demolition debris created by the property owner or the private contractor be pushed to the curb. The property owner, insurance company or contractor is responsible for removing and transporting all demolition and/or reconstruction debris to an approved designated

AFTER A DISASTER – QUICK TIPS TO HELP YOU ON THE ROAD TO RECOVERY

  • Injuries may occur when people walk amid disaster debris and enter damaged buildings. Wear sturdy shoes or boots, long sleeves and gloves when handling or walking on or near debris.

  • Be aware of possible structural, electrical or gas-leak hazards in or around your home.

    • Contact your local city or county building inspectors for information on structural safety codes and standards and before going back to a property with downed power lines, or the possibility of a gas leak.

    • Do not touch downed power lines or objects in contact with downed lines.

    • Report downed power lines and electrical hazards to the police and the utility company. They may also offer suggestions on finding a qualified contractor to do work for you.

  • If your power is out, safely use a generator or candles.

    • Never use a generator inside a home, basement, shed or garage even if doors and windows are open.

    • Keep generators outside and far away from windows, doors and vents. Read both the label on your generator and the owner's manual and follow the instructions. 

    • If using candles, please use caution. If possible, use flashlights instead. If you must use candles, do not burn them on or near anything that can catch fire.

  • Outside your home or business: Be aware of areas where floodwaters have receded. Roads may have weakened and could collapse under the weight of a car.

  • Use extreme caution when entering buildings; there may be hidden damage, particularly in foundations.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.