Summer Journal

Volume 29, Issue 3

Full Contents Now Available!

Industry Hot News

Industry Hot News (6370)

This country has already defended and strengthened itself over the centuries against the sea, staking out territories for habitation and farming that would otherwise be under water. The idea of the dyke, the fortification to keep the enemy out, is now being applied in the war against cyber-crime.

To a certain degree, Dutch skills in cyber-security are natural, in that the nation already has a past steeped in similar threats and skills. However, that does not mean that other, landlocked nations have to be at a disadvantage.

Although dykes, windmills, tulips and bicycles make a romantic picture of the Netherlands, the realities of Dutch cyber-defence are different. There are three key aspects that help the country stay virtually strong.

...

http://www.opscentre.com/cyber-security-skills-nature-or-nurture/

The Business Continuity Institute - May 13, 2016 16:23 BST

Supply chain resilience is a topic that has been debated considerably over the last few years, which has resulted in attempts by various institutions to provide guidance on or standards for discrete elements of the topic. Ensuring greater resilience in your supply chains creates a greater value for money proposition than a supply chain that is fragile and frequently creates disruptions to your business. Understanding exactly what you are paying for in terms of resilience, and using that knowledge to create appropriate levels of investment in supply chain resilience, will give you a competitive advantage.

Procurement includes the management of risk within the category of spends or market being managed by the procurement professional. Supply chain resilience is a component part of overall organisational resilience and contains within it, elements of risk management and business continuity management. Procurement includes all of these components and more, taking into consideration such components as financial resilience, human resources, health and safety, fraud, slavery, sustainability and corporate social responsibility.

For example, what is the appropriate way to analyse the current levels of resilience within your supply chain, for those you are in contractual relationships with? How will you migrate future procurement competitive bidding processes to include resilience assessed total cost of ownership?

How can you add value by exposing the costs associated with investment in resilience within your supply chains and make a calculated informed judgement as to if you are paying the appropriate costs, too much or too little.

Undertaking a more objective calculation of the risks in your supply chain to understand the onerous costs of a supply chain disruption and the cost benefit analysis associated with reducing the chance of a disruption or recovering from one.

How to utilise good practice when analysing the market and going through prequalification to achieve shortlists?

Understanding the costs associated with service level agreements for business as usual within a contractual arrangement and expectations of service during a disruption. Calculating the costs and the cost benefit of adding specific risk and business continuity terms and conditions within a request for offers be it quotations or formal tenders, public sector or private sector and how will this affect you as a bidder?

What methodology would you undertake to utilise resilience as a distinguishing factor when undertaking bid analysis, negotiations and best and final offer due diligence?

How do risk mitigations and continuity responses feature in supplier relationship management and are they embed in contractual relationships appropriately and adequately reflected in supplier relationship management information, through self -assessment or quality audits.

Finally will your internal or external auditors in undertaking an audit of supply chain resilience give you a clean bill of health on managing risk and continuity issues appropriate to your corporate objectives and corporate risk appetite? Does your corporate attitude to risk and continuity reflect the wishes of your 'Top Management' Executives and Audit Committees

David J. Window is a CIPS Senior Consultant and Head of Supply Chain Resilience. Discover more about the return on investment of supply chain resilience during David's BCAW webinar on the 16th May. Click here to register.

The Business Continuity Institute - May 12, 2016 09:44 BST

Let’s be honest, we all get annoyed at the constant challenge to justify our existence. I don’t hold with the commentators who say that business continuity is always a cost centre, insurance buy or grudge purchase. It makes me mad... but that’s not difficult.

So inevitably, we all have to talk the language of value and savings. This is a shame because incredibly important elements like safety of staff in emergencies, public perception, legal compliance and positive risk taking can all get pushed to the sidelines when there’s pressure to ‘put a figure on it’, as these softer elements are notoriously difficult to quantify. My advice is don’t pander to the bean counters and do shamelessly exploit the soft targets too as part of any justification. But that’s a different conversation to this one - So if you do need some hard numbers then read on...

Here are a few ideas for ‘fingertip figures’ - one for each finger if you will, to amaze your colleagues and turn the discussion into one about how you are really indispensable, in case they hadn’t realised. These are taken from the coal face of real life and incidents… the experiences that your executives may not have seen and from which they are cocooned by their middle managers. Move that discussion on from mere expense to pure savings, losses avoided and returns.

I don’t bother with the reason for the disruption here: fire, flood, and supplier issue, whatever… you add that bit based on your own organisational aims, risks and recent experiences. And don’t allow anyone to tell you it can’t happen here… make sure you sell the function long and not short! Don’t be shy in ‘annualising’ any figures based on the incident rates as well as also using the single incident or ‘spot’ figures.

  1. Reputation reputation reputation: It’s a reputation thing... what’s 5% of your capital and share value on the markets? What if you lost that 5% due to losing the trust of your customers or badly disappointing them and having to pay them reparation or compensation? What could that compensation amount to? Remember Mitsubishi and BMW!
  2. Customer is king: What’s the value of one day of lost sales from customers not being able to contact you through all those whizzy new channels - web, chat, twitter, email … I could go on… and I haven’t even mentioned the humble telephony call centre. It’s all blended now! Unified Communications it’s called …. make sure you know both how and through whom your customers talk to your business and an averaged value of business written in one day. Then, which days are the hot spots?
  3. Recovery royalties: What’s the value of the losses avoided because you were able to recover that business process much faster with a pre-tested plan? Any time saved = costs saved and avoided... direct and indirect. Heck, you are so good that you actually managed to avoid the disruption happening in the first place, or growing to a full blown event, because the Recovery Team met as soon as the potential arose... you ‘headed it off at the pass’... what was the value of that bigger event not landing?
  4. Crystal ball: Your predictive powers are legendary! How many times did the exercise scenario you facilitated suddenly become prescient when the real thing threatened or landed later? The team knew immediately what to do and who to involve, saving time in the recovery and avoiding larger damages and impacts. Remember; don’t let anyone say ...’it can’t happen here’.
  5. Contract creative: What did you save on that review of the off site recovery contract this year? Get a fixed price for three years? Knocked out the unnecessary seats and systems because your Impact Analysis is so good? What’s the difference from standard market rates for the contract life? [Incidentally - did the last time you used the off site recovery for real actually pay for itself? Yes? Good – then make sure you tell that story. How many days use would do that? What do you think would be a good figure for this? Two days, three, five, more?]
  6. Resource reasonable: Remember the costs saved on IT Systems resources and availability and resilience measures: due to the business owner accepting a longer but reasonable RTO after your intervention - instead of living with ‘I can’t do without it ‘or ‘I need it in two hours’. Did you align your business process RTOs to IT System RTOs or vice versa and save on costs?
  7. Champions on the field: So you’ve embedded the BC lifecycle using champions for analysis and plan maintenance etc. out there in the business - they understand their business activities intimately. What would that equivalent work cost in full time employees or contractors?
  8. Love your neighbours: Those local mutual aid arrangements with neighbours - and cross unit relocation plans - how much is that worth in the alternatives - off site service costs and welfare costs during any emergency? Over one day, two days?
  9. Analysis anticipation: Your BIAs are awesome - How many operational risks did you uncover during your BIAs - which are now on the organisation's Risk and Governance Register for effective treatment so they never materialise? You pointed out some rather embarrassing holes in the operation! What if they had landed: did they have an annual probability value of 1 = certain? What costs avoided here? Halve this number for a probability of 0.5, i.e. once every two years etc.
  10. Brilliant value: Now compare the annual total of all the above with the gross salary of your BC Team – one is peanuts in the comparison - and it won’t be the sum saved! And I bet no one would agree to pay you an annual bonus based on 10% of savings either! If anyone has tried this tack, I really want to hear from you!

Discuss: I hope some of these sound at least familiar, or prompt you to look again at the good work you naturally do, for which you can then express a value. I’m certain you have your own golden keys to the justification debate – share them!

Neil Wainman MBCI is the Business Continuity Manager at E.ON.

The Business Continuity Institute - May 12, 2016 16:52 BST

I have been involved in disaster business resilience since the 1980's. In that time, I’ve seen it go through the phases of disaster recovery, business continuity and now business resilience. Y2K (remember that?!) gave it a major boost – then nothing considerable happened. Terror campaigns in the UK and USA then the pandemic 'flu scare in 2006-7 also kept it in the C-suite's mind.

Again the number of organisations directly impacted by these were relatively small.

Then came the financial crisis of 2008 squeezing the budgets of both governments and large financial institutions who had been previously big investors in business continuity. As nothing such had happened despite the above “crises” it seems that senior management felt business continuity was an area ripe for savings.

Team sizes were slashed and investment cut. Business Impact Analyses (BIAs) were largely abandoned as expensive, resource intensive exercises that in a fast changing business world were out of date before they had written up their results. The way of identifying the benefits of investing in business continuity had been axed arguably accelerating its decline.

However, in the same period the complexity of organisations and their supporting IT systems has increased. Outsourcing/strategic alliances resulting in supply chains that span the planet are common and legacy IT systems are stitched into new, end user facing web channels. Added to this, the rate of change is accelerating as organisations try to address greater demands for flexibility from the consumer or citizen whilst fending off new entrants in the private sector or budget cuts in the public sector.

Looking around at the organisations I deal with, it seems that everywhere business resilience professionals are struggling to do more, with less. The threats are still there, events such as terrorist attacks and severe weather are happening almost weekly.

So why aren't we seeing a resurgence of investment in business resilience?

Partly I suspect that the impacts of realised threats are not widespread enough to overcome the perception that the risks are small, won't happen to 'us' and anyway they're 'someone else's problem' (such as the government or an outsourced supplier). This, coupled with a marketplace which is stagnant in many areas, means there is a reluctance to invest money in the “insurance” of business resilience.

So, how can we, as business resilience professionals, address this?

Well we have to take up the challenge of doing 'more with less'. We have to be able to tackle the increased rate of business change, increased complexity and get back to a realistic understanding of the real business needs without employing large and expensive teams to plan for and manage our way through crises.

In other areas of work, organisations have exploited automation to improve efficiency. Look at the Industrial Revolution tackling human manual work and the computer revolution of the 1950s and 1960s reducing the cost of administrative effort. When did you last see a typing pool or payroll clerk with a tabulating machine?

Sure there have been software packages to automate data gathering and the administration of the Business Continuity Management System, but is that where the costs lie?

Are there better approaches emerging that could help us with the information gathering and contextual analysis plus the more efficient handling of adverse events?

We are starting to see these come through. It's early days yet but I am sharing my thoughts on developments as well as some ideas on approaches to get investment in these made available on my Business Continuity Awareness Week webinar on the 18th May. I invite you to join today.

Tony Perry is a Senior Managing Consultant at IBM.

Cybersecurity requires a specialized skillset and a lot of manual work. We depend on the knowledge of our security analysts to recognize and stop threats. To do their work, they need information. Some of that information can be found internally in device logs, network metadata or scan results. Analysts may also look outside the organization at threat intelligence feeds, security blogs, social media sites, threat reports and other resources for information.

This takes a lot of time.

Security analysts are expensive resources. In many organizations, they are overwhelmed with work. Alerts are triaged, so that only the most serious get worked. Many alerts don’t get worked at all. That means that some security incidents are never investigated, leaving gaps in threat detection.

This is not new information for security pros. They get reminded of this every time they read an industry news article, attend a security conference or listen to a vendor presentation. We know there are not enough trained security professionals available to fill the open positions.

...

http://blogs.forrester.com/joseph_blankenship/16-05-11-could_your_next_security_analyst_be_a_computer

TORONTO, Canada – Organizations can now receive real-time, continuous updates on risk-related events to further inform and affect critical due diligence processes. OutsideIQthe leader in investigative cognitive computing, today launched a monitoring module for its DDIQ® product, which monitors the open web to discover risk events on a continuous basis, alerting compliance and due diligence professionals to any changes in a target profile on a daily basis. Any negative events found by the cognitive engine will be highlighted on the DDIQ Monitoring dashboard, where the risks can be assessed and adjudicated.

Built on an advanced cognitive computing platform, the DDIQ internet monitoring module has been trained to think and act like an investigator to reduce noise and prevent false positives.  This allows DDIQ users to receive accurate, relevant updates, rather than reviewing a full report whenever they want to have the latest information.

...

http://corporatecomplianceinsights.com/outsideiq-launches-real-time-risk-monitoring-tool/

The Zika virus, and its presumed association with serious birth defects and a paralytic neurological disorder, poses an unusual problem for business leaders and risk managers. While the virus is not currently being spread by mosquitoes in the U.S., Brazil is an important destination for many U.S. business travelers, which will only increase in the build-up to this summer’s Olympic Games. For many companies, health and safety concerns are top priorities, but travel to Brazil may be a business necessity. Before making decisions around these two opposing drives, it is vital that risk managers and business leaders weigh the facts around Zika.

The Risk to Employees

Brazil ranks in the top 10 in the business travel global rankings, making it one of the world’s largest corporate travel markets. With the Olympics, business travel to Brazil is expected to increase considerably this year, yet many Americans are worried about the threats of the virus. Consider the results of a recent survey conducted by my company, On Call International: 64% of Americans and 69% of all women surveyed, said they would cancel their travel plans because of Zika. There is, however, a disparity between these widespread concerns and the ways businesses have actually responded to the virus. A survey by the Overseas Security Advisory Council found that of the 321 businesses that responded, less than 40% are allowing female employees to defer travel to affected countries, and only a fifth are allowing men to opt out. The majority of respondents are only taking steps to inform their employees about the virus.

...

http://www.riskmanagementmonitor.com/zika-and-the-olympics-business-travel-risks/

(TNS) — Florida health officials confirmed two new Zika infections in Miami-Dade on Tuesday, raising the statewide total to 109 people who have contracted the virus this year, more than any state.

In Miami-Dade, where most of Florida’s Zika cases have been reported, 44 people have been infected with the virus, said the state health department, but the disease has not been transmitted locally by mosquito bites. Broward County has reported 15 cases of Zika.
 
With South Florida's rainy season approaching and the numbers of mosquitoes that transmit the disease expected to rise — along with increases in international travel from Zika-affected areas, such as Brazil, which will host the Summer Olympics — Miami-Dade and state officials are preparing to combat the spread of the infectious disease.

...

http://www.emergencymgmt.com/health/2-New-Zika-Cases-Raise-Floridas-Total-109.html

(TNS) — Improving communication on when and how a tropical cyclone will impact a community is a reoccurring theme at this year's storm conferences, but the National Hurricane Center is missing a key tool to connect with today's tech-savvy world.

There's no app for that.

The National Hurricane Center doesn't have a smartphone app people can download to track a storm's progress or monitor hurricane forecast updates. Instead, the National Oceanic and Atmospheric Administration, which oversees the hurricane center, steers people to buying a weather radio.

"That's 1930s technology," said Dan Sobien, president of the National Weather Service Employees Organization. "It's something very few people have outside marine interests and farming communities. Not only do they not have a weather radio, they don't have a radio at all."

...

http://www.emergencymgmt.com/disaster/Does-Hurricane-Center-Need-App-Track-Storm-Progress.html

(TNS) — Moore Mayor Glenn Lewis is in Washington D.C. this week for a conference on Resilient Building Codes hosted by the White House. The conference focused on building codes to enhance community resilience.

“We talked about all of the things we’ve done [in Moore],” Lewis said. “I was on a panel with another mayor and an administrator from the city of New York. I guess it was productive — I’m still translating it all.”

Lewis said adopting new tornado resistant building codes in Moore made the city more competitive for disaster relief funds.

The Moore City Council made history on March 17, 2014, with the adoption of 11 recommendations by structural engineering experts for residential building codes. These code changes made new homes in Moore more likely to survive a tornado without unduly raising construction costs. The code went into effect on April 17, 2014.

...

http://www.emergencymgmt.com/disaster/Resilient-Building-Codes-Conference.html

Modern IT platforms are designed to handle more users than ever, but what happens when these systems become the primary access point for most, if not all, users? What happens when a critical system experiences a fault or goes down entirely?

A survey by the Disaster Recovery Preparedness Council found two years ago that only 27 percent of companies received a passing grade for disaster readiness. The more we rely on data centers, the more costly data center outages become. A recent study by the Ponemon Institute and Emerson Network Power found that:

  • The cost of downtime has increased 38 percent since 2010.
  • Downtime costs for the most data center-dependent businesses are rising faster than average.
  • Maximum downtime costs increased 32 percent since 2013 and 81 percent since 2010.
  • Maximum downtime costs for 2016 are $2,409,991.
  • UPS system failure continues to be the number one cause of unplanned data center outages, accounting for one-quarter of all such events.
  • Cybercrime represents the fastest growing cause of data center outages, rising from 2 percent of outages in 2010 to 18 percent in 2013 to 22 percent in the latest study.

...

http://www.datacenterknowledge.com/archives/2016/05/12/how-to-create-a-reliable-dr-strategy-best-practices/

There is no denying the success of Amazon in delivering data services as part of their public cloud. Their database as a service (DBaaS) offerings have been some of the fastest growing and widely used and stand-outs in their amazing growth. At the same time, there are some situations where other options, and in particular those based on OpenStack, can provide clear advantages.

In this article, I’ll share the current state of DBaaS on OpenStack and provide seven concrete examples of how an organization can benefit from using OpenStack Trove relative to the offerings available from Amazon Web Services (AWS). I’ll assume you understand the value of DBaaS and databases in the cloud so I won’t review those here. Let’s get started.

...

http://www.datacenterknowledge.com/archives/2016/05/12/seven-things-openstack-dbaas-can-do-that-aws-cannot/

Virtualized infrastructure (VMs, virtual networking, software-defined storage, etc.) provides a flexible, well-understood and secure platform on top of which a diverse set of workloads can be efficiently deployed and managed. Containers, such as Docker, provide a convenient method to package, distribute and deploy applications.

Both technologies provide useful abstractions, but at different layers in the stack. By making these layers work well with each other, the overall stack can more effectively meet the needs of both application developers and infrastructure administrators.

...

https://www.citrix.com/blogs/2016/05/12/containers-or-virtual-machines-its-not-necessarily-one-or-the-other-get-the-best-of-both-worlds/

Despite the flexibility that the cloud offers customers, a new survey by Microsoft and 451 Research suggests that customers are fiercely loyal to their primary service provider.

According to the survey, The Digital Revolution, Powered by Cloud, which was released Wednesday at the Microsoft Cloud & Hosting Summit in Washington, more than one-third of customers (38 percent) surveyed said they plan to increase spending with their primary cloud and hosting service provider upon contract renewal.

In an interview with The WHIR, Microsoft’s vice president, Hosting and Cloud Service Provider Business, Aziz Benmalek said that this indicates the critical role service providers play in continuing to “drive organic growth in existing customers and help them in their cloud journey.”

...

http://www.datacenterknowledge.com/archives/2016/05/12/survey-cloud-users-no-rush-switch-providers/

The Business Continuity Institute - May 11, 2016 16:09 BST

“To expect the unexpected shows a thoroughly modern intellect.”
Oscar Wilde, Irish playwright, novelist, essayist, and poet. 1854-1900

Preparing for the 'unexpected' is not a new idea. Over the last 50 years, the business continuity industry has grown out of the need to protect businesses from the unexpected and expected interruption. However, when we stop and think about the threats business continuity professionals must mitigate in today’s business continuity (BC) plans versus 20, 10 or even 5 years ago, all agree there is a new threat landscape. Threats that are making the 'unexpected' drastically different today and unimaginable tomorrow.

Protecting an organization from an 'IT outage' is where most BC plans originated. Yet, even IT outages today have taken on a new level of complexity. We live in an 'Always on world' where complex, global infrastructures and open-source code systems join with the Internet of Thing’s 9 billion possible entry points to capture more and more data to the Cloud every minute. On top of that, we 'Bring (Y)our Own Devices' (BYOD) then capture and analyze Big Data to enable a ‘cognitive’ world. As BC planners we are asked to protect our businesses from interruptions caused by these many factors and do it faster, cheaper and with less staff to help solve the problem.

Moreover, there is now increased pressure from outright criminal activity. Yes, cybercrime. Our most precious business resource, our differentiating factor that is our competitive advantage - our intellectual property and personal information - is under sophisticated, malicious, criminal attack 24 hours a day, every day.

Linda LaunBy the end of 2014, some estimates indicated more than one billion leaked personally identifiable information, think emails, credit card numbers, and passwords, was reported stolen1. An organization of 15,000 employees can expect to see 1.7 million security events in one week. However, typically only 1 out of every 100 security compromises actually are detected. So add two zeros to the 1.7 million and you get the picture2.

With this new threat landscape, what truths can BC Planners hold onto today?

Linda LaunWell we know the principles of BC, like the laws of physics, never change. However, what must change is how we apply and adapt these principles to new threats. In this world of rising crises, incidents, and organized cyber-attacks, how we apply the tried and true BC techniques we’ve practiced over dozens of years brings real benefits when teamed with security to win in this war against cybercrime. According to the 2015 Cost of Data breach Study by the Ponemon Institute and IBM, Business Continuity Management (BCM) involvement in data breach response can reduce the associated costs by $14 per affected record and reduce the time to contain the data breach by 41%3.

When business continuity and security team we apply three waves of defense: Frontline, Response, and Containment. Security prevents as much as possible with implemented frontline security services like strong security policies, passwords, encryption and personnel awareness training. Should, or when the attack comes, BC’s deep experience in incident response adds command and control, measured incident response and the 'who' needs to be involved. Lastly, if the worst happens and records are lost, our company’s reputation is protected through containment by implementing BC plans for IT outage and personnel depletion scenarios.

What would BCM and Security teaming look like in the real world?

First, establish joint representation where Security and BCM work as members of each other’s teams building the response plan. Work on each other’s teams, include BC in the response team, and involve the Chief Information Security Officer (CISO) throughout.

Second, BCM and Security work together to align cyber incident response and participate in joint testing with simulated exercises. Teams work together to validate the planned actions and educate all participants on their roles as well as the unique attributes of a cyber response.

Third, appoint crisis management representatives to coordinate BC and Cyber security efforts during and after the breach. Cyber response like BC response requires clear roles, responsibilities and communication. Joint roles defined in a communication plan delineate who can answer the tough questions.

Yes, threats are changing every day and cyber is just one of the many threats from which we must protect our businesses. Now, you are armed with hard evidence and three simple actions to start, or strengthen your BCM program from a cyber event and realize real value for your organization.

Linda Laun is the Chief Continuity Architect at IBM Global Business Continuity. During Business Continuity Awareness Week, she will be hosting a webinar on the same subject giving you the opportunity to ask questions. The webinar is in Monday 16th May and you can register for it by clicking here.

1IBM X-Force Threat Intelligence Report 2016, pg. 2
22014 Cost of Data Breach Study, Ponemon Institute and IBM
32015 Cost of Data Breach Report, Ponemon Institute and IBM

Zika Prevention KitsThe first thing that comes to mind when people think about the Strategic National Stockpile (SNS) is probably a big warehouse with lots of medicines and supplies. What many do not know is that even when the SNS does not have the specific medicines or supplies needed to combat a public health threat, SNS experts can play a key role in working with medical supply chain partners to locate and purchase products during an emergency response.

The involvement of the SNS in the Zika virus response is a perfect example of this little-known, but significant, role. Zika is spread to people primarily through the bite of an Aedes aegypti mosquito infected with Zika virus, although Aedes albopictus mosquitoes may also spread the virus. Recent outbreaks of Zika in the Americas, Caribbean, and Pacific Islands have coincided with increased reports of microcephaly and other birth defects as well as Guillain-Barré syndrome. As a result, the Centers for Disease Control and Prevention’s (CDC) response is focused on limiting the spread of Zika virus. Prevention is key for Zika control, because there is no vaccine or medicine for Zika virus. This is where the SNS comes in.

Controlling mosquito populations is key to prevention

Zika prevention kit

During a public health emergency, CDC can deploy the SNS for medicines and supplies or can use SNS’ contracting abilities to access materials and services that can be used to prevent or treat diseases that threaten U.S. health security. Controlling the mosquito population and addressing other known routes of infection are important to limit the spread of Zika virus in U.S. territories. The SNS is providing immediate vector control services and preventive supplies for pregnant women to protect themselves from mosquito bites. Pregnant women are particularly vulnerable because they can pass Zika virus to their fetuses, which can cause microcephaly and other brain defects.

Before the Zika virus outbreak, the SNS did not stock or purchase medicines or supplies to respond to illnesses spread by mosquitoes, ticks, and other insects. In response to this outbreak, SNS staff are working with CDC procurement experts to award and implement immediate, short-term contracts to deploy materials and services to control the mosquito populations responsible for Zika transmission. These contracts allow CDC to work with territorial public health jurisdictions to treat areas where mosquitoes breed and live, as well as areas where pregnant women live.

Zika Prevention Kits help pregnant women protect themselves

Zika prevention kit bags

The SNS is creating Zika Prevention Kits for pregnant women in U.S. territories. These kits are being distributed as an effort to help prevent Zika infection in pregnant women and to reduce the number of babies born with birth defects caused by Zika, such as microcephaly and other brain defects. Through donations from the CDC Foundation and its partners and by purchasing products, the SNS has obtained materials for the kits – including insect repellent, larvicides, mosquito netting, condoms to prevent sexual transmission of Zika, and educational materials.  The SNS is rapidly assembling these materials in reusable bags that can be given to pregnant women.

The SNS has sent nearly 7,000 kits to affected areas, and more are planned. Each U.S. territory is identifying the best way to get the kits to pregnant women. In Puerto Rico, local public health officials have partnered with clinics that are part of the Special Supplemental Nutrition Program for Women, Infants, and Children (WIC) so they can reach expectant mothers. WIC already interacts with this population through its healthcare and nutritional services for low-income women, infants, and children. Local obstetrician offices are also being used to distribute these kits.

In the past, the SNS primarily focused on warehousing products and deploying those products for public health threats related to bioterrorism, pandemics, and natural disasters. With every emergency response, it has become more evident that the SNS can play a much larger role, especially when specialty products, products in high demand, and medical countermeasures are needed to secure the nation’s health. As one of the federal government’s leading groups of medical supply chain and logistics experts, the SNS at CDC has the ability to coordinate with industry partners to rapidly procure and transport medicines and supplies and serve specific populations in a public health emergency.

(TNS) — The Department of Homeland Security is testing airflow inside the city’s subway system this week as a way to predict what would happen in a possible chemical attack.

The week-long study poses no risk to the public, the Department of Homeland Security said.

From May 9 through May 13, DHS said officials will be releasing harmless, non-toxic gases inside several subway stations in Manhattan, including Penn Station, Grand Central Terminal and at Times Square.

“This study is part of the department’s ongoing commitment to preparedness and the shared responsibility of protecting the nation’s critical infrastructure,” DHS S&T program manager Dr. Donald Bansleben said in a statement. “The results of this study will provide us with a greater understanding of airflow characteristics, informing the research and development of next generation systems that continue to ensure the safety and security of the general public.”

...

http://www.emergencymgmt.com/training/NYC-Subway-Study-Will-Test-Impact-Chemical-Attack.html

AUSTIN, Texas – Texans affected by the April storms and flooding can get their questions answered in many languages by accessing the FEMA booklet “Help After a Disaster: Applicant’s Guide to the Individuals & Households Program.”

The guide provides information on the types of assistance available and how survivors in the disaster-impacted area might qualify for housing assistance and other grants and essential needs. It also explains the types of eligible losses covered by the program and information about insurance settlements and uninsured, disaster‐related necessary expenses. Applicants must meet specific eligibility requirements to qualify for help.

The guide, fema.gov/help-after-disaster, is available in English, Spanish, Arabic, Urdu, Vietnamese, Chinese and many other languages.

In Texas, federal disaster assistance is available to residents of Austin, Colorado, Fayette, Grimes, Harris, Parker, Waller and Wharton counties who suffered damage from the April 17-24 storms.

Survivors in the affected counties are urged to register for assistance the following ways:

  • online at DisasterAssistance.gov;
  • phone (voice, 711 or video relay service) 800-621-3362 (FEMA), TTY 800-462-7585. Toll-free lines are open 7 a.m. to 10 p.m. local time, seven days a week. Multilingual operators are available.
  • by visiting any disaster recovery center in the disaster-impacted counties.

# # #

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

The threat of cyber crime has created a significant increase in interest on the topic of cyber security, with organizations spending billions of dollars to protect themselves against a fast evolving array of current and potential future threats. Many spend heavily on monitoring, surveillance and software; however, they often neglect the risk exposure created by their own people – and, in this digital age, by their customers.

Like bank robbers of yore, cyber criminals target “where the money is,” and that often means banks and financial institutions. With many decades’ experience in protecting themselves against crime, banks and insurance companies typically have reasonably sound physical and technical cyber security defenses in place. The concept of currency has changed, however, and now, rather than trying to cart off bills and coins, cyber thieves seek to steal valuable information.

...

http://www.forbes.com/sites/steveculp/2016/05/10/cyber-risk-people-are-often-the-weakest-link-in-the-security-chain/

BATON ROUGE, La. – If you’re a survivor of the Louisiana storms and flooding that struck the state March 8 through April 8 and you’ve received an application for a U.S. Small Business Administration low-interest disaster loan, you should complete and return it as soon as possible.

Obtaining a low-interest disaster loan may be the solution to your recovery needs by providing you the funds you need for home repair, rebuilding and property loss. Returning the application also may lead you to Federal Emergency Management Agency disaster recovery grants that do not have to be repaid.

While no survivor is obligated to accept a loan, you will be considered for other federal disaster assistance only if you return the SBA loan application.

There are important reasons for you to file the loan application (even if you don’t think you currently need a loan):

  •     Your insurance settlement may fall short. As you began to recover from the effects of your personal disaster, you may discover that you were underinsured for the amount of work required to repair or replace your home. An SBA low-interest disaster loan can cover the gap.
  •     SBA will work with you to provide a loan that fits your personal budget. If you already have a mortgage on damaged property, SBA specialists can help with a low-interest loan you can afford. In some cases, that may mean your current mortgage loan could be included in your SBA loan which could give you one overall, affordable loan payment on your home.
  •     Don’t know how you’ll replace household contents or vehicles? SBA may be able to help.  Homeowners may borrow up to $200,000 for the repair or replacement of real estate. Both homeowners and renters may borrow up to $40,000 to repair or replace clothing, furniture, cars or appliances damaged or destroyed in the disaster.
  •     What about businesses that were damaged? If you’re a business owner, you may be able to borrow up to $2 million for physical damage and economic injury.
  •     By submitting your SBA loan application, you keep the full range of disaster assistance available as an option. If SBA does not approve a loan, you may be offered a FEMA grant or grants to replace essential household items, replace or repair a damaged vehicle, cover storage expenses or meet other serious disaster-related needs.

SBA Loans have Low Interest Rates.

Interest rates for loans for homeowners and renters can be as low as 1.813 percent. For private nonprofit organizations rates can be a low as 2.625 percent. For businesses rates can be as low as 4 percent.

Even if you qualify for an SBA loan, you are under no obligation to accept it.

Refinancing and relocation loans may be available on a case-by-case basis. Survivors are encouraged to speak with an SBA representative for details.

For more information, call the SBA at 800-659-2955 (800- 877-8339 TTY). Homeowners, renters and businesses may visit SBA’s secure website at disasterloan.sba.gov/ela to apply online for disaster loans.

Although it’s not required to register with FEMA to apply for an SBA loan, you are strongly urged to do so as grants could be available to you from FEMA.  

Register with FEMA for help or information regarding disaster assistance: call 800-621-FEMA (3362), register online at DisasterAssistance.gov or fema.gov/disaster/4263. Help is available in many languages. Cuando llame al 800 621-3362 (FEMA) marque el 1 y escuche las instrucciones en español.
Disaster applicants who use TTY should call 800-426-7585. Those who use 711 or Video Relay Service should call 800-621-3362. Lines are open 7 a.m. to 10 p.m. local time, every day.


###


We urge everyone to continue to use caution in areas where floodwaters remain. Monitor DOTD’s 511la.org website for updated road closure information. Look for advisories from your local authorities and emergency managers. You can find the latest information on the state’s response at emergency.la.gov. GOHSEP also provides information at gohsep.la.gov, Facebook and Twitter. You can receive emergency alerts on most smartphones and tablets by downloading the new Alert FM App. It is free for basic service. You can also download the Louisiana Emergency Preparedness Guide and find other information at www.getagameplan.org.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you are deaf, hard of hearing or have a speech disability loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion6 and the FEMA Blog at http://blog.fema.gov.

FEMA offers a number of free online resources for home and property owners. To get started, go to fema.gov/safer-stronger-protected-homes-communities or fema.gov/louisiana-disaster-mitigation

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at SBA.gov/disaster Deaf and hard-of-hearing individuals may call (800) 877-8339.

A lifelong Atlanta Braves fan, Forrester Senior Analyst Joseph Blankenship longs for the mid-1990’s with respect to his baseball team, but we promise that he looks to the future as he advises his clients on current and emerging security technologies. He covers security infrastructure and operations, including security information management (SIM), security analytics, and network security, and his research currently focuses on security monitoring, threat detection, operations, and management. Joseph has presented at industry events, been quoted in the media, and has written on a variety of security topics.

 

Joseph’s over 10 years of security experience includes marketing leadership and product marketing roles at Solutionary (NTT), McAfee (Intel Security), Vigilar, and IBM (ISS), where he focused on managed security services, consulting services, email security, compliance and network security. As a marketing leader, Joseph helped to align client needs with marketing strategy, messaging, and go-to-market activities while educating users about security strategy. His background also includes extensive experience in the IT, telecommunications, and consulting industries with Nextel, IBM, Philips Electronics, and KPMG.

 

Listen to Joseph’s conversation with VP, Research Director Stephanie Balaouras to hear about Joseph’s biggest surprises since starting as a Forrester analyst, his most frequent client inquiries, and the topics he’s excited to research in the coming year:

...

http://blogs.forrester.com/stephanie_balaouras/16-05-10-forresters_security_risk_spotlight_joseph_blankenship

Impact Forecasting has published the latest edition of its monthly Global Catastrophe Recap report, which evaluates the impact of the natural disaster events that occurred worldwide during April 2016.

The report highlights the two major earthquakes which struck southern Japan during the month, causing massive devastation and killing at least 66 people, with more than 4,000 others injured. Total economic losses, including physical damage to residential and commercial structures, vehicles and infrastructure, and business interruption, were expected to exceed JPY 1.12 trillion (USD 10 billion).


The General Insurance Association of Japan reported that nearly 70,000 non-life claims had been filed, as total insured losses were expected to breach JPY 225 billion (USD 2.0 billion).

Meanwhile, a major magnitude 7.8 earthquake struck Ecuador's northwest coast on April 16th, killing at least 660 people and injuring more than 17,638 others. According to government figures, the total economic cost for the damage and reconstruction was expected to be above USD 3.0 billion. Given low insurance penetration levels, the insured loss was set to be a fraction of the overall financial cost.

...

http://www.continuitycentral.com/index.php/news/resilience-news/1100-april-sees-worst-natural-disaster-losses-for-five-years

Considering the scope of possible crises, it’s no wonder the final draft of the newly minted Chatham County, Ga., Hazard Mitigation Plan runs to a hefty 211 pages. Drought and flood; extreme heat and winter storms; hurricanes and rising sea levels; and in this latest plan, add terrorism to the catalog. Granted, the county won’t likely see all of these at once. But still, you have to plan for all hazards.

That’s what the county mitigation plan does, and it’s been no small feat to craft the document.

“There is a lot to keep up with, a lot of documentation from a lot of government entities, along with FEMA guidelines, state guidelines,” said Margaret Walton, a senior planner in Land Planning at Atkins North America. She consulted with the Chatham Emergency Management Agency (CEMA) on the plan, which covers the county as well as seven municipalities and the Savannah metro area, population 527,106 according to the 2014 Census Bureau estimate.

...

http://www.emergencymgmt.com/disaster/All-Hazards-Covered-in-Chatham-County.html

There are a multiplicity of trends simultaneously altering our collective vision of what a data center is, and what it is becoming. And those trends are not necessarily acting in concert. We thought software-defined networking would make it easier for data centers to stage workloads more efficiently on a Layer 3 that was more effectively decoupled from Layer 2. But then NFV came along, and suddenly telcos are introducing the rest of the world to a completely new way to envision the role of the data plane in SDN.

It’s not as easy to predict where data center technology is going when all the trends converge. At the OpenStack Summit in Austin, Texas, a few weeks ago, network functions virtualization stole the show. Attendance at sessions that had the slightest relationship to NFV was as much as two orders of magnitude higher than those dealing with ordinary OpenStack administration. IT professionals are curious as to whether this new methodology for workload orchestration will have any impact, directly or indirectly, upon data center architecture.

NFV came about as a result of the common need among communications providers to automate the provisioning of customer services when deployed on common, commodity servers. Virtualization was essentially the means to an end; NFV’s initial goal was automation. What makes NFV attractive to data centers outside of telcos is that high-level automation aspect. What makes it risky is the degree to which NFV would reform data centers to make this automation feasible.

...

http://www.datacenterknowledge.com/archives/2016/05/11/data-center-transformation-will-unfold-in-four-steps/

Early next month, FEMA Region X, in cooperation with local, state and tribal entities in the Pacific Northwest, will lead on a three day emergency operations test scenario that includes a 9.0 magnitude earthquake along the Cascadia Subduction Zone (CSZ) with a resulting tsunami -- the most complex disaster scenario that emergency management and public safety officials in the Pacific Northwest could face in the future.

Several days earlier, my own neighborhood organization that covers roughly 300 homes will perform its own first earthquake disaster drill.  We’re organized by zones, with homes pre-identified as care and shelter centers or first aid centers.  We’ve purchased and stored emergency supplies in each of our zones.  But we’ve never tested our search and rescue or communications capacities, or the protocols we plan to follow, including ham radio communications with the city’s emergency operations center.

Working on either exercise always brings up the same questions:  what should my family have on hand in the way of an emergency supply kit?  How will our family communicate if we are spread out around the city when such a disaster strikes?  How long will we be without help?

...

http://anniesearle.createsend.com/t/ViewEmailArchive/r/A9A57AEB9B28A7172540EF23F30FEDED/6F21BA1D1D483682/

Tuesday, 10 May 2016 00:00

Emergency Leader: Dual Helping Careers

(TNS) - When an emergency strikes in the Flathead Valley, Mary Granger may or may not be physically present at the scene, but it is very likely that Granger somehow has a hand in keeping folks safe.

Granger retired as the Flathead County Emergency Medical Services manager in April. The six-year stint was a second career for Granger after working 33 years as a school teacher.

“I’ve been on this adventure since 1980 when I took a first-aid class and this is really the culmination of that adventure,” Granger said of her retirement.

Granger was one of the founding members of the Lakeside Quick Response Unit. At the time there was no first responder program in Lakeside, which sometimes meant waiting a long time for emergency personnel to arrive from Kalispell or Polson.

After the first-aid class, Granger was hooked.

...

http://www.emergencymgmt.com/disaster/Emergency-leader-Dual-helping-careers.html

(TNS) -- A new microwave backup to the region's 911 emergency telephone service will add a layer of reliability in case of violent storms or an accidental slicing of a fiber-optic cable.

The South East Texas Regional Planning Commission will spend about $3.3 million to erect 12 towers and equip five existing towers with the technology, said Pete De La Cruz, director of the commission's 911 program.

Although it could become the primary system for Jefferson, Hardin and Orange counties sometime in the future, for now it's designed as a backup, De La Cruz said.

Recently, a contractor in Lumberton building a new dentist's office sliced through a fiber-optic cable bundle in the ground.

The bundle contained the cable that connected to the Hardin County Sheriff's Office 911 dispatchers at the courthouse in Kountze.

No emergency calls were missed because all the Hardin County calls were routed to the Silsbee Police Department, the second location for incoming emergency calls in Hardin County.

But it did demonstrate a vulnerability of the 911 system, De La Cruz said.

...

http://www.emergencymgmt.com/next-gen-911/Regional-911-System-Backup.html

The increase of ransomware has been discussed in great length over the past year. In my 2016 security predictions round-up, I noted that we should expect to see substantial growth in ransomware attacks, quoting Stu Sjouwerman, founder and CEO of KnowBe4:

Current estimates from the Cyber Threat Alliance put the damage caused by CryptoWall ransomware at $325 million, up 1800 percent since the FBI's report in June 2015.

And I’m not the only one who had ransomware on the mind. Others also were concerned about the rise of ransomware. For example, CSO had this to say:

...

http://www.itbusinessedge.com/blogs/data-security/another-accurate-2016-prediction-the-rise-of-ransomware.html

Tuesday, 10 May 2016 00:00

What Is Poor Data Quality Costing You?

Your data is a valuable asset. Especially in today’s world of faster consumers, your data needs to be in tip-top shape to target, engage, and convert prospects. If not properly maintained, you risk any number of lost opportunities, decreased efficiency, and a negative impact to your bottom line.

Marketing data has become so important that 97% of companies feel driven to turn their data into insights, according to the 2015 Data Quality Benchmark report by Experian. According to the research, the top three drivers include:

  • 53% - Wanting to understand customer needs
  • 51% - Wanting to find new customers
  • 49% - Wanting to increase the value of each customer
  • Chart reason for maintaining high-quality data

...

https://channels.theinnovationenterprise.com/articles/wipdqcy-wipdqcy-what-is-poor-data-quality-costing-you

Today, many Fortune 500 companies are enlisting a hybrid cloud approach that uses a patchwork of on-premises, private cloud and third-party, public cloud services to allow workloads to move between clouds to meet the ever-evolving demands of computing needs and cost expectations. In turn, these companies benefit from greater flexibility and more data deployment options.

However, Tom Gillis, founder of startup Bracket Computing, quickly realized that this approach, with server hardware, software applications, storage capacity, and networking services spread across data centers and multiple service providers, invites operational complexity and introduces an opportunity for error. Gillis decided there was an unmet need for a new virtualization technology; one that could secure multiple cloud environments by creating a container for infrastructure so that an enterprise could move data out on the public cloud, while still maintaining the control it wanted.

On his mission to create a virtualization technology that could provide one set of infrastructure across multiple clouds, Gillis was met with a technical challenge: when sticking a hypervisor on top of a hypervisor at the cloud, the technology was incredibly slow and performance was being cut in half. To overcome this challenge, a lot of trial and error, fine-tuning and tweaking was needed to get the technology—Bracket Computing Cell—to a point that Gillis refers to as “lightning fast.”

...

http://www.datacenterknowledge.com/archives/2016/05/09/it-innovators-entrepreneur-sets-out-to-redefine-cloud-management/

Information is critical to our businesses. We cannot make good decisions without it. We identify the cause of issues based on it. In a crisis, without information, we may be making decisions or trying to contact appropriate parties like a myopic without his glasses.

What is the information that may be required during a crisis?

  • The severity of the impact to business processes
  • How long the crisis may last
  • Internal contact lists
  • External contact lists
  • Crisis & Recovery Team members and responsibilities
  • Recovery plans and checklists
  • Business processing requirements
  • Manual processing procedures
  • Information on business risks

...

http://www.mha-it.com/2016/05/will-key-information-available-crisis/

Data centers worldwide are energy transformation devices. They draw in raw electric power on one side, spin a few electrons around, spit out a bit of useful work, and then shed more than 98 percent of the electricity as not-so-useful low-grade heat energy. They are almost the opposite of hydroelectric dams and wind turbines, which transform kinetic energy of moving fluids into clean, cheap, highly transportable electricity to be consumed tens or hundreds of miles away.

But maybe data centers don’t have to be the complete opposite of generation facilities. Energy transformation is not inherently a bad thing. Cradle-to-Cradle author and thought leader William McDonough teaches companies how to think differently, so that process waste isn’t just reduced, but actively reused. This same thinking can be applied to data center design so that heat-creating operations like data centers might be paired with heat-consuming operations like district energy systems, creating a closed-loop system that has no waste.

It’s not a new idea for data centers. There are dozens of examples around the globe of data centers cooperating with businesses in the area to turn waste heat into great heat. Lots of people know about IBM in Switzerland reusing data center heat to warm a local swimming pool. In Finland, data centers by Yandex and Academica share heat with local residents, replacing the heat energy used by 500-1000 homes with data center energy that would have been vented to the atmosphere. There are heat-reuse data centers in Canada, England, even the US. Cloud computing giant Amazon has gotten great visibility from reuse of a nearby data center’s heat at the biosphere project in downtown Seattle.

...

http://www.datacenterknowledge.com/archives/2016/05/10/how-to-reuse-waste-heat-from-data-centers-intelligently/

(TNS) — Soon enough rainy season will begin drenching Southwest Florida with its annual average rainfall of 55 inches.

Standing water, even a capful in a plastic bottle top, can be a breeding ground for mosquitoes that transmit the Zika virus.

The Collier County Mosquito Control District is upgrading its laboratory to start testing for the mosquito species that carries the virus.

"This allows us to gets the results back in a matter of hours instead of days," Patrick Linn, executive director of the district, said.

...

http://www.emergencymgmt.com/health/Southwest-Florida-Mosquito-Control-Gears-Up-Zika.html

With every passing year, the role of technology in business continuity only grows. From social media coordination, disaster-relief apps, “micromappers” and Google People Finder to computer models designed to predict where the next crisis will occur, technology is enabling us to make huge improvements to the ways we handle business continuity.

For many organizations, the newest, most practical business continuity software technology is an app that enables companies to house their crisis plans “in the cloud,” and then disperse them to each end user through mobile devices. Employees and other stakeholders are empowered with anywhere, anytime access to crisis plan details, which helps to streamline emergency response, better protect people and physical assets, and encourage a faster, more effective return to normalcy.

If you feel your organization could benefit from a mobile business continuity solution, consider the best ways to implement it into your business. You can either build the app in-house, use a vendor solution, or outsource it to a third-party developer. There are several key factors to consider when weighing a build vs buy decision:

...

http://www.rockdovesolutions.com/blog/build-vs-buy-true-cost-of-diy-business-continuity-software

It’s been a common information security event in the news for all too many business enterprises —- e.g. yet another large publicly traded company is the recent victim of a data breach.

The situation is worsened, when not only business information is breached but also millions of customer’s personal and financial information records are compromised.

Who is winning this cyber-security war?  That answer is far too complex to deal with in this short article.  Nonetheless, this article will hopefully give our readers a stronger sense of urgency to pay more attention to risk assessment and risk management when developing their corporate cyber-security related strategic goals and objectives.

(TNS) - It's been an educational year for Capt. Christopher White.

Before he was promoted to the head of Corpus Christi Police Department's Animal Care Services and Vector Control, it never crossed his mind that he would have to learn the correct temperature to make puddle conditions perfect for mosquito breeding.

But in the battle against the pesky insects that knowledge — 83 degrees, by the way — means snaring a strategic advantage.

"I got tired of trying to explain everything I was learning about mosquitoes during staff meetings, so I made these," White said as he pulled out two packets. One he dubbed "Mosquito 101" and the other details Corpus Christi's management policy in varying mosquito risk levels.

...

http://www.emergencymgmt.com/health/Corpus-Christi-to-handle-Zika-like-previous-mosquito-borne-viruses.html

(TNS) - At Ipswich, locking the front doors to the school is only a screen tap away.

Superintendent Trent Osborne said he has an app on his phone that gives him the ability to quickly lock the school's main entrance. It's the only door at the school that's open during the day, he said, and that's because visitors walk straight into the school office.

Last week, the front door to Ipswich was locked. Osborne said it wasn't a lockdown incident, but the district was dealing with a family situation. No threats were made, he said, he just locked the door as a precaution.

Visitors to Aberdeen public and private schools will note intercom systems in place at the main entrances that allow entry into the schools. Aberdeen public school Superintendent Becky Guffin said installation of the systems started in 2013.

...

http://www.emergencymgmt.com/safety/School-lockdowns-are-more-than-just-secure-entrances.html

To some, cloud computing and IT security do not intersect. The results are often disastrous. Considering the huge amount of press that cloud computing receives when breaches occur, it's easy to understand why they believe that. But if you look at IT security from a wider lens, you'll see that cloud computing technologies are actually helping to propel IT security at rates never seen before.

Indeed, some of the advancement of security mechanisms and architectures such as end-to-end encryption can be traced back to public and private cloud security breaches where sensitive data was stolen for profit or fun.

This brought the topic of encryption to the forefront of conversation in CIO circles around the globe. It also likely contributed to the recent skyrocketing adoption rates for encryption. According to a recent Ponemon Institute study that polled more than 5,000 IT and business managers from various parts of the world, 41% said that encryption has been adopted extensively in their organizations, an increase from 16% in 2005.

...

http://www.informationweek.com/cloud/platform-as-a-service/7-ways-cloud-computing-propels-it-security/d/d-id/1325430

Data is finding its way into just about every type of modern product and service. As a result, some companies are necessarily rethinking their business models, product strategies, customer engagement strategies, and supply chain strategies. Meanwhile, entrepreneurs and intrapreneurs are discovering entirely new solutions to age-old problems.

"Our traditional business model, the way we provide products and services, is being disrupted because people -- especially Millennials -- do not look at a big book of codes," said Nataniel Lin, analytics and strategy lead at the National Fire Protection Association (NFPA), in an interview. "We're in the process of becoming a 120-year-old startup. Essentially, we're leveraging all the data that's available out there and aggregating data to create unique value and solutions that up until today were not possible."

In NFPA's case, data is flowing in from connected IoT systems in homes and commercial buildings, insurance companies, and other sources. Lin is working with 26 different property and casualty insurance companies with the goal of anonymizing and aggregating data in a way that benefits all of the companies without exposing them to privacy or security risks. That way, the companies can have a more objective view of revenue, profitability, and risks than would be possible using only their own data.

...

http://www.informationweek.com/big-data/big-data-analytics/data-products-9-best-practices-to-minimize-risk-/d/d-id/1325420

When laying down the foundation for employee safety and communication, one of the most essential resources to establish within your organization is a secure emergency phone number. A reliable place where your employees can go to hear pertinent information, retrieve updates, and understand how the information on the other side of the phone affects their well-being, their day, or their job. A number your employees can call or text to report information, raise concerns, present questions in one centralized place for the employer.

In 1967, the President’s Commission on Law Enforcement and Administration of Justice worked to implement a universal phone number nationwide for anyone reporting emergencies. That’s why 9-1-1 exists today, so we can report emergencies relating to crime, accidents, and medical issues, and request assistance.

As mobile people living among an increasing population, subsequently producing a rising number of incidents, the methods of reporting and responding to incidents are changing. The resources to keep people informed and connected are becoming smarter, more useful. The technology to monitor, communicate, and resolve a situation faster is readily available to us.

...

https://www.alertmedia.com/how-to-use-an-emergency-phone-number-four-tips-from-customers

(TNS) - Pittsburgh public safety officials have promised to review and seek improvements to how they handle all major events hosted by the city in the wake of two events that generated complaints from the police union.

Two recent events — the mid-April Donald Trump rallies and Sunday’s Pittsburgh Marathon — created concerns about the public safety department’s preparedness to handle major events and will be the subject of reviews.

“We’ll be doing more after-actions on every type of event, whether it’s a scheduled event, whether it’s an unexpected event,” city Public Safety Director Wendell Hissrich said Wednesday. “There will be after actions across the department of public safety to include EMS, fire and police, not to hang anybody, but to figure out how we can make the improvements down the road.”

...

http://www.emergencymgmt.com/safety/-Pittsburgh-public-safety-brass-promises-changes-in-planning-for-major-events.html

The BCI has announced that Lorraine Darke is to stand down as Executive Director of the Institute after 12 years in the post. Applications are being invited for her replacement. 

BCI Chairman, David James-Brown FBCI, commented: “Since Lorraine’s appointment in 2004, the Institute has been through a dramatic period of growth and modernisation, and we are now seeking an experienced and inspirational leader to drive the BCI forward in the next stage of its development. We will be appointing a new Executive Director who has a thorough understanding and experience of the challenges facing contemporary professional bodies, and the skills necessary to triumph in this competitive environment. The successful candidate will be a dynamic, energetic and enthusiastic leader, with excellent people skills and the ability to engage and develop lasting, positive relationships with a range of stakeholders.  They will have proven capabilities in identifying and capitalising on commercial opportunities through original solutions.” 

For more details about the role click here.

Friday, 06 May 2016 00:00

Understanding Cyber Security Threats

In 2014, the federal government was the victim of 61,000 cyber security breaches. If the government is so vulnerable, what are the cyber security risks for businesses, whether large or small? Revisit the cyber security threats facing modern businesses to learn how to best protect your business from threats. 

Cyber Security Threats Facing Businesses

Businesses in all industries face a growing range of cyber security threats. Companies must understand the barrage of threats coming from attackers in order to implement a comprehensive security plan that addresses their vulnerabilities. Pressing concerns for small and large businesses include:

...

http://blog.sendwordnow.com/understanding-cyber-security-threats

The Business Continuity Institute - May 06, 2016 16:08 BST

Return on investment… a dilemma for business continuity practitioners. How to demonstrate the value of something that is designed for events which (hopefully) never occur? How to access, then budget, resources, organizational importance and leadership, as this ROI is potentially a part of the 'beauty contest' with resource competing disciplines? Providing concrete numbers is obviously challenging… so what could be the solutions?

Understanding the budget approving audience is a major prerequisite. What are current business and/or personal requirements and agendas? How would you concretely respond when being asked “what is in there for me” by this audience?

Important to know: the behavior of human beings can be influenced best with personal, immediate, certain, positive consequences… respective innovation and adaption considering the psychological background are therefore the key for designing the 'right' (personal) ROI strategy (mix).

Potential ROI types:

The emotional ROI

It requires the generation of emotions in particular fear of significant and specific events where a BC program could return a 'better sleep' or the avoidance of any form of reprimand or career impact.

And it works… however usually for a small time window only utilizing the post-event felt urgency for action, and with limited success over time. Human beings tend to normalize scenarios and fall back to the 'will not happen to us' and 'business as usual' reflex especially when the projected apocalypse does not occur in their own backyard. As a matter of fact, the dose of bad news has to be increased over time for achieving a constant attention level. At a certain point credibility may be impacted as a function of the risk appetite. This ROI approach should be used therefore economically and selectively.

The competitive ROI

BC Intelligence means collecting consistently concrete data on external incidents, good practices, business strategies, and BC activities and benefit, in particular concerning explicitly the same industry or major business competitors. Data is consolidated and illustrated provoking a 'why don`t we' reflex by generating the perception of a competitive disadvantage when not implementing a similar or even superior BC program. The return is a (perceived) competitive advantage with respective business consequences (market share, revenue etc) which may be qualitatively illustrated for supporting the ROI design.

The monetary ROI

Concrete numbers are challenging, however an indirect approach could work. BC should not be limited to the classical disastrous event role, but the view should be expanded to regular incidents by taking the discipline out of the fateful special and rare event corner. Joining forces with incident management and/or business functions in the frame of a resilience approach could facilitate the collection of respective and concrete data.

There is a variety of direct and indirect costs linked to incidents which could be (examples):

  • Event management, alternative resource, recovery
  • Product / service / process incl. for downstream - rework / penalties
  • Clients / contracts - fines / reputation
  • Revenue / billing / investment
  • Cash flow / discounts / credit rating

Cost aspects should be formally recorded, if possible quantitatively (or at least estimated or qualitative statements if not). Taking all eventual costs into consideration may lead to surprising findings setting the breeding ground for BC ROI illustrations.

Records should then be explicitly checked for potential BC support aspects. Could, or have, plans, plan parts or linked action, the mapping of processes and business impact (BIA), interface processes (like crisis management, emergency response, and crisis communication) directly or indirectly mitigated the cost impact? If yes, to what extent? What is needed for optimizing this? What are quick wins? These findings are consolidated and illustrated bearing in mind the interests and requirements of those assigning resources. Found 'bright spots' could be used for driving change. Costs could be defined as a certain form of 'loss' which links the ROI to popular business strategies e.g. 'lean'. For tailoring this a sound understanding of business initiatives in particular of those dragging currently the interest of the budget and resource approving audience is beneficial.

To summarize…

Resource competition games require usually ROI strategies. The rules are set directly or indirectly by the business and budget owners, and apply to all disciplines competing for the resource pool. Practitioners need to be able to sell the BC value to those in the driver`s seat for budget and resources approval by tailoring innovative language, communication channels and ROI scenarios according to personal and business requirements and capabilities. Joining forces via a resilience approach might facilitate the designing of business cases.

Thomas Schildbach MBCI Ph.D. is the Risk and Business Continuity Manager at Post Technologies

The Business Continuity Institute - May 04, 2016 10:20 BST

If you’re an SME, you’re busy making money and keeping daily business under control. The last thing you need is another task, creating something that you may never need to use. But there are many immediate benefits and important reasons for creating a business continuity plan (BCP). Here are six that will more than justify the effort of creating one:

1. Stay out of legal trouble

A number of industries require their players to have a BCP, either due to Government regulations or contractual obligations. Typical examples of regulated industries are the financial industry (through the Central Bank Business Continuity standards), certain time-critical Government functions, as well as supply chain driven industries such as the oil and gas sector and the manufacturing industry. This means that if you operate in any of these industries, having a tried and tested BCP is a ‘must’ if you do not want to risk losing your customers and/or your license to operate.

2. Gain competitive advantage and increase your revenue

Having a well developed and tested BCP can mean you get the business instead of a competitor.

Many regulatory standards and commercial agreements now include a ‘third party business continuity’ requirement. This means that an organisation’s critical suppliers need to have a BCP. So even if you’re a catering supplier, a construction company, a transport supplier or a cleaning company, you can be critical to your customers. And they will be keen to review your risk management capability and disaster response options. So be smart and proactively communicate your continuity ability on your website and in your business proposals.

And BCPs are not just valuable to businesses whose customers are other businesses (B2B). Even consumers can be interested in your ability to continue providing products and services ‘no matter what happens’. Imagine you’re operating a small tourism business and entire families join you on your trips. Why not proudly tell them about your alternate guides, drivers, communication tools, emergency health provisions, accommodation options and transport facilities in case any of a disruption. Why not use the existence of your BCP to convince your customers that they (and their kids) are in good hands? This strategy can be applied to numerous sectors, in particular those where health and wellbeing are at stake, such as private hospitals, food suppliers, security providers and utilities.

3. Appeal to investors

Investors are concerned about your business being sustainable and your ability to continue to operate should adverse events occur.

One of the tools you can use to convince investors that you will stay ‘afloat’ in the event of a flood or other disruption, is a properly developed and tested business continuity plan. In fact, the U.S. Securities and Exchange Commission prescribes asking for a BCP by any investment advisers as a compliance requirement (see footnote 22). Hedge Fund investors have been pushing for years for business continuity plans to be in place prior to a fund’s launch.

4. Reduce your insurance premiums and/or get better coverage (or any coverage at all!)

According to a survey amongst brokers and insurers by the British Insurance Brokers Association (BIBA), 61.6% of interviewed insurers and brokers confirmed that companies, by having a BCP, will benefit from getting additional types of insurance, and as a result, comfortably opening new markets. If an SME, for example, is looking to include larger clients in its portfolio, it is required to show strength and seriousness in their management processes to the insurer (e.g. its ability to deliver on any obligations arising from larger contracts), so the insurer will cover them for related risks.

The BIBA survey also shows that 55.7% of the responding insurance firms offer discounts on premiums, if a client has a BCP. Additionally, they pointed out the unacceptable risk of not having a BCP when wanting to access insurance products. In total, 83.3% of the respondents said they would either offer a discount or improvement of the terms of business interruption policies, if companies had a BCP.

5. Be prepared for the big disaster, therefore also for the small disasters

Having detailed plans in place for the ‘big bang’ makes you stronger against the far more regular, minor mishaps of everyday life. Your responsiveness to small incidents will improve exponentially, considering your staff will have a stronger ‘what if’ mindset, making themselves and the company more resilient. Plus, having your contingency procedures kept updated and accessible from one central place (i.e. your BCP), will enable you to get ready quicker in the event of such smaller, regular mishaps without having to hunt around for the relevant response procedure.

6. Fill the gaps left by your insurance policy

Most businesses care about their people and about the future of their business. Not knowing what threats are around the corner (and not knowing in what forms they may present themselves) can be very stressful. Knowing that your insurance policy covers you for some unforeseen circumstances can partially alleviate that stress. But not every risk is insurable!

For example:

  • Your SME has certain assets, tangible or intangible, that are not covered by any insurance, simply because there are no policies for every single threat or every single asset (for example, your reputation).
  • Insurance policies often include force majeure clauses, meaning that for certain threats the insurer doesn’t pay.
  • Long waiting periods and/or ‘no claim’ requirements limit your ability to insure your business from day one,
  • It takes ages before the approval occurs and/or the physical pay-out hits your bank account.

By having a business continuity plan, arrangements can be made before a disaster hits that would minimise its adverse impact. These arrangements might include having reciprocal arrangement in place with a business who can service your customers while you recover, or who can provide you with the tools and equipment you need. You might also look at ensuring the key information you need to continue your business is accessible in the event of an IT disaster, such as storing a copy of your customer details and order information offsite or ‘in the cloud’.

Setting up and running a business is not easy. After surviving the avalanche of getting licenses, paying for the set-up of equipment, allocating roles and responsibilities, marketing the products/services and establishing systems required to run business functions, SMEs face new challenges, pressures and deadlines every single day.

Even more reason to protect your business and ensure its survival and make sure you didn’t waste all that time, effort and money. Especially if your business is part of a supply chain, or customers can choose between you and your competitors, or if the business is taking off and growing. You need to have a plan. One that will help you even if you don’t experience a disaster.

Rinske Geerlings MBCI is the Founder, MD and Principal Consultant at Business As Usual.

Thursday, 05 May 2016 00:00

BCI: Educating the educated educator

The Business Continuity Institute - May 04, 2016 16:11 BST

This year’s theme for Business Continuity Awareness Week is 'return on investment'. As someone who has worked in business continuity in both the public and private sector for over six years I am seeing that the investment in building robust, easy to use and readily available business continuity plans is essential, but nowhere more so than throughout the world of education in the United Kingdom with the Conservative Government slowly but steadily guiding all Local Authority maintained schools towards an academy status.

The ability to manage everything down to what is spent on what and when is now making the academies much more business focussed than they ever were before, and this self-sufficiency of course means that they want to get more bang for their buck.

But they still need to understand their primary function... to provide education, and what it is that they need to continue doing that... whatever.

Case studies

Major incidents in schools and academies can be much more disruptive than lost PE tops, grazed knees or spilled paints. Look at the total rebuild of Crockerne School in Pill due to a contractor's asbestos incident, or the total loss of Leyland School where teenagers set the school alight days before a new term.

Who pays?

Actually both were covered by Local Authority insurance providers at the time but now the academies need to convince the insurers that they too can cope with the disruption and have a plan.

Where’s the saving?

I have been working with many schools, academies and governing bodies over the last four years ensuring that they have an easy to use document that is fully exercised, which allows them to understand what they need to do during and after a disruptive event. I am now seeing the questions arise from Insurance providers. "Can we have sight of your business continuity/DR plans?" There will of course be several reasons for this but mainly the insurance provider wants to know that the school or academy is taking responsibility and has the ability to recover quickly and effectively, these insurance companies are also in a very competitive world themselves, trying to keep premiums down for their customers to protect their business and provide future growth in their own industry. Schools and academies can take advantage of this in their negotiations.

Of course education is just one example but it is a very good one. From a management perspective it has changed massively over the last few years and will continue to do so. The education pot is not a bottomless one, schools and academies need to make their budget stretch a long way to ensure that the children get the education they should in a safe and secure environment. But, through careful planning and preparation and quality time spent in areas such as business continuity that budget may just stretch a little further. 

The Business Continuity Institute - May 05, 2016 11:29 BST

As we take a look at our organizations during Business Continuity Awareness Week, perhaps one of the most consistent challenges has been the business case. The definition of value is the cornerstone for clear communication with senior management, and continues to be a quandary.

The struggle for definitions; value, resilience, ROI in BC, must have us ask: “What is the value of business continuity?

The search for the value of business continuity is not of models, but of philosophy; not of others, but our own. The history of BC grew from DR, preparing systems and processes for recovery, and evolved toward resilience with the addition of emergency management and response. But the ability to handle brand management has been awkward, and garners less credibility, due to the ill-balance of upside and downside risk management.

Senior management primarily focuses on creation of opportunity; wealth, innovation, resources, and acquisitions. BCM has an opportunity to be directly involved in the creation of efficiencies in these areas, and is strategically placed within Operations Management, which is the costliest area of an organization. The ability of BCM to streamline new and current revenue streams, is unique. By mitigation of risk, and determination of upside risk capacity, it is one of the few areas where substantive change can be made, due to constraints.

There are those who argue business processes are not under the purview of business continuity, but suppliers, technology, SLAs, are part of processes. We are already involved, and the resultant optimization of systems, risk mitigation of upside risk for better decision-making in the innovation life cycle, and reduction of response time during breaches increases value.

A balanced scorecard: strategic value creation

The Poneman Institute states business continuity shortens response times to breaches by 100 days, and losses by 66%. One of the ways to know if we have generated influence, is if there is insight between departments. In a different Poneman report, cyber resilience was placed in the CIO’s hands in most organizations, but several in the information space are main influencers. BCM is at the bottom of the pile.

On the flipside, business continuity planning is seen as critical, with 70% stating it is one the most important aspects of resilience. Many have stated a:

  • Lack of metrics
  • Lack of leadership connection of resilience to revenue
  • Lack of knowledge of their own resources

This is also troublesome, as metrics, specifically a balanced scorecard, would join the strategic goals and objectives in an iterative fashion. This creates accountability, which is elusive, in resilience. This is where Operations Management can offer its experience in making the intangible, tangible. When an organization establishes an audit process, senior management believes it has value.

Takeaways

  • This is the opportunity to become the SME of the organization
  • Information security states, reputation and revenue were of little importance to them
  • Business continuity is the balance, as internal and external stakeholders cannot be left out of the decision-making process

The question lately has been: “Why isn’t anyone listening?” Perhaps the query should be: “Are we listening?” Business drivers are innovation and new technology, which increases upside and downside risk, and revenue. In that case, we must be there to vet new technology, because it increases competitive advantage. Understand the drivers of new business, and you can reach senior management, establish value, and create the need for business continuity.

For BCM, it is crucial to create an identity which is part of the business culture of an organization. It is not enough to build a plan from the mission statement. This means disaster recovery must a universally independent entity. Business continuity must understand resilience is not based in the processes alone, but future investments, the supply chain, sustainability, innovation, and people.

Value is more than a number, which is only a symbol, an expression. Return on investment is dependent upon the value business continuity and the business place upon one another. Similarly to a marriage, the effort to learn value can be a simple, 'why?'

Conclusion

So, where are we now, and where do we go from here? As a great professor once stated: “It is neither good, nor bad, just a different idea of what people believe is worth the effort.” Perhaps, value is better measured in the long-term, where events regress to the mean, and reached after we have agreed upon definitions for 'returns', and 'success'.

Radhika Murali is an MS student at Boston University, in Business Continuity, Security, and Risk Management. She has her ABCP, ten certifications with FEMA, and twelve years of experience in supply chain, as well as independent research in organizational resilience.

BSI CAR/1 (Continuity and Resilience Standards Committee)

I have been a member of CAR/1 representing the Berkshire Business Continuity Forum since 2006, when it was known as BCM/1.  CAR/1 mirrors ISO TC/292 and CEN TC/391.  The British Standards landscape (at April 2016) includes:

...

http://risky-thinking.blogspot.com/2016/05/continuity-and-resilience-standards.html

By asking the CEOs of some of the most successful and influential companies in the world, such as GE and Google, a clear definition of innovation manage­ment emerges. The definition addresses the need to quickly and effectively implement organizational goals and objectives to remain competitive and the desire to strengthen advantages through the adoption of innovative ideas, products, processes, and business models.

Enterprises facing increasing competition and the pressure of techno­logical innovation are beginning to realize that to drive organic business growth and maintain a competitive advantage, they need to discover and imple­ment innovation quickly and with great care to ensure maximum value. One-off innovations are moderately easy to take advantage of, but to create a pipeline of innovative ideas that materially impacts the growth of an organization, it is critical to nurture an innovation management proc­ess that can be sustained and that can remain flexible and adjustable to accommodate changes in the competitive environment. Today’s enterprises need to manage and govern the process of innovation; it is a crucial facet of a company’s overall function.

...

http://blog.cutter.com/2016/05/03/eas-role-in-the-innovation-management-process/

In the first part of our “Workplace Violence” blog series, we discussed this troubling and increasingly prevalent issue of workplace violence, along with highlighting the importance of being prepared for a very real yet unpredictable violent scenario taking place in your workplace. Which begs the question: How do you plan for something you can’t anticipate? The fact is that you can, and it all starts with the formation of a proactive crisis management team.

...

http://blog.sendwordnow.com/workplace-violence-why-you-need-a-crisis-management-team

(TNS) - Mark Michalk was in Rockport on April 18 when the water rose into his Katy home.

He had been out of town to help his aunt repair her summer home. When he reached his house on Y Street and Avenue D three days later, Michalk stood shocked at damage from 1-foot-deep water in the building.

"We have to gut my house, tear the Sheetrock out of the walls at least 4 feet up," said Michalk, who has lived in his downtown Katy home more than 10 years. "All the damages will probably cost $80,000 to $90,000 to repair. I have no flood insurance."

...

http://www.emergencymgmt.com/disaster/Lessons-learned-from-Katy-area-floods.html

The buzz at yesterday’s inaugural Cyber Investing Summit – held on Wall Street at the New York Stock Exchange – was that most CEOs and board members don’t get cybersecurity.

Cybercrime is on the rise — to the tune of $2.1 trillion by 2019, according to Juniper Research. The Verizon 2016 Data Breach Investigations Report (DBIR) states that no location, industry or organization is immune from attack. A DBIR executive summary — described as the C-level guide to what they need to know — is chock full of information that most CEOs will struggle to understand. For instance, ‘the median traffic of a DoS attack is 1.89 million packets per second — that’s like over 113 million people trying to access your server every minute.’ Huh?

Make no mistake, Verizon’s report is an invaluable resource and recommended reading for business leaders. A skim through is certain to heighten awareness around cyber risks — even if it leaves a CEO scratching her head trying to figure out what all the technical terms mean — including patching, change monitoring, SLAs for DoS mitigation, CMS plugins, two-factor authentication, tamper evident controls, and all the rest.

...

http://www.forbes.com/sites/stevemorgan/2016/05/04/why-ceos-are-failing-cybersecurity-and-how-to-help-them-get-passing-grades/

Guesswork is often the enemy of those responsible for data center design, operations, and optimization. Unknown variables lead to speculation, which inhibits predictability and often compromises success. In the world of storage, many mysteries still remain, unfortunately, with block sizes being one of the most prominent. While the concept of a block size is fairly simple, its impact on both storage performance and cost is profound. Yet, surprisingly, many enterprises lack the proper tools for measuring block sizes, let alone understanding them and using this information to optimize data center design.

Let’s look this topic in more detail to better understand what a block is and why it is so important to your storage and application environment.

...

http://www.datacenterknowledge.com/archives/2016/05/04/impact-block-sizes-data-center/

(TNS) - Tracey Herrera suspected she had a bout of food poisoning and would be out of the Langley Health Services clinic in a few minutes with a prescription for antibiotics and some encouragement to get well.

Jerry Azevedo thought that he and Herrera had picked up a flu-like, bacterial infection during their mission work in the Republic of Sierra Leone, in west Africa, a few weeks before.

“I'm vomiting blood. I feel pretty bad,” he said. “Imagine the worst flu you've ever and multiply it by 10.”

They walked into the Ocala clinic on Magnolia Avenue at 9 a.m. together. They were pale and shivering, and between coughing fits managed to tell the clinic's the receptionist they had been out of the country and were now sick. Clinic staff immediately took them into a quarantine room and contacted Munroe Regional Medical Center that they suspected the two were infected with the highly contagious and deadly Ebola virus.

...

http://www.emergencymgmt.com/health/CHAMP-sponsors-Ebola-drill-practice-for-a-medical-emergency.html

(TNS) - Florida health officials confirmed three new Zika virus infections on Tuesday, including one pregnant woman and one new case in Miami-Dade, as U.S. Sen. Bill Nelson, a Democrat, held a press conference in Coral Gables urging Congress to fund a $1.9 billion emergency appropriation requested by President Barack Obama to combat the disease.

Zika virus has impacted Florida more than any other state, with a total of 102 people affected since February, including at least 40 in Miami-Dade, the county with the most cases. Included in the statewide total are seven pregnant women, though the health department does not disclose their counties of residence because of privacy concerns.

With Zika cases on the rise and the rainy season at South Florida’s doorstep, Nelson called a media conference with University of Miami Health System infectious disease experts and a Miami-Dade mosquito control manager to press Congress for additional funding.

...

http://www.emergencymgmt.com/health/Three-new-Zika-cases-in-Florida-Nelson-urges-approval-of-emergency-funding.html

Thursday, 05 May 2016 00:00

How to Appeal a FEMA Decision

RIDGELAND, Miss. – Some survivors, who registered for federal disaster assistance after the March storms and flooding, may have received a letter from the Federal Emergency Management Agency that says they are ineligible. However, the reason for the decision may be something that can be easily fixed, such as providing insurance documents or new contact information.

Applicants can appeal any FEMA decision.

The first step is to look at the specific reason the letter was sent. If it isn’t clear, or more information is needed, a specialist at the FEMA helpline at 800-621-3362 (voice, 711, video relay service) can help. TTY users can call 800-462-7585. The toll-free lines are open 7 a.m. to 10 p.m. seven days a week. Information is also available online at DisasterAssistance.gov.

Appeals must be made in writing and sent by mail or fax to FEMA within 60 days of receiving the letter.

Mail appeals to:

FEMA
National Processing Service Center
P.O. Box 10055
Hyattsville, MD 20782-8055

Appeals and documents can be faxed to 800-827-8112.

Information on how and where to file an appeal is included with the letters and in the "Help After a Disaster" booklet, which can be downloaded at FEMA.gov/help-after-disaster.

Effective appeal letters should follow these procedures:

  • In the first paragraph, list the applicant's full legal name used on the aid application, along with Social Security number and the FEMA case number. Include a personal phone number as well as a back-up phone number where the applicant also can be reached, in addition to a correct mailing address.
  • Write an explanation of events that provides evidence to support the appeal. Summarize changes in circumstances or needs, additional damage to property discovered after the registration was filed or higher-than-anticipated costs for repairs.
  • Include photocopies of receipts for materials and labor as well as up to three written bids for repair work if those costs exceed the award amount. Submitting repair estimates, receipts, statements or invoices is recommended.
  • Keep a copy of the appeal letter and supporting documentation as a record.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-3362 (voice, 711 or video relay service). TTY users can call 800-462-7585.

Technology is forcing fundamental changes in business landscape, and the data center is at the core of these changes. New levels of user mobility, the pace and style of application delivery are revolutionizing how businesses compete and stay ahead. Your data center is now the driving force behind your business, and as its role evolves, it too must change.

There needs to be a better way to deploy powerful, scalable systems that are integrated and easy to manage. To address this need, a new type of platform has emerged: hyperconverged infrastructure.

First, let’s define the concept. It’s important to note that there are a number of similarities between hyperconverged and converged infrastructure. Both are deployed as blocks, and both converge critical resources to deliver higher density. The biggest difference is in how these environments are managed. In hyperconverged infrastructure, the management layer – storage, for example – is controlled at the virtual layer. Specifically, it incorporates a virtual appliance that runs within the cluster. This virtual controller runs on each node within the cluster to ensure better failover capabilities, resiliency, and uptime.

...

http://www.datacenterknowledge.com/archives/2016/05/05/understanding-hyperconverged-infrastructure-use-cases/

Thursday, 05 May 2016 00:00

Small Business Interrupted

Every business comes with a certain amount of risk. Although difficulties and challenges can’t be avoided, they can be mitigated with the proper precautions, planning and insurance coverage.

In support of National Small Business Week (May 1-7) and to help business owners understand insurance, the Insurance Information Institute (I.I.I.) developed this infographic that focuses on business interruption insurance which is also posted on the I.I.I’s Business Pinterest Board.

Did you know that after a catastrophe or other disaster 40 percent of businesses do not reopen and another 25 percent fail within a year?

...

http://www.iii.org/insuranceindustryblog/?p=4436

The Business Continuity Institute - May 03, 2016 10:27 BST

The Business Continuity Institute's recent Horizon Scan Report identifies that cyber attacks are still perceived as the top threat by businesses. Also within the top 10 is concern about supply chain disruption, especially as they are becoming increasingly complex and often transgress international borders. Other sources of anxiety include a data breach and, for the first time this year, concerns over the availability of talent and skills. So how does business continuity help with these very real issues for businesses operating today?

The need to understand your business

Taking what is termed a 'granular approach' to your business and investing time to understand the various processes and roles within your organisation will probably provide one or two revelations. You may discover that there is duplication of processes or an incompatibility in how contact details are saved e.g. product names versus name of supplier. Could this be causing unnecessary delays or confusion between your own departments? Would the purchasing department have a plan in place if a key supplier suddenly fails? Do HR and departmental managers allow themselves the time to think about what actions may be required in the short, medium and long term if a key member of staff is unexpectedly going to be absent? Is this key person's knowledge accessible for whoever may have to fill their post on a temporary basis? Being aware of these things may improve both the efficiency of your internal systems and as a consequence the quality of service provided to other departments. So often businesses spend time worrying about the customer experience but many often ignore the fact that 'customers' i.e. people or persons requiring a product or service, exist within their own organisation, and that getting those departmental customer interactions right, can make a huge contribution to the bottom line. Gaining a better understanding of the interactions within your organisation is just one supplementary benefit of thorough business continuity planning.

Data management often comes under scrutiny during a disaster recovery (DR) programme initiative. A business that really thinks about its data will often discover the diversity and value of information that it has acquired and stored, though one aspect of this that is often overlooked or not fully appreciated is the system's ability to ‘de-duplicate’ this data. Much of the data on your organisation's live system will be copied time and time again. For example, when you cc an email to other people in the business the same data is saved multiple times across the business. With a modern DR system only one version of the email will be stored. At its most effective, this de-duplication system can deliver a staggering reduction in data storage of up to 65 percent!

What other questions should you be asking?

When planning business continuity the first question is, 'What are the vital assets without which my business can't function?' Relocating staff is inconvenient but not impossible, buildings are a shell housing your business and can be replaced. It is the records of contacts, contracts, transactions and communications that represent years of trading, and the associated applications that have been developed to manage and evaluate this knowledge and intelligence, that are the unique asset that needs protecting. Maintaining reliable and secure access to this information is key to ensuring the continuity of your business. With this in mind take some time to assess your current situation; ask yourself; ‘Am I as protected as I can be?'

Consider the following:

  • Can you access your data remotely?
  • Have all sources of information (data) been identified
  • Is it backed up and accessible off site?
  • Are staff able to work remotely, with access to relevant files?How long would it take to get alternative services up and running?
  • Have you considered moving processes away from a dedicated IT infrastructure to hosted capacity and applications, delivered over the Internet?

If you answered ‘yes’ to the last question there are some supplementary points you should consider checking with your provider:

  1. What guarantees are within the Service Level Agreement (SLA)?
  2. Where is my data? Check where your data is being housed, UK, Europe, America…

Choosing a Cloud provider should be done with business continuity and due diligence in mind. Should the unthinkable happen and your day-to-day business is compromised you will need to get to that all important data so the first thing you need to ask is, “How do I get my data out?”’How do I get my data out?’

Future proofing your BC plan

A BC (business continuity) plan needs to be adaptable to Cloud technologies and these are constantly changing and improving. Your BC plans should not define how to operate with a Cloud vendor but should allow for the relationship to evolve and respond to your business' growth and evolution and that of the technology. Many Clouds are provided ’as is’ with no recourse, as long as you know that and accept the risk you can plan for it. Where there is a service level agreement, this needs to be understood and reflected in your own BC planning and may cover elements such as the speed and amount of data restored. This is where taking the time to think about your business can really improve the efficiency of your BC plan. You will need the phone numbers and emails of your suppliers and customers within the first few hours of any incident occurring, in order to keep them informed about progress should your business be compromised. What you won't need with quite the same urgency, if ever, are the photos from the last staff Christmas party!

Having the right recovery time should be decided by the business, with careful consideration around which applications should be given priority and the maximum outage period. Having near instant restores will cost more than an eight hour recovery option, but not all business functions need to be restored at the same rate and every business is different.

So to conclude, don't approach business continuity planning as another process to follow through mechanically. Embrace it as an opportunity to review, refine and reinvigorate your business and not only will you sleep at night with the knowledge that you have a backup plan, you may even find new opportunities and ideas that bring new life to you, your staff and your customers.

Russell Cook, managing director at SIRE Technology has long been an advocate of business continuity and not just because it makes sense to make a contingency plan in case of the unexpected. No longer is business continuity just about backing-up your IT systems; if implemented and maintained in a professional manner, business continuity planning becomes a valuable business tool in its own right.

A growing trend in law enforcement today is the use of social media and technology as a valuable resource to agencies and residents. The acronym LESM (Law Enforcement Social Media) is becoming a common term across Twitter, podcasts, and a focus among law enforcement agencies. Agencies are adopting LESM to stay current with today’s technologies as well as connecting with the community in the most effective way.

...

http://www.everbridge.com/how-does-lesm-help-create-safer-communities/

One of the highest-value services MSPs offer customers is protecting their data with automated backup and recovery. However, often neglected in the conversation with customers is the need for business continuity planning.

When you get right down to it, the ultimate goal of any BDR strategy should always be to keep the business running, no matter how serious a calamity it suffers. To achieve that level of readiness, BDR technology is essential, but there is more to business continuity planning than backing up data.

MSPs, therefore, should not only provide BDR technology, but also take on the role of business continuity consultant. In this way, you add value for the client by addressing a critical need while creating consulting revenue opportunities. Of course, helping clients stay in business through a catastrophe also helps protect your future income.

...

http://mspmentor.net/blog/it-s-about-business-continuity-not-just-backup

Tuesday, 03 May 2016 00:00

Planning for the Data Center Future

The future of the data center is quickly evolving into the question of the day as changes to technology, business processes and the economy itself spur the reconsideration of long-held design precepts up and down the data stack.

Existential angst over the data center is no different from what philosophers have been pondering for millennia – “Who am I? Where am I going? What does it all mean?” – but in this day and age, plans for the future, and not even the very long-term future, are having direct consequences on decisions being made in the here and now. So amid the mad rush to get on the cloud, deploy Big Data and remake all that the IT department holds dear, it’s worth it to stop and think where we want to be in a few years.

According to Rakesh Kumar Singh, lead tech of data center technologies at Juniper, the future data center will focus heavily on client-facing and analytical workloads, with the overarching goal being to maintain and even extend a competitive edge in an increasingly cut-throat economy. The best way to approach this is to upend the age-old practice of constantly seeking out and deploying the latest and greatest technologies to instead focus on business priorities and work out the infrastructure from there. As IDC noted in its most recent FutureScape study, half of all infrastructure investment by 2018 will foster greater engagement, insight and action rather than systems maintenance, while 45 percent of the installed base will employ automation and even autonomy to improve performance, lower costs, and provide the agility and scalability to remain relevant in the coming years.

...

http://www.itbusinessedge.com/blogs/infrastructure/planning-for-the-data-center-future.html

ATLANTA – The Federal Emergency Management Agency (FEMA) recognized Louisville-Jefferson County, Ky as a premier participant in the National Flood Insurance Program’s (NFIP) Community Rating System (CRS). With additional steps the community has taken, Louisville-Jefferson County is now the first community in Kentucky, and only the second in the eastern US, to receive a CRS Class 3 rating. Jesse Munoz, FEMA Region IV mitigation division director, presented Metro Council President David Yates a plaque recognizing Louisville-Jefferson County’s achievement at the April 14 Metro Council Meeting.

The CRS rewards communities that voluntarily take steps to reduce flood risks beyond the minimum requirements of the NFIP, such as increasing flood protection and implementing preparedness and mitigation activities. As a result, property owners and renters in CRS-participating communities enjoy a reduction in flood insurance premiums.

“Louisville-Jefferson County is the only community in the commonwealth and among only a handful of communities nationwide that has achieved Class 3, which is a notably high rating,” said Gracia Szczech, regional administrator for FEMA Region IV. “I am pleased that we can recognize Louisville-Jefferson County for taking steps to make their community safer, more resilient and save their residents money.”

Policyholders in Louisville-Jefferson County first began receiving flood insurance discounts under the CRS program in 1991. Currently, there are more than 5,194 flood insurance policies in force in Louisville-Jefferson County, representing more than $880 million in flood insurance coverage. Policyholders located in the high risk areas of flooding, or Special Flood Hazard Areas, can now receive a 35 percent discount on their policy premium, which is an average savings of $505 per policy. Some policyholders in the lower risk areas are eligible for a 10 percent discount. In total, policyholders realize an annual savings of $2,054,687 because of the community’s participation in the CRS program.

For more information on the NFIP’s CRS program visit https://www.fema.gov/national-flood-insurance-program-community-rating-system. For more information about the NFIP, a program administered by FEMA, visit www.floodsmart.gov.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Growth forecasts for data center storage capacity show no signs of slowdown. Cisco expects that by 2019, 55 percent of internet users (2 billion) will use personal cloud storage — up from 42 percent in 2014. By 2019, a single user will generate 1.6 Gigabytes of consumer cloud storage traffic per month — up from 992 megabytes per month in 2014. Finally, data created by devices that make up the Internet of Things, which Cisco calls “Internet of Everything,” will reach 507.5 Zettabytes per year by 2019 — up from 134.5 ZB per year in 2014.

Needless to say, that’s a lot of data, which will require a lot of storage, and Google is proposing a fundamental change to the way engineers think about and design data center storage systems, a rethink that reaches all the way down to the way optical disks are designed.

...

http://www.datacenterknowledge.com/archives/2016/05/02/google-wants-rethink-data-center-storage/

Today, MetricStream, the market leader in governance, risk and compliance (GRC) apps, has released the results of a survey which reveal the maturity of Regulatory Compliance Management (RCM) in North American and European businesses, having surveyed more than 100 compliance professionals. Identifying the factors that impact the effectiveness of RCM, which is essential for monitoring for regulatory changes and ensuring compliance, the survey analyzes the processes in place, number of dedicated employees and departments in charge. The results indicate that, despite being well staffed to manage RCM, many businesses are still unaware of or unable to invest in appropriate technology and tools; key findings include:

...

http://corporatecomplianceinsights.com/metricstream-survey-reveals-lack-regulatory-change-management-maturity/

Michael Dell today revealed the new names, and yes we are talking multiple names, for the artist formerly known as the Dell-EMC deal. EMC will be deprecated for the main branding Dell Technologies, but will live on for the enterprise brand Dell EMC while the client services business will be called Dell, Inc. according to multiple reports.

Confused? I’m sure you’re not alone, but Dell was reportedly very excited about the new brands as he spoke about them on stage at EMC World in Las Vegas today. I suppose when you spend $67 billion, a few extra names makes sense — more names for your buck. Other brands like VMware, Virtustream, RSA and Pivotal will also reportedly live on.

If you aren’t familiar with the deal, it has gone through some twists and turns, but last October Dell surprised the world by announcing it was buying EMC for $67 billion in what’s believed to be the largest technology acquisition in history. It involves a mountain of debt, approximately $40 to $50 billion, depending on which reports you believe, and it will likely require selling off pieces of both companies to pay the deal.

...

http://techcrunch.com/2016/05/02/michael-dell-reveals-new-branding-scheme-for-the-dell-emc-conglomeration/

The Weather Company estimates that weather is perhaps the single largest external factor affecting business performance, to the tune of nearly $1 trillion lost annually in the US alone. Combining weather data with business data can improve decision-making for a wide range of companies. The company's work earned it the No. 2 spot on the 2016 InformationWeek Elite 100.

The Weather Company and its project to modernize its data collection, storage, and forecasting platform won recognition in last year's Elite 100, coming in at No. 5.

So it's no big surprise that, a year later, The Weather Company is in the top 5 again as the company continues to build on its previous success. Its expanded ambitions involve its new parent company, IBM, and a plan to apply Watson cognitive computing to the Internet of Things (IoT).

...

http://www.informationweek.com/strategic-cio/the-weather-company-brings-together-forecasting-and-iot-/d/d-id/1325362

Tuesday, 03 May 2016 00:00

Why Compliance Must Not Fit In

My upbringing was a little different to that of my friends. I was a young teenager in the ’80s, when hair was backcombed high and shoulder pads were “in.” My mum was constantly being confused as the pop star Cher. With her similar hair, makeup, heels and great outfits, people would stop her and ask for her autograph. She certainly did not fit in to any type of normal mother mold I saw around me. I’m proud to say, she is now 67 and still does not fit in to what the average woman her age should look like or do.

Years later, I realized the wisdom of her stance against “fitting in.” Having worked in the ethics and compliance field for 20 years, I now understand how much compliance is not about “fitting in.” Indeed, it’s the exact opposite. Unfortunately, we live in a world where the “norm” in many countries would be seen as unscrupulous to many. We have seen it with the politicians in Brazil recently with Petrobas case. We have seen it on our own doorstep with the Panama papers, in which almost every country you can think of seems to have been touched. And we see it everyday with the prosecutions by the numerous regulators around the world. Fitting in does not work.

NOT fitting in means being unreasonable. Compliance needs to stand out and rebrand itself. Many of my clients tell me that they are queuing up to make their training/communications/projects front of house. They have to stand in line behind safety, security, sales, innovation and the countless other serious and important issues a company needs to address. That’s why it’s important NOT to fit in.

...

http://corporatecomplianceinsights.com/compliance-must-not-fit/

Tuesday, 03 May 2016 00:00

BCI: Business Continuity and Shoes!

The Business Continuity Institute - May 03, 2016 16:50 BST

Q. How can you develop robust business continuity and still have enough budget left for a pair of shoes?

Within the heart of every business there is a hole that only business continuity can fill.

I would like to present a low cost, continuous improvement model that has proved successful in providing business continuity management to a large organisation and an additional capability that it did not have before.

Generally speaking we develop or employ one expert, who is trained to a recognised standard and responsible for BCM across the organisation. In some cases BCM is combined with emergency planning and risk under the title of 'Resilience Manager'. Personally I think that putting three jobs into one is not ideal, however I understand that organisations have to 'cut their cloth' according to the pressures they face.

Whatever the setup, and depending on the budget, the BC programme will be delivered via a project team, a single manager, or a manager guiding a number of BC representatives (in addition to the day job) that receive training as they go along. These are all tried and tested processes, the result of which sees us where we are today. Many organisations aspire to align with ISO22301, and consequently the BC programme is driven along those lines.

It is important that BC managers should be trained to a high level of expertise. This is a necessary, yet expensive process, but brings with it a measurable return on investment in the form of continued service delivery. In addition, I think that those members of staff who are given the BC plan to develop or update should also be given some formal training to assist them. In my own organisation this training took the form of a two day fundamentals course, which was delivered by an outside trainer. This was very successful and properly equipped staff, (with some guidance) to produce BC plans for their area of work.

This approach worked well for the first year, but because of staff moving post, we found that the following year we needed to repeat the process. Again, no bad thing, because those that had moved on, took with them a basic knowledge of BC into the organisation. At year three, we decided that the training costs were becoming prohibitive, but still necessary. Consequently, I gained a teacher training qualification at night school, wrote a fundamentals and plan development course aligned to ISO22301 and the Good Practice Guidelines 2013, which I now deliver to our staff annually.

Senior and middle managers that have attended this course have found that it has improved their knowledge and understanding of BC, allowing them to give the correct level of support to staff that are tasked with developing their plan.

The development of a BC response also creates an additional capability that can be called upon in times of high demand. For example, by activating the communications room fall-back procedure and staffing the now vacated room with minimum staffing, we produced an additional capability to deal with high volume calls. Working the organisation on the failover server, frees up the main one for maintenance and repair without loss of performance. It should be understood that this type of use of the BC plan cannot be sustained for very long, and utilised carefully, but it does work.

The costs associated with this course are minimal, and break down as follows; in house training venue, "on costs", staff salary, two days away from day job and the price of two BC text books given to each student.

  • The benefits to the organisation include:
  • Significant cost savings on outside training
  • Staff trained to a consistent standard
  • Widespread promotion of organisations core values and objectives
  • Continuous improvement of BC awareness within the organisation
  • Identifies future experts in BC who understand the organisation and how it works
  • Provides a capability that can boost production or service delivery at little or no cost

Generally the best time to deliver training of this kind, particularly if you need a working budget to buy books for example, is between January and March. I have found over the years that almost all departments have money that they are looking to spend before the end of March, or face losing it from the following year's budget.

I can already hear finance shouting “it’s not like that anymore”, well, my experience is that either departmentally or organisationally there is very often some money around. Spending some of it on in house staff BC training is a low cost option that will develop staff, and produce long term benefits for the organisation, and maybe still have enough for shoes.

John Ball AFBCI is the Business Continuity Coordinator at Sussex and Surrey Police.

The International Standards Organisation has issued the Draft for Public Comment (DPC) for its new standard covering Organizational Resilience - Principles and Guidelines | ISO 22316.

The closing date for comments is 13 Jun 2016.  Comments can be made through the BSI Draft Review System (DRS). 

This International Standard provides guidance to enhance organizational resilience for any size or type of public or private organization and is not specific to any industry or sector. It can be applied throughout the life of an organization.

...

http://www.continuityforum.org/content/news/184617/organizational-resilience-draft-standard-now-available-comment-iso-22316

(TNS) - This decade has seen Boulder and surrounding communities faced with profound dangers posed by wildfire, flood and even a degree of social upheaval as its residents struggle to cope with quality of life factors sometimes not in their control.

In response to a range of potential threats, the city of Boulder on Thursday released a draft of its first Resiliency Strategy, promoting a series of 15 steps to be taken with the goal of surmounting challenges such as climate change, social cohesion, disaster recovery and more.

Boulder's action comes as the most concrete manifestation of its work to date through participating in the 100 Resilient Cities program, pioneered by The Rockefeller Foundation.

...

http://www.emergencymgmt.com/disaster/Boulder-releases-draft-on-resiliency-plan-to-bolster-preparedness.html

Earlier this year 38-year-old Cedric Larry Ford killed four and wounded 14 others in a chaotic workplace shooting spree in Kansas. Investigators at the time were unclear of the shooter’s motive—only that there were "some things that triggered this particular individual." While it’s easy to push aside news of these incidents with the justification, “It can’t/won't happen here,” the fact is that workplace violence can and does happen to unsuspecting organizations—and often for no immediately discernable reason.

With this blog, we’re debuting a comprehensive, four-part series aimed at shining the light on this frightening—and increasingly common—issue. This inaugural entry takes a closer look at the risks of workplace violence, along with the consequences of failure to plan and prepare for threatening incidents.

...

http://blog.sendwordnow.com/workplace-violence

ATLANTA – Five years after tornadoes devastated the southeast and resulted in four federal disaster declarations in five days, hard-hit communities are building back stronger. To date, assistance to residents and communities in Alabama, Georgia, Mississippi and Tennessee from the Federal Emergency Management Agency totals more than $504 million.

“The success of community recovery comes through strong partnerships at the local, state and federal levels. Together we have focused on rebuilding communities that are stronger and more sustainable for the future,” said Gracia Szczech, FEMA’s Region IV Regional Administrator.

Alabama by-the-numbers:

To date, assistance to Alabama’s residents and communities from the Federal Emergency Management Agency totals more than $361 million.

In Alabama, 88,229 individuals and families received $77,332,325 in Individual Assistance grants. More than $70 million was provided within a year of the storms, giving residents a helping hand in rebuilding their lives and restoring livelihoods.

The state and FEMA provided $343,990 in Disaster Unemployment Assistance to 333 survivors who lost jobs as a result of the tornadoes.

FEMA provided $4,810,399 to fund crisis counseling programs to help adults and children deal with the trauma and stress of surviving and recovering from the tornadoes.

Through collaborative efforts, FEMA and the state of Alabama provided temporary housing units to 307 families.

More than $202 million has been obligated as federal share reimbursements through FEMA’s Public Assistance program to state and local governments, and eligible private nonprofit organizations; and more than $1.36 million was obligated as part of these Public Assistance projects to build stronger, safer, more resilient communities and mitigate against future damage. To date, nearly 96 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the State.

Some 4,492 residential and community tornado safe rooms have been approved to be built with $76.8 million obligated through FEMA’s Hazard Mitigation Grant program. Mitigation forms the foundation of a community's long-term strategy to reduce disaster losses and break the cycle of disaster damage, reconstruction and repeated damage.

The U.S. Small Business Administration provided $114,494,500 in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters in Alabama rebuild.

Tennessee by-the-numbers

Tennessee residents and communities have received more than $70.8 million from the Federal Emergency Management Agency.

Nearly $8.6 million in Individual Assistance grants were provided to 8,845 individuals and families. More than $8.28 million of the total was provided within a year of the storms.

FEMA provided more than $690,000 to fund crisis counseling programs to help adults and children deal with the trauma and stress of surviving and recovering from the tornadoes.

More than $52 million has been obligated as federal share reimbursements through FEMA’s Public Assistance program to the state and local governments, and eligible private nonprofit organizations. To date, more than 96 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the state.

FEMA obligated nearly $8.7 million to Tennessee through its Hazard Mitigation Grant program. Projects include eight safe rooms.

The U.S. Small Business Administration provided more than $10 million in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters rebuild.

Mississippi by-the-numbers

Mississippi’s residents and communities have received more than $38.9 million from the FEMA.

More than $10.7 million in Individual Assistance grants were provided to 7,259 individuals and families. More than $9.9 million of the total was provided within a year of the storms.

More than $24.3 million has been obligated as FEMA’s share reimbursements through the Public Assistance program to the state and local governments, and eligible private nonprofit organizations. To date, more than 96 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the state.

FEMA, MEMA and local jurisdictions also considered the safety of residents in the future. With more than $3 million in FEMA assistance through its Hazard Mitigation Grant program, communities across the state are using the funds to implement safe and smart building practices.

The U.S. Small Business Administration provided more than $10 million in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters rebuild.

Georgia by-the-numbers

FEMA provided Georgia’s residents and communities more than $12 million in recovery assistance.

Individual Assistance grants of nearly $5.6 million were provided to 5,461 individuals and families. More than $5 million of the total was provided within a year of the storms.

FEMA provided $350,807 to fund crisis counseling programs to help adults and children deal with the trauma and stress of surviving and recovering from the tornadoes.

More than $21 million has been obligated as federal share reimbursements through FEMA’s Public Assistance program to the state and local governments, and eligible private nonprofit organizations. To date, more than 91 percent of the projected repair and replacement costs under the Public Assistance program have been disbursed to the State.

FEMA has obligated more than $4 million through its Hazard Mitigation Grant program for communities across the state to become more resilient from disasters.  

The U.S. Small Business Administration provided $8,492,000 million in low-interest disaster recovery loans to help businesses of all sizes, homeowners and renters rebuild.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Information security is paramount in the healthcare industry, requiring compliance with some of the strictest privacy and storage standards. Even so, healthcare companies still face risks for data loss and security gaps—often making headlines for breaches affecting millions of patient records, with the average time to discovery more than 200 days.

MEDHOST helps more than 1,100 hospitals, behavioral healthcare organizations and rehabilitation facilities across the nation manage their facilities and provide medical care with financial and clinical solutions, as well as consumer engagement software and services. William Crank, chief information security officer at MEDHOST, is devoted to keeping patient health records and other secure data safe without impeding the business.

Hired as the company’s first fully dedicated security professional four years ago, Crank recalled the environment requiring “security discipline and maturity” upon his arrival. “The challenge that I had to overcome was visibility. The key to any security program meeting its goals is having visibility of all of the activities within the organization’s network,” recalled Crank. “I can’t protect what I don’t know or don’t see.”

...

http://www.datacenterknowledge.com/archives/2016/04/29/it-innovators-keeping-medical-data-secure-and-business-moving-forward-by-increasing-efficiencies/

In last month’s column, we introduced five common risk management failures along with indicators of each:

  • Poor governance and “tone at the organization”
  • Reckless risk-taking
  • Inability to implement effective enterprise risk management
  • Nonexistent, ineffective or inefficient risk assessment
  • Not integrating risk management with strategy-setting and performance management

The warning signs provided for each of the above failures provide a diagnostic for the Board and management to check the health and vitality of their organization’s risk management.

Below we detail five more common risk management failures, along with warning signs for each. As with the first five failures discussed last month, we separate the warning signs for these additional failures into organizational, process and behavioral indicators.

...

http://corporatecomplianceinsights.com/5-more-common-risk-management-failures/

Ransomware is everywhere. I’ve talked at length about the ransomware attacks that have literally shut down health care computer networks. That’s just the tip of the iceberg. A TV station out of Oklahoma reported the rise in ransomware attacks targeting police departments, and PC World told of a toy maker that has been hit by a new ransomware called CryptXXX.

As Vadim Kotov, senior security researcher with Bromium, told me in an email:

Ransomware is not going anywhere. It’s a perfect crime tool, with black market logic -- easy to implement, high ROI. We’re going to have to learn how to live with it, so backing up data to external drives on a regular basis must become everybody's habit.

...

http://www.itbusinessedge.com/blogs/data-security/ransomware-is-everywhere-but-few-are-prepared-for-an-attack.html

An increasingly digital world is resulting in companies across all industries reassessing how they approach risk management. Thanks to the connectedness of devices brought about by the Internet of Things (IoT), executives have much more information at their disposal for assessing risk than before.

IoT is a network of devices that collect and exchange data—think back to the classic example of your fridge ordering fresh milk before it runs out. This is quickly becoming a fact for businesses that rely more and more on being connected to remote devices for competitive advantage.

For risk managers, IoT boils down to introducing a layer of technology on top of the business. Operations do not have to be reinvented. This provides organizations that are reliant on managing risks with an indispensable tool.

...

http://www.riskmanagementmonitor.com/how-the-internet-of-things-benefits-risk-management/

In today’s corporate world, most organizations have a crisis management plan in place. However, many of these plans are out of date or not truly actionable, leaving businesses vulnerable to a wide range of threats.

In a recent Deloitte survey, researchers found that after a crisis more than 70 percent of organizations took up to three years to fully recover their reputation and operations. Many of these companies even had a plan in place—but it simply didn’t get the job done.

Is your crisis plan operational? If a crisis strikes tomorrow, would your stakeholders be prepared to react accordingly to protect themselves and mitigate damage to the company? Or would you still be cleaning up the mess three years later?

...

http://www.rockdovesolutions.com/blog/4-ways-to-operationalize-your-crisis-management-plan

Friday, 29 April 2016 00:00

A Generation that Speaks Up

It is becoming more common to see the integration of millennials in the workforce. Many people assume this population of workers to be young kids fresh out of college. However, that is not the case. The higher ladder of millennials are already holding roles in management, leadership and even executive positions. Companies are seeking out millennials because they are a generation of visionaries and bring new perspectives. It is estimated that by the end of 2016, millennials will be the largest generation in the workforce.

A key characteristic of these young workers is their ability to speak up and take a stand. They have been socially trained to look at the bigger picture and ask necessary relevant questions that will take your organization to the next level. Given their go-getter mentality, millennials want to grow and that includes growing out of your company if they don’t see the promise of personal benefit or growth.

...

http://www.bcinthecloud.com/2016/04/a-generation-that-speaks-up/

When I started in this business more than 30 years ago, it took a supercomputer to do what a laptop can do today, and networks were in their infancy in places like Stanford. Storage is a lot more complicated these days, and storage architects and administrators need to be on top of a whole lot more than they used to. So with a nod to the now-retired David Letterman, here is my list of the Top 10 things storage architects and admins need to be monitoring and doing.

...

http://www.enterprisestorageforum.com/storage-management/ten-trends-data-storage-pros-need-to-watch-1.html

Friday, 29 April 2016 00:00

My Technical Learning Curve: Encryption

Resilience professionals, particularly those from a non IT background, really need to step up and develop their overall understanding of technology, especially focusing on how we all communicate with one another in the modern age. I mean, how else are you going to be able to fully appreciate the magnitude of risks potentially facing your business?

I hear you say “my IT guy will tell me” but even then beyond the tech descriptions you’re only ever getting their individual perspective. How confident are you of their awareness of the business process that’s using the technology? or the impact to customer experience? Or how it might affect the long term leadership strategy as to why you have that technology in the first place? In my experience, very technical employees are often very skilled in one particular area of focus and tend to think in a very linear way. I therefore think it’s vital that resilience professionals who face off to senior management and leadership need to have a basic understanding of how some of it actually works.

Oh and by the way I’m not just talking about all the buzzwords you see coming out from half-baked vendor blogs repeatedly referencing cool words like “Brute Force,” “Spear Phishing” or “Whaling” or “Social Engineering.”

...

http://blueyedbc.blogspot.com/2016/04/my-technical-learning-curve-encryption.html

Friday, 29 April 2016 00:00

The Demands for Cyber Security

We’re under attack and to say organizations across the board are slow to respond is an understatement. On average, it takes the Enterprise anywhere from nine to eighteen months to identify that a security breach has occurred.

How much data do you think the bad guy is able to exfiltrate in that period of time? All of it!

The demands for Cyber Security amid the ever-increasing pressures in the enterprise for bigger, better, faster and yesterday, have become a huge challenge for any administrator and/or security professional.

Within the plethora of technologies, demands from users and compliance, keeping the organization’s most prized assets – their data – safe is a highly complex task. Time and again, the age old problem perpetuates a weakened security posture. Is this Groundhog Day reality, the result of highly sophisticated and innovative threats? Are attackers all of a sudden much smarter and more coordinated?

...

https://www.citrix.com/blogs/2016/04/28/the-demands-for-cyber-security/

When Joseph Latouf was in high school, a challenge sparked his curiosity. His algebra class was informed that if anyone could come up with a prime number generator, they would win a $100,000 reward. Latouf got fast at work, and after some intense analyzing and deliberating, uncovered a clever method of creating a prime number generator. A professor at a nearby university was called in to prove that his prime number generator worked—and indeed, it did. Sadly, however, there really wasn’t a $100,000 prize.

Latouf said he tucked away the fruits of his labor in his back pocket, hoping that it would someday lead to something of value. After all, he knew that a prime number generator was important, since it holds the keys for encryption.

Fast forward many years later, when Latouf was wrestling with the idea of security and encryption and feeling uneasy about the fact that if he had a prime number generator, others likely do too. And, that meant that there were people out there who can crack encryption.

...

http://www.datacenterknowledge.com/archives/2016/04/28/it-innovators-taking-data-security-to-the-next-level/

In the early years of the internet, it was often recommended, when addressing the question of security in the net, to disconnect the connected computer to the Internet from the rest of the working processes. That way, the malware from the net would not corrupt the data of the companies. It used to be a simpler and more efficient suggestion, obviously no longer practicable in the current era of almost total connections: rarely can a firm avoid having a computer network. However, the constant connection to the Internet – also from mobile devices – makes these nets easily vulnerable and this is why sensitive data must be more and more protected.

What are the threats?

Cybercriminals use unprotected web protocols to launch their attacks. These protocols are responsible for the exchange of data between computers and net providers, the most popular being the TCP/IP protocol. Under an insufficient protection, what is known as man-in-the-middle attacks can be started. If an attacker has obtained access to a computer network he or she can stand between two communication partners without being noticed. That way the intruder can hear – or rather read – the whole communication content, impersonate one of the communication partners or intercept confidential data.

...

http://blog.krollontrack.co.uk/making-data-simple/cyber-attacks-the-illusion-of-a-safe-network/

Digital Realty has pre-leased the entirety of its first data center in Japan. The anchor tenant who signed the lease is a major hyperscale cloud provider whom the data center company did not name.

There’s currently a wave of high demand for large chunks of data center space in top markets around the world as the biggest cloud providers race to increase the scale of their infrastructure and win share of the quickly growing enterprise cloud market. This wave has fueled a boom for wholesale data center providers like Digital Realty.

It’s difficult to deduce which of the hyperscale cloud providers has signed the multi-megawatt lease in Osaka, but the top players in this category are Amazon, Microsoft, and Google, as well as IBM and to a lesser degree Oracle. Some Software-as-a-Service providers, such as Salesforce, could also be considered hyperscale.

...

http://www.datacenterknowledge.com/archives/2016/04/29/big-cloud-provider-pre-leases-digitals-entire-first-osaka-data-center/

Emergencies are, by definition, unexpected occurrences — but one Florida county has a new 911 system that aims to remove some of the guesswork by putting data in the hands of decision-makers who can make smarter choices about emergency response.

In Manatee County, Fla., an aging legacy 911 center kicked off conversations about how to improve emergency services, and late last year, officials launched the city's new, more efficient next-generation 911 call center. The upgrades give dispatchers modernized communication tools and will allow for multimedia communications, but perhaps most significant is that officials now have the necessary ammunition to make life-saving decisions: data analytics.

Public Safety Director Bob Smith said that hard data has allowed for more precision in staffing first responders on the streets and on the county’s barrier island, which is connected to the mainland by two bridges.

...

http://www.govtech.com/public-safety/Data-Gleaned-from-Next-Gen-911-System-Drives-Improved-Emergency-Response.html

Thursday, 28 April 2016 00:00

Why Bad Breaches Happen To Good Companies

Although it’s early into 2016, according to the Identity Theft Resource Center, there have already been more than 200 data breaches this year, and that number is only going to rise.

Why do data breaches keep happening? Surely by now everyone knows how to prevent them. Except, it seems, that they don’t.

Every day at work, I watch more companies fall prey to security threats and think about what they could have done to protect themselves. Our research team at Malwarebytes is constantly discovering new attacks targeting companies and organizations around the world. Three consistent, preventable problems lead me to believe that businesses will continue to be victims of more of these attacks for the foreseeable future if they do not change the way they operate.

...

http://www.forbes.com/sites/forbestechcouncil/2016/04/27/why-bad-breaches-happen-to-good-companies/

One of the most common questions we hear is: what is the return on investment that can be expected when purchasing XenApp? To help answer that question objectively, Citrix recently commissioned Forrester Research to conduct a Total Economic Impact (TEI) study to learn more about the ROI that customers experience when deploying XenApp.

Forrester set out to understand the benefits, costs and risks associated with an individual XenApp deployment. They interviewed IT managers from a large manufacturing company[1] that have been using XenApp for several years and applied Forrester’s Framework and Methodology to determine the total economic impact. They learned that their business was primarily benefitting from XenApp in three ways:

  1. Reduced costs of access to enterprise applications
  2. Consolidating licenses of legacy applications
  3. Providing secure access of applications to third parties

Let’s take a closer look at the results.

...

https://www.citrix.com/blogs/2016/04/27/forrester-research-examines-the-total-economic-impact-of-xenapp/

(TNS) - Around the country, 911 telecommunicators are a calm voice when there’s a call for help.

“Woo-woo-woo-woo-woo! Orange County 911. What’s the address of the emergency?”

The voice on the line might be Jimmy Summey – an 18-year telecommunicator and Efland Fire Department volunteer – or Jessica Slaughter – a young mother with two years under her belt – or any of the other two dozen people behind the scenes.

They’re the “unseen heroes” backing up law enforcement, firefighters and EMS workers, interim Emergency Services director Dinah Jeffries said.

“It’s kind of a compliment, in a way, but (people) think of 911 as the entire thing. You forget this voice that’s behind the scenes, and they’re the ones that actually coordinated this for you,” she said. “They do a heck of a job, and it is a difficult job.”

...

http://www.emergencymgmt.com/next-gen-911/Orange-Countys-unseen-heroes-saving-lives-one-call-at-a-time.html

(TNS) - A line of severe thunderstorms plowed through North Texas Tuesday night leaving a wake of damage from hail, high winds, and tornadoes.

National Weather Service Meteorologist Steve Fano said there was at least one confirmed tornado that touched down about five miles west, northwest of Bells at about 10:10 p.m. A 90 mph wind gust blew through Sherman at 10:13 p.m. and more high winds caused damage across Grayson County.

“We won’t know any specifics on if there were any more tornadoes until tomorrow,” Fano said on Tuesday night.

Fano said most of the wind gusts that hit the county were between 60 and 70 mph, but they were damaging. In Whitesboro, an apartment and office building had damage reported to roofs. A vehicle was blown off the road three miles southwest of Gordonville. Power lines were reported as down, and tree limbs blocked multiple roadways across the county.

...

http://www.emergencymgmt.com/disaster/Tornado-90-mph-winds-confirmed-from-night-storms.html

Thursday, 28 April 2016 00:00

Migration Services Help Simplify the Cloud

The cloud is fast becoming an indispensable component of modern data infrastructure, and many organizations are working feverishly to unite their public and private clouds into a unified hybrid entity.

But it is becoming clear that while building clouds is challenge enough, the complexity really kicks into high gear during the migration process. Not only do you have to move large volumes of data back and forth, but you must maintain consistent management and policy enforcement across disparate infrastructures and provide this in such a way that business users, not IT, can oversee the process. This is not as easy as it sounds given that applications behave differently on internal and external infrastructure, even if they are based on the same cloud platform.

This is what makes migration so stressful and frustrating, says Bill Carolan, of New Jersey-based systems integrator SHI International. The assessment and planning stages alone are enough to slow a cloud program to a crawl, as these steps require a thorough review of local infrastructure, particularly networking, followed by tests, trial runs, the inevitable re-evaluation of the migration process, then more tests… And even after a successful launch, migration must be continually monitored and adjusted to meet changing workload requirements and business objectives. All the while, there is constant user and admin training and retraining, plus a host of considerations when it comes to the disposal of unnecessary hardware.

...

http://www.itbusinessedge.com/blogs/infrastructure/migration-services-help-simplify-the-cloud.html

I was invited to sit in on the reveal of the 2016 Verizon Data Breach Investigations Report (DBIR), which was formally released today. In the past, the DBIR had some real groundbreaking findings; I believe it was the DBIR that showed just how serious the insider threat was. This year, I don’t think the report contains anything that news making. Instead, what jumped out at me is how we continue to struggle against long-time threats.

For instance, one of the findings in the 2016 DBIR is that old vulnerabilities continue to be leveraged. According to the report, 85 percent of the malicious traffic seen targeted the top 10 vulnerabilities, most of which are more than a year old.

Passwords also continue to plague security efforts, as 63 percent of breaches involved weak or lost/stolen passwords. Marc Spitler, senior manager at Verizon Security Research, and co-author of the report, told Dark Reading that he thought that percentage was “startling” and went on to say:

...

http://www.itbusinessedge.com/blogs/data-security/verizons-data-breach-investigations-report-shows-not-much-has-changed.html

To say that the software-defined data center (SDDC) is different than traditional data centers is putting it mildly. The term “sea change” is more like it.

Indeed, Forrester Research has said that the potential impact of SDDC products is immense, “offering an integrated architecture merging legacy architectures, cloud computing, and workload-centric architectures into a single automation domain.”

To begin to gauge the impact that SDDC can have on MSPs and their customers, it’s important to understand some of the inherent differences between the SDDC and traditional data centers.

...

http://mspmentor.net/blog/how-sddc-different-let-us-count-3-ways

Wednesday, 27 April 2016 00:00

CDC: 10 Ways to be Prepared

Mom, dad, and child with blueprints for house.

To mark the National Day of Action, there are hundreds of little steps you can take to be better prepared at home, in your community, and on the go. Here are a few quick action steps you can take today!

10 Ways to be Prepared

Sign up for local alerts and warnings. There are different types of alerts and warnings that you can receive about weather conditions and other emergency situations. Check with your local health department or emergency management agency to see how they share emergency information, whether it is through emergency texts, phone calls, digital road signs, social media, or sirens. You can even download an emergency app from FEMA, The Red Cross, or the Weather Channel.

  1. Create and test communication plans. Have a discussion with your family before a disaster strikes and make a plan for how you will connect to each other.
    • Complete a contact card for every member of your family. Make sure to keep these cards with you at all times
    • Choose an emergency contact. Keep in mind that it might be easier to reach a friend or relative who lives out of town.
    • Identify a meeting place in your neighborhood and your city or town where your family could gather if there is an emergency.
    • Batteries, radio, candles, and flashlight
  2. Build an emergency supply kit. Make sure you have at least a three day supply of food and water for each person in your family. Also include health supplies, personal care items, safety supplies, electronics, and copies of important documents.
  3. Safeguard documents. Identify financial and legal documents, medical information, household identification, and key contact information you might need after a disaster. Use this helpful checklist to take an inventory and not forget to safeguard any critical documents.
  4. Document and insure property. Different types of insurance cover different types of damage after a disaster. Make sure you understand your insurance policies and minimize potential losses.
  5. Make your property safer. Make property improvements to reduce damage to your property during a disaster and prevent potential injuries from different types of emergencies.
  6. Conduct a drill. Practice emergency response actions for disasters that might happen in your community.
  7. Conduct an exercise of a disaster scenario. Use mock scenarios for different types of disasters to review and improve your emergency plan. You might consider participating in a community-wide tabletop exercise for different emergency situations. In your home, you can practice a fire drill, tornado drill, or earthquake drill.
  8. Plan with neighbors. Many people rely on their neighbors after a disaster. Make sure you start the conversation about preparedness before a disaster strikes. Know the needs of your neighbors and be ready to help in an emergency.
  9. Participate in a class, training or discussion. Contact your local emergency management agency to see what trainings are available in your community, or consider enrolling in a first aid or CPR course at your local Red Cross.

Hail claims are making headlines following multiple springtime hailstorms in Texas, including one in the San Antonio region that is expected to be the largest hailstorm in Texas history.

While the estimated insured losses from the storms—$1.3 billion and climbing from two storms that hit the Dallas-Fort Worth region in March; as yet not estimated (but expected to be worse) insured losses from a third storm in the Dallas-Fort Worth region April 11; plus a further $1.36 billion early estimate of insured losses from the San Antonio storm April 12—may seem high, property insurers are well-prepared to handle such events.

In a new briefing, ratings agency A.M. Best says it expects limited rating actions to result as affected property/casualty insurers are expected to maintain sufficient overall risk-adjusted capitalization relative to their existing financial strength ratings.
...

http://www.iii.org/insuranceindustryblog/?p=4432

(TNS) – How prepared is Iowa when it comes to dealing with a natural disaster or public health scare?

According to a study by the Robert Wood Johnson Foundation, it’s more prepared than most.

The National Health Security Preparedness Index tracks the nation’s progress in preparing for, responding to and recovering from disasters and other large-scale emergencies.

The index combines measures from more than 130 individual capabilities to determine the preparedness of health security surveillance; community planning and engagement; information and incident management; health care delivery; countermeasure management; and environmental and occupational health.

...

www.emergencymgmt.com/disaster/National-Index-Iowa-more-ready-than-most-for-disasters.html

Comprehensive survey of senior IT and business executives reveals predictions of increased adoption, faster deployment and security less of an obstacle

MOUNTAIN VIEW, Calif. – We’ve long been moving toward cloud-based and virtualized infrastructures, but in some ways 2016 might just be the year in which the software-defined data center (SDDC) really becomes a fixture in corporate America. There will be increased adoption of this dynamic trend and faster deployment of the technologies and processes involved, leading to greater tangible benefits and a clear return on investment. In fact, there’s almost unanimous belief that optimal SDDC strategies and deployment can quantifiably drive up virtualization ratios and server optimization, thus noticeably benefiting the bottom line. All this because even though data breaches will surely happen, concerns over security and compliance will be far less an obstacle.

...

http://corporatecomplianceinsights.com/hytrust-software-defined-data-center-study-shows-strong-positive-indicators-deployment/

As part of an effort to make it possible for applications to have more granular control on wide area network (WAN) connections, Riverbed Technology today unveiled a Riverbed SteelConnect platform managed via the cloud that unifies control of extended networks.

Josh Dobies, senior director of product marketing for Riverbed, says Riverbed SteelConnect is an instance of a software-defined WAN that ties together orchestration of application delivery and network connectivity.

Riverbed SteelConnect can be deployed as a virtual appliance on top of existing infrastructure or deployed as a physical appliance acquired from Riverbed. A SteelConnect Manager portal hosted in the cloud then provides the management plane through which IT organizations can construct a hybrid network using Riverbed switches and access points spanning both on-premise and data center and cloud service providers such as Amazon Web Services (AWS). In addition, Riverbed will add support for Microsoft Azure later this year.

...

http://www.itbusinessedge.com/blogs/it-unmasked/riverbed-unveils-software-defined-wan-platform.html

Cloud adoption in government is increasing, and the reasons are many: Adopting cloud services can lend an organization greater flexibility and agility, and save it dollars. But for those C-level executives who aren’t adopting, it's not because they're being stubborn or encountering significant barriers to adoption: A new study suggests that the "barriers" encountered may primarily be psychological, as the technology is catching up to business need.

The survey from HyTrust, called the State of the Cloud and Software-Defined Data Center (SDDC) 2016, was given to 500 C-level and vice president executives who lead medium- and large-sized organizations, mostly in the private sector, and found that 70 percent of respondents believe cloud services will see increased adoption over the next year. In addition, 60 percent of respondents see that adoption being deployed more quickly than it has been in the past.

...

http://www.govtech.com/computing/Study-Reveals-Biggest-Barrier-to-Cloud-Adoption.html

As revealed by the results of a recent survey of IT pros, moving some parts of an organization’s infrastructure to the cloud is a priority, but one that presents a challenging management scenario. But server and application management in the cloud doesn’t have to be a daunting prospect. IT professionals can better equip themselves to manage—or prepare to manage—servers and applications in a hybrid IT environment by addressing several key considerations as well as leveraging certain best practices for an optimized data center.

To start, one of the most important things to remember in the hybrid IT era is that the cloud is not for everything. Too many companies begin implementing hybrid IT environments without first considering which workloads make most sense for which environments. While it’s tempting to look at the growing popularity and benefits of cloud computing and say, “Let’s move some of our applications to AWS and see how it works,” without a fundamental understanding of all your workloads and what they require for optimal performance, you will more than likely hinder your organization’s efforts to generate cost savings, greater performance and agility, or any other anticipated benefit of cloud computing.

...

http://www.datacenterknowledge.com/archives/2016/04/27/server-application-management-hybrid-era/

The global reach of the Business Continuity Institute

In its 22 year history, the Business Continuity Institute has grown to become a truly global organization, and this is clearly reflected in the Institute’s membership demographics which show that now only 40% of members come from the UK where the organization was founded.

It is also reflected in the latest CBCI Online course which began earlier this month, with eleven different nationalities represented within a single class. This is testament to the Institute’s efforts to make the CBCI credential available to everyone, regardless of location.

Nicky Tramaseur, Senior Education and Events Manager at the BCI, commented: “We have always said that we want the BCI experience to be available to everyone, and I am delighted we are able to use the latest technology in order to achieve this. Disruptions occur all across the world, so it is vital that people from all across the world are properly trained to help their organizations manage through these disruptions.

Getting your CBCI credential is an important step to developing a career in business continuity, but attending a course venue or taking a week off work is not always an option. This is why the BCI developed the CBCI Online course as a new way of learning. Created in partnership with Bucks New University, it allows each student to take the course wherever they can get online, whether that is at work, home or perhaps even in a coffee shop.

http://www.thebci.org/index.php/about/news-room#/news/the-global-reach-of-the-business-continuity-institute-161203

Yesterday, Mike Cohen’s post Networking Containers: Policy Finally Comes of Age appeared on the Open Networking User Group blog site.  He talks about the tremendous interest among application developers to use Linux containers to develop, deploy, and operate applications.  Containers and microservices simplify complex application development into smaller, less risky software components with the benefits of portability and speed.

Like cloud and big data, containers and microservices will transform the traffic in your data center infrastructure.  As applications are disaggregated into many component services, each service now becomes an endpoint to be accessed and shared across the network.

Moving to a container-based microservices architecture will increase the number of addressable endpoints in the data center by an order of magnitude or more.  (See “The Impact of Containers and Microservices” below)

...

http://blogs.cisco.com/datacenter/bring-application-intent-to-networking-containers

It seems active shooter incidents have become an all-too-frequent story on the local news. According to A Study of Active Shooter Incidents Between 2000-2013 conducted by the FBI, 160 active shooter incidents occurred within this time frame, and that number has continued to rise since.

The key to ensuring that you and your staff remain safe during an active shooter incident is preparation. At least 65 (40%) of the 160 incidents between 2000-2013 ended before law enforcement arrived, so it is crucial that active shooter preparedness be a priority in every workplace.

...

http://www.everbridge.com/active-shooter-preparedness-a-collection-of-resources/

Responding to the resilience challenge

Following the previous paper by the Business Continuity Institute's UK 20/20 Group on the resilience challenge for the business continuity profession, a new paper has been published outlining how individuals and organizations should rise to this challenge.

In ‘Responding to the resilience challenge’, it is shown how business continuity practitioners can use their unique understanding of value creation within an organization to influence governance and promote informed decision making. In these uncertain times, BC can push organizations to become more agile in dealing with emerging risks, while taking a clear role in crisis leadership when risks materialise into disruptions.

The paper explains how BC practitioners should use their background as a foundation for understanding other management disciplines, as resilience practice is expected to grow into a highly technical role that will require practitioners to bridge academic knowledge and professional experience. Practitioners will also be expected to address the gap between existing technical expertise among management disciplines to decision making at the top.

Bill Crichton FBCI, Chairman of the BCI 20/20 UK Group, commented: "For those business continuity practitioners who don't have a good understanding of resilience, they should consider whether they need to enhance their skills to provide the opportunity for them in the future to lead the resilience capability within their organization."

Download your free copy of 'Responding to the resilience challenge' by clicking here.

Tuesday, 26 April 2016 00:00

Q&A: Nobles County Emergency Management

(TNS) - The following is part of a series of Q&As with Nobles County, Minn., departments to educate the public on the services provided. This one with Emergency Managment Director Joyce Jacobs

Q What are the primary responsibilities of the Emergency Management department?

A The Emergency Management Department is responsible for developing, coordinating, promoting and evaluating programs to ensure emergency preparedness in Nobles County. The Nobles County Emergency Management Director administers a county-wide emergency management program with the goal of preparing the county to respond to and recover from major disasters. Disasters can be natural (typically weather related) or man-made.

...

http://www.emergencymgmt.com/disaster/QA-Nobles-County-Emergency-Management.html

(TNS) - Morgan County has been active in adding community shelters in the nearly five years since the April 27, 2011, tornadoes, but Decatur has added none.

Eight public shelters have been built in Morgan County and another is in the final stages of construction after one of the worst tornado outbreaks in U.S. history hit central and north Alabama.

Morgan County Commission Chairman Ray Long said the shelters are a significant safety net for residents.

“It’s good to have a shelter you can get 100 or more people in,” he said. “They’re a lot safer.”

The fifth anniversary of the outbreak that killed 234 Alabamians, including 14 in Lawrence County and four in Limestone County, is Wednesday. Morgan County had plenty of damage but no deaths.

...

http://www.emergencymgmt.com/disaster/Morgan-County-adds-public-shelters-after-2011-tornado-outbreak.html

(TNS) - The tally of flooded homes in Harris County reached 6,700 on Sunday, surpassing the total from last year's Memorial Day flood.

An additional 300 homes were damaged in Waller County. The assessments are preliminary and numbers are expected to continue to rise.

In unincorporated Harris County alone, surveyors estimated $43 million in residential losses and $13 million in commercial losses by Sunday night, said Francisco Sanchez, spokesman for the county's emergency management office. The estimates are required before the region can be designated a federal disaster area, allowing victims to apply for money from the Federal Emergency Management Agency.

But residents don't have to wait for food, housing or clothing. Anyone who needs immediate help should call 211, Sanchez said. The same applies to Waller County.

...

http://www.emergencymgmt.com/disaster/More-than-6700-homes-flooded-passing-Memorial-Day-event.html

The volume of data generated today is growing at an astonishing rate, and demand for data center space has reached an all-time high, consistently outpacing supply in the top markets. Many organizations are struggling to develop effective data center strategies, frequently facing the familiar question: build or lease?

A decade ago the answer was easy: build. At that time, colocation services were not an ideal solution. Fraught with concerns over technology deficiencies and adoption roadblocks, there was too much risk associated with colo to make it a viable part of the data center strategy for many companies. But times have changed and today colo solutions have overcome many of the real and perceived roadblocks. There are, however, still scenarios where it makes sense for a company to consider hosting its own data.

There are a number of strategic factors that can influence these decisions, which generally fall into four buckets: capital; application purpose and requirements; control; perception of security and risk. While many of the factors are analytical in nature (such as financial savings), there are also cultural preferences within companies that influence the strategy.

...

http://www.datacenterknowledge.com/archives/2016/04/25/build-or-lease-creating-the-best-data-center-strategy/

Tuesday, 26 April 2016 00:00

Cybercrime as Big Business

Cybercriminals are on a mission. They want to take advantage of point of sale (PoS) technology as much as possible before it totally switches over to chip technology. Even though the EMV card payment system came online late last year, many businesses and credit card issuers have been slow to migrate to the new PoS technology. FireEye recently identified one such group of cybercriminals, calling it FIN6, which is stealing credit card numbers from the old PoS terminals and selling them through underground channels. Bloomberg explained:

Malware such as GRABNEW, which captures login credentials, can come as an e-mail attachment, FireEye said. FIN6 either sends that malware or pays others for the credentials.

Once FIN6 gets into a company’s network, it uses software vulnerabilities to move around and locate card numbers. One FIN6-linked case resulted in 20 million cards, mostly from the U.S., in the online shop, selling for about $21 each, Milpitas, California-based FireEye said.

...

http://www.itbusinessedge.com/blogs/data-security/cybercrime-as-big-business.html

Microsoft saw one of the biggest spikes in data center spend in company history in the last quarter.

It invested $2.3 billion in capital during the three-month period, which included a 65 percent increase in data center spend year over year, Microsoft CFO Amy Hood said on the company’s fiscal third quarter earnings call on April 21. “As planned, we accelerated our data center and cloud services investments to meet growing global demand,” she said.

During the quarter, Microsoft saw a 66 percent year-over-year spike in capital spending, its second-largest since the third quarter of fiscal 2007, according to data compiled by Bloomberg. The largest was an 86 percent increase in the second quarter of 2014.

...

http://www.datacenterknowledge.com/archives/2016/04/25/microsoft-ramps-up-cloud-data-center-spend/

For Michael Skaff, chief operating officer and privacy officer at the Masons of California, the cloud is more than just an enabler of technology. It’s an enabler of IT innovation.

The 55,000-member Masons of California primarily leverages public cloud systems, but is also utilizing a hybrid cloud to meet certain business needs. The organization is also considering private cloud for a few uses, according to Skaff.

“As long as the solutions are well-designed, and the associated contracts and integrations carefully managed, cloud-based services offer an unprecedented opportunity for IT to shift its primary focus from building technology to delivering business value,” said Skaff.

...

http://www.datacenterknowledge.com/archives/2016/04/25/it-innovators-cloud-enables-masons-of-california-to-more-effectively-meet-member-needs/

Tuesday, 26 April 2016 00:00

Guns on Campus

In the aftermath of high-profile shootings on college campuses, college administrators are considering whether to allow guns on campus. Administrators are divided, with some seeing guns as a way to keep students and faculty safe and others worried that more guns would only increase levels of violence on campus. Explore current law regarding guns on campus in America to get a more informed understanding of how state laws affect university policies regarding firearms.

Concealed Weapons on Campus

While all 50 states allow individuals to carry concealed weapons if they meet certain requirements, 19 states prohibit concealed weapons on college campuses. The following states do not allow concealed weapons on campus at all: California, New Mexico, Nevada, Nebraska, Wyoming, Tennessee, Missouri, Louisiana, Georgia, Florida, Michigan, Illinois, Ohio, South Carolina, North Carolina, North Dakota, New Jersey, New York and Massachusetts.

...

http://blog.sendwordnow.com/guns-on-campus

One of the problems with Dropbox and indeed all cloud storage is the way they have implemented how you view your cloud storage on your local drive. If you want to access your cloud file system in your local file management tool, you literally need to have it stored on your drive, which really defeats the idea of having cloud storage in the first place — especially on devices with smaller hard drives.

Alternatively, you could open Dropbox.com and navigate to your files in a separate interface, an approach just about everyone dislikes.

Dropbox wants to change that.

...

http://techcrunch.com/2016/04/26/dropboxs-project-infinite-could-change-the-way-you-think-of-cloud-storage/

Tuesday, 26 April 2016 00:00

Data Tower: a Data Center for Saruman

While Microsoft’s infrastructure researchers investigate how deep they can sink a data center pod in the ocean, two Italian architects propose trying to push the limits in the opposite direction.

One of the three designs to win this year’s skyscraper design contest by the eVolo Magazine is a 65-story cylindrical data center that looks like something Saruman the White would have built to keep his data in. The Data Tower, created by architects Marco Merletti and Valeria Mercuri, is a radical new take on the use of space, energy efficiency, and elegance in data center design.

The architects have imagined a tower where server-filled pods are lifted up to take their spots automatically, coming down when needed for technical work. The pods with IT gear sit outside of the tower, while the inside acts as a giant chimney, where they exhaust hot air that gets pulled from outside. A massive fan at the top expels some of the hot air, while the rest of it gets recycled for comfort or greenhouse heating.

...

http://www.datacenterknowledge.com/archives/2016/04/26/designers-dream-up-data-center-skyscraper-of-the-future/

Monday, 25 April 2016 00:00

The Rise Of The Citizen Data Scientist

The data skills gap is a well-publicized issue, and true data scientists are a relatively rare species. One way that organizations are attempting to solve the issue is by empowering all employees with some data skills - whether this be a math or social science degree - to analyze the data themselves. These are known as citizen data scientists.

Gartner defines a citizen data scientist as ‘a person who creates or generates models that leverage predictive or prescriptive analytics but whose primary job function is outside of the field of statistics and analytics.’ They have predicted that by 2017, the number of citizen data scientists will have grown five times faster than their highly trained counterparts. According to Shawn Rogers, Chief Research Officer at Dell Statistica, ‘I think that 2016 could be the year of the citizen data scientist because users throughout the business want a more democratized approach to Big Data and analytics. Not every company can afford a data scientist, which is a big reason why citizen data scientists will become a big part of the data ecosystem as it evolves.’

Data is now at the heart of any operations, and its importance to decision making and innovation is only going to grow. By 2018, over half of large organizations worldwide will be using advanced analytics and proprietary algorithms to compete, while by 2020, companies will be spending 40% of their net new investment in business intelligence and analytics on ’predictive and prescriptive analytics.’ Fundamentally, this means that everyone in the organization needs to be able to leverage the data to some degree, and it cannot simply be left to one highly trained individual sitting at the top of the firm dishing out insights as they deem fit.

...

https://channels.theinnovationenterprise.com/articles/the-rise-of-the-citizen-data-scientist

Monday, 25 April 2016 00:00

Elephants in your datacentre

ep, there is you know, big, grey and imposing (not yellow and cuddly like this fella!)… OK, not literal elephants of course… well if there is you may have some different challenges to the ones I’m looking to address in this post, may I suggest the nearest zoo!

What do I mean then with this figurative elephant?

Data is the lifeblood of our businesses and in the modern business world we all discuss its management and protection endlessly. There is however an elephant in the room. One we choose not to discuss because it is getting increasingly more difficult to control and we are unsure as to what to do about it.

I think the above quote is a pretty accurate summation of the problem, data is a big complex beast and Nellie aside, how do we go about tackling it.

...

https://techstringy.wordpress.com/2016/04/22/elephants-in-your-datacentre/

Friday, 22 April 2016 00:00

Incident Management – The New Frontier

Compliance programs are required to create and manage case investigation systems to handle potential misconduct, investigate allegations of wrongdoing and then dispense discipline. Lessons learned from these investigations are valuable sources of information to improve compliance programs.

Chief compliance officers play a critical role – either supervising the internal investigation system or coordinating with other functions in the organization to monitor internal investigations. Along the way, companies have built effective hotlines, triage protocols, investigation policies and practices processes to evaluate and dispense discipline. CCOs regularly report to the board on the major investigations and the overall investigation system, including nature of complaints, time to resolve complaints and conduct investigations, and handling of whistleblower concerns.

I like to label all of the above as a company’s effort to promote organizational justice. Within the system itself, principles of a judicial system apply with equal force – fairness, transparency, and consistency. Like our country’s judicial system, the company’s judicial system can be judged on very similar criteria.

...

http://blog.volkovlaw.com/2016/04/incident-management-new-frontier/

It’s your job to walk into a conference room full of Board directors and, in a short presentation, convey a holistic, accurate picture of all the information technology risks across your entire organization. Now, imagine you were expected to prepare for this make-it-or-break-it meeting, which may involve delivering negative and expensive news to executives, using only email and spreadsheets. Ready? Go!

Communicating risk posture and assessments to the highest levels of an organization is a demanding and increasingly pivotal responsibility in businesses that rely on information technology—in other words, almost every business. In a world where business and infrastructure run on digital technology that is vulnerable to highly skilled hackers, protecting those technology assets is quickly becoming Job #1.

In fact, a recent survey showed that, of IT professionals who responded that security was their main focus, 34 percent spend most of their time on IT risk management and 25 percent primarily spend time on regulatory compliance. IDC projects that by 2018, the financial services sector will spend more than 18 percent ($96 billion) of their total IT dollars on risk management technology and services.

...

http://corporatecomplianceinsights.com/ready-for-risk-painting-an-accurate-picture-for-the-board/

Edge data centers have been a hot topic since about two years ago, fueled by the grand expansion ambitions data center providers that chose to go after the edge market had.

Companies like EdgeConneX, whose expansion ambitions were the grandest (it went from zero data centers to 20 in a period of two years), and vXchnge, which also expanded quickly, primarily by buying existing facilities (in one deal last May, for example, it acquired eight SunGard facilities), have gone after the demand for data center space outside of the top markets.

An edge data center, essentially, is a facility where long-haul network carriers interconnect with local ISPs and internet content providers who cache their data in the facility so that they don’t have to pay to transport it from the big cities. The effect is described as extending the internet’s edge, “edge” meaning the last stop from where content is delivered to the consumer.

...

http://www.datacenterknowledge.com/archives/2016/04/21/survey-half-of-it-pros-have-no-edge-data-center-plans/

This perspective provides an overview of the Business Continuity Institute’s Professional Practice 5 (PP5) – Implementation, which is the professional practice that “executes the agreed strategies and tactics through the process of developing the Business Continuity Plan (BCP)”. As part of the business continuity planning lifecycle, Implementation activities continue following strategy selection in PP4, with the goal of documenting business continuity plans that aid the organization in recovery at the strategic, tactical, and operational levels.

PP5 OVERVIEW

PP5 provides the business continuity practitioner with guidance on two topics specific to documenting the organization’s business continuity plans. First, the Good Practice Guidelines (GPGs) provide a detailed description of a business continuity plan, including general principles, as well as concepts and assumptions for documenting plans. Second, PP5 provides guidance on developing a business continuity plan, as well as managing the plan after creation. Let’s take a deeper dive into each area.

...

http://perspectives.avalution.com/2016/business-continuity-implementation-an-overview-of-bci-professional-practice-5/

Moore’s Law may well be coming to an end with respect to microprocessors, but if the speed of processing power is to continue to develop (especially in today’s digital world of Big Data), other areas of computing need to be examined if it is to progress and improve.

Drawing on vast numbers of crunching resources in the cloud is one of the main ways that computing can continue to advance. By sharing computer capacity, processing capability improves which enables businesses to be more effective and innovate.

I am old enough to remember SETI (Search for Extra-Terrestrial Intelligence) when it was big in the ’90s. It was software that you could download so when you were offline your computer capacity could be shared with systems around the world and mine massive data to search the universe for extra-terrestrial intelligence. This is one of the first examples of cloud – using shared resources.

...

http://www.datacenterknowledge.com/archives/2016/04/21/future-computing-moores-law-not-know/

What do you think when you hear Hybrid IT?   Does your mind go to a 3rd kind of not quite private, not quite public cloud that your team needs to build?

Fear not.  Hybrid IT is not another type of cloud but rather a strategy for your organization to quickly and cost-effectively deploy technology across multiple platforms.  It is a service delivery strategy that places the right workload into the right environment based on business need.  That need could be speed of deployment, performance, cost, or security.  The essence of hybrid IT can be summarized in the following quote from EMC World last year:

“I want to be able to tell our business units, if you want to stand up services on the private cloud, go ahead.   We have the technologies and operating processes to do that.  And when it’s time to move appropriate workloads to a public cloud, we have the technologies and operational processes to do that too.” – Eric Craig, CTO, NBC Universal

...

http://blogs.cisco.com/datacenter/hybrid-it-its-a-strategy-not-something-you-build

An interesting “separation of church and state” conundrum is bubbling up in the software industry. While the new public cloud model demands developers to take ownership of security, there’s still room and reason for security controls to become an entity handled on their own—separate and transparent from the developer.

Historically developers have focused on developing software, not on configuring a security posture, but that model has changed of late. In today’s dev-ops world, everything has converged. The software developer has become responsible for many operational aspects, including security. A lot of this change stems from the rise of the self-service model. Developers go to AWS and they’re on their own; nobody else is in charge of security. Therefore, software developers have to think about security—how do I set up access control, how do I set up security groups, and how do I encrypt data, or not? Security controls are built into the developer workflow.

As I see the world evolving, I believe IT needs will drive us back to a paradigm where security controls are independent of developer activity. There’s a strong appetite on the part of customers to have a set of controls that are managed independently of developers and operations. I think that’s a good thing.

...

http://www.forbes.com/sites/tomgillis/2016/04/21/separate-is-good-developers-shouldnt-be-responsible-for-security/

Friday, 22 April 2016 00:00

BCI: Cyber Resilience Survey

How does your organization perceive the cyber threat? Have you suffered from some form of cyber security incident during the last year, and what impact did it have on your organization? Do you feel you have adequate measures in place to deal with such an event, and perhaps just as importantly, do you have the backing of senior management to put measures in place to deal with them?

These are the questions the BCI is asking as part of its latest research project – the cyber resilience survey – which will inform a new report to be published later this year.

Please do take the time to complete the survey. It will only take a few minutes and each respondent will be in with a chance of winning £100 of Amazon vouchers.

Find the survey here: https://www.surveymonkey.co.uk/r/BCI-Cyber-Resilience-Survey-2016

RIDGELAND, Miss. – All applicants receive letters from FEMA explaining the status of their applications and whether or not they are eligible for assistance from FEMA. Some may receive text messages about their application.

Take the time to read the document thoroughly. Sometimes people do not immediately qualify for financial help and the reason may be fixed simply. The following are some common reasons for not qualifying:

  • The applicant did not sign the required documents;

  • Proof of ownership or occupancy was not supplied;

  • No proof the damaged property was the primary residence at the time of the disaster.

  • Someone else in the household may have applied and received assistance.

  • No paperwork showing the damaged property was the primary residence at the time of the disaster.

If questions arise, call the FEMA helpline (voice, 711 or relay service) at 800-621-3362. (TTY users should call 800-462-7585.) The toll-free lines are open 7 a.m. to 10 p.m. seven days a week. You also can take the letter to a visit a disaster recovery center and talk with staff individually. To locate the nearest center, visit FEMA.gov/DRC or call the FEMA helpline.

FEMA can never duplicate insurance benefits or other government sources, but if insurance is not enough to cover all the eligible damage, FEMA’s initial determination of ineligibility may change.

Every applicant has the right to file an appeal. The original letter provides an explanation of what steps need to be taken to appeal FEMA’s decision. Bring the letter to a disaster recovery center for help with the appeals process or call the FEMA helpline. Appeals must be filed in writing within 60 days of the date of the determination letter. The letter must explain why the initial decision was wrong and provide any new or additional information.

Appeals can be mailed to:

FEMA – Individuals & Households Program

National Processing Service Center

P.O. Box 10055

Hyattsville, MD 20782-7055

For more information on Mississippi’s disaster recover, visit FEMA.gov/Disaster/4268 and MSEMA.org.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you are deaf, hard of hearing or have a speech disability loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

The U.S. Small Business Administration is the federal government’s primary source of money to help business of all sizes, private non-profit organizations, homeowners and renters rebuild and recover after a disaster. SBA low interest disaster loans repair and replace property losses not fully compensated by insurance and do not duplicate benefits of other agencies or organizations.

The fight between Apple and the FBI brought the concept of using backdoors to break encryption to the mainstream. The initial battle may have ended with the FBI hiring someone to hack into the phone (and I have to ask – was anyone surprised that an outside hacker was able to do the deed?).

The battle from Apple’s point of view also drew a lot of support from tech companies and IT professionals. A new study from Spiceworks provides some insight as to why IT pros are concerned about backdoors, encryption and overall security. In general, IT pros believe the existence of backdoors, whether they are there for government agencies, law enforcement, or anyone else, puts their company at greater risk of a cyberattack or data breach. The reason, according to the survey, is simple: Hackers are already very good at outsmarting security systems, and if backdoors are provided as a way to help solve legal and national security concerns, it is only a matter of time until hackers are using them for their own nefarious goals. Backdoors, the IT pros believe, put personal and financial data at greater risk.

The survey revealed something else that I found more surprising. Although 57 percent said that they believe encryption actually helped prevent a data breach, encryption isn’t as widely adopted as a security layer as one would think, as the Spiceworks report stated:

...

http://www.itbusinessedge.com/blogs/data-security/it-professionals-balk-at-backdoors-but-arent-diligent-about-encryption.html

Historic flooding has left the Houston metropolitan area inundated once again this week, killing at least seven people, flooding 1,000 homes and causing more than $5 billion in estimated damages in Harris County alone. Gov. Greg Abbott declared a state of disaster for nine counties in and around the Houston area. The widespread nature of the disaster prompted the city of Houston to call this the largest flood event since Tropical Storm Allison, which devastated southeast Texas in 2001, causing $9 billion in damage and $1.1 billion in insured losses.

According to Harris County Judge Ed Emmett, about 240 billion gallons of rain fell on the Houston area this week. That’s the equivalent of 363,400 Olympic-size swimming pools, CNN reported. After 10 inches of rainfall fell in six hours Sunday night into Monday, powerful, slow-moving thunderstorms had paralyzed the region Monday, but storms continued through Wednesday.

Having some of the hardest rainfall overnight helped a bit to mitigate the dangers this week. While this made it difficult to predict, it allowed people to better make choices about going out, as opposed to last year’s floods around Memorial Day, Emmett told the Houston Chronicle. Nevertheless, emergency crews made more than 1,200 high-water rescues, many residents had to evacuate to shelters, and for those who were able to shelter in place, 123,000 homes had no power at the height of the flooding. Officials have also expressed concern about two local dams that have been rated “extremely high risk and are at about 80% capacity, but they are not in immediate danger of failing.

...

http://www.riskmanagementmonitor.com/houston-faces-largest-flooding-event-since-tropical-storm-allison/

In the weeks since the revelation of the Panama Papers, the world of the rich and powerful has been reeling. A single cyberattack against Mossack Fonseca, a quiet Panamanian law firm, has sent a tsunami around the world, toppling one world leader so far, with more turbulence to come.

The attacker absconded with a vast trove of information, consisting of millions of documents, emails, and other information – so much information, in fact, that journalists and other investigators have been poring through it for over a year.

Still a mystery: the identity or identities of the attackers. Perhaps an insider with access to secret passwords? Or maybe a skilled attacker, well-versed in the intricacies of cyberespionage?

...

http://www.forbes.com/sites/jasonbloomberg/2016/04/21/cybersecurity-lessons-learned-from-panama-papers-breach/

While space elevators and colonies on the moon are still squarely in the realm of science fiction, developed countries like the United States heavily utilize satellites, so-called space infrastructure, to facilitate and support communication functions, entertainment systems, weather forecasting, search-and-rescue functions, global positioning systems and national defense elements.

As of 2015, there were more than 1,000 active government and private satellites in space with an additional 2,600 devices that no longer function. These nearly 3,700 items range in size from a few pounds to as big as a school bus. More than 15 countries and hundreds of private companies own these satellites. Of the active satellites, there are 502 active American, 188 Russian and 116 Chinese. 

These man-made objects are not the only things in space. In fact, the United States Surveillance Network estimates that there are more than 21,000 objects larger than 10 centimeters (about 25 inches) orbiting the Earth, with an additional 500,000 smaller pieces. All natural and man-made space objects travel at extraordinary speeds even if they are geospatially maintained in many cases. As these items continue to increase in number and interaction, there is a risk to the critical infrastructure systems discussed earlier that are maintained through the multitude of satellites.
...

Microsoft’s mad-scientist data center research crew appears to have liked the results they’ve seen after submerging a relatively small underwater data center pod somewhere off the coast of California last year as a test. The team has stepped up its underwater data center ambitions, the project’s lead told a conference in New York Wednesday.

While still in preliminary planning stages, the next underwater deployment may be about four times the size of the first pod, or about the size of a shipping container, Ben Cutler, the project’s manager, said, according to Data Center Frontier.

The first pod, a 10-by-7-foot cylindrical shell that contained a single rack of servers, went underwater around August of last year. The Project Natick team pulled it out and brought it back to the Microsoft headquarters in Redmond, Washington, in December to collect experimental data.

...

http://www.datacenterknowledge.com/archives/2016/04/21/microsoft-bigger-underwater-data-center-in-the-works/

AUSTIN, Texas – Disaster recovery experts today urged applicants for federal assistance to complete a disaster loan application from the U.S. Small Business Administration. Taking a loan is not required; completing the application can open the door to all federal assistance, including possible additional grants from the Federal Emergency Management Agency. If approved, and a survivor does not accept the loan, it may make them ineligible for additional federal assistance.

Many Texans who register for disaster assistance with FEMA will receive an automated call from SBA with information on how to complete the loan application process. These low-interest SBA loans are the major source of funding for disaster recovery.

SBA provides low-interest loans to businesses of all sizes (including landlords) and to homeowners, renters and eligible private nonprofit organizations that sustained disaster damage. There is no cost to apply for a loan.

Assistance from FEMA is limited to help jump-start the recovery; it may not cover all damage or property loss. Completing the SBA loan application may make FEMA assistance available to replace essential household items, replace or repair a damaged vehicle, or pay for storage costs.

Interest rates can be as low as 4 percent for businesses, 2.625 percent for private nonprofit organizations and 1.813 percent for homeowners and renters with terms up to 30 years.

  • Eligible homeowners may borrow up to $200,000 for home repair or replacement of primary residences, and eligible homeowners and renters may borrow up to $40,000 to replace disaster-damaged or destroyed personal property, including a vehicle. 
  • Businesses of all sizes can qualify for up to $2 million in low-interest loans to help cover physical damages.
  • Small businesses and most private nonprofits suffering economic impact due to the severe weather and flooding can apply for up to $2 million for any combination of property damage or economic injury under SBA’s Economic Injury Disaster Loan program.

Applicants may apply online using the Electronic Loan Application via SBA’s secure website at DisasterLoan.sba.gov/ela.

Disaster loan information and application forms are available online at SBA.gov/disaster, from SBA’s Customer Service Center by calling 800-659-2955 or emailing DisasterCustomerService@sba.gov. Individuals who are deaf or hard of hearing may call 800-877-8339. Meet with an SBA representative at a Disaster Recovery Center to learn more about disaster loans, the application process or for help completing an SBA application.

Completed applications should be mailed to:

U.S. Small Business Administration

Processing and Disbursement Center

14925 Kingsport Road

Fort Worth, TX  76155

                                                                                                                                                   

People with storm losses, who still need to register with FEMA, can go online anytime at DisasterAssistance.gov. Survivors also can register with FEMA by phone (voice, 711 or video relay service) at 800-621-3362, TTY 800-462-7585. The toll-free lines are open 7 a.m. to 10 p.m. local time, seven days a week. Multilingual operators are available.

Federal disaster assistance is available to residents of Erath, Gregg, Harrison, Henderson, Hood, Jasper, Limestone, Marion, Newton, Orange, Parker, Shelby and Tyler counties that suffered damage in the severe storms, tornadoes and flooding, March 7-29.

There is something special about round tables. It gets people to open up, collaborate, and talk to everyone that sits at the table. Be it at home, in political discourse or in business, round tables help to solve problems, and foster the open exchange of ideas and thoughts.  It eliminates side or siloed conversations at the other end of the table. This is especially important when you put top experts together on a topical, and sometimes, a controversial subject.

It was with this spirit in mind that we accepted the Robert Frances Group (RFG) offer to join “The Rounds”, a new series of industry experts from users and vendors collaborating with RFG in the development of Open Cloud frameworks. Cisco has embraced open conversations, the sharing of ideas and participation in industry bodies and forums for a long time. As such, “The Rounds” was a perfect fit – so when RFG invited to join in, we gladly accepted.

...

http://blogs.cisco.com/datacenter/the-rounds-industry-experts-discuss-data-center-cloud-and-best-practices

With the recent White House order of a federal data center construction freeze, government agencies are now forced to do even more with less, including complying with growing regulation and accountability. The new Data Center Optimization Initiative mandates stricter goals and rules meant to reduce the government’s sprawling data center inventory and the money it takes to maintain it.

All too often, IT leaders find themselves constrained by legacy in-house data centers and connectivity options that fail to deliver required reliability and uptime, while meeting the mission’s budget.

Successful government agencies employ enterprise data center services to ensure mission-critical IT needs are met:

...

http://www.cyrusone.com/blog/federal-agenciesuse-data-centers-solve-key-issues/

Everybody loves a hardware upgrade, be it a smartphone, a tablet, a laptop or even a smart new server. It’s something shiny and new.

When we talk about upgrades or data migration though, it’s often more of a ‘must-do’ than a ‘nice-to-have’, whether it’s updating back office ERP systems, moving users from desktops to laptops or simply introducing a new back-up system.

So while not the most exciting part of an IT team’s workload, data migration is a necessary part of day-to-day maintenance and management. It is also not without its risks, including loss of data.

...

http://blog.krollontrack.co.uk/pieces-of-interest/migrating-data-what-to-watch-out-for/

Wednesday, 20 April 2016 00:00

Preparing for the Disruption of the IoT

The Internet of Things (IoT) promises to cause disruption in almost every industry. Companies need to examine how they can take advantage of connected products and services and plan for the significantly increased data workloads that will likely come with the deployment of sensor-enabled products. However, an expected surge in product innovation also means that companies should carefully consider how they will deal with the potential rise of new, more agile competitors whose business models will be based primarily on IoT products and services. Here are some points about the IoT I’ve been discussing with colleagues that organizations may want to consider.

...

http://blog.cutter.com/2016/04/19/preparing-for-the-disruption-of-the-iot/

Backup is broken. Anyone who has had to work with enterprise backup knows this to be the case. Gartner, in fact, published a report six years ago titled, “Best Practices for Addressing the Broken State of Backup.” One would think that, given how awful the state of backup was in 2010, the situation would have improved by now. But, unfortunately, the broken state of backup is actually getting worse, not better.

For example, a global survey of CIOs and IT pros in 2015 showed that, on average, an organization experienced 15 unplanned downtime events that year. This compares to the average of 13 reported in 2014. In addition, unplanned mission-critical application downtime length grew 36 percent from 1.4 hours to 1.9 hours year over year, and non-mission-critical application downtime length grew 45 percent from 4 hours to 5.8 hours. These outages cost the average organization $16 million a year, up 60 percent over 2014.

The central problem is that backup cannot provide what organizations really need: availability. After all, when a mission-critical application is down or the file server has crashed beyond repair, it’s cold comfort to have a backup of the data somewhere across town on a tape in an underground vault. The enterprise is undergoing a digital transformation in which executives, employees, customers and partners expect to have 24/7/365 access to data.

...

http://www.datacenterknowledge.com/archives/2016/04/19/backup-is-broken-enterprises-need-availability-instead/

Two earthquakes within a few days may seem like a lot for one region of a country to withstand, but in the case of the insurance and reinsurance industry early indications suggest the impact of the Japan quakes will be manageable.

A magnitude 6.5 earthquake struck the Kumamoto prefecture of Japan last Thursday. Just 28 hours later a magnitude 7.3 quake struck the region. So far, Japanese officials have confirmed 46 fatalities and more than 1,000 people injured.

Reports appear to show significant property damage in the region, but it’s too soon to know what insured losses will be.

...

http://www.iii.org/insuranceindustryblog/?p=4421

Many BCM practitioners talk about BCM standards, but few walk the walk. I write this blog as this subject continues to boggle my mind in today’s risk-filled environment.

I recently presented to two groups: one at a major conference in Orlando and the second at a leading continuity group in Nebraska. We spoke to a total of about 140 practitioners regarding standards and compliance. The attendees were all from mid-level to very large companies – some regulated, some not. Experience levels ran from beginner to advanced.

The first question I asked both groups was: How many of you have adopted a standard to drive your enterprise BCM program?

Want to guess what percentage had adopted a standard?  1%? 25%? 50%?  Less than 10% of the 140 had adopted a standard—a dreadfully low number.

...

http://www.mha-it.com/2016/04/why-are-bcm-practitioners-continuing-to-ignore-bcm-standards/

Data security is not optional. Organizations owe it to their clients to protect sensitive client data. And market forces in the form of reputation damage, revenue loss and hefty fines (for regulated data) ensure that there is plenty of incentive to do so.

As organizations move to address increasingly sophisticated security threats, they are often caught off guard by the many hidden costs of security and compliance, realizing (too late) that safeguarding data from current and future threats is more resource-intensive than first imagined—and is growing more so with each passing day.

In part 1 of this series, I’ve outlined five hidden costs of security and compliance that organizations often encounter when embarking upon data integration and management projects.

...

http://corporatecomplianceinsights.com/5-hidden-costs-data-security-compliance/

Rice University civil engineering professor Philip Bedient is an expert on flooding and how communities can protect themselves from disaster. He directs the Severe Storm Prediction, Education and Evacuation from Disasters Center at Rice University.

Starting late Sunday night, the Houston area began experiencing major rainfall. By Monday afternoon, rainfall totals in some parts of region had exceeded 15 inches in 24 hours. It’s an event many are comparing to to 2011’s Tropical Storm Allison, which devastated the region.

Bedient is hoping to make those type of flood events less devastating. He designed the Flood Alert System – now in its third version – which uses radar, rain gauges, cameras and modeling to indicate whether Houston’s Brays Bayou is at risk of overflowing and flooding the Texas Medical Center.

In an interview with Urban Edge editor Ryan Holeywell, conducted after the Memorial Day floods of 2015, he said more places need those types of warning systems.

...

http://www.emergencymgmt.com/disaster/Flood-Alert-System.html

Over the next four years, 35 percent of the core skills you have today will change. As a storage engineer, what do you think these changes might be?

I recently had an interesting meeting with storage engineers who were considering a move to a commodity type storage infrastructure with little or no data management capabilities.

They were so enamored by the technical specifications of the new equipment that they said they were quite comfortable giving all of the data management capabilities that were inherent in their existing storage array up to the virtualization layer or to the applications themselves. Basically all of the value that used to be offered like data management, data protection, and replication capabilities were going to be given to other teams in the organization.

...

http://www.datacenterknowledge.com/archives/2016/04/18/whats-storage-engineers-future-role/

Pivotal kills its own Hadoop distribution. Google uses machine learning to help you reach your goals. Dell updates Statistica to make it easier for so-called citizen data scientists. Workday enhances its analytics -- and more in this week's Big Data Roundup.

This time let's start with Workday. This cloud-based HR software application provider -- or human capital management (HCR) as it's called today -- this week announced a new set of enhancements to its analytics capabilities. The company unveiled new finance and workforce-related scorecards and dashboards that enable customers to gain insight into real-time transactional data and predictive analytics, the company said in a statement announcing the news.

Specifically, Workday said, the new dashboards and scorecards will let customers predict and manage their customer collections. For instance, organizations can use the predictive capabilities to determine the likelihood of an invoice being paid on time. Workday said this can help revenue managers address accounts receivable issues and do a more accurate job of forecasting revenue.

...

http://www.informationweek.com/big-data/big-data-analytics/pivotal-changes-elephants-big-data-as-a-service-growing-big-data-roundup/d/d-id/1325156

Will the cold storage data center of the future include a DNA synthesizer? According to a new research paper by the University of Washington and Microsoft, it’s a strong possibility.

Today, we generate data faster than we can increase storage capacity. The volume of digital data worldwide is projected to exceed 16 zettabytes sometime next year, the paper’s authors wrote, citing a forecast by IDC Research. “Alarmingly, the exponential [data] growth rate easily exceeds our ability to store it, even when accounting for forecast improvements in storage technologies,” they said.

A big portion of the world’s data sits in archival storage, where the densest medium currently is tape, offering maximum density of about 10 GB per cubic millimeter. One research project has demonstrated an optical disk technology that’s 10 times denser than tape.

...

http://www.datacenterknowledge.com/archives/2016/04/18/can-nature-help-us-solve-the-impending-data-storage-crisis/

After a billion dollars and many years spent deploying a state-of-the-art earthquake warning system, there are still important lessons to be learned from the Tohuko and Kumamoto earthquakes.

The Kumamoto Prefecture, located in the center of Japan’s southwestern Kyushu island, was recently struck by two sizable earthquakes. As of this writing, more than 40 people have been reported dead, with at least 11 missing. The damage sustained has been quite severe for earthquakes of this magnitude (6.4 followed by 7.3), which may, to some extent, be associated with older building stock that was constructed before modern seismic building codes were implemented. Some of the damage can be seen on the Japan Times website.

A number of people (including Emily Chang on Bloomberg West) are wondering how our earthquake warning capability compares to the Japanese system. I might summarize these concerns as:

...

https://blog.seismicwarning.com/corporate/2016/04/18/what-can-california-learn-from-the-recent-earthquakes-in-japan/

Virtualisation continues to grow in popularity as it offers different ways of backing up our data, in addition to being able to ensure that business-critical systems remain online in the event of an emergency.

Some people have even hailed virtualisation as the next frontier of computing. But do you know what is computer virtualisation and how can you or your clients benefit from it? Let’s take a step back and first review what virtualisation is and how it works.

...

http://blog.krollontrack.co.uk/the-world-of-data/virtualised-tape-library-silver-bullet-business-continuity/

(TNS) - It has been nearly a year since heavy storms and rains in late spring of 2015 brought widespread damage and flooding to the region. With the floods on Father’s Day, which saw high water in areas not known for flooding, still a recent memory to many, city officials are looking for ways to prevent similar events from occurring again.

City officials are currently working on updates to Denison’s Flood Damage Prevention Ordinance, which presents guidelines for development about how to prevent flooding issues at the site and further downstream.

“Our goal is to reduce the probability of flood damage happening around our drainage areas,” City Manager Jud Rex said on Thursday, referring to drainage ditches, culverts and other features designed to handle runoff from storms.

...

http://www.emergencymgmt.com/disaster/How-Denison-is-trying-to-mitigate-future-flood-damage.html

Oracle is beefing up its services to marketing and advertising-focused customers with the acquisition of an Israeli company that tracks how users engage with advertising and media.

Oracle announced that it will buy Crosswire, a provider of machine-learning based cross-device data that can help marketers track cross-device advertising, personalization, and analytics.

Oracle did not disclose the conditions of the deal, but press reports say Oracle paid approximately $50 million for the venture-funded startup founded in 2013.

...

http://www.informationweek.com/big-data/software-platforms/oracle-buys-crosswise-for-cross-device-tracking-marketing-cloud/d/d-id/1325176

It's up to those in the resiliency profession to help companies be in a position to continuously deliver their services.

In the cognitive era, organizations are using technology to process data more quickly than ever and correlate results that could be difficult to imagine in the past. These capabilities are crucial for resiliency.

Cognitive computing is changing how industries do business by providing access to data that enables critical decision-making, reduces time frames for key business deliverables, and ensures products get to market efficiently and effectively.

...

http://www.informationweek.com/partner-perspectives/ibm/resiliency-in-the-era-of-cognitive-computing/a/d-id/1325179

Monday, 18 April 2016 00:00

Building a Successful Hybrid Cloud

There is a lot to be said for the hybrid cloud. It blends local control and security with scale-out resources and operational flexibility, all of which are emerging as crucial factors as organizations make the transition to digital business models.

Indeed, if the hybrid cloud were not so effective, no one would give it a second thought. But this does not mean it is trouble-free. And the further along the enterprise goes in the transition to cloud-based infrastructure, the more glaring the deficiencies become.

At the moment, of course, the benefits outweigh the risks in the eyes of most enterprise managers. According to a global survey of 500 IT decision makers, the vast majority say the hybrid cloud is crucial in maintaining a competitive advantage and lowering the cost of data infrastructure. This is manifesting itself in a number of ways, including improved collaboration between IT and line-of-business managers and increased self-service resource provisioning so knowledge workers don’t succumb to the lure of shadow IT. The challenge, however, is to ensure that resources and data sets can be integrated across local and distributed infrastructure, while at the same time building up internal skillsets to oversee this new form of infrastructure and to ensure it does not get bogged down with overly complex management and security systems.

...

http://www.itbusinessedge.com/blogs/infrastructure/building-a-successful-hybrid-cloud.html

(TNS) - Boyd County 911 will begin a transition from Nixle alerts to more specific updates through AlertSense.

Boyd 911 Director Sandy Ott said the new system will feature geo-locating capabilities and voice dialing to landlines so alerts can not only be more specific, but also reach those who do not have access to text messaging or computers.

Administrative training will begin this summer and Ott hopes the new system can launch as soon as June 1.

Ott explained that AlertSense will allow government agencies to post from the same source so that users will not have to sign up for individual alerts.

...

http://www.emergencymgmt.com/next-gen-911/Boyd-911-system-to-switch-this-summer.html

(TNS) - Japan was intensifying search and rescue operations on the southern island of Kyushu Friday amid a series of aftershocks, after a 6.5-magnitude earthquake killed at least 9 people and injured about 1,100, the government said.

The government deployed more than 3,000 people to Kumamoto prefecture, the hardest-hit region in Thursday's quake, as Prime Minister Shinzo Abe vowed to make its utmost efforts in the operations.

"We will do our best to ensure the safety of residents," Abe told reporters.

Walls and houses collapsed in Mashiki, a rural town of 33,000 residents, 900 kilometres south-west of Tokyo, when the quake struck at 9:26 pm Thursday (1226 GMT) at a depth of 11 kilometres, local officials said.

...

http://www.emergencymgmt.com/disaster/Japan-boosts-rescue-efforts-after-quake-kills-9.html

Monday, 18 April 2016 00:00

Making sense of enterprise security

Until recently, I knew nothing about enterprise security beyond some of the more widely publicized breaches in the United States.

That said, after spending most of 2016 immersed in the space, I’ve come to appreciate just how challenging and broad an issue security has become to enterprises.

I’ve also come to believe that our best hope for solving security is by understanding humans — the perpetrators and victims of cyberattacks — and, as a result, I’m convinced that security is fundamentally a human identity problem.

...

http://techcrunch.com/2016/04/16/making-sense-of-enterprise-security/

(TNS) - As they so often do, 911 calls came fast and furious on a recent weekday afternoon. A residential burglary. A business burglary. A person with a gun. They all happened at once, in different Evansville neighborhoods.

Amy Worthington was on top of it. Seated in the City-County Dispatch Center, with four computer screens in front of her and her headset in place, Worthington navigated Evansville Police Department officers to each event.

Officers were stretched so thin at the time that Worthington had to send two patrol units that normally work the South Sector out of their jurisdiction to one of the burglaries. It was such a busy few minutes that at one point, only three EPD cars were freely patrolling the city.

...

http://www.emergencymgmt.com/next-gen-911/For-911-operators-technology-helps-but-job-still-stressful.html

(TNS) - A year and a half ago, the Hunter brothers of Vallejo were not sure there would be a light at the end of the tunnel created for them by the so-called South Napa Earthquake.

The Mare Island building, which housed their successful business, was badly damaged in the Aug. 24, 2014 temblor, forcing them to move and they weren’t sure where they were going to go.

The last part of that process — moving Western Dovetail’s offices into the firm’s new Mare Island building — was recently completed, and everyone is letting out a collective sigh of relief.

...

http://www.emergencymgmt.com/disaster/Mare-Island-business-finally-recovered-from-2014-earthquake.html

JACKSON, Miss. – Floodwaters have receded from the severe storms that hit beginning March 9, but they are leaving behind the perfect damp environment for mold and mildew to thrive, advises state health officials.

According to the Mississippi State Department of Health (MSDH), mold can be identified by its musty, earthy odor and its fuzzy growth or discoloration on hard surfaces, furniture and carpeting. But it is not always visible – it can spread through cooling/heating ducts as well as wall insulation. It can cause coughing, sneezing, wheezing and asthma that should be treated by a doctor.

Mold should be cleaned up as soon as possible or it may create health hazards, especially among the elderly, the very young and those with compromised immune systems, allergies or asthma.

MSDH recommends a two-step cleaning process. First, clean all hard surfaces, such as metal, glass, solid wood, plastic and other nonporous materials with a non-ammonia detergent and hot water. Then, disinfect all cleaned surfaces with a 10-percent household bleach solution (one-and-a-half cup of bleach in one gallon of water).

Then dry or air dry by opening windows and doors, and turning on ceiling fans for more ventilation.

Do not mix bleach with ammonia or other cleaners. Wear protective gear including rubber boots and gloves, goggles and an N-95 mask while cleaning.

According to the health department, the general rule for porous materials is if you cannot wash it, throw it away. Throw out all moldy items that cannot be thoroughly cleaned, such as carpets, mattresses, upholstered furniture, stuffed animals, pillows, wall coverings and all paper products. Remove drywall or insulation that has been dampened by floodwater. Allow the wall studs to dry before installing new insulation and drywall.

For areas of mold clean-up larger than 30 square feet, please consult a professional mold remover.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Google is reimbursing Google Compute Engine users up to 25 percent of their monthly charges after an outage that impacted instances across all regions on Monday.

The outage lasted 18 minutes, and did not affect Google App Engine, Google Cloud Storage, or other Google Cloud Platform products. While 18 minutes may not sound like a lot of time, in the cloud world it is. And because the outage impacted multiple regions, it meant clients couldn’t failover to a new region in order to mitigate the impact of the outage.

According to a lengthy and apologetic post mortem on the Google Cloud Platform status page on Wednesday, the issue began when engineers removed an unused GCE IP block from its network configuration and instructed its systems to propagate the new configuration across the network.

...

http://www.datacenterknowledge.com/archives/2016/04/14/google-reimburses-cloud-clients-massive-google-compute-engine-outage/

2015: Europe's most lethal year for terrorism in a decade

2015 was the most lethal year for terrorist violence in Europe in nearly a decade as terrorists increasingly target private citizens and public gatherings, according to a study by Aon Risk Solutions. This marks the first net increase in global terrorism risk ratings since 2013, with the risk ratings of 18 countries experiencing an increase and 13 countries seeing a decrease.

For the first time since Aon's Terrorism and Political Violence Map was first created in 2007, shootings have overtaken bombings in the western world, while the targeting of civilians in public spaces has become more commonplace. Since January 2015, nearly one-third (31%) of all attacks in the western world targeted private citizens and public gatherings.

The global threat posed by Islamic State dominates many of the map findings this year, as the group entered a more aggressive phase of mounting mass casualty attacks in 2015 and early 2016, with the United States, France, Turkey and Belgium all affected. The terrorist organisation’s activities have contributed to sustaining or increasing risk levels in more than a dozen countries worldwide. Far-right activism as well as civil unrest risks stemming from the European migrant crisis and the increasing influence of extremist parties have also driven rating increases.

Our 2016 map demonstrates increasing regional instability and a growing spectrum of potential risks,” said Scott Bolton, director in Crisis Management at Aon Risk Solutions. “The threats highlighted in the map should encourage business leaders with global footprints to adopt a more strategic risk management approach to limit the impact of attacks on their people, operations and assets. Understanding how they are exposed to the peril is key to achieving this outcome.

With all this as a backdrop, it is easy to see why acts of terror have increased as a concern for business continuity professionals according to the Business Continuity Institute’s latest Horizon Scan Report. In this report it was ranked as the fourth greatest threat with 55% of respondents to a global survey expressing concern about the prospect of an act of terror impacting on their organization. It is therefore essential that organizations have business continuity plans in place that will enable them to manage through the disruption caused by a terrorist event, whatever form it may take.

(TNS) - The City Council has discussed paying a contractor to help the city prepare natural disaster response plans.

Such preparation services could cost the city as much as $19,000, but the contractor would bring valuable experience navigating FEMA regulations, officials said.

The contractor’s services could also help the city obtain more reimbursement money from FEMA in the event of a natural disaster, a council member noted.

...

http://www.emergencymgmt.com/disaster/Council-considers-contractor-for-disaster-prep.html

JEFFERSON CITY, Mo. - Until it happens to them, most people don’t realize that even an inch or two of water can cause thousands of dollars in damage. During the recent floods in Missouri, thousands experienced the trauma of flooded homes and businesses. The toll not only includes the heartbreak of losing precious possessions, but financial hardship, especially for those who don’t have flood insurance.

Spring, when flooding is typically most severe, has arrived. But you can still purchase a National Flood Insurance Program (NFIP) policy to protect your home and its contents or your business. Remember – there is a 30-day waiting period before a policy takes effect.

Homeowners' insurance doesn't cover flood damage, but the NFIP does. Funded by the Federal Emergency Management Agency (FEMA), NFIP makes flood insurance available for communities that participate in the program, regardless of whether the area is high, low, or medium risk. NFIP carries a maximum coverage of $250,000 for homes and $100,000 for contents. Business coverage is a maximum of $500,000 for building and $500,000 for contents.

Many Missouri residents decided to buy flood insurance to protect against the risk of flooding. The amount of claims paid to homeowners and renters with flood insurance is more than double the amount of FEMA grants and U.S. Small Business Administration (SBA) loans in several counties designated for federal assistance for damages from the recent flooding:

  • In Taney County, the National Flood Insurance Program (NFIP) paid policyholders more than $4.2 million in claims. Comparably, FEMA and SBA paid a total of $416,724 in grants and loans.

  • In St. Louis County, NFIP paid policyholders more than $14.3 million in claims, while loans and grants to St. Louis County residents totaled more than $6.8 million.

  • In Phelps County, NFIP paid nearly $1.9 million to policyholders while FEMA and SBA assistance was $254,254.

FEMA Individual Assistance can pay for losses not covered by insurance such as temporary rental assistance. Flood insurance can potentially provide your family with much more money – up to $350,000 – after a flood.

It’s also important to remember that NFIP insurance covers flood damage regardless of where there is a federal disaster declaration. That is another benefit of being covered by insurance.

To learn more about any property's flood risk, estimate an NFIP premium or locate an insurance agent who sells flood insurance, log on to www.floodsmart.gov. For flood information and safety tips visit www.ready.gov/floods. Find the Spanish-language web site at www.listo.gov.

###

For breaking news about flood recovery, follow FEMA Region 7 on Twitter at https://twitter.com/femaregion7 and turn on mobile notifications or visit the FEMA webpages dedicated to this disaster at www.fema.gov/disaster/4250.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

Nearly two thirds of healthcare IT leaders reported experiencing a data breach, and nearly one in five said the breach occurred in the past year, according to a new survey.

The Healthcare Edition of the 2016 Vormetric Data Threat Report, comissioned by data protection firm Vormetric, was based on a poll of 1,100 IT security managers, including more than 100 from healthcare organizations.

...

http://mspmentor.net/msp-mentor/survey-63-percent-healthcare-it-bosses-report-past-data-breaches

Many states are enduring tornado season, and all of the destruction and disaster that goes a long with tornados. Tornados can cause so much devastation in such a short amount of time. David Conrad, EMA director, said that form the time a warning siren goes off, the tornado has already passes within 6 minutes of that[1]. When communities issue a “watch”, it means that conditions are favorable and citizens should be on the lookout. Once a “warning” has been issued, that means that a tornado has been spotted.

In Osceola County, Florida, the city will sound the sirens once the National Weather Service issues a tornado warning for their area[2]. For the NWS to issue a tornado warning, weather conditions must line up perfectly. Often, the last minute siren is not enough notice to fully prepare for a full speed tornado. Osceola relies on social media and Nixle to help inform residents of looming weather conditions and keep them safe.

...

http://www.everbridge.com/nixle-in-action-new-age-of-tornado-warnings/

You may not know it, but last month we celebrated World Backup Day, in which the tech industry encouraged both consumers and professionals to back up their important data. The occasion served as a good reminder for data center professionals that backing up critical data means having the right power protection strategy in place to ensure data center downtime doesn’t translate into lost revenue for their businesses.

But not everyone took notice. In fact, it’s somewhat surprising that many operators consider reliable power protection to be low on their list of priorities, even though it can have major implications for data loss. During the course of operation, power sags, surges and outages are unavoidable, and more than capable of damaging valuable IT equipment and cutting off access to important data. Because of this, it’s essential that data center operators incorporate a robust power protection solution into their overall data center design strategies.

This article will provide an introductory overview of why comprehensive power protection is critical to ensuring continuous uptime in the data center. Additionally, we’ll look at an example of how one data center operator, ByteGrid, recently implemented a comprehensive power management and monitoring solution to help ensure reliability and reduce the risk of downtime in its facility.

...

http://www.datacenterknowledge.com/archives/2016/04/14/reliable-power-protection-critical-data-center-operators/

A new study out from CloudPassage — a cloud security firm based in San Francisco — concludes that the American higher-education system is failing at preparing students for careers in cybersecurity.

CloudPassage hired a third party consultant to analyze computer science programs at 121 universities listed on three rankings which included U.S. News and World Report’s Best Global Universities for Computer Science, Business Insider’s Top 50 best computer-science and engineering schools in America, and QS World University Rankings 2015 – Computer Science & Information.

The University of Michigan (ranked #12 on the U.S. News & World Report’s list) is the only program in the top 36 which requires a cybersecurity course for graduation.

...

http://www.forbes.com/sites/stevemorgan/2016/04/14/top-u-s-computer-science-undergrad-programs-flunk-cybersecurity/

Emergency communication planning has become a key element of many businesses, but a surprising number of organizations are still completely unprepared for a potential crisis. According to the Business Continuity Institute, 14 percent of businesses do not have an emergency communications plan, and 68 percent of those organizations would only create one if they experienced a business-impacting event.Of course, having a plan does not necessarily mean you are prepared for the next big crisis. When was the last time you truly assessed your communication plan?

For quick and effective response during an emergency, you should be testing your business communication plans on a regular basis, as well as any time there is a significant change in your company. This might include newly-hired departmental heads or executives, business expansion or the use of new technology platforms.

Of course, there are several ways to ensure that a crisis communication plan is up to date and performing as intended. Here, we look at four ways to test your organization’s plans and make sure they are getting the right message across:

...

http://www.rockdovesolutions.com/blog/4-ways-to-test-your-business-communication-plans

Wednesday, 13 April 2016 00:00

Five Tips to Prepare for a Program Audit

As BCM professionals we have all gone through program audits at one time or another. It is in our best interest to know what to expect from an auditor, how to deal with the audit experience in a positive way, and how to respond to findings and move our program forward.

At MHA, we are the BCM Office for a good number of our clients. We manage each program using industry best practices and standards as our measuring stick to ensure that the program provides the highest level of resiliency and meets or exceeds compliance requirements. We know which of our managed programs are in line with best practices and which ones need more time and work. Audits are a part of our daily consulting efforts.

We are finding that it is increasingly common for audits to be inconsistent in their application, findings, and outcomes. It is not unusual for audit findings to conflict with what we know to be the true state of compliance in a BCM program. Common conditions we see during audits:

...

http://www.mha-it.com/2016/04/five-tips-preparing-responding-audit/

Wednesday, 13 April 2016 00:00

Zika 'Bit Scarier Than we Thought'

(TNS) - Researchers tracking the explosive spread of the Zika virus are warning that infected mosquitoes could soon arrive in the Bay State, though local infectious disease experts are tamping down fears of a widespread outbreak in Massachusetts.

“Everything we look at with this virus seems to be a bit scarier than we initially thought,” Dr. Anne Schuchat of the Centers for Disease Control and Prevention said at the White House yesterday, stressing that while an outbreak in the U.S. is unlikely, health officials here “absolutely need to be ready.”

In the three months since President Obama asked for $1.9 billion to combat the spread of Zika — which has been strongly linked to birth defects in babies born to women infected while pregnant — the CDC has found that sexual transmission is more common than initially thought and mosquitoes capable of carrying the virus can travel as far north as southern Maine.

...

http://www.emergencymgmt.com/disaster/Zika-bit-scarier-than-we-thought.html

Several state lawmakers on Monday vowed to champion a hurricane protection system for the Texas coast — the Houston region, in particular — by giving money to scientists so they can finalize storm surge barrier proposals, or by working with members of Congress to bypass a lengthy U.S. Army Corps of Engineers process and secure federal funding directly to build a super seawall, levee or gate system.

When the Joint Interim Committee to Study a Coastal Barrier met for the first time two years ago, members ordered hurricane researchers to stop bickering and converge on a single solution to protect Houston and its massive industrial complex. But the Legislature gave them no money to assist with the endeavor — despite repeated requests — leaving researchers dependent on private and, only recently, some federal dollars to carry out their work. Two years later, the experts still are pushing different plans, although some consensus has emerged around an $8 billion concept developed at Texas A&M University at Galveston called the “coastal spine.”

At the coastal barrier committee’s second meeting on Monday, state lawmakers again stressed the need for a fully formed plan and urged the scientists and engineers to ask for whatever they need to get the job done. State Sen. Larry Taylor, R-Friendswood, the committee’s co-chairman, suggested the Legislature use some of the BP oil spill settlement money so researchers can develop their plans to the point where they might be shovel-ready. He said he was unaware that the researchers had ever asked the Legislature for money.

...

http://www.emergencymgmt.com/disaster/Lawmakers-Pledge-Support-for-Hurricane-Plan.html

As if the health care industry isn’t having enough security problems, is it also at risk for cyber terrorism?

The Ohio-based Times Reporter characterized the recent attacks on medical facilities as cyber terrorism. I’m not sure I’d go quite that far, yet. However, a Thycotic survey commissioned at RSA found that cyber terrorism is a growing concern among security professionals.

Thycotic asked the security professionals five questions regarding cyber terrorism and who is at risk of an attack. In response to the first question about whether a “catastrophic cyberattack” could hit the United States within a year, a whopping 63 percent said yes, it can – will? – happen. Getting more detailed, Nathan Wenzler wrote on the Thycotic blog:

...

http://www.itbusinessedge.com/blogs/data-security/cyber-terrorism-is-a-real-threat-for-the-near-future.html

How cyber resilient is your organization?

The latest Horizon Scan Report published by the Business Continuity Institute showed just how big the cyber threat is, with cyber attacks ranking as the number one concern to business continuity professionals for the second successive year, and data breach moving up to the number two spot. Our news channels are often filled with stories of big organizations that have had their services severely disrupted, so it is clear to that the threat is very real, but of course it doesn’t just happen to large organizations.

The question is, how does your organization perceive the threat? Have you suffered from some form of cyber security incident during the last year, and what impact did it have on your organization? Do you feel you have adequate measures in place to deal with such an event, and perhaps just as importantly, do you have the backing of senior management to put measures in place to deal with them?

These are the questions the BCI is asking in as part of its latest research project – the cyber resilience survey – which will inform a new report to be published later this year in collaboration with Crises Control.

Please do take the time to complete the survey. It will only take a few minutes and each respondent will be in with a chance of winning £100 of Amazon vouchers.

At the hands of ransomware, critical business functions, such as email and payroll are unavailable. Patient-facing applications such as Electronic Medical Records (EMR), as well as the systems responsible for CT scans, documentation, lab work and pharmacy functions are no longer available either. A state of emergency is declared and manual processes are engaged while patients are turned away and transferred to other hospitals. Attackers are throwing health institutions in to the Dark Ages one by one and putting patient lives at risk – a literal life and death situation.

For those lucky enough to not be besieged, a brief background on ransomware is required. It’s the modern day take on kidnapping, but at a data and access level; it’s digital extortion.

It has seen extraordinary success through an effective payment channel (Bitcoin) and multiple attack vectors (phishing emails, infected files, and infected webpages). These are combined with a reduced risk to the attacker on monetization since data does not have to be exfiltrated and sold to various criminal organizations. Instead victims are extorted in order to regain access to their data and networks.

...

https://www.citrix.com/blogs/2016/04/11/armored-defense-protect-data-in-the-battle-against-ransomware/

Tuesday, 12 April 2016 00:00

Data For Sustainability

Regardless of terrorist threats, financial meltdowns or data theft, the biggest single threat that the world currently faces is global warming and diminishing resources. If sea levels rise and force more people onto less land, potentially kill millions and wipe out entire species, the prospect of losing a few dollars as the stock market crashes seems mild.

In the same way that data has been used to help stabilize stock markets and improve business performance, it also has a profound impact on how we can create a more sustainable world. This use comes from the most basic local elements through to the most complex nationwide campaigns. 

A prime example of data being used to promote sustainability comes from smart thermostats that are becoming increasingly popular in regular households. Berg Insight recently released a report showing that the number of smart thermostats sold in 2014 grew by 105% in North America and Europe. This represents significant energy savings, with Nest's own test showing the their thermostats saved 10-12% on heating and 15% on cooling on average. With 2015 likely to have seen significant growth again, the savings that these connected devices represent will have a significant impact on overall sustainability targets. They work by collecting data on optimum temperatures, when people are in the house and the best ways in which energy can be saved, meaning that energy is saved in the smallest possible level.

...

https://channels.theinnovationenterprise.com/articles/data-for-sustainability

(TNS) - When the salt bed trenches of the Waste Isolation Pilot Plant were mined on the outskirts of Carlsbad in the mid-1980s, Congress dictated specific guidelines for what could be held within its chambers. Only low-level transuranic waste — rags, tools and even soil that had been contaminated with potent radiation through the creation and testing of nuclear weapons in the U.S. — could fill the 6.2 million-cubic-foot cavern more than 2,000 feet below ground.

Even within these limited parameters, finally approved by the Environmental Protection Agency in 1998, it took WIPP 20 years to open. When the first waste-bearing truck drove from Los Alamos to Carlsbad the following year, two women sat on the pavement and a man parked his car in the middle of the road, hoping to prevent its passage. Others waved American flags in support.

But in the 17 years since the facility opened, the nation’s nuclear landscape has changed. WIPP remains the world’s only underground geological repository for nuclear waste, and a confluence of budget constraints, geopolitical issues, the threat of terrorists obtaining nuclear materials and other concerns have led many to consider whether WIPP’s mission should be expanded to include not only higher levels of waste from the U.S. but also waste from around the world. Plans are already in motion to accept plutonium from Japan.

...

http://www.emergencymgmt.com/safety/Changing-nuclear-landscape-alters-WIPPs-role.html

Tuesday, 12 April 2016 00:00

We Hate Ransomware!

The internet is a dangerous place. It seems like every year there’s some new trend in cyber crime sweeping the web. This year, that new trend is ransomware. Ransomware is a fairly new type of malware that allows hackers to block users from accessing their computer systems unless they pay some form of ransom to the hackers.  What’s worse, even if you pay the hackers, there is no guarantee they will remove the restriction, and they will still have access to your data even if the restriction is removed.

...

http://www.everbridge.com/i-hate-ransomware/

The U.S. Department of Health and Human Services put together a database of health care breaches that affected 500 or more individuals. The first date in the database is October 21, 2009, a breach caused by the theft of paper files or films. There are more than 1,500 data breaches listed in this database. More than 250 occurred in 2015, and 2016 may be even worse – I counted nearly 60 as of April 1.

The early breaches involved theft or loss of paper medical records or computers. The type of breaches in 2016 are primarily “Hacking/IT Incident” and “Unauthorized Access/Disclosure.” More frequently, these breaches are happening via mobile devices other than laptops. Expect this number to increase as more people in the health care industry are relying on mobile devices to connect with patients, patient data, and to health care networks.

A new study from Skycure found that 80 percent of doctors use mobile devices for work and 28 percent store patient data on these mobile devices, but at the same time they aren’t doing much about securing that information. As Dark Reading reported, a surprising number aren’t even taking the most simple (and obvious) security step of using a passcode to lock the device nor updating its software. Also, the study estimated that 27.79 million devices with medical apps installed might also be infected with high-risk malware.

...

http://www.itbusinessedge.com/blogs/data-security/poor-mobile-device-security-by-doctors-puts-patient-data-at-risk.html

Despite the new collaborative communication tools on the market, which combine unified messaging, video and/or other social media instruments, emails are still number one both for private people as well as enterprise business use. According to the most recent Email Statistics Report of the Radicaty Group about the almost 113 billion emails were sent in 2015 for business reasons on a single day worldwide. Private individuals add another 93 billion emails to an astonishing figure of around 206 billion emails daily.

Modern enterprises rely on working email servers more than ever but have difficulties trying to cope with the ever growing amount of incoming and outgoing emails. And who thought that email is going to decrease is definitely wrong: the market researchers for Radicaty expect business emails to rise at a rate of at least 3 per cent every year to an estimated 128.8 billion emails in 2019 worldwide.

So emails are here to stay, and companies have another problem besides handling the incoming and outgoing emails: an increasing number have to be stored for long periods of time due to laws & regulations both at a national level and an international level, i.e. because of global trade agreements or the EU. With those facts in mind, and the desire to keep costs down to free storage space from unneeded emails without risking huge fines by not producing required emails if demanded by a court or regulator – emails which should have been legally retained.

...

http://blog.krollontrack.co.uk/concepts-explained/establish-effective-email-retention-policy/

(TNS) - Colleges and universities in Connecticut are not debating whether climate change is a problem facing the world today. Rather, the primary focus is how to adapt to the changing global climate and be more resilient as institutions.

“I like the addition of resiliency. ... That’s an important part of the conversation,” said Robert Klee, commissioner of the state Department of Energy and Environmental Protection.

Klee served as a keynote speaker for the third annual Campus Sustainability Conference held Thursday at the University of Connecticut Law School. Representatives, students and faculty from universities and colleges across the state attended to share ideas and strategies to help combat climate change with programs on campus.

...

http://www.emergencymgmt.com/disaster/Connecticut-colleges-considering-climate-change-and-resilience-plans.html

A recently published MeriTalk survey sheds light on where an estimated $10 billion could be saved by moves to improve power consumption, capacity, physical footprint, speed, and security.

The need to transition to more efficient federal IT solutions was underscored last month by the directive signed by the White House freeze on data center expansion and construction by federal agencies accelerate colocation and cloud deployments.

If an agency wants to build a data center or expand an existing one, it must make the case that there is no better alternative, such as using cloud services, leasing colocation space, or using services shared with other agencies.

...

http://www.datacenterknowledge.com/archives/2016/04/08/meritalk-study-sheds-light-federal-data-center-initiatives/

Cisco UCS benchmarking success in the Big Data space continues. We invest and lead in Big Data workload benchmark tests as these workloads are commonly found in UCS-oriented Data Centers around the world.

The guiding principles our Cisco UCS teams follow for benchmarking in the Big Data arena are:

...

http://blogs.cisco.com/datacenter/cisco-ucs-delivers-big-benchmark-results-for-big-data-2

AUSTIN, Texas – State and federal recovery officials encourage Texans to watch for and report any suspicious activity or potential fraud from scam artists, identity thieves and other criminals. Also, be aware FEMA does not endorse any commercial businesses, products or services.

FEMA encourages survivors as well as local residents and businesses to be especially vigilant for these common post-disaster fraud practices:

Fraudulent building contractors. When hiring a contractor:

  • Use licensed local contractors backed by reliable references.
  • Demand that contractors carry general liability insurance and workers’ compensation.
  • Don’t pay more than half the costs of repairs upfront.

Bogus pleas for post-disaster donations. Often, unscrupulous solicitors may play on the emotions of disaster survivors, residents and business owners. Be aware that disaster aid solicitations may arrive by phone, email, letter or face-to-face visits. To ensure a charity is legitimate:

  • Ask for the requestor’s name as well as the charity’s exact name, street address, phone number and website address – then call the charity directly to confirm the person asking for funds is an employee or volunteer.
  • Whether making a donation by cash or with a credit card, request a receipt that includes the charity’s name, street address and phone number.
  • The five-to-six digit numbers known as short codes make it difficult to tell who is on the receiving end of a text. A legitimate charity will not ask you to send personal information or a credit card number by text.

Fake offers of state or federal aid: Beware of visits, calls or e-mails – from people claiming to be from FEMA or the State of Texas – asking for an applicant’s Social Security number, bank account number or other sensitive information.

  • Don’t fall for scam artists who promise a disaster grant and ask for large cash deposits or advance payments in full.
  • Federal and state workers do not solicit or accept money. FEMA and U.S. Small Business Administration (SBA) staff never charge applicants for disaster assistance, inspections or help in filling out applications.

Phony housing inspectors. Homeowners and registered FEMA applicants should watch out for phony housing inspectors claiming to represent FEMA or the SBA.

  • Inspectors already have each applicant’s nine-digit registration number and a FEMA inspector will not ask for this number.
  • FEMA inspectors NEVER require banking or other personal information.
  • The job of FEMA housing inspectors is to verify damage. Inspectors do not hire or endorse specific contractors to fix homes or recommend repairs. They do not determine eligibility for assistance.

If you suspect fraud, call the FEMA Disaster Fraud Hotline at 866-720-5721. If you are the victim of or are the victim of a home repair scam or price gouging, call the Office of the Texas Attorney General at 800-252-8011.
 

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. 

The FBI is warning people about a business email scheme which has resulted in huge losses to companies in Phoenix and other U.S. cities.

Here’s how the scam works:

A CEO seemingly emails an employee — typically in a finance or administrative role — instructing them to perform a wire transfer.

The employee follows directions and executes the wire.

Money is successfully transferred from the CEO’s company to another party.

So, what’s wrong with this picture?

...

http://www.forbes.com/sites/stevemorgan/2016/04/10/fbi-cyber-warning-ignore-your-ceos-e-mail-and-phone-them-back-or-your-company-may-pay-for-it/

Good salaries and career prospects make technology a great choice for those who have an aptitude for math, logic, science, coding, and similar disciplines. However, the field has notably lacked large numbers of women within its ranks, but can big data be changing that? Data scientist was recently ranked as the top job for work-life balance by Glass Door.

Yet the lack of women in STEM fields -- science, technology, engineering, and math -- fields is well documented, and those figures can be discouraging.

For instance, women made up 27% of people employed in computer and mathematical occupations in 1960. But instead of growing over several decades, as many more women participated in the workforce overall, that number had declined to 26% by 2013, according to a 2015 analysis of US Census data performed by the American Association of University Women (AAUW).

...

http://www.informationweek.com/big-data/big-data-analytics/12-inspiring-women-in-data-science-big-data--/d/d-id/1325032

(TNS) - The land surrounding the Savannah/Hilton Head International Airport is the highest point in Chatham County, which makes airport property the ideal location for a new Emergency Operations Center, according to airport and area emergency officials.

At Wednesday’s Savannah Airport Commission meeting, airport executive director Greg Kelly said the county, city and airport have agreed to partner to build that new center on airport land.

“We had been approached individually by both the county and the city about the possibility of putting a stand-alone emergency ops center out here.” Kelly said. “We knew we didn’t need two such facilities, so we worked with the Chatham Emergency Management Agency, the county and city to plan one common-use facility.”

...

http://www.emergencymgmt.com/disaster/CEMA-partners-to-build-new-Emergency-Ops-Center.html

When delving into the tricky field of tapes, it’s first important to understand the purpose they serve. In the simplest terms, a backup tape is created for business continuity purposes, a means of keeping the business running should access to live systems be lost. An archive is created for the long-term preservation of data.

Yet many people have little idea of what a backup tape actually looks like. With a range of different names and colours indicating varying capacities, it goes far beyond the typical C90 audio cassette tape or the VHS video tapes which generally spring to mind. In fact, most tapes used for the purposes of backing up or archiving a business system are surprisingly small, approximately one inch deep and not much bigger than a coaster.

...

http://blog.krollontrack.co.uk/pieces-of-interest/backup-tapes-sitting-ticking-time-bomb/

What is hybrid IT, and what does it mean for managed service providers (MSPs)? 

A new SolarWinds (SWI) study of 257 North American IT professionals examined the importance of hybrid IT, along with the skills that are top of mind for today's IT professionals. 

Hybrid IT represents a "once-in-a-decade shift in the technology landscape," SolarWinds noted in its "IT Trends Report 2016: The Hybrid IT Evolution."

...

http://mspmentor.net/managed-services/what-skills-do-you-need-embrace-hybrid-it

Imagine you’re involved in one of today’s most dreaded corporate crises: Your organization is the source of a major social media gaffe, which starts to go viral during non-business hours. When faced with a fast-moving emergency of this kind, how would you and your stakeholders respond? How soon would you be able to get ahead of the problem?Information moves quickly in our digital world, and your organization needs to be able to respond quickly and effectively to all manner of crises. However, traditional, hard-copy crisis communication plans do not enable fast response, real-time information-sharing and easy updates. It’s no wonder many leading corporations are quickly moving over to digitized communication plans to ensure their crisis communication strategy—through public relations, social media and other means—is as agile as possible.

Today, we take a look at some of the reasons your own organization should consider digitizing your crisis communication plans:

...

http://blog.rockdovesolutions.com/why-you-should-have-digitized-crisis-communication-plans

Thursday, 07 April 2016 00:00

New is the Perfect Time for Private Cloud

Digital disruption is resulting in smarter and smarter devices, an explosion of business services, and increased complexity for data center professionals.   The initial response of many organizations was to increase virtualization and headcount only to discover that this was not the way to increase organizational speed and agility.   Meeting the challenges of today’s digital world requires organizations to fundamentally change the way they deliver services to business and application teams — and this only happens by adopting automation.

Humans are brilliant but inconsistent.   Machines are fast but dumb.  At its most basic, automation combines human intelligence with the speed of machines to deliver consistent, error-free services without human intervention.  Automation can transform a mundane tedious task, such as setting up a new server, into one that delivers that new server faster, with greater consistency relieving your operations staff to focus on more strategic projects.

...

http://blogs.cisco.com/datacenter/new-is-the-perfect-time-for-private-cloud

As Microsoft works its way toward implementing the security plan that CEO Satya Nadella outlined in a talk last Fall in DC, part of that has been creating tools and part buying them. Today, it announced that Adallom, a company it bought last year was becoming generally available and renamed Microsoft Cloud App Security.

While the new name lacks the pizazz of the original, it does convey to customers and sales alike what the product actually does a bit more clearly, and that’s help companies detect cloud apps in use in a company — whether from Microsoft or a third party. That last part speaks to the new philosophy in play at Microsoft that when it makes sense, its products won’t be “all Microsoft, all the time” as they have in the past, but will work cross-product and cross-platform, even when those products may compete directly or indirectly with Microsoft.

With a product like this, it wouldn’t have made sense to work any other way.

...

http://techcrunch.com/2016/04/06/microsoft-marches-forward-with-its-security-plan-releasing-cloud-app-security/

(TNS) - The  Carroll County Board of Commissioners expressed concern about large future increases predicted in the amount the county must pay to maintain its emergency radio system.

The Department of Public Safety's Scott Campbell appeared before the board on Tuesday as part of the county's agency budget hearings. Representatives from Carroll Community College, the State's Attorney's Office and the Sheriff's Office also met with the commissioners.

Beginning this summer, the county will have to pay between $77,235 and $92,991 for maintenance of its newly installed digital radio system. That fee is an increase over the $35,164 per month the county will pay in maintenance through the remainder of the spring, a figure that Campbell said was an anomaly resulting from factors like a warranty on the system.

...

http://www.emergencymgmt.com/disaster/Commissioners-decry-increased-cost-of-radio-system-maintenance.html

Thursday, 07 April 2016 00:00

Nixle in Action: Campus Safety

Communicating effectively with large populations can be a difficult task. Whether it be a large city, a small town, or a college campus, during emergencies it is essential to have a reliable and quick system of communication in place.

UC Berkeley recently launched Nixle to aid in campus safety and keep the community informed. In an interview with UCPD Chief Margo Bennett[1], she explained how Nixle is being used and ways that it benefits not only students, but also the surrounding community.

Locally and nationally, crime is on the rise. However on the UC Berkeley campus, there has been a 23% decrease in crime. Chief Bennett explains that decrease by placing a high emphasis on crime prevention and safety outreach. Part of their strategy includes using Nixle for open communication with the campus community and ensure they are informed in case of an emergency.

...

http://www.everbridge.com/nixle-action-campus-safety/

PEARL, Miss. – Mississippians whose homes were damaged in the recent storms and flooding may encounter people attempting to cheat them by posing as inspectors, government officials, volunteers or contractors. These people may try to obtain personal information or collect payment for disaster assistance or repairs.

Please keep in mind that Federal Emergency Management Agency employees DO NOT solicit or accept money from disaster survivors. Many legitimate disaster assistance employees may visit your property such as insurance agents, damage inspectors and Mississippi Emergency Management Agency, FEMA and U.S. Small Business Administration staff.

Here are some tips to remember to safeguard against fraud:

  • Ask to see ID badges. All FEMA representatives will have a laminated photo ID. A FEMA shirt or jacket is not proof of identity. If you are unsure or uncomfortable with anyone you encounter, please contact local law enforcement.
  • Safeguard personal information. Be cautious when giving personal information such as Social Security or bank account numbers to anyone. FEMA will only request an applicant’s bank account numbers during the initial registration process. However FEMA inspectors will require verification of identity.
  • Beware of people going door-to-door. People knocking on doors at damaged homes or phoning homeowners claiming to be building contractors could be con artists, especially if they ask for personal information or solicit money.
  • Federal workers do not solicit or accept money. FEMA and SBA staff never charge applicants for disaster assistance, inspections or help to fill out applications. FEMA inspectors verify damages, but do not involve themselves in any aspect of the repair nor recommend any contractor.
  • FEMA Disaster Survivor Assistance teams may be in your community providing information and assisting people in registering with FEMA or updating their files. The teams coordinate their activities with local emergency managers and make local law enforcement agencies aware of their presence. The teams always consist of at least two people, and may include employees of MEMA as well as FEMA. They will always be wearing FEMA or MEMA shirts and laminated photo IDs. Disaster Survivor Assistance teams never ask for or accept payment for their services.

Always use licensed and bonded contractors and ask for credentials. Use Mississippi contractors if you can. You can verify a Mississippi contractor’s license online at msboc.us. Never pay for anything in advance of work being done. If you have a complaint about anyone soliciting your business, contact the Consumer Protection Division of the Mississippi Attorney General’s Office toll-free number at 800-281-4418 or 601-359-3680.

If you have knowledge of fraud, waste, abuse or allegations of mismanagement involving disaster relief operations, call the FEMA Disaster Fraud Hotline at 866-720-5721.

Disaster survivors in Bolivar, Clarke, Coahoma, Forrest, George, Greene, Jones, Marion, Panola, Pearl River, Perry, Quitman, Sunflower, Tunica, Washington and Wayne counties may be eligible for FEMA’s Individual Assistance program.

Survivors in those counties can register for FEMA Individual Assistance online at DisasterAssistance.gov or by calling the FEMA helpline at 800-621-FEMA (3362), which is video relay service accessible. People who are deaf, hard of hearing or who have difficulty speaking may call TTY 800-462-7585. Lines are open 7 a.m. to 10 p.m. local time until further notice.

For more information on Mississippi’s flood recovery, go to fema.gov/disaster/4268 or visit the Mississippi Emergency Management Agency site at msema.org.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). If you have a speech disability or hearing loss and use a TTY, call 800-462-7585 directly; if you use 711 or Video Relay Service (VRS), call 800-621-3362.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

A common put-down for sports wannabes is that they are "all flash and no substance." But for those contemplating moving off disk-based storage once and for all, the trick is to arrive at all-flash with plenty of substance. So how do you pull off this feat, and in the meantime, what do you do with all that expensive storage gear that was purchased not so long ago?

Here are some tips from the experts to help you along the way. They will help some of you arrive at that fabled haven where all-flash arrays (AFAs) have completely supplanted disk. For others, disk arrays and solid state storage will have to live in harmony for some time to come.

Take it Slow

It’s quite likely that some storage managers have been told by some over-enthusiastic CEO to go all-flash NOW! But that may not be the wisest choice. It takes time to come to terms with the intricacies of AFAs, so get to know them, gain confidence and then increase their share of the storage pie once you understand the beast.

...

http://www.enterprisestorageforum.com/storage-hardware/navigating-from-all-disk-to-all-solid-state-storage.html

Push Notifications to Remind Users to Take Simple Steps to Prepare for Disasters, Provide Easy Access to Information on How to Be Ready for Fires, Severe Weather, and other Hazards

WASHINGTON – Today, the Federal Emergency Management Agency (FEMA) launched a new feature to its free smartphone app that will enable users to receive push notifications to their devices to remind them to take important steps to prepare their homes and families for disasters. The reminder feature allows users to receive pre-scheduled safety and preparedness tips, including testing smoking alarms, practicing a fire escape plan, updating emergency kits and replacing smoke alarm batteries.

"Our lives are increasingly busy and on-the-go," said Deputy Administrator of Protection and National Preparedness Tim Manning. "Today, we turn to mobile devices and technology to help us stay more organized and connected. This new feature to FEMA’s app will make it easier for families to remember to take potentially life-saving actions that we all should be thinking about more often."

"In just two minutes, a home fire can become life-threatening," said U.S. Fire Administrator Ernest Mitchell Jr. "Remembering to take small steps to prepare, such as ensuring your smoke alarm is properly maintained and practicing your home fire escape plan, will reduce fire fatalities and ensure our communities are safer. We hope this new feature to FEMA’s app will help save lives by encouraging more families to be prepared."

The new reminder feature builds upon several innovative tools already built into the app.  In addition to push notifications, the app also provides a customizable checklist of emergency supplies, maps of open shelters and open recovery centers, and tips on how to survive natural and manmade disasters. The FEMA app also offers a feature that enables users to receive push notifications of weather alerts from the National Weather Service for up to five locations across the nation.

Some other key features of the app include:

  • Weather Alerts: Users can elect to receive alerts on severe weather happening in specific areas they select, even if the phone is not located in the area, making it easy to follow severe weather that may be threatening family and friends.
  • Safety Tips: Tips on how to stay safe before, during, and after over 20 types of hazards, including floods, hurricanes, tornadoes and earthquakes.
  • Disaster Reporter: Users can upload and share disaster-related photos.
  • Maps of Disaster Resources: Users can locate and receive driving directions to open shelters and disaster recovery centers.
  • Apply for Assistance: The app provides easy access to apply for federal disaster assistance.
  • Information in Spanish: The app defaults to Spanish-language content for smartphones that have Spanish set as their default language.

The latest version of the FEMA app is available for free in the App Store for Apple devices and Google Play for Android devices.  Users who already have the app downloaded on their device should download the latest update for the reminder alerts feature to take effect. The reminders are available in English and Spanish and are located in the “Prepare” section of the FEMA App.

To learn more, visit: The FEMA App: Helping Your Family Weather the Storm.

If you take a look around everything is getting “smarter”. There are smart phones, smart watches, smart cars, and the list of smart devices is growing rapidly. As consumers, we expect that there will be more and more smart devices.

Recently, I went into an electronics store and asked if they had a smart device I could put on my dogs’ collar to check to see how much exercise he was getting. Moments after I asked the question, the store clerk looked at me as though I was from Mars and quickly replied, “We don’t have anything like that but it’s a good idea.” While the clerk wasn’t aware of a device to track my pets’ activity, I was able to determine, with a quick google search on my smart phone, that there are devices out there to track my dogs’ activities.

In fact, there are more smart devices and electronic gadgets on earth than people. However, just creating the device and producing the data isn’t good enough. We need to collect and process the data into information, which is what the Internet-of-Things paradigm is all about. Given the current state of IoT maturity and the desired state for IoT this means that we will need software design patterns expanded and developed upon for security, application programming frameworks, and information data models to name a few necessary improvements and features – which means that we will need smarter software defined data centers to support these new architectures and features.

...

http://www.datacenterknowledge.com/archives/2016/04/07/smarter-software-defined-data-center/

Thursday, 07 April 2016 00:00

Workflow Technology and HIPAA

Health care is continually challenged with properly managing information. Because it has traditionally operated in a paper-intensive environment, that struggle continues, even while most providers have begun to actively transition to electronic health record (EHR) systems. While work is being done to ensure that EHR systems are better able to “talk” to each other and to other health information systems, how can health care organizations streamline the day-to-day workflows still rooted in paper and in the need to print, copy, scan and fax innumerable paper documents?

Because virtually all health care organizations use electronic transactions of one form or another (for example, billing and payment) even their paper records are subject to the HIPAA privacy and security rules – a set of federal rules first adopted about 15 years ago and substantially revised in 2013 under the HITECH Act.  If health care organizations aren’t careful with how they use office devices, the risk of noncompliance can greatly increase. As a result, it is incumbent upon health care providers—regardless of size—to institute sound data handling practices.

To ensure compliance with HIPAA (and other data privacy and security rules), health care organizations must implement policies and procedures that are tailored to the work that they do, as well as to the size of their organization. HIPAA is not a one-size-fits-all regulatory regime, and best practices for data privacy and security programs demand attention to the specific operating environment of each and every health care provider.

...

http://corporatecomplianceinsights.com/workflow-technology-hipaa/

Thursday, 07 April 2016 00:00

Three Reasons to Move to the Cloud

Given the amount of attention lavished on cloud computing these days, it’s tempting to dismiss the idea as Silicon Valley’s latest fad. To be sure, the excitement often bubbles over into hype.

The excitement is understandable given the way cloud computing is transforming business processes. Indeed, there are many compelling arguments for why a company should migrate its data assets to the cloud. Let’s take a closer look at my top three.

...

http://mspmentor.net/cloud-services/three-reasons-move-cloud

Thursday, 07 April 2016 00:00

U.S. Dominates March Catastrophe Claims

A reminder of the impact of severe thunderstorms is evident in March catastrophe estimates, with seven separate events across the country resulting in several billion dollars of insured losses.

Aon Benfield’s March Global Catastrophe Recap noted that overall economic losses sustained to property, infrastructure and agriculture across the U.S. from the convective storm and flood damage were anticipated to approach $3.5 billion.

Insured losses incurred by public and private insurance entities were tentatively estimated at $2.0 billion. (Presumably, that number includes estimated payouts by FEMA’s National Flood Insurance Program.)

...

http://www.iii.org/insuranceindustryblog/?p=4411

At the recent RSA Security Conference in San Francisco, data-centric security and protection received a lot of attention. Several trends account for this. The main one, of course, is the large number of high-profile data breaches and other cyber attacks continually making the news — a trend that shows no sign of subsiding. In addition to this constantly lurking threat, we can add growing compliance and regulatory requirements as well as the advent of new (difficult to protect) technologies, applications, and architectures. Throw in all the revelations about hacking by various government intelligence services, and it’s easy to see why organizations and security solutions providers have made data-centric security and protection a top priority.

The data-centric security model focuses on protecting an organization’s sensitive data as opposed to protecting the overall computer networks and applications — as is the case with more traditional security models that function primarily by implementing a security perimeter designed to keep bad actors out. That said, data-centric security is intended to support an organization’s overall data loss prevention strategy in conjunction with network, anti-virus, and other enterprise security incident and event management systems.

...

http://blog.cutter.com/2016/04/05/protecting-your-sensitive-data-during-a-security-breach/

(TNS) - The federal government has refused to provide disaster relief for Essex County and two other Virginia localities hit hardest by the tornadoes earlier this year.

Gov. Terry McAuliffe was informed Friday that the state’s request for federal assistance was denied.

Federal Emergency Management Agency Administrator Craig Fugate said the damage from the tornadoes “was not of such severity and magnitude as to be beyond the capabilities of the commonwealth, affected local governments, and voluntary agencies,” according to a news release from the state.

The state plans to appeal the decision.

...

http://www.emergencymgmt.com/disaster/Federal-assistance-for-counties-touched-by-tornado-denied.html

That big data is coming fast and furiously is an accepted trend. Many studies say so. But did you know that 89% of all data managers view backup and recovery as the most critical component of their big data efforts?

That nuance is one of several findings from the Datos IO report on how organizations are deploying "next-generation databases," released today.

Datos IO surveyed 204 IT professionals responsible for application and database deployment, operation, management, and architecture to produce the study. Those surveyed came from companies that ranged from 500 to more than 10,000 employees across industries including education, technology, financial services, healthcare, retail, nonprofit, and hospitality.

...

http://www.informationweek.com/big-data/software-platforms/next-generation-databases-shift-it-priorities/d/d-id/1324980

We often lament the problem of limited lead times for tornado warnings, but what about watches and warnings which never come to be? While it’s easy to discount a false alarm as for the greater good, can multiple false alarms eventually trigger a “The Boy Who Cried Wolf” effect? Let’s take a closer look at the issue of tornado forecasting false alarms, along with whether they might be a greater threat to public safety than most people realize.

HOW COMMON ARE FALSE ALARMS?

A whopping 75 percent of tornado warnings are false alarms, according to research from the American Meteorological Society published in the journal, Weather and Forecasting. Not only that, but some regions may see multiple tornado warnings at one without a single tornado ever actually touching down.

...

http://blog.sendwordnow.com/tornadoes-false-alarms-and-public-complacency-what-you-need-to-know

In the wake of the tragic events in Brussels on the 22 of March 2016, I had a number of conversations with business continuity, resiliency and security managers regarding the actions they took immediately following the ISIS attacks. I found the responses interesting and varied and a number of key learning threads emerged. Many faced challenges and difficult questions when trying to respond, these included:

  • Easily identifying who has the authority to send a message.
  • Knowing how to increase the chance of getting a response back from your message.
  • If you choose not to send a message, knowing whether to inform your other regional offices. that you have not sent a message.
  • Understanding whether employees expect a message even if you know everyone is safe.

...

http://www.everbridge.com/to-communicate-or-not-that-is-the-question-everbridge/

As city councilors here discussed the local water system recently, Summer Smith, a homeowner, rose to ask a question: “Can you explain in plain English what ‘emergent water conditions’ means? It sounds kind of alarming.”

David Trovato, the council president, acknowledged that any hint of a water quality emergency “would scare the hell out of me, too.” But there is no emergency in Woodbury.

New Jersey has designated Woodbury’s water system as “emergent” because it can’t meet the need for water at peak demand times. So this town of 10,000 across the Delaware River from Philadelphia is considering selling its water system to a private company.

...

http://www.emergencymgmt.com/disaster/Woodbury-Water-Infrastructure.html

(TNS) - A new statewide identification system should provide a more efficient way to track who responds to emergencies and ensure that everyone leaves safely.

Brown County, S.D., Emergency Management Director Scott Meints said there has always been a method to track responders. He recalls many incidents where he's written down the names of helpers in all types of weather conditions.

Now, new identification tags used locally and statewide should aid in tracking by simply scanning ID badges and using key ring tags to organize where responders should go. For now, they're being used to track who attends training sessions.

...

http://www.emergencymgmt.com/disaster/New-identifications-help-track-emergency-responders.html