Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 29, Issue 4

Full Contents Now Available!

Industry Hot News

Industry Hot News (6531)

What if you were able to give everyone in your organization the flexibility and freedom to securely work anywhere in the world and on any device? What types of productivity gains would your company see as a result? What efficiencies or cost savings might your IT department receive from moving desktops to your datacenter and managing these virtual workstations through one single pane of glass?


Our Cisco UCS team is excited to present the new Maxwell generation NVIDIA Tesla M6 GPU for the Cisco UCS B200M4 Blade and the NVIDIA Tesla M60 GPU for Cisco 2U Rack Rack Servers. Cisco and NVIDIA have joined forces to deliver this new graphics solution.  Combining security, reliability and manageability from Cisco UCS and adding NVIDIA’s GRID technology, we’re able to deliver performance and speed needed to run high-end applications on virtual desktops. What’s better is that you have two form factor options to fit your organization’s’ data center footprint.



Monday, 01 February 2016 00:00

Marsh launches new cyber risk facility

Insurance broker Marsh has launched a new global excess cyber risk facility, Cyber ECHO, which provides insurance coverage for organisations globally.

Following a series of high-profile cyber losses, underwriters have become more selective, according to Marsh, and in some cases are reducing the amount of capital they are willing to deploy on certain risks – especially those involving health care and payment card data.

This is particularly acute in the excess cyber market, where rates have more than doubled in the US over the last 12 months, said the firm.

“Cyber ECHO brings greater stability to the excess market with up to $50 million in ‘follow form’ coverage for clients of any industry sector and risk profile around the world,” said Marsh.



The annual addresses delivered by governors around the country underscored policy priorities that routinely top the lists of state chief executives — education, economic vitality, health care and transportation. And while state-to-state differences are evident, what also comes through is that many elected leaders now see technology as an important tool that helps meet their policy objectives. And many of them are talking about it.

Data-Driven Dialog

The most viable solutions come from well-informed policymakers. This year’s speeches revealed that data-driven government is catching on. Many governors, including New Mexico’s Susana Martinez, talked about the role of data in powering more effective education policies. Martinez touted the role of data in reducing truancy and setting students on a path to success, while Washington Gov. Jay Inslee noted its importance in tackling the issue of gun violence. New Jersey Gov. Chris Christie spotlighted data analysis that found that more than 86 percent of the state’s costliest Medicaid users suffer from mental illness and/or substance abuse. That finding is fueling improvements to treatment options that can also help lower costs. 



When you’re trying to determine your IT DRP strategy, you can have many options open to you and you can’t just dismiss them without good reason.  Identify the pros and cons of each solution and document them so you can see which option is best for you – or at least the top 3 solutions that work best for you and have the best bang for your buck. 

When you have met with the various vendors or partners – this means meeting with internal and external sources depending on the solution, and determined everything from resources needed (physical and financial) and the details of each option (documented), it’s then time to take it up the ladders.  You don’t just make the decisions on your own or with a small group of people; you’ve got to get approval from Senior Leadership, as ultimately, they are the ones who’ll be paying for everything.  They need to understand the how’s and why’s of doing what you propose so they can make the right decision based on need.  Remember, they might have other plans in the works that you aren’t privy too – yet – and might need to discuss amongst themselves and some of their team members which option is best based on information you may not have at your disposal.



JEFFERSON CITY, Mo. – Missouri homeowners, renters and business owners are eligible and encouraged to purchase National Flood Insurance Program (NFIP) policies even if their home or business isn’t located in a flood plain or high-risk zone.

The NFIP aims to reduce the impact of flooding on private and public structures. It does so by providing affordable flood insurance and encouraging communities to adopt and enforce floodplain management regulations.

NFIP insurance is available to homeowners, renters, condo owners/renters, and commercial owners/renters. But in order to purchase a policy the residence or business must in a community that participates in the NFIP. Missouri communities in the program are listed here — http://www.fema.gov/cis/MO.html. Other communities can request to be added if they meet certain criteria.

More than 70 private insurance agents or agencies in Missouri are certified to sell and service NFIP policies, including all of those listed on this link — http://www.fema.gov/wyo_company

Residents can also contact their own insurance agent or company to find out more about federal flood insurance or find an agent serving their area by filling out the One-Step Flood Risk Profile on the FloodSmart.gov home page (www.floodsmart.gov).

Costs vary depending on how much insurance is purchased, what is covered and the property's level of flood risk. Those in moderate- to low-risk areas can purchase a special Preferred Risk Policy (PRP) that provides building and contents coverage for one low-price. Typically, there's a 30-day waiting period from date of purchase before your policy goes into effect.

Why is an NFIP policy necessary if federal aid is available after a flood? Federal disaster assistance typically comes in the form of small grants or low-interest loans to help cover flood damage, not to fully compensate for losses. Even then, those grants and loans are only available if the president formally declares a disaster. NFIP policies are not dependent on a federal disaster declaration.

Flooding occurs in moderate- to low-risk areas as well as in high-risk areas due to factors like poor drainage systems, rapid accumulation of rainfall, snowmelt, and broken water mains. In addition to floods, NFIP policies also cover damage from mudflows. In fact, over 20-percent of all flood insurance claims come from areas outside of mapped high-risk flood zones.

NFIP policyholders who have questions about their flood insurance policy or the claims process, as well as disaster survivors who have general questions about the program, can contact the support hotline by calling toll-free 800-621-3362. For individuals who are deaf, hard of hearing or have a speech disability using 711 or VRS, please call 866-337-4262. For individuals using a TTY, please call 800-462-7585.


Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s mission is to support our citizens and first responders and ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

For real-time disaster updates, follow us on Twitter at https://twitter.com/femaregion7 and turn on mobile notifications.

State/Tribal Government or Region: 

There are one million cybersecurity job openings in 2016. Where are all of those jobs? This week we take a look at the cybersecurity job boom in the U.S. government sector.

The Office of Personnel Management (OPM) suffered the largest cyber attack over the past year, resulting in the theft of contact records on more than twenty million people including those who applied for government security clearances and went through background checks, and nearly two million spouses and domestic partners of those applicants. As the OPM hack news unraveled, it got worse — revealing that hackers stole the digital fingerprints of more than five million people employed by the U.S. federal government… the same fingerprints that are sometimes used for access to so-called locked down buildings and computers.

OPM recently announced it is hiring 1,000 new cybersecurity professionals, which have been approved by the U.S. Department of Homeland Security (DHS). Federal News Radio recently listed the duties the new cyber hires will carry out – which includes cyber risk and strategic analysis, incident handling and malware/vulnerability analysis, program management, distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture, intelligence analysis, investigation, investigative analysis and cyber-related infrastructure interdependency analysis.



By now you’ve surely heard that moving forward, every company will be a software company, and that shift is happening now as companies large and small scramble to transform into digitally-driven organizations.

Wherever you turn, businesses are facing tremendous disruptive pressure. What’s interesting is that the theory about how firms should be dealing with this massive change is itself in flux, transforming if you will, as organizations come to grips with the idea that the most basic ways they do business are being called into question.

Just over a year ago when I researched this topic, I found that the general method for dealing with disruption was developing pockets of innovation inside a company using labs or incubators to prime the innovation pump. Today, when I explore the same issues, I’m finding that companies are taking a much more comprehensive approach that has to do with reviewing every department and business process in the organization.



Sickweather, a disease surveillance company based in Baltimore, has made its illness data available to developers so they can create apps that present disease forecasts and outbreak maps. The company's Sickweather mobile app is already available for iTunes and Android users, touting itself as a Doppler radar for sickness.

In a phone interview, CEO Graham Dodge suggested that disease forecasts could become common conversational fodder alongside weather forecasts, thanks to social media, the source of the company's illness data. Already, AccuWeather has incorporated disease forecasts into its StoryTeller content platform. Meanwhile, Johnson & Johnson and thermometer-maker Swaive are using the company's data in their respective mobile apps.

Through Sickweather's API, developers can fetch JSON-formatted data about illness reports at specific map coordinates, disease forecasts for a given area, and contagion threat level scores for leading sources of illness. The API can also receive illness reports from developers' apps.



Monday, 01 February 2016 00:00

The strategic value of resilience

When I started this series of blog posts about the future of resilience, I wanted to address its potential to add value by bridging the divide between risk management and performance improvement. My first resilience blog post introduced the topic and defined organizational resilience. This is the forth and final blog post in this series, which focuses on its strategic value.
If organizational resilience is to earn its place on the board’s agenda, it must demonstrate value in terms that the board understands and recognises as strategically important. Otherwise, Resilience Managers will find themselves, like Harry Potter and the Business Continuity Managers I described in my People Resilience post, consigned to the cupboard under the stairs only to be summoned in case of emergency. Resilience becomes strategically important when it demonstrably enables and facilitates achievement of the organization’s Strategic Objectives. Referring to the diagram above, the first step to operationalise resilience in The Organization Today and then embed resilience into the organization’s strategic Transformative Programmes that will deliver The Desired Future State. 
So how does this work in practice?

If it seems like businesses are fighting a losing battle against malware and other security threats, it could be because they are.

A new study conducted by ThreatTrack Security found that security professionals are losing ground in the battle against cybercriminals and other adversaries compared with a similar study conducted two years ago:

The study found organizations still struggle mightily with how to combat cybercrime, despite lessons learned from spectacular cyberattacks on Target, Sony and the U.S. government in the last couple of years. There seems to be a growing sense of realism regarding the difficulties of fighting cybercrime, and it’s clear that analyzing advanced malware still takes too long. For most companies, it takes anywhere from one to 24 hours, despite the availability of tools that enable them to analyze code and malicious behavior in minutes.

According to the study, only 20 percent of respondents to the study said they feel their security defenses have improved since the last study (that’s compared to nearly 40 percent who saw improvement two years ago).



Up to 96% of customer contact data is partially inaccurate, according to the Sales and Marketing Institute and D&B. This is a shocking statistic. If you run a business, this figure alone should have you leaping from your seat in panic.

Can your data really be in that bad a state?

The short answer is yes. Over time, data decays at 2%, per month. So your database is never static; it is constantly degrading. Your customers are constantly changing job roles, phone numbers and email addresses. Your business is occasionally adding duplicates, spelling things wrong, and introducing bad data to the database. This situation is costing you money and time, and it’s a needless waste of resources.

It sounds obvious enough when written in black and white, but it’s alarming how many businesses are sitting back and doing nothing about it.



We are only a month into 2016 and it’s already shaping up to be a big year for data breaches. Of the many organizations facing increasing threats this coming year, the presidential candidates are also likely to be attractive targets for attacks. Recent cyberattacks targeting information from Hillary Clinton and Donald Trump are an indicator of how the threat landscape is changing with hacktivism making a comeback.

Beyond the candidates, companies also face hacktivism and several other new data breach threats in the coming year. While traditional threats will continue to make headlines, there are several emerging issues that need to be addressed in data breach preparedness plans. To help risk managers prepare for what lies ahead, outlined below are our top trends anticipated in 2016.



For over a decade now, IBM has been promoting the adoption of Linux on mainframes. Most recently, it extended that effort by developing versions of mainframes that come loaded only with Linux. Now IBM is looking to expand the developer ecosystem surrounding those mainframe platforms.

In addition to updating the systems that make up the IBM LinuxONE portfolio, IBM has announced that it is optimizing both its StrongLoop framework for creating application programming interfaces and the Cloudant NoSQL database that it provides as a managed service to run on IBM Linux. It also announced that it is collaborating with SUSE to leverage OpenStack to manage instances of the Linux on a mainframe and that the Go programming language developed by Google is now available on IBM Linux mainframes.

Also, Kathryn Guarini, vice president of System z Growth Initiatives, says that the Ubuntu distribution of Linux from Canonical will soon be available on the IBM LinuxONE platform.



Monday, 01 February 2016 00:00

‘Show Me the Money,’ IT Pros Say

You can have a terrific corporate culture, focus on challenging projects, and provide the means for your employees to work with great technology. But if you’re not paying IT pros what they can find elsewhere, don’t expect job candidates to accept your offer, and don’t expect the talent you do have to stick around long.

That’s the conclusion that is drawn from the results of the 2016 Talent Acquisition & Retention Survey for the Information Technology Sector recently released by Harris Allied, an executive search firm in New York. The survey of 151 IT executives found that while offering an excellent compensation and benefits package topped the list of strategies companies use to attract IT talent, having a corporate culture that provides an attractive work/life balance edged out competitive compensation to top the list of strategies companies use to retain IT talent.

The former strategy is apparently on track: The survey found that better compensation offered elsewhere was far and away the top reason candidates cited for declining a job offer. But the latter strategy apparently needs to be tweaked: The respondents said the No. 1 reason people leave is that they’re not being paid enough.



Piece by piece, IBM continues to add new units to its "Strategic Imperatives" program, this time announcing the purchase of Columbus, Ohio, based Resource/Ammirati, a digital marketing/creative agency. The firm will be melded into IBM Interactive Experience (iX), Big Blue's digital agency.

The price of the acquisition was not disclosed.

Resource/Ammirati, which has about 350 associates, will be folded into IBM iX, which fields a 10,000-strong workforce spread among 25 offices globally.

While IBM iX is identified as one of the world's largest digital ad agencies, it is, in fact, a multi-tasked unit offering advice on business strategy, design, systems integration, mobile, and technological implementation, explained Paul Papas, global leader for IBM iX. "It is a holistic set of people under one roof," he said in an interview with InformationWeek.



Connectivity is totally changing the way in which fleets operate. Real-time visibility on the likes of assets and remote equipment, wireless engine software revisions, instantaneous customer-service feedback, dynamic routing and scheduling is having a fundamental impact on how organizations drive efficiencies and deliver compelling customer experiences. And this is just the tip of the iceberg for what connectivity can bring.

At the centre of all this is the need to harness the data being created. Those embracing the power of data are gaining a competitive edge – they join the thousands of other fleets around the globe that are mining it for intel that will boost the bottom line of their business.

The challenge created by connectivity is no longer implementation of hardware and software that suits your fleet. Intuitive, platform-based approaches have made choosing, fitting and onboarding telematics and connected business intelligence systems easy.



Many organizations think that effective business continuity planning is synonymous with great plan documentation.

It’s not.

Yes, plan documentation is extremely important. BUT… many organizations fail to recognize that effective business continuity plans – and truly prepared and resilient organizations – are the result of a larger business continuity planning lifecycle that begins with requirements setting and ends with practice (and of course, the process recycles on a continuous basis).

Bottom line – plans are just one key ingredient in the development of an effective business continuity program.



About 50% of businesses that suffer from a major IT disaster without a disaster recovery plan in place never reopen for business, according to a recent American Marketing Association report. In fact, the Ponemon Institute estimates the cost of downtime to be $7,900 per minute and rising.

Disaster recovery plans using multiple, interconnected data centers can ensure your company has the operational redundancy to provide uninterrupted uptime in the event of man-made or natural disaster. More and more companies are choosing to offload IT production activities and data back-up initiatives to CyrusOne data centers.

Leverage the National Internet Exchange (IX) interconnection platform to implement a multi-site site failover strategy across geographic regions. CyrusOne also provides work area recovery space for your team in alternate locations on the same platform.



Today is National Data Privacy Day. I swear, we have days for just about everything – January 28 is also National Kazoo Day and National Blueberry Pancake Day – but a day to focus on data privacy makes a lot of sense. There are a lot of dangers that could cause a lot of harm to your company’s data and your customers.

The National Cyber Security Alliance (NCSA) explained why focusing on and understanding data privacy is so important:

… 74 percent of Americans feel that it is not easy to understand how their personal information is being used by reading the privacy statements or policies on websites and apps, which ultimately prevents them from taking steps to protect their personal information.



(TNS) - As tornado warning alerts pinged the cellphones of police and fire officials during a disaster information management class at a Deerfield Beach fire station, meteorologist Brad Huffines said he was shocked that drivers on Interstate 95 didn't stop and seek shelter Wednesday.

"As a meteorologist and someone who works in public notification, my biggest concern is we were under an active tornado warning and I was seeing traffic on I-95 continue as usual," said Huffines.

He works for the Federal Emergency Management Agency and was teaching public information officers from around Florida about releasing information during emergencies. "If [the motorists] had a newer smartphone, virtually all of them got the warning," he said.



(TNS) - The mosquito-borne Zika virus may infect up to 4 million people, the World Health Organization said, as the agency convened to decide if the outbreak should be declared an international health emergency.

Dr. Margaret Chan, WHO director-general, said in a statement on Thursday that the level of alarm was "extremely high".

"Last year, the virus was detected in the Americas, where it is now spreading explosively. As of today, cases have been reported in 23 countries and territories in the region," Chan said.



In today’s world of virtualization and public and private clouds, there are more options than ever for infrastructure and operations teams. On the one hand, this degree of flexibility and choice gives IT professionals many more tools with which to build networks and address challenges. On the other hand, it can also lead to confusion with respect to when and where to use these options to best effect. While not definitive, the following tips – gleaned from real-world customer interactions – provide a starting point for understanding the pros and cons of five common traditional and virtual deployment models.


Traditional Bare Metal

Bare metal servers in enterprise owned and operated data centers have been around forever. While they no longer dominate the market, they remain a go-to-solution for business-critical applications that operate on a long-term time horizon, support a large volume of traffic and need a high degree of performance to ensure specified service level agreements (SLAs). Like any solution that is enterprise owned and operated, traditional bare-metal servers afford a greater degree of control and security, characteristics that lend well to environments where compliance is a key consideration.



The rate of change is accelerating in IT. The need to provide your enterprise with a competitive advantage and to leverage new technologies is driving the need for rapid change and constant improvement. IT organizations must deliver new business services consisting of new and enhanced applications faster while ensuring SLAs. This environment of frequent and rapid change is what analysts refer to as Mode 2. It requires adopting business practices where development and IT operations work more closely together and more processes are automated. These forces are driving the growing requirement for DevOps and composable infrastructure.

After watching the videos and reading the press reports from the recent HPE Synergy announcement, you’d think that transitioning to a DevOps and implementing composable infrastructure just requires purchasing the new hardware and launching HPE OneView. Some good marketing, but DevOps is a methodology, not a system. It is an ongoing journey of continuous improvement as well as continuous delivery. Adapting to a faster rate of change requires enhancing processes, better communication and tighter integration of tools as well as some new technology.

You can embrace the speed of change while minimizing the disruption and risk. We’ve developed a new brief that explains how you can make the transition to DevOps and composable infrastructure easier using your existing UCS systems, UCS management software and operations management tools.



From snow and rain on the East Coast and across the Central Plains to the wild El Niño weather patterns out West, people all over the United States are bracing for what could be a tough winter. For businesses, especially, the winter months can be difficult. Hazardous road conditions make it hard to get to and from work, snow and ice can damage power lines and bring down technology infrastructure, and cold weather can lead to burst pipes and flooding, causing businesses to close for indefinite periods of time.

For MSPs or IT solution providers, now is a great time to check in with your customers and prospects in winter storm-prone areas. Start by asking them if they have any specific concerns about how the weather will affect their operations, and answer any questions that they may have. Be sure to let them know that you’re watching their backups closely and tracking all winter storm warnings. Having this conversation emphasizes the value you are bringing to the table. 

Hopefully, your customers have business continuity and disaster recovery (BCDR) plans in place. If they don’t, one of the areas where you can add strategic value, build recurring revenue streams, and drive profitability is by helping them put processes in place that safeguard their critical business data and infrastructure from winter storms. The same goes for prospects. When timed well, BCDR is a great “in” for new and incremental business.



Over the last few years, the most important buzzword for MSPs has been “cloud.” However, if you asked 10 vendors what the cloud is, you may get 10 different answers. Many SMBs are super-confused about what the cloud means and how it can help them. In fact, in many cases they “only know it when they see it.” Providing practical solutions using cloud technologies is the best way to help your customers overcome some of the inherent fear of putting their technology in the cloud.

Before we try to help define what makes a service cloudy, we need to acknowledge that there is a huge opportunity for those MSPs who are getting involved. Both the types of services coming to the market and the number of users for these services are growing at a rapid rate. In particular, we at Acronis have seen a massive shift in customer behavior when offering cloud backup and cloud disaster recovery services. No longer are SMBs happy to backup only to a tape drive for offsite storage when they can get a service, more cheaply, in the cloud.



JEFFERSON CITY, Mo. – After the severe storms and flooding that occurred in Missouri between December 23, 2015 and January 9, 2016, residents in the 33 declared counties became eligible for federal assistance. People who suffered losses and damage in the wake of the disaster are urged to seek help from the Federal Emergency Management Agency (FEMA).

The eligible counties are Barry, Barton, Camden, Cape Girardeau, Cole, Crawford, Franklin, Gasconade, Greene, Hickory, Jasper, Jefferson, Laclede, Lawrence, Lincoln, Maries, McDonald, Morgan, Newton, Osage, Phelps, Polk, Pulaski, Scott, St. Charles, St. Francois, St. Louis, Ste. Genevieve, Stone, Taney, Texas, Webster and Wright.

There are many misconceptions about getting help from FEMA. Often, people who would qualify for assistance miss out on assistance because they don’t have access to correct information.

Commonly asked questions about disaster aid from FEMA:

Q: Who should apply for federal disaster assistance?
A: Missouri homeowners and renters in disaster-designated counties who sustained damage to their homes, vehicles or personal property as a result of the severe storms and flooding from December 23, 2015 through January 9, 2016 can apply for FEMA grants.

Q: How do I apply?
A: Residents who were affected can apply for assistance online at www.DisasterAssistance.gov or call 800-621-3362 or (TTY) 800-462-7585, 7 a.m. to 10 p.m. seven days a week.  Those who use 711-Relay or Video Relay Services can call 800-621-3362. The application deadline is March 21.

Q: What kinds of FEMA grants are available?
A: Disaster assistance may include grants to help pay for temporary housing, emergency home repairs, uninsured and underinsured personal property losses and medical, dental and funeral expenses caused by the disaster, along with other serious disaster-related expenses.

Q: What happens after I register?
A: You will receive a phone call from a FEMA inspector to arrange for a survey of the damages. This will come just days after you register. All FEMA inspectors will have official identification. They do not approve or deny claims or requests; those come after the inspection results are submitted. FEMA inspectors do not ask for money and do not recommend contractors to make repairs.

Q.  I’ve already cleaned up and made repairs to my property.  Am I still eligible to register with FEMA?
A.  Yes. You may be eligible for reimbursement of your clean-up and repair expenses. Before and after photos of the damaged property can help expedite your application for assistance.

Q: Does my income need to be under a certain dollar amount to qualify for disaster aid?
A: FEMA’s Housing Assistance program is available, regardless of income, to anyone who suffered damages or losses in disaster-declared counties. However, aid for other losses such as personal property, vehicle repair or replacement, and moving and storage expenses is income-dependent and officials make decisions on a case-by-case basis. To be considered for a grant for these types of losses, the applicant must complete an application for an SBA loan.  

Q.  I have flood insurance.  Should I still register with FEMA?
A.  Yes.  But please contact your insurance company first.

Q: Does the Small Business Administration (SBA) offer loans to homeowners and renters?
A: Yes. The SBA is the primary source of financial assistance following a disaster and provides low-interest disaster loans to homeowners and renters.

Q: Do I have to be turned down by my bank before I can apply for a disaster loan?
A: No. The SBA has its own criteria for determining each loan applicant’s eligibility.

Q: If I rent an apartment, can I get help to replace my damaged personal property?
A: Yes. Renters may qualify for a FEMA grant. Renters may also qualify for SBA disaster loans.

Q: Will FEMA pay for all home repairs or contract work?
A: No. FEMA does not pay to return your home to its pre-disaster condition. FEMA provides grants to qualified homeowners to repair damage not covered by insurance, but these grants may not pay for all the damage. However, an SBA disaster loan may return a home to its pre-disaster condition.

Q: Do I have to repay money I receive for disaster relief?
A: No. You do not have to repay grant money, however SBA disaster loans must be repaid.

Q: Do I have to be a legal U.S. resident to receive Individual Assistance?
No. If you have a child living at home who is a U.S. citizen or a qualified alien, you may apply for Individual Assistance on that child’s behalf and you may be eligible to receive Individual Assistance. FEMA may provide undocumented, eligible immigrants with short-term, non-cash emergency aid.

Q: How can I check the status of my case?
A: You may go online to www.DisasterAssistance.gov or call the toll-free FEMA Helpline at 800-621-3362 (FEMA) or (TTY) 1-800-462-7585. If you need face-to-face assistance, visit a Disaster Recovery Center (DRC) or speak with someone from one of FEMA’s Disaster Survivor Assistance (DSA) teams currently going door-to-door in Missouri’s disaster-declared counties. All DRCs are accessible and equipped with tools to accommodate disaster survivors who need disability related communication aids.


Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow us on Twitter at https://twitter.com/femaregion7.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

State/Tribal Government or Region: 

For many years, OHSA regulations continue to assisted organizations worldwide in recognizing the need to control and improve health and safety performance for their workers.

Often that objective has been achieved by incorporating and implementing so called occupational health and safety management systems (OHSMS).

Very soon the final ISO 45001 standard will assist that process.

This month, we focus on data center design. We’ll look into design best practices, examine in depth some of the most interesting recent design trends, explore new ideas, and talk with leading data center design experts.


After years of designing data centers for customers around Europe, Theo Arendzen and his colleagues realized that no matter how much customization a customer wanted, the fundamental data center design elements just didn’t vary that much from one facility to another.

“Most of the topology is based on the same design principles,” he says. “You always come to a more or less standardized solution.”

Until about six years ago, ICTroom, the Netherlands-based company where Arendzen oversees engineering and design, built data centers within existing buildings. But when it started receiving its first orders for greenfield developments, the engineers started working on the idea of standardization and modularity.



For some organizations, conducting regular disaster preparedness exercises comes with the territory.  If you work with chemicals, in a manufacturing facility, or in an industry where your main function is to protect people and property, you’re probably well-versed in why preparation matters.  For many organizations, however, the potential dangers are not as obvious and safety exercises are relegated to the mandatory annual fire drill.  This approach may be setting your organization and your people up for real trouble. 

Why you should be doing more disaster preparedness exercises:



As snow pounded the east coast of the United States this weekend, government entities rushed to do their part in helping citizens cope with the effects of the storm. And amid all those efforts were several jurisdictions that turned to a tool becoming more common in state and local government: maps.

“Unfortunately a lot of the best technology comes out of disasters or major events,” said Christopher Thomas, director of government markets for the geographic information systems (GIS) company Esri.

Among the mapping applications were internal dashboards, which government agencies used to coordinate snow plows and other crews and public-facing informational maps. Thomas said he sees increasing interest in use of GIS at all levels of government. In fact, he said, that's one of the biggest shifts in the field -- in the past, it used to be cities like Chicago and Los Angeles that paid attention to the latest trends in GIS.



Small businesses being affected by bad weather

Bad weather conditions are hitting the revenues of over two thirds (69%) of small to medium sized businesses in the UK according to new research from insurance broker Towergate. This is an increase of almost a quarter compared to last year when nearly half (46%) of businesses were affected.

The research found that SME finances are being hit by bad weather – with staff unable to travel to work (25%), reduced demand for goods or services (24%) and poor weather conditions preventing work (19%) topping the factors for lost earnings. This is compounded by the fact that over a third of SMEs (37%) don’t have a business continuity plan, and as a result lose two working days each year on average due to weather chaos.

The findings also reveal that over the past five years, more than a third (37%) of small businesses have experienced property damage from bad weather. Yet three in five aren’t insured against flooding, high winds, thunder and lightning, snow, ice or hail – risking footing the bill for £74,000 worth of property damage on average. With an estimated 5.4 million SMEs in the UK, the total bill from weather damage could be as high as £240 billion.

Adverse weather has consistently featured in the top ten of the Business Continuity Institute's Horizon Scan Report and in a global survey of business continuity professionals, more than half of respondents (52%) claimed they were concerned about the possibility of a weather related event disrupting their organization. 

Commenting on the findings, Drew Wotherspoon from Towergate, said: “Small businesses are the lifeblood of the UK economy and are responsible for livelihoods up and down the country. But too many firms are not protecting themselves against the erratic nature of British weather, leaving themselves open to footing the bill for substantial damages and losing out on business earnings.

It’s vital that small business owners take heed of weather warnings and take precautionary measures to allow them to weather the storm and get back to business as quickly as possible. There are few practical steps business owners can take to make sure they’re equipped - from putting a backup plan in place to taking out specific policies against the elements.”

One of the fundamental problems with IT security is that the IT environment is becoming more complex, while both the volume and types of attacks that IT organizations need to defend against continue to grow. All that complexity increases the overall attack surface to be defended, which by definition means more vulnerabilities than ever can be exploited.

To help IT organizations discover those vulnerabilities, SafeBreach this week launched a namesake platform that allows IT organizations to use an automated playbook to launch scripted attacks to discover where IT vulnerabilities lie. SafeBreach CEO Guy Bejerano says SafeBreach has taken years of security research and encapsulated it in the form of a playbook that allows its platforms to launch an artificial attack. The platform then discovers which vulnerabilities are being exploited in those attacks, which allows IT organizations to remediate those issues before they are exploited by real cybercriminals.

Bejerano says as new attacks are developed, SafeBreach will continue to update its platform. That in effect creates something of a spy versus spy cycle of updates between SafeBreach and the hacking community, says Bejerano.



OXFORD, Miss. – As the income tax season nears, December storm survivors don’t have to worry that the disaster assistance they received from the Mississippi Emergency Management Agency or from the Federal Emergency Management Agency will boost their tax bill or reduce their Social Security checks or any other federal benefits.

Disaster assistance for temporary housing, essential home repairs, replacement of personal property or for other serious needs does not count as income. Disaster relief payments from the government or donations from charitable organizations will not affect Social Security payments or Medicare benefits. And, disaster recovery grants will not affect any recipient’s eligibility for Medicaid, welfare assistance, food stamps or Aid to Families with Dependent Children. Grants for disaster recovery assistance are not counted as income in determining eligibility for any income-tested benefit programs that the U.S. government funds.

As of Jan. 25, FEMA has awarded nearly $2 million in disaster assistance to Mississippians affected by the December disaster. Storm survivors have until March 4, 2016, to register with FEMA for disaster assistance by using any of the following methods:

  • By phone, call 800-621-FEMA (3362) from 7 a.m. to 10 p.m. Assistance is available in most languages. People who are deaf, hard of hearing or speech impaired may call (TTY) 800-462-7585.
  • Online at DisasterAssistance.gov by computer, tablet, iPhone, Android or other mobile device.
  • By 711 or video relay services, call 800-621-3362.

Eligibility for FEMA assistance is not dependent on income. The amount of disaster assistance an eligible applicant receives is based on the amount of loss and damage incurred as a direct result of the recent storms and flooding and the amount of their insurance settlement, if any.

After registering with FEMA, some survivors receive a disaster loan application from the U.S. Small Business Administration. By submitting the SBA disaster loan application, survivors keep the full range of disaster assistance available as an option. SBA may refer applicants who do not qualify for a home loan to FEMA for grants to replace essential household items and replace or repair a damaged vehicle. But if survivors do not submit their disaster loan applications, further assistance may stop. Survivors are not required to accept a loan offer.


All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

State/Tribal Government or Region: 
Thursday, 28 January 2016 00:00

Time for Post-Storm Claims Filing

Record-breaking Storm Jonas, which struck a large portion of the East Coast last weekend, was yet another reminder to have property insurance policies up to date and be familiar with claims procedures. To get the claims process moving, risk professionals whose business suffered damage should contact their insurer and broker as soon as possible.

According to the Insurance Information Institute, business owners need to:



COLUMBIA, S.C. – The three remaining disaster recovery centers in South Carolina will close Friday, Jan. 29, at 6 p.m.:

  • Richland County Library Southeast, 7421 Garners Ferry Road, Columbia
  • Williamsburg Recreation Center, 2084 Thurgood Marshall Highway, Kingstree
  • Central Carolina Technical College, 853 Broad St., Sumter

Many services available at disaster recovery centers are also available by calling the FEMA helpline. Survivors of Oct. 1-23 storms and flooding can get help by calling 800-621-3362 or TTY 800-462-7585; those who use 711/VRS can call 800-621-3362. Lines are open 7 a.m. to 10 p.m. seven days a week until further notice.

Survivors can use the helpline to:

  • Ask questions about FEMA decision letters.
  • Learn how to appeal FEMA decision letters. All applicants may appeal.
  • Inquire about the status of a registration.
  • Provide change of address, telephone and bank account numbers and insurance information to avoid disaster assistance processing delays.
  • Receive information about FEMA home inspections.
  • Get other questions answered about federal disaster assistance.

Applicants should have their nine-digit FEMA registration number and ZIP code if they want to discuss their application.

For the latest information on South Carolina flood recovery operations, visit scemd.org and fema.gov/disaster/4241.

State/Tribal Government or Region: 

EMC CEO Joe Tucci, responding to an analyst’s question on this morning’s earnings call about the status of the Dell deal, let it be known in no uncertain terms that the deal is going forward as planned.

Responding to a question (which starts at around the 39 minute mark) from Maynard Um of Wells Fargo, Tucci admitted that there has been a lot of noise about possible pitfalls in this deal, but he insisted the reports of problems have been largely based on bad information.

“This is a really big deal. And there is a lot of noise in the system. And there are a lot of people with lots of opinions. And a lot of them are not based on a lot of facts. As we are doing this, there’s a tremendously increased market volatility, and I think it’s really fair to say that this environment has not been kind to any security,” Tucci said in the call.



Data center migrations aren’t something most people do every day. They’re typically a once-in-a-career event — twice if you’re lucky (or unlucky, depending on how you look at it). No matter which camp you’re in, moving networks, servers, data and applications from one location to another tends to elicit a string of four-letter words.

Slow. Pain. Ouch. Nope. (Not the words you were thinking?)

This is for good reason.

In helping hundreds of companies migrate everything from single applications to full data centers, we’ve identified seven common mistakes people make during data center migrations, and more importantly, how to avoid them.



The community can be law enforcement’s biggest resource when searching for suspects or gathering information. Agencies are able to leverage the eyes and ears of their residents when an emergency happens and more information is needed. But often citizens are not quick to report crimes or share information. They may be scared or possibly guilty of being involved in a situation. How do we remove the aspect of fear to utilize such a great resource when it comes to solving crimes and finding wanted suspects?

Anonymity is key to giving the community a safe place to share their information. In Texas, over 1.4 million anonymous tips have been submitted which resulted in 200,000 arrests and $1.4 billion of recovered property and narcotics since 1981[1]. Nixle Tip Watch allows residents to text information to law enforcement-anonymously. The Oakland Police Department was the one of the first city to adopt the anonymous tipping function with Nixle. As a current Nixle user, they needed to take another step towards “fuller and more protected citizen participation.[2]



Colocation solutions are providing IT leaders with yet another way to streamline operations at the workplace. As more businesses aim to expand their ability to handle growing data and applications capacity, colocation has become the standard alternative to in-house data center investments.

Colocation providers help companies develop system architectures to support high density data center footprints associated with virtualization and consolidation efforts. If using an in-house data center, such activities often lead to significant heat generation and can necessitate significant investments in cooling infrastructure.

Data center colocation can also pay dividends by enabling organizations to mix and match facilities across one national platform. An interconnected multi-facility solution is ideal for providing the critical disaster recovery options.

Colocation solutions are providing IT leaders with an efficient way to streamline operations at the workplace. Read more in this Insights Blog >

Thursday, 28 January 2016 00:00

Why Mobile Apps Are Not Getting More Secure

Last month, Veracode released a supplement to its 2015 security report that focused on application development. The report showed that four of five applications written in PHP, Classic ASP and ColdFusion failed at least one of The Open Web Application Security Project (OWASP) Top Ten, a list of security benchmark best practices. Put more simply, the research suggests that applications – many of them mobile – are awash in vulnerabilities.

The research found that one scripting language is riskier than two other common approaches.  “In the side-by-side comparison of programming languages, we found that PHP was far more vulnerable to the issues of cross-site scripting and SQL injection than Java and .NET,” Chris Wysopal, Veracode’s co-founder, CTO and CISO says.

The intricacies of which scripting languages are more vulnerable than others is very important to developers and security professionals. For others, however, the question is a bit simpler: Is there an epidemic of insecure applications running on the mobile devices, many of which handle corporate communications and data?



Thursday, 28 January 2016 00:00

Walmart Open Sources Cloud Management Platform

Walmart became the latest major business to embrace the open source cloud this week with the release on GitHub of OneOps, the company’s formerly closed-source cloud management and application lifecycle platform.

OneOps is a platform for building and launching cloud-based applications across varied and changing environments. It offers a way to deploy apps on different providers’ platforms, from Microsoft Azure, Rackspace and CenturyLink public clouds to private or hybrid environments built using OpenStack.

The main selling point of OneOps for businesses is that it lets organizations switch between different providers easily to take advantage of changes in pricing, features and scalability. Meanwhile, for developers, it makes it easier to build and deploy cloud apps in a vendor-agnostic way.



OXFORD, Miss. – Home and business owners looking for information on how to rebuild safer and stronger following the destructive December storms will find help this week at local hardware stores in Ashland and Holly Springs.

Mitigation specialists from the Federal Emergency Management Agency will be at the Ashland Hardware store at 15800 Boundary Drive this Thursday and Friday from 9 a.m. to 6 p.m. and on Saturday from 10 a.m. to 3 p.m. They will be in Holly Springs at the Booker Hardware store at 119 South Market St. this Friday, 10 a.m. to 3 p.m. and Saturday from 10 a.m. to noon.

The specialists will answer questions and offer advice on ways to repair or rebuild homes so they are more storm resistant. Free printed materials with additional information will also be available.

The FEMA specialists can also offer advice on dealing with contractors, in particular on how to avoid being scammed. The specialists will provide handouts on selecting and working with contractors.

Anyone interested is welcome whether or not they are receiving financial disaster assistance from FEMA.

For the latest information on Mississippi disaster recovery operations, visit msema.org and fema.gov/disaster/4248.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

State/Tribal Government or Region: 

Revelations of government snooping and pressure on cloud providers to provide customer data to authorities have led to new developments in the way encryption is applied. The problem came about because the providers did the encryption of the data, but also held the encryption keys. That meant that customer data was protected from everyone else, except from the provider itself. Of course, the option for customers to encrypt their data before sending it to the cloud for storage has always existed, but makes it more difficult to use the data for cloud-based applications. A recent twist to the encryption saga is BYOE, also known as BYOK (Bring Your Own Key). How well does this answer concerns about data privacy in the cloud?



Inconsistent understanding of organizational resilience

Two thirds (64%) of CEOs admit that the concept of organizational resilience is inconsistently understood across their business, despite 70% believing it to be vital to the long-term viability of their operation. This is according to research commissioned by BSI.

Encouragingly 28% of CEOs are confident they secure an advantage in the market from organizational resilience, almost half (49%) claiming it enhances their company’s reputation and 39% suggesting it has improved their organization’s competitiveness through quicker and better targeted responses to opportunities. The research also found that North American firms are more than twice as likely as European firms to have boosted the quality of their products and services through organizational resilience, something that is most commonly held back by short-term financial thinking, a lack of skills and a failure to focus on the management of resilience.

Howard Kerr, Chief Executive of BSI commented: “CEOs may become so risk averse that they’re not only missing out on opportunities, but potentially undermining the long-term resilience of their organizations. Leaders need to have confidence in the ability of their team to remain agile and adaptive, while maintaining robust processes in the face of uncertainty. Ultimately today’s challenging conditions offer an opportunity to forge stronger team dynamics and delivery.

Worldwide more than half of CEOs (52%) attributed failures in organizational resilience to a lack of skills amongst their workforce. In a signal as to the importance of the issue, more than half (57%) of CEOs take personal responsibility for driving organizational resilience across their business. Just a quarter (25%) entrusted responsibility to colleagues below C-level in their seniority.

Kerr concluded: “Change must be led from the top. Organizations can be surprisingly naive, ignoring advice and best practice until they experience a setback themselves. CEO resignations aren’t just token sacrifices; they are a symptom of a wider malaise. Adapting and coping with change is a team effort, based on a culture of excellence across people, products and processes. True leaders recognize that Organizational Resilience is a strategic imperative across the whole business.

Thursday, 28 January 2016 00:00

Data Center Colocation in 2016: What to Expect

Edge data center users and companies with Internet of Things applications may breathe new life into secondary data center colocation markets in 2016. However, when it comes to large-footprint deployments, it appears 2016 will unfold in a similar manner to last year.

That’s according to Bo Bond, a managing director at the commercial real estate firm Jones Lang LaSalle. JLL recently released its Winter 2016 North America Data Center Perspective report, which examines the leasing activity and sale-leasebacks by data center providers.



If you’re not thinking about expanding your security services, you should be. At least, that’s the news from Kaseya’s 5th Annual Global MSP Pricing Survey*.  

"Heightened security risks" is the top IT problem or service need MSP respondents expect their clients to face in 2016. And it won by a mile, selected by more than a quarter of all respondents and receiving 40% more votes than the second-highest selection. This result isn’t a surprise given the unremitting flow of news on breaches and hacks.



Another massive weather system has impacted business operations in large parts of the country. Winter Storm Jonas dumped feet of snow across the northeast, shutting down travel and stalling commerce for days. The storm is considered a “top 10” in the continental U.S., driven by this year’s strong El Nino.

     --- See:  Godzilla Versus the Blob: How this Dynamic Duo will Impact Winter Weather in 2016 ---

From a business perspective, the storm illustrated the importance of rapid and accurate communications. Emergency or mass notification systems were used throughout the country to keep operations moving during this major disruption. Here are just a few of the ways organizations of all sizes utilized these mission critical systems:



Wednesday, 27 January 2016 00:00

Chasing Black Swans Through The Snow

We had a little snow here in Washington, DC on Friday, and we’re still digging out. The great snowstorm of 2016, a.k.a. Snowzilla, was the kind of outlier event that even the most dysfunctional of local governments must be ready to handle. Even if you think that 2-3 feet of snow in a single day is a “black swan” event, you had better have the snow plows and dump trucks ready for that unlikely scenario.

Software innovators have a much different attitude about black swans. Rather than prepare their response for them, they usually act as though they will never occur. Sure, you might do everything you can to prevent, say, an unexpected architectural glitch to put a critical application into a death-spiral during a period of inconveniently high usage, but there’s only so much risk mitigation that smart design, thorough testing, and other preventive measures can do. The risk of a black swan swooping down to land on your head always exist. (Just look at the painful example of Knight Capital, or the software upgrade that caused a 4-hour outage for the New York Stock Exchange last year.) So what do we do to recover from these events?



Wednesday, 27 January 2016 00:00

EMC Extends Software-Defined Storage Reach

While the high drama surrounding the proposed acquisition of EMC by Dell continues, EMC’s technology advances continue. Today EMC rolled out an update to its Elastic Cloud Storage (ECS) platform that is at the core of the company’s software-defined storage (SDS) architecture.

Manuvir Das, senior vice president for the Advanced Software unit within EMC’s Emerging Technologies Division, says the latest update adds the ability to search petabytes of unstructured data stored in an object-based storage system using metadata that doesn’t have to be housed in a separate database. Instead, Das says, IT organizations can apply analytics directly against the metadata exposed via ECS.

In addition, DAS says ECS now supports multiple protocols, including AWS S3, OpenStack Swift, HDFS and NFS. That makes it possible for IT organizations to deploy an SDS environment capable of spanning both public and private clouds, Das says.



WASHINGTON – The U.S. Department of Homeland Security’s Federal Emergency Management Agency (FEMA) is seeking applicants for its Youth Preparedness Council. FEMA’s Youth Preparedness Council was formed in 2012 to bring together leaders from across the country who are interested and engaged in advocating youth preparedness. Council members are selected based on their dedication to public service, their efforts in making a difference in their communities, and their potential to expand their impact as national advocates for youth preparedness.

The Youth Preparedness Council offers an opportunity for youth leaders to serve on a distinguished national council and participate in the Youth Preparedness Council Summit. During their two-year term, the leaders will complete a national-level group project and share their opinions, experiences, ideas, solutions, and questions regarding youth disaster preparedness with the leadership of FEMA and national youth preparedness organizations.

Council activities and projects center around five areas of engagement: programs, partnerships, events, public speaking/outreach, and publishing. Members represent the youth perspective on emergency preparedness and share information with their communities. They also meet with FEMA on a regular basis to provide ongoing input on strategies, initiatives, and projects throughout the duration of their term.

Individuals in their freshman or sophomore year of high school that are engaged in individual and community preparedness, or have experienced a disaster that motivated him or her to make a positive difference in their community, may apply to serve on the Youth Preparedness Council. Adults working with youth or community preparedness are encouraged to share the application with youth who might be interested in applying.

Youth interested in applying to the Council must submit a completed application form, two letters of recommendation, and academic records. Specific information about completing and submitting the application and attachments can be found in the application instructions. All applications and supporting materials must be received no later than March 1, 2016, 11:59 p.m. PST in order to be eligible. New Youth Preparedness Council members will be announced in May 2016.

For more information about the Youth Preparedness Council and to access the application materials, please visit www.ready.gov/youth-preparedness-council.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

OXFORD, Miss. – State and federal disaster survivor assistance teams are now working in three more Mississippi counties, helping residents recover from destructive tornadoes, severe storms and flooding in late December.

The teams are made up of disaster specialists from the Mississippi Emergency Management Agency and the Federal Emergency Management Agency. They are canvassing neighborhoods in Monroe, Panola and Prentiss counties, which were designated for disaster assistance last week.

Affected survivors in Monroe and Prentiss counties can also visit applicant service centers now open at the:

  • Chancery Clerk Building (across from the courthouse), 110 N. Main St., Booneville, MS 38829;
  • The Becker Community Center, 52246 Highway 25 South, Amory, MS 38821.

Survivors in Panola County can visit the disaster recovery center in neighboring Quitman County, which is located at the Marks Fire Department, 108 W. Main St., Marks, MS 38646 or any other center in a county designated for assistance after the December storms.

The teams can register survivors and electronically submit a request for federal assistance. Team members can be easily identified by photo identification and FEMA or MEMA clothing. Mississippi residents are encouraged to ask for official identification before providing personal information.

Federal disaster assistance for qualified applicants may include:

  • Grants to rent a temporary place to live, as needed.
  • Grants for essential home repairs not covered by insurance.
  • Grants for disaster-related needs not covered by insurance — such as medical, dental, transportation, funeral expenses, moving and storage fees, personal property loss and child care.
  • Low-interest disaster loans from the U.S. Small Business Administration to homeowners, renters and businesses of all sizes to cover losses not fully compensated by insurance.

In addition to the registration opportunity offered by recovery teams, survivors can register for assistance by the following methods:

  • Visiting DisasterAssistance.gov with a computer, tablet, iPhone, Android or other mobile device.
  • Calling 800-621-3362 or (TTY) 800-462-7585 for those who are deaf, hard of hearing or speech impaired. Those who use 711 or Video Relay Services can call 800-621-3362 to register. 
  • Business owners can find an electronic loan application on the U.S. Small Business Administration’s secure website at disasterloan.sba.gov/ela. Questions can be answered by calling the SBA disaster customer service center at 800-659-2955/ (TTY) 800-877-8339 or visiting sba.gov.


All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

State/Tribal Government or Region: 
Wednesday, 27 January 2016 00:00

Tornadoes' Aftermath Puts Some at Risk for PTSD

(TNS) - A month after tornadoes ravaged North Texas, mental-health experts are warning survivors to be on the alert for another problem: post-traumatic stress disorder.

Though many people associate that syndrome with soldiers who have been through combat, PTSD can affect about a fifth of people who were directly affected by a natural disaster, medical studies show.

After an ordeal like a tornado or hurricane, people often have trouble sleeping and concentrating, feel jumpy and may be easily startled, or see the disaster replaying in their minds.



(TNS) - Early Sunday morning the ground started to rattle in Alaska, and those who didn’t sleep through the 7.1-magnitude earthquake reacted in many different ways.

Some people ran outside of their homes, while others pressed themselves into doorways. Some people hurried down the stairs of hotels in their underwear, while others squatted under kitchen tables.

But what’s the best thing to do when you feel the floors start to sway?

Emergency officials have a few tips and one of them is stay inside.



Businesses face significant challenges in applying the new EU Data Protection Regulation to paper records; Iron Mountain offers some advice.

At the end of last year, the European Parliament and Council reached agreement on the General Data Protection Regulation (GDPR) proposed by the European Commission. The new rules, which will come into force in early 2018, represent the greatest change to data protection legislation since the dawn of the Internet. They will affect any organization across the world that handles data of European origin.

According to information management and storage company Iron Mountain, the reforms, which aim to reflect the changing needs of the digital economy and champion the data privacy rights of the individual, could prove difficult to apply to paper-based information. To help companies ensure their paper records don’t fall foul of the regulations, Iron Mountain has prepared the following guidance on some of the key components of the GDPR: 



Boards of directors lack understanding of the cyber risk

45% of cyber security professionals believe their board of directors has a major gap in its understanding of cyber risk, or simply don’t understand the risk at all. This is despite over half (54%) of boards being ultimately accountable for the cyber strategy, according to a new study by Harvey Nash and PGI Cyber.

The Cyber Security Survey also revealed that one third of cyber professionals (33%) believe their CEO has major knowledge gaps and almost half (49%) believe the same for their Chief Finance Officer. Chief Marketing Officers, many of whom have increasing responsibility for customer data and driving customer facing digital strategies, were also rated poorly, with 43% of cyber professionals believing they had major knowledge gaps, and one in ten (11%) believing they had no cyber risk awareness at all.

Whilst most cyber professionals feel their organisations have the basics covered, 85% still think there is more to do, and one quarter (26%) believe there is significantly more work to do. Unsurprisingly it is lack of finance that is holding cyber security back with 57% of respondents citing this as a reason for any gaps, while lack of security aware culture (49%) and a lack of understandings of the real threat (43%) were also highlighted.

Understanding of the threat is very high among business continuity professionals according to the latest Horizon Scan Report published by the Business Continuity Institute. 82% of respondents to a global survey expressed concern about the possibility of a cyber attack and 74% expressed concern about a data breach occurring.

Brian Lord, Managing Director, PGI Cyber commented: “Cyber security is as much about people as it is about technology. Whilst there is no doubt many boards are asking more questions about cyber security than they did five years ago, it is clear that there is much more to do to make organisations fully aware and prepared for the challenges of an increasingly global and digital world.

Wednesday, 27 January 2016 00:00

How Secure Is Your Data Store?

In the business world today, the data held by a company can often be their most valuable asset. The value of the data is also dependent on its quality, so the more time you spend making sure that it is fit-for-purpose, the more value can be extracted. These values can be significant too, with the Verizon Data Breach Report reporting an average cost of $201 per lost record in 2014.

Therefore, keeping it safe and secure should be at the forefront of company strategies, but this is rarely the case. When this happens you have situations such as for Ashley Madison or Carphone Warehouse, whereby huge and valuable datasets are stolen or leaked. It is like having a car that you spend several thousand on, but leave it in a high crime rate area, most of the time it won't get stolen, but the chances of it being taken are much higher than they need to be.

One of the key reasons for this lapse in security is that many of the most popular platforms, like Hadoop, have in-built security. The danger here is that people think that their data is safe because of these systems, which is true to a degree, but having only these systems in place is like locking your car - it can still be broken into relatively easily.



It’s safe to say that enterprise cloud is here to stay. Cloud services have augmented the way we deliver resources, support new types of users, and create new types of business strategies. Today, organizations are looking at even more ways to leverage cloud computing environments to help their businesses become much more agile.

Spending on cloud infrastructure and platform could rise from $16 billion in 2014 to $43 billion by 2018, according to a recent Goldman Sachs report. The share of cloud infrastructure and platform in enterprise IT spending is forecast to increase from 5 percent in 2014 to 11 percent by 2018. This will be driven by the increasing shift of IT budget from traditional in-house delivery methods to various flavors of cloud computing as a means to cut cost and create new revenue streams.

All this in mind, let’s focus on one of the biggest questions facing enterprises when they look at the modern cloud ecosystem: “How do I create a good cloud connectivity strategy that will allow me to leverage my on-premise investment and a public cloud architecture?”

To answer it, let’s look at two leading public cloud providers and what they’re offering around enterprise cloud connectivity. But first, we’ll need some definitions.



Recent studies have shown that enterprises are embracing advanced analytics and big data projects. But are they getting real value out of these efforts? Or are we headed for a period of disillusionment? Newly private Informatica has refocused on a mission to help enterprises turn their data investments into projects that drive real business value and avoid the disillusionment pitfall.

CEO Anil Chakravarthy spoke with InformationWeek in an interview about the company's mission, and the trends and opportunities he sees ahead this year.

Informatica appointed Chakravarthy as CEO this month, almost six months after naming him as acting CEO in conjunction with the company's acquisition by two private equity firms. The acquisition by Permira funds and Canada Pension Plan Investment Board -- along with strategic investments from Microsoft and Salesforce -- was completed in August 2015. It took Informatica private and gave the company "more flexibility and more time to implement our transformative innovation roadmap and to evolve our business model," the company's chairman, Sohaib Abbasi, said in a prepared statement at the time.



While 91 percent of enterprises said they still worry about threats to data, many of them are still focusing on the wrong security priorities to best help protect themselves from data breaches and other attacks, according to a recent survey.

The 2016 Vormetric Data Threat Report—sponsored by security startup Vormetric and conducted by analyst firm 451 Research—found that compliance is the top area of focus for enterprises when it comes to security because they equate compliance with protecting critical data.

Common thinking among companies is that if they meet compliance requirements, it will be enough to keep data safe, according to the report, penned by 451 Research Senior Analyst Garrett Bekker. This is despite the fact that data breaches actually occur more often in organizations certified as compliant, he said.



As devastating severe winter weather continues to attack the Mid-Atlantic and Northeast, cities and counties work tirelessly to keep residents safe and return life to normalcy.   It was a historic storm, as snow totals “topped out near 42 inches in West Virginia and at least 14 states in total received more than a foot of snow from the storm.” 


During severe weather and emergency events, Everbridge and Nixle are committed to providing reliable communication channels between emergency managers, law enforcement and the residents they serve.  We are here to help.  Utilize our Emergency Live Operator phone line where a representative will assist you in sending an emergency notification. Or call our Everbridge Support Center, available 24×7 – details on how to reach us can be found here: http://www.everbridge.com/support.


Below are a few informative pieces to use in your emergency and severe weather preparation plans:



(TNS) - Around 8 a.m. Saturday, stiff from sleep and freezing temperatures, more than 150 volunteers formed human chains around five homes near Fenton and passed thousands of sandbags to the curb.

Some bags, dense with frozen floodwater, weighed as much as 50 pounds. “Now, they are sandbricks,” said Jakob Budge, 17, a volunteer from the Mormon congregation in Fenton.

At first, the youth said, his muscles ached from the repetition of lifting and passing. But determination took over. People along the chain peeled off their jackets and wiped sweat from their brows even in the frigid air. An hour and a half later, they cheered as the last of the bags from the back of one home left their hands.



(TNS) - The inspector general’s office for the U.S. Department of Homeland Security is auditing how Long Beach City schools, the Town of North Hempstead and the Roman Catholic Diocese of Brooklyn are handling superstorm Sandy disaster recovery money.

Audits of the three entities have been ongoing since last year and were included in an end-of-year roundup of investigations and other projects undertaken by the inspector general’s office.

“We end up doing a lot of audits to see if the money is being spent consistent with policies and procedures,” said Homeland’s Assistant Inspector General John Kelly, whose division is emergency management oversight.



In my upcoming webinar, “Trends in Business Continuity: Recapping 2015 and Looking Ahead,” on January 27th, I will take a moment to look back at 2015 on the types of challenges that the continuity field experienced, and then gaze forward, contemplating what might be next. Once we know what we might likely face, I’ll explore eight ways to reimagine your program to meet the significant challenges ahead.  

One those eight ways is Number Five…“Work Out.” No, I’m not discussing aerobics or yoga (although that couldn’t hurt), I’m talking about the importance of exercises. Practice (aka exercises) breeds familiarity and “muscle memory,” which should be (and could be) the real measure of competence or capability.  The term “muscle memory” has been used synonymously with motor learning, which is a form of procedural memory involving the consolidation of a specific motor task into memory through repetition. When a movement is repeated over time, a long-term muscle memory is created for that task, eventually allowing it to be performed without conscious effort. That is what we want our teams to be able to do – perform their duties without conscious effort.



Many enterprises are pondering the implications of the all-cloud data center when, in fact, a more immediate change is in the works. This would be the so-called “cloud-first” strategy, which seems to be playing out on the application layer rather than in end-to-end infrastructure deliberations.

The key difference between the two is that while all-cloud focuses largely on how the cloud is built, cloud-first looks at how the cloud is utilized. And in almost all cases, cloud-first offers a leaner, more efficient, and more manageable approach to enterprise functionality than legacy architecture.

According to IDC, cloud-first strategies are responsible for a good portion of the explosion in cloud services that is rocking the enterprise industry. Cloud services are set to increase by nearly 20 percent per year for the remainder of the decade, to top $141 billion by 2019. This will result in the average business spending six times more for cloud services than they do for overall information technology, with software-as-a-service taking the lion’s share of that spend. Ultimately, however, this will lead to broader adoption of cloud-based platform and infrastructure services (PaaS and IaaS), both of which are starting from smaller bases than services but are growing between 27 percent and 30 percent per year.



I’ve been writing about IT security for nearly a decade. I’ve seen the progression of cybersecurity problems and cybersecurity solutions. I remember the number of professionals I spoke with who shrugged off the need for security and the businesses who told me point blank that they’d never trust cloud computing because it will never have good enough security protections. I’ve seen the shift in attitudes (not to mention the number of other writers who have picked up the topic because it is “hot” and everybody wants to read about it now).

On one hand, we’ve come a long way in our knowledge and acceptance of cybersecurity needs. Yet, in these early days of 2016, I’m seeing a lot of conflicting reports. One day we are being told that businesses are doing more to increase their security budgets, for example, while the next day, a study is saying that businesses aren’t doing enough to secure their data. We’re seeing a lot of mixed signals – even within the same report.

Take Cisco’s 2016 Annual Security Report, for example. As TechRepublic reported:



In the latest bout of alarmist frenzy to sweep the security world, researchers disclosed a vulnerability in the Linux kernel’s open source code last week. It turns out the vulnerability poses little real threat.

The flaw, which has existed in Linux since 2012 but remained unknown, was reported by the Israeli security company Perception Point. It allows attackers to gain root access to computers running affected versions of the kernel. With root access, they can do anything they want to the system.

Perception Point ominously warned that the vulnerability affects “tens of millions” of Linux PCs and servers, as well as some Android devices (since Android is based on a version of the Linux kernel). The company urged administrators and users to upgrade their systems as soon as possible in order to apply the fix that the Linux kernel developers created after Perception Point notified them of the flaw.



Cities on the north-eastern US coast are recovering from a massive weekend snowfall brought by Winter Storm Jonas, but the cloud infrastructure in the region powering websites and services appears to have been largely unaffected.

The service status pages for major cloud services including Microsoft Azure, Google Cloud Platfrom, and Amazon Web Services didn’t report any disruptions to facilities on the east coast.

Hurricane Sandy in 2012 caused several outages including flooding and generator fuel shortages at PEER 1’s facility and Internap’s Mahattan facility going down. In anticipation of winter storm Jonas, AWS has noted that this is unlikely to happen.



Data breaches, IT incidents or any other corporate disasters have an impact on a company’s standing. Reputation management is a matter of protecting that standing or of keeping damage to minimal levels. In some instances, data breaches for instance may not need to be declared to the public. In other cases, when customer, medical or other personal data is compromised, a company has no choice but to advise consumers, patients and other individuals about the risks engendered. An interesting insight from MIT’s Sloan School of Management into how the public at large perceives enterprises and organisations suggests that trying to leverage feelings may be a bad move, when it comes to reputation management.



Tuesday, 26 January 2016 00:00

Are you the target?

Do you know the basic principle of hunting? Always be vigilant — otherwise you could become the prey! The world of data is a jungle — you could do a lot of hunting, but you could just as easily get lost and become a more experienced hunter’s trophy kill. There are scavengers everywhere, and anyone could become their next target — for them your data is a tasty, tasty snack. So as we come to the end of this series, I will give you a few simple data security tips – I hope you find them useful.



Tuesday, 26 January 2016 00:00

Zika Throws a Travel Risk Curveball at 2016

It is understandable if you bade an enthusiastic farewell to 2015. International markets whipped up and down, ISIS’ terrorism campaign extended well beyond the Levant, South China Sea tensions escalated, and, of course, a historic refugee crisis consumed Europe (and the attention of much of the West). Oh, and 2015 was by far the warmest year on record.

The political risk consultancy Eurasia Group, headed by noted scholar and author Ian Bremmer, has weighed in on the risk outlook for 2016 and it isn’t pretty. In a nutshell, all of the problems of the past couple of years “will get worse.” The strategically critical countries of Russia, Turkey, and Saudi Arabia are all on a path of decreasing stability or increased international belligerence (or both), and this development is exacerbated by a U.S.- Western Europe alliance that is shrinking away from messy international situations.



Jack Vonich is VP of Sales for Instor Solutions.

How to effectively balance the power load in data centers is an issue that every data center manager is familiar with. When done correctly, a properly balanced data center helps to secure uptime and is often an important avenue for the facility to utilize extra power capacity. When improperly balanced, available power can become stranded, and the chance of damage to vital infrastructure increases. Taking the time to optimize power distribution when installing or refitting a data center is well worth the effort and is another crucial step toward maximizing its performance.


To help avoid stranding power, we can look at the following example (power coming into data centers is measured as either X + Y + Z + Gr or X + Y + Z + Gr + N). In this simplified model (Fig. 1), we’re working with three-phase power which is broken into groups of two phases for each outlet powering the individual devises on the power strip.



Work & Hiring Arrangements
Telework & Emergency Preparedness

Telework is a work flexibility arrangement under which an employee performs the duties and responsibilities of such employee's position, and other authorized activities, from an approved worksite other than the location from which the employee would otherwise work.

All Federal agencies must have a telework policy as required by Public Law 106-346, § 359 and Public Law 111-292, § 6502, and must implement telework to the maximum extent possible for eligible employees.

By law, telework must be integrated into planning for Continuity of Operations (COOP), including a pandemic health crisis.

Agencies must designate a Telework Managing Officer (TMO) that is devoted to policy development and implementation related to agency telework programs. Agencies may also designate a telework coordinator to be responsible for overseeing the day-to-day implementation and operation of telework programs.

Agencies may, at their discretion and subject to agency telework policies, procedures, and provisions of collective bargaining agreements, define and use the types of telework that best fit their business needs.

The choice of how to equip teleworkers is left to agency discretion. Security concerns should be considered in making equipment choices; agencies may wish to avoid use of employees' personal computers and provide agency PCs or laptops as appropriate. In all cases, however, agencies must follow Office of Management and Budget (OMB) security guidelines as outlined in the Telework Enhancement Act of 2010 (external link), and should consider the provisions contained in OMB's June 23, 2006, memorandum, "Protection of Sensitive Agency Information."

Telework can be used as a reasonable accommodation for qualified individuals with medical conditions or other disabilities. At the discretion of an agency, telework can also help with employees who, because of physical injury, are temporarily unable to travel to the workplace. Telework provides an opportunity for agencies to hire qualified individuals (especially those who are mobility-impaired) who might otherwise not consider applying for positions.

All teleworkers and telework managers must receive telework and information security training. Telework training is available via the joint OPM/GSA Website (external link) or may be provided by the agency. Information security training must be provided to all employees by their agencies.

All teleworkers must have signed written agreements, even for ad-hoc, emergency telework arrangements, to provide structure and accountability. Key components of a telework agreement include the following: schedule; communication expectations with the employee's manager, workgroup, and customers; equipment; tasks; information security obligations; expectations for COOP, pandemic, or other emergency situations, including weather closures. Telework agreements should conform to any applicable negotiated agreements.

Managers may deny a telework request or terminate a telework agreement for business reasons. The denial or termination must be documented in writing and shared with the employee.

Teleworkers who work from home must provide an appropriate workspace and should certify that it is free from hazards. Government employees causing or suffering work-related injuries and/or damages at the alternative worksite (home, telework center, or other location) are covered by the Military Personnel and Civilian Employees Claims Act, the Federal Tort Claims Act, or the Federal Employees' Compensation Act (workers' compensation), as appropriate.

Employees who use computers and other information technology while teleworking need effective support during work hours; remote access presents some unique issues, and agencies should ensure tech support can meet these needs. These needs must also be taken into account in planning for using a distributed workforce during an emergency situation.

Employees designated to work from home during an emergency event should telework frequently enough to ensure all systems are working smoothly.

Following is a summary of key federal disaster aid programs that can be made available as needed and warranted under President Obama's disaster declaration issued for the State of Alabama.

Assistance for the Territory and Affected Local Governments Can Include as Required:

  • Payment of not less than 75 percent of the eligible costs for emergency work and repairing or replacing damaged public facilities, such as roads, bridges, utilities, buildings, schools, recreational areas and similar publicly owned property, as well as certain private non-profit organizations engaged in community service activities. (Source: FEMA funded, territory administered.)
  • Payment of not more than 75 percent of the approved costs for hazard mitigation projects undertaken by state, tribal, and local governments to prevent or reduce long-term risk to life and property from natural or technological disasters.  (Source: FEMA funded, territory administered.)

How to Apply for Assistance:

  • Application procedures for state, tribal, and local governments will be explained at a series of federal/state applicant briefings with locations to be announced in the affected area by recovery officials. Approved public repair projects are paid through the state from funding provided by FEMA and other participating federal agencies.

FEMA’s mission is to support our citizens and first responders and ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Stay informed of FEMA’s activities online: videos and podcasts available at http://www.fema.gov/medialibrary">www.fema.gov/media-library and http://www.youtube.com/fema">www.youtube.com/fema; follow us on Twitter at www.twitter.com/fema  and on Facebook at www.facebook.com/fema.

China has become an increasingly important market over the last several years for server technology providers, and leading vendors such as Hewlett-Packard HPE +0.00% Enterprise, IBM IBM +0.81% and Intel INTC +0.00% are all making significant investments to get more than their fair share of the pie. Earlier this week, Qualcomm QCOM -2.13% announced a joint venture in China that I believe could be a game-changer in the server space over the long term. If executed effectively, the joint venture could help China get closer to the locally-sourced datacenter infrastructure that they are demanding.

By some estimates, China is now the #2 country for server sales worldwide and has been growing at a rate much faster than the overall market. And despite the recent economic slowdown, many believe that the datacenter business in China will continue to flourish as demand to expand the capacity of the country’s datacenters doesn’t appear to be waning anytime soon. In an era where much of the world’s server hardware demand has stagnated, leading vendors are looking to opportunities like China to keep their businesses growing. But the Chinese government has made it clear that they want to move toward indigenous datacenter products and reduce their reliance on US and Western European vendors for long term advanced technologies.

In October 2015, Qualcomm publicly announced their plans to go after the server processor market—a market that is dominated today by Intel—and demonstrated their first pre-production server chip based on the low-power ARM architecture from ARM Holdings ARMH +2.33%. In that announcement, Qualcomm specifically mentioned China as a key target market for their server-focused efforts. Qualcomm’s announcement this week to create a joint venture agreement with the Chinese province of Guizou called Guizhou Huaxintong Semi-Conductor Technology Co. to locally design, develop and sell advanced server chipsets is a critical step that may help turn this vision into a reality. Both parties have invested $280 million in the joint venture, which will be 55% owned by Guizhou and 45% owned by a subsidiary of Qualcomm.



Monday, 25 January 2016 00:00

Another Day, Another Hack

As if we needed another reminder of the rising threat of cyber attacks, the estimated EUR 50 million ($55 million) loss arising from a cyber fraud incident targeting Austrian air parts supplier FACC AG made us sit up and take notice.

As Bloomberg reports here, if the damages do indeed amount to $55 million this would be one of the biggest hacking losses by size.

Bloomberg also points out that the incident is made more intriguing because FACC is 55 percent owned by China-based AVIC.



Monday, 25 January 2016 00:00

The Cloud: A New Way to Conduct Business

At this point, it doesn’t make much sense to talk about whether IT infrastructure will change in the cloud, or even how it will change, but how data and business processes will change to suit the new reality.

Infrastructure, after all, is merely a means to an end, so the real measure of the cloud is how it will alter the things we do, not the resources we use to do them.

We are already seeing this effect in motion. Traditional applications like BI and CRM are not being ported directly to the cloud anymore, they are being recoded to suit the dynamic, resource-shifting realities that cloud computing brings to the table. At the same time, entirely new business processes are emerging to take advantage of new service- and application-layer flexibility to out-perform their legacy counterparts.



While the rain keeps falling in Northern California, the state’s water supply is nowhere near bouncing back from a shortage caused by years of severe drought, and data center cooling technology that doesn’t use water is one way data center operators in the state can be part of the solution.

Emerson Network Power claims data center operators that installed its pumped refrigerant-based cooling system in North America have saved more than 1.4 billion gallons of water in the last three years. A traditional chilled water-based system uses about 1 million gallons of water to cool 1 MW of IT capacity in a data center for one year, John Peter Valiulis, VP of marketing at Emerson, said.

The savings estimate comes from a process the company recently went through with the California Energy Commission to get pumped refrigerant-based systems approved as accepted form of economization, or free cooling, under the state’s Building Standards Code, known as Title 24. The code requires new data centers to use economizers but until recently only specified air-side and water-side economization systems as appropriate ways to satisfy the requirement.



Fairfax County, Virginia is home to over 1 million residents across 390 square miles in the suburbs of Washington, D.C.. Since 2003, the county’s Community Emergency Response Team (CERT) has embraced the reality that residents need to be prepared for major emergencies.

“Widespread emergencies like the Derecho windstorm of 2012 and the “Snowmageddon” snowstorm of 2010 emphasize that emergency responders are not always the first responders—bystanders and neighbors are often relied upon during and after disaster,” explained Jeffrey Katz of Fairfax County Fire and Rescue.

Over 2,500 county residents have learned necessary skills for emergency situations. The 25-hour CERT course is delivered by the fire department and in coordination with the county’s Office of Emergency Management. CERT training is based on the national CERT program curriculum administered by the Federal Emergency Management Agency.



In October 2013, Affinity Gaming, a casino operator based in Nevada, heard from customers that their credit cards had been hacked. Before too long, the company’s IT department concluded it likely suffered a data breach.

Within days, professional forensic data security investigators from Chicago-based Trustwave Holdings Inc. were analyzing the company’s system, and suggesting remedial measures.

That account is taken from a federal lawsuit that Affinity filed in Las Vegas. It accuses the IT security company Trustwave it hired to conduct a forensic investigation of failing to proscribe appropriate remedial measures and not removing the malicious malware. The suit states that within three months, a second data breach occurred. Affinity is suing Trustwave for fraud, fraudulent inducement, constructive fraud, gross negligence, negligent misrepresentation, breach of contract and declaratory judgment.

The lawsuit, filed in late December and first noticed by Ars Technica, and poses an interesting test case of whether a security vendor can be held liable for not ensuring the complete safety of a company.



JEFFERSON CITY, Mo. – Residents of 33 Missouri counties who have been affected by the recent severe storms and flooding may soon see Federal Emergency Management Agency (FEMA) Disaster Survivor Assistance (DSA) teams and home inspectors in their neighborhoods.

Those counties are: Barry, Barton, Camden, Cape Girardeau, Cole, Crawford, Franklin, Gasconade, Greene, Hickory, Jasper, Jefferson, Laclede, Lawrence, Lincoln, Maries, McDonald, Morgan, Newton, Osage, Phelps, Polk, Pulaski, Scott, St. Charles, St. Francois, St. Louis, Ste. Genevieve, Stone, Taney, Texas, Webster, and Wright counties.

The DSA teams offer survivors registration assistance, up-to-date information on their application status, on-the-spot needs assessments and referrals to help fill any outstanding needs.  Following an individual assistance disaster declaration, FEMA provides this mobile resource to help connect homeowners, business owners and faith-based and community organizations with the necessary resources to start the recovery process.

Home inspectors will also be in the field verifying damages for those who have applied for federal assistance.  Inspectors will contact homeowners and renters to schedule a time to meet to verify flood damages that occurred December 23, 2015 through January 9, 2016.

Inspectors are contractors who will display official photo identification. If the photo identification is not displayed, it is important to ask to see it. This helps prevent fraudulent activities.

Individuals or business owners that apply for a disaster loan with the U.S. Small Business Administration (SBA) may also be contacted by a loss verifier who will inspect the damaged property. 

Residents who were affected can apply for assistance online at www.DisasterAssistance.gov or call 800-621-3362 or (TTY) 800-462-7585, from 7 a.m. to 10 p.m. seven days a week.  Those who use 711-Relay or Video Relay Services can call 800-621-3362.  The application deadline is March 21.


Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.


(TNS) - When officials with the city of Lubbock’s Emergency Operations Center gathered at 6 a.m. Sunday, Dec. 27, they had a prepared list of objectives from emergency management to deal with large snowstorms.

The first two objectives were related to first responders: to make sure they were prepared — and for public safety services to remain active throughout the city.

And while things like equipment, routes for snow plows, communication and employee shift operations are being audited in the storm’s aftermath, city officials say the first two objectives were on target.



More than half of U.S. consumers think that storing their credit and banking information in the cloud is more risky than driving without a seat belt, according to a new report from Symantec. Those consumers are correct, and the other half of them need to change their thinking – or their wallets may take a hit. The Symantec report states that consumers globally lost $158 billion to cyber crime in the past year. In the U.S. alone, the figure is nearly $30 billion.

Director of the FBI, James Comey, called the Internet, “the most dangerous parking lot imaginable,” and warned people to be just as aware of scams, compromised websites, malware and other threats as they would be of a physical theft.

Symantec, the world’s largest security software company, advises consumers to ‘go boldly, not blindly’ onto the Internet. The company has opened up a lot of eyes to the cyber risks and consequences facing consumers globally in its 2016 Norton Cybersecurity Insights Report.



If the chatter is to be believed, identity theft tops the list of taxpayer concerns for 2016. And it’s not all in your head: a 2015 Identity Fraud Study, released by Javelin Strategy & Research, found that identity thieves stole $16 billion from 12.7 million U.S. consumers in 2014, a new victim every two seconds .

Those statistics are scary but there is some good news to be found in the report: the numbers are actually down from the previous year. The reason? It’s very likely the result of an increased awareness from consumers together with increased protections in place from industry and government. That includes efforts like the Internal Revenue Service (IRS) “Taxes. Security. Together.” campaign. The more you know about how to protect yourself, the better chance you have to not be a victim. Here are 11 tips help you protect yourself from identity theft and identity theft related tax fraud:



(TNS) - Southcentral Alaska was rocked by a strong and prolonged magnitude-7.1 earthquake early Sunday morning.

The quake struck 86 miles west-southwest of Anchor Point at 1:30 a.m. Alaska time, according to the U.S. Geological Survey.  The Alaska Earthquake Center said it hit on the west side of Cook Inlet, about 65 miles west of the Kenai Peninsula town of Homer and about 160 miles southwest of Anchorage.

The quake knocked items off shelves and walls and shook buildings throughout the region. A series of aftershocks followed, including a magnitude 4.5 that struck about two hours after the initial quake and could be felt again in Anchorage.



(TNS) - The powerful blizzard that slammed the East Coast on Saturday quickly surpassed forecasters’ dire predictions, claiming at least 18 lives, flooding coasts, unleashing hurricane-force winds and paralyzing life for residents of at least 20 states from Georgia to Massachusetts.

The storm was well on its way to smashing snowfall records.

Mayors and governors said they did not expect their cities to be back in business until next week.

“Safety is our number one priority – and right now, it is not safe for the general public to travel,” New York Gov. Andrew Cuomo warned as the heart of the storm hit his state. Visibility was so low that those walking across the Brooklyn Bridge couldn't see the East River beneath or the Manhattan skyline soaring above. Since Thursday night, 25 inches had fallen in Central Park, nearing the city’s record of 26.9 inches, which fell over two days in 2006.



(TNS) - There seemed to be no stopping the snow in Baltimore this weekend, as a historic storm held the region in its icy, gusty grip.

But even as the winds picked up Saturday afternoon, and most people stayed at home with hot chocolate and movies, there were some who refused to be stopped.

On dog sleds, cross country skis and in good old-fashioned sneakers, people hit the nearly empty streets to take stock of the snowfall — more than 2 feet by Saturday evening in some places in Maryland. They were joined by emergency responders, snowplows, National Guard Humvees and others for whom the snow did not mean a day off from work.



A new report published by the UK Government‘s Science and Technology Select Committee has found that the UK is not well-placed to respond to pandemics and novel epidemics.

As the title suggests, the report ‘Science in emergencies: UK lessons from Ebola’ looked at the lessons that can be learned from the Ebola crisis response. It found that, in a future global pandemic or in a UK epidemic outbreak, the country would be more vulnerable than in the past due to the degradation of the UK’s ability to manufacture enough vaccine to vaccinate UK citizens in an emergency. To respond to this vulnerability, the report recommends that the Government “acts now and negotiates with vaccine manufacturers to establish pre-agreed access to manufacturing capabilities that can be called upon quickly in an emergency.”

Other key points from the report include:

  • The UK Ebola response - like the international response - was undermined by systemic delay. The biggest lesson that must be learnt from this outbreak of Ebola is that even minor delays in responding cost lives. Rapid reaction is essential for any hope of success in containing an outbreak.
  • The UK and other countries were not ‘research ready’ when the outbreak began, prompting a less than optimal and uncoordinated research response.
  • Rapid and reliable communication is integral to delivering an effective response to a disease emergency but throughout the Ebola outbreak the systems to share advice, expertise, epidemiological and clinical data were inadequate.
  • The Government’s communications on Ebola with the UK public were accurate and balanced, but it was disappointing that the Government failed to explain why it went against guidance from the World Health Organization and Public Health England and introduced screening for Ebola at UK ports of entry.  The report recommends that “when interventions like screening are instigated during an emergency, the Government makes the evidential basis for the intervention explicit.”

Read the full report (PDF).

Monday, 25 January 2016 00:00

Who would James Bond be without his toys?

Total and unrecoverable annihilation of data isn’t easy these days, as the GCHQ agents who supervised the drilling through The Guardian’s hard drives knew all too well. The hard drives contained data stolen from the NSA by one Edward Snowden. Drilling is still a popular method of destroying data. But is it effective? Putting aside the fact that data can be easily copied and stored in an almost infinite amount of physical places (for example, when you upload or host it online), it’s actually disputable whether or not drilling through disks is effective. James Bond would surely have done that with more finesse, while ensuring that data is destroyed and unrecoverable (in style, of course). I’ll give you a couple of ideas for how he could do it — but let’s start from the beginning.

 Destroying the storage device physically is your best guarantee that the data won’t ever come back to haunt you. It eliminates the risk of a data leak that is technically possible when wiping a disk programmatically, or when highly sophisticated data recovery equipment is used on the drive (tools of this calibre are not commercially available, but we can’t rule out that they one day will be or that some institutions don’t already have them). There is a downside to this method though – you will not be able to use this storage device again. Unlike a hard drive wiped with data erasure software, a physically destroyed disk can only be recycled. In some cases this will be your best option though.



Gartner estimates that the Internet of Things (IoT) will include 26 billion devices by 2020. Organizations in virtually every industry are using IoT devices to drive higher levels of efficiency, reduce costs, generate new revenue, and understand customers at more granular levels. However, not all of these organizations are prepared to deal with the deluge of data these IoT devices will bring.

"IoT deployments will generate large quantities of data that will need to be processed and analyzed in real time," said Gartner research director Fabrizio Biscotti in a statement. "Processing large quantities of IoT data in real time will increase as a proportion of workloads of data centers, leaving providers facing new security, capacity, and analytics challenges."

One way of addressing these challenges is to put automated, intelligent analytics at the edge -- near where the data is generated -- to reduce the amount of data and networking communications overhead.



The practice of arguing over the validity of technology benchmark tests may be only about a day older than the existence of benchmark tests. It's a longstanding IT industry tradition to try to prove whose product is better with some kind of showdown and use the results to win customers. But organizations often disagree about what should be tested, who should test it, and plenty of other factors of testing in an effort to ensure the tests are fair (and that their own products come out on top and don't underperform).

One such battle has been brewing in big data recently between Informatica and Talend. It all started with a Talend-commissioned benchmark test conducted by MCG Global Services in October 2015 that said Talend Big Data Integration offered about 10 times faster performance than Informatica Big Data Edition.

Not surprisingly, Informatica objected to the validity of these results, saying the benchmark was not independent because it was commissioned by the winner, and Informatica wasn't consulted. Informatica also said in a blog post that the benchmark test pitted its two-year-old product against Talend's month-old product.



rhizome (rī′zōm′) – a horizontal, usually underground stem that often sends out roots and shoots from its nodes.


Sometimes, people outside of a particular field get ideas for the field that are better than any insiders are capable of, being unencumbered by knowledge of what has and hasn’t worked in the past, or preconceptions about the “right” ways of doing things. Of course, lack of expertise makes them capable of coming up with some of the worst ideas too.

Founders of one European data center design startup aren’t sure at this point where on that continuum their ideas fall, and they don’t pretend to be. What they’re trying to do is envision people’s relationship with computing in the near future and the physical form that relationship will take.

The people behind Tallinn, Estonia-based Project Rhizome don’t all have background in data centers. Two of the three founders have backgrounds in design and architecture, and the third comes from the world of IT. But they believe their architecture sensibility brings a useful perspective to data center design, a perspective that will presumably grow in importance as more and more data storage and processing capacity moves into densely populated areas.



2015 was a tumultuous year for CISOs. Breaches affecting The Home Depot, Anthem Blue Cross Blue Shield, and T-Mobile dominated the headlines worldwide and left no industry, region, or CISO unscathed. These unfortunate spotlights created a slew of negative infosec publicity along with panicked demands from business leaders and customers alike. How secure are we? Ask the CISO. How did this breach occur? Ask the CISO. Why did this breach occur? Ask the CISO. Could we have prevented it? Ask the CISO. How could we let this happen? Ask the CISO.

Yet, CISOs continue to struggle to gain clout and influence with the rest of the C-suite and sometimes it can feel like a thankless role. There is little recognition when you’re doing your job right, but you face a whirlwind of pain and blame the second something goes wrong. The world’s growing emphasis and focus on cybersecurity should be running parallel with the capabilities and reputation of the CISO. Instead, CISOs see their responsibilities increasing with only modest funding increases, recognition, or support from their fellow colleagues.

Lucky for you, S&R’s favorite British analyst, Martin Whitworth, is a CISO and infosec expert. Martin continually writes numerous reports that analyze the evolution of the CISO as well as essentials, best practices, and tricks of the trade for thriving in today’s landscape. Prior to joining Forrester, Martin served as CISO and senior security leader for a number of blue chip organizations, including Coventry Building Society, Steria Group, UK Payments Council, British Energy/EDF Nuclear Generation, and GMAC.



(TNS) - Although it appears that most of Connecticut will avoid a direct hit from the first major snowstorm of 2016, the rest of the East Coast may not be so lucky this weekend, and heavy snow totals expected in several major cities could affect travel throughout the region.

The storm's current track would bring snow to Connecticut early Saturday morning and persist throughout the day and into the overnight hours, according to the .

Fox 61 says the storm could bring "a coating to a few inches for most of the state with the least snow in far northern Connecticut. Higher amounts are possible in southern areas and especially along the shoreline where up to about six inches are possible."

New York City and Washington, D.C., will likely not fare as well, according to the weather service.



(TNS) - Those in the western half of Anson County may see up to three-quarters of an inch of ice Thursday night through Friday.

The National Weather Service issued an update at 6 a.m. Thursday saying that Anson County is expected to receive a quarter-inch to half-inch of ice, though the western part of the county could see a half-inch to three-quarter inches, from Thursday night until 6 p.m. Friday. The county is under both a winter storm warning and a hazardous weather outlook.

The NWS updated its winter storm warning at 10:44 a.m. Thursday, saying that the storm will likely affect the central part of the state from Thursday night until 6 p.m. Saturday.

The weather service warned that the county could see 1-4 inches of snow in addition to the ice, with snow and sleet beginning Thursday night into Friday morning. Thursday will have a low of 30 degrees while Friday’s high will be only 34 degrees, with a low of 31 degrees that night.



The ease of use of cloud-based collaboration and file sharing applications may be putting organizations at risk as they are unaware that 26 percent of documents stored in cloud apps are broadly shared – meaning any employee can access them, and in some cases are discoverable in a Google search.

This is according to the Q4 2015 Shadow Data Report released by Blue Coat’s Elastica Cloud Threat Labs team on Wednesday. The study is based on insights into 63 million enterprise documents within leading cloud applications including Office 365, Google Drive, and Salesforce.

The report identifies shadow data as any sensitive information that is uploaded and shared in cloud apps without the knowledge of IT security teams. This isn’t the first time Elastica has explored the risks of shadow IT, having investigated the risks to the healthcare industry in particular in its Q2 2015 report.



We are entering a digital revolution where more companies and users are utilizing even more data and applications. Cisco recently pointed out that annual global data center IP traffic will reach 10.4 zettabytes (863 exabytes per month) by the end of 2019, and that global data center IP traffic will grow three-fold over the next five years. This growth makes the data center an absolutely critical component for IT and the modern business. The challenge, however, becomes updating and integrating everything with modern data center architecture. Most of all, organizations are looking at ways they can optimize the delivery of their resources and create true efficiency.

In a new whitepaper sponsored by NTT, we learn about the next-generation systems that are impacting resource and environmental utilization within the modern data center. The paper outlines the critical points to consider when creating a data architecture that can align with market demands:



For a long time, security was one of the top reasons – if not the number one reason – why businesses shied away from using cloud computing.

That appears to be changing.

According to a new study from the Cloud Security Alliance (CSA), nearly 65 percent of IT professionals now say they trust the security of cloud computing as much as or more than their on-premise systems. The survey also found that the cloud isn’t the problem when it comes to securing data; instead, the absence of skilled cybersecurity professionals leads to cloud-based data loss.

As more IT and security professionals become familiar with cloud computing, it follows that there will be a greater comfort level with security within the cloud, Jim Reavis, CEO of the CSA, pointed out in a prepared release. For this reason, more are willing to take the chance to migrate more data to the cloud. Reavis added:



Google, in conjunction with Cloudera, Data Artisan, Cask and Talend, announced this week that the Dataflow programming model that Google created to develop streaming Big Data applications is now an open source Apache project.

Talend CTO Laurent Bride says this move is significant because it should give IT organizations more freedom to run their Big Data applications wherever they see fit.

Bride says Dataflow is gaining traction because it provides a programming model that enables developers to build Big Data applications that can run on multiple run-time engines. As a result, code developed using Dataflow can run on MapReduce, Apache Spark and Flink engines.



Switch has agreed to buy renewable energy for its future data center in Michigan.

The Las Vegas data center provider, known for its massive high-security campus in the Sin City, will start by procuring bundled energy and Renewable Energy Credits through the Green Generation program by Consumers Energy, the utility that serves the area in Michigan where the Switch data center will be built, Adam Kramer, the company’s executive VP of strategy, said. However, it is in negotiations with the utility about building a new utility-scale renewable generation project in the state.

“We will have a new generation resource in the market,” Kramer said. “In all likelihood it will be wind.”

The future renewable project will have enough capacity to offset the entire energy footprint of the future Switch data center, he said.



OXFORD, Miss.Mississippi tornado survivors who do not submit their U.S. Small Business Administration low-interest disaster loan applications may be saying no to a primary source of federal disaster assistance.

After registering with the Federal Emergency Management Agency, some survivors receive a disaster loan application from SBA. By submitting the SBA disaster loan application, survivors keep the full range of disaster assistance available as an option. SBA may refer applicants who do not qualify for a home loan to FEMA for grants to replace essential household items and replace or repair a damaged vehicle. But if survivors do not submit their disaster loan applications, further assistance may stop. Survivors are not required to accept a loan offer.

Often, survivors think SBA disaster loans are only for businesses. Some may be counting on a future insurance settlement to cover rebuilding costs. They may not want to take out a loan or fear they cannot afford one. Others may simply need help completing the disaster loan application.

SBA offers disaster loans to businesses of all sizes, private nonprofit organizations, homeowners and renters, for physical damage from the severe storms, tornadoes and flooding which affected northern Mississippi in late December. To be eligible for these loans, damage must have occurred in the following counties: Benton, Coahoma, Marshall, Quitman or Tippah.

Economic injury disaster loans are available to provide working capital to eligible small businesses and nonprofit organizations located in the following Mississippi counties: Alcorn, Benton, Bolivar, Coahoma, DeSoto, Lafayette, Marshall, Panola, Prentiss, Quitman, Sunflower, Tallahatchie, Tate, Tippah, Tunica and Union.

There are several good reasons for FEMA applicants who have been contacted by SBA to submit a completed disaster loan application before the March 4, 2016, deadline. Some of the top reasons include:

  • Your insurance settlement may fall short. You may find out you are underinsured for the amount of work it takes to repair or replace a damaged home. An SBA low-interest loan can cover the uninsured costs. By submitting the loan application, survivors may have loan money available when it is needed. SBA can approve a loan for the repair or replacement of a home up to $200,000. The loan balance will be reduced by your insurance settlement. However, the opportunity for an SBA disaster loan may be lost if you wait until after the application deadline.
  • SBA can help renters repair or replace disaster-damaged personal property. Renters, as well as homeowners, may borrow up to $40,000 to repair or replace clothing, furniture, appliances and damaged vehicles.
  • Disaster loans offer low rates and long-term repayment plans. Interest rates are as low as 4 percent for businesses, 2.625 percent for nonprofit organizations and 1.813 percent for homeowners and renters with terms up to 30 years. The SBA sets loan amounts and terms based on each applicant’s financial condition.

For more information, homeowners, renters and businesses may call the SBA at 800-659-2955 (TTY 800-877-8339), send an email to DisasterCustomerService@sba.gov or visit SBA.gov/Disaster. Survivors can complete disaster loan applications online at https://DisasterLoan.SBA.gov/ELA.

Survivors can visit any of the five disaster recovery centers open in Mississippi to sit down and talk with an SBA representative in person. Disaster recovery center locations can be found by visiting FEMA.gov/DRC or by calling the FEMA helpline at 800-621-3362 (TTY 800-462-7585.)

Survivors who have not yet registered with FEMA can do so online at DisasterAssistance.gov, or by calling the FEMA helpline at 800-621-3362. Survivors who are deaf, hard of hearing or speech impaired can call TTY 800-462-7585.

For more information on Mississippi’s disaster recovery, visit fema.gov/disaster/4248 and msema.org.


All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

Last Updated: 
January 21, 2016 - 17:43
State/Tribal Government or Region: 

After months of dismissing news reports that the company may be considering selling its data centers as rumors, Verizon Communications CFO Francis Shammo finally confirmed that the reports were true.

Speaking with analysts during the company’s fourth quarter 2015 earnings call Thursday, Shammo said the company was exploring opportunities to sell the assets. “We will always look for opportunities,” he said. “The data centers is an exploratory exercise to see if the asset is more valuable inside or outside the portfolio."

Last year, Verizon sold its wireless communications towers, switching from an ownership to a leasing model, and it views its data centers in a similar fashion. If it can sell its data centers in a way that will free up capital that can be used for higher-return investments, they will be sold.



The term enterprise risk management (ERM) is now bandied around so widely in the business world it would seem reasonable to assume that everyone is doing it. The current reality is significantly different.

The AICPA’s 2015 Report on the Current State of Enterprise Risk Oversight provides some useful insights into where organizations actually are in their risk management practices.

Go back 30 years or so and the term was far from being in common use. The Harvard Business Review published an article in 1996 entitled “The New Religion of Risk Management,” focusing on probability theory, business complexity and the role of computer technology. Conceptually, this may well have had much in common with today’s context for risk management—but in practice, it was seen in a very different light as being more of a technique practiced by specialized statisticians and high-priced consultants.



As tech companies defend the use of encryption and users' privacy over governments' widening survelliance demands at the World Economic Forum in Davos this week, similar battles are brewing from New York to California that potentially carry a legislative bite.

In Davos-Klosters, Switzerland, the World Economic Forum on Thursday held a panel titled Privacy and Secrecy in the Digital Age that explored such issues as whether companies can artfully balance the need for secrecy and security held by consumers and governments. Concerns over privacy and security are increasingly becoming a global debate, as high-profile cases like the Paris attacks point to terrorists using online tools to communicate with each other and attract potential members. 

But as governments throughout the world call on tech companies to provide access to users' encrypted information and data, as well as other private information, those companies often contend that any encryption workaround could potentially weaken security and make it easier for hackers to infiltrate. This, in turn, would create a chilling effect on the use of such technology over of privacy concerns.



Friday, 22 January 2016 00:00

8 Ways To Monetize Data

Data is the new currency. Armed with it, new companies are disrupting established industries, and traditional businesses are transforming the way they operate. Not all organizations are equally adept at translating data into dollars, but their ability to do so is impacting their ability to compete.

"Where knowledge is power, data is wealth. It's not intrinsic in the data, it's what you do with it," said Bruce Daley, an analyst at market intelligence firm Tractica and author of Where Data Is Wealth: Profiting From Data Storage in a Digital Society. "The companies that are most progressive in thinking about data differently are the companies that are changing the economy, like Google and Uber. Most businesses lag way behind in terms of the idea that data could be their primary reason for being."

Some businesses, such as information service providers, have always been about deriving value from data. However, the ability to use and monetize data is now impacting almost every type of business. As a result, driving value from data must now be contemplated as part an overall business strategy.



If you haven’t thoroughly analyzed your vendor resiliency and potential supply chain interruptions, there may be a gaping hole in your business continuity plan no matter how thorough your internal team has been according to the PwC whitepaper, “Business continuity beyond company walls: When a crisis hits, will your vendors’ resiliency match your own?” As the business world becomes more intertwined and dependent, it is essential for you to assess the resiliency of your vendors with these five steps in order to be sure you can count on your vendors when a crisis strikes.



Without skilled professionals running the operations, how effective are our security systems? More importantly, how mature are these security systems?

According to Hewlett Packard Enterprise’s newly released study, State of Security Operations Report 2016, companies are failing when it comes to security monitoring and goals. The report measured four areas of performance in security maturity: people, processes, technology and business function. As the report stated:

The reliable detection of malicious activity and threats to the organization, and a systematic approach to manage those threats are the most important success criteria for a mature cyber defense capability.



A new survey of 402 small and medium-sized businesses (SMBs) indicated the majority of IT service providers received lower client satisfaction ratings than business-to-business (B2B) service industry benchmarks. 

The survey, conducted by B2B ratings and reviews website Clutch, showed IT services firms averaged a Net Promoter Score (NPS) of 13; comparatively, B2B companies typically average a 20 to 25 NPS, according to Clutch. 

What factors are affecting SMBs' views of IT service providers? Clutch noted that specialized IT services firms "may lack the ability to deliver strategic, top-level recommendations for their clients."



In response to recommendations from the Government Accountability Office (GAO) and the Department of Homeland Security’s (DHS) Office of Inspector General, FEMA has posted a notice of proposed rulemaking in the Federal Register seeking comment on the concept of a disaster deductible for states and local governments in lieu of raising the threshold for disaster declarations.

The concept of the deductible would be tied to a predetermined “level of financial commitment” as a condition of eligibility for financial assistance under the Public Assistance Program made available through presidential disaster declarations.

The overall goal is to reduce the burden on taxpayers through mitigation incentives and risk-informed decisions that promote resilience.

Faced with the recommendations from the GAO and Office of the Inspector General that would raise the threshold for disaster declarations, which the agency thought would be regressive and put many states in a precarious position, FEMA staff came up with the deductible concept but is seeking details from state and local emergency managers. “This is not a done deal; this is a concept that we’re asking the state and local emergency managers to weigh in on,” said FEMA Administrator Craig Fugate. “We still have to respond back to the GAO and Inspector General about how we are going to address their concerns that the threshold for getting a declaration is too low.”



Thursday, 21 January 2016 00:00

New Thinking in Data Lake Design

The closer the enterprise gets to implementing Big Data analytics, the more daunting it appears. Even organizations that are well-versed in data warehousing realize that building infrastructure for the so-called “data lake” is a completely different ballgame.

Not only does the data lake require large amounts of computing power and storage access, it has to be integrated with cutting-edge analytics, automation, orchestration and machine intelligence. And ideally, this state-of-the-art infrastructure should be accessible to the average business executive who has little or no experience in the data sciences.

But as we’ve seen many times, things that seem impossible at the outset are often possible once you put your mind to it. And data lake technology is already starting to make its mark at the top end of the enterprise market and shows every indication of trickling down to the lower tiers.



Thursday, 21 January 2016 00:00

Report: OpenStack Hampered by Skills Shortage

More than eighty percent of enterprises plan to adopt OpenStack as a cloud computing solution or already have. Yet, half of organizations that have tried to implement it have failed, hampered by lack of open source cloud computing skills. That’s according to a survey out this week from SUSE, the Linux vendor, which sheds vital light on current OpenStack adoption trends.

The survey results suggest strong enthusiasm for open source cloud computing, with ninety-six percent of respondents reporting they “believe there are business advantages to implementing an open source private cloud,” according to SUSE.

Strong interest in private clouds of the type OpenStack enables is also clear. Ninety percent of businesses surveyed have already implemented at least one private cloud, SUSE reported.



The problem of e-waste, which has been growing for decades, shows no signs of receding in terms of the amount of retired products that are produced. The good news, however, is that the current focus on environmental issues appears to be creating an atmosphere in which more substantial actions are possible.

Curbed lays out the e-waste problem, which is pretty straightforward: People buy huge amounts of electronic equipment. Those numbers continue to grow. Two things are true of that equipment: Only a small portion gets recycled or carefully destroyed when its useful life ends and the vast majority of the equipment contains dangerous elements.

The numbers are staggering:



If you use a cloud service or let your employees access company systems from their own smartphones, you’ve probably already noticed how your IT security world has expanded. What used to be a tightly defined domain behind a firewall has morphed into something that now extends to the far confines of cyberspace. As a matter of principle, any business data that travels outside the company perimeter is automatically at greater risk, even if enterprises make great efforts to keep the risk delta as small as possible. However, the macro style solution of a bigger firewall no longer works when you have to deal with the Internet at large. Micro-oriented approaches offer another approach.

In essence, the idea is to equip each piece of data, each application, each system and each user with the security required to function autonomously and securely, whether inside or outside the traditional IT security perimeters. Instead of an external blanket approach to try to shield everything from harm, security is built in from the inside towards the outside.



Thursday, 21 January 2016 00:00

Slack space, or the devil is in the details

When I told you in my previous email that the only way to successfully erase a file is to COMPLETELY overwrite it, I wasn’t just trying to be dramatic. A few months ago, my friend had mistakenly deleted some photos from her SD card, so I encouraged her to try out some data recovery software. She was very surprised to find not only the pictures that she’d deleted, but also some very old ones — including her parents’ holiday pictures from when they used the SD card with their own camera.

I mentioned before that when a file is deleted, the physical slot in which it is stored becomes free, and new data can be saved there. So it might be tempting to leave things to run their course and wait for the file to be overwritten by another. Don’t give in to that temptation — waiting is not enough. Here’s why:



QTS Realty Trust has been one of the fastest-growing publicly traded data center REITs since its 2013 IPO, and its shares returned more than 80 percent price appreciation to shareholders for the last two years.

Can the company maintain this momentum going into 2016? That’s the question we asked its CIO Jeff Berson and COO Dan Bennewitz in a recent interview.

Last week, JP Morgan selected QTS as one of two data center REITs with an Overweight rating, along with sector peer CyrusOne.



According to the latest predictions from analyst firm IDC, “more than 80% of enterprise IT organizations will commit to hybrid cloud by 2017.” That means that your organization is likely to evaluate an Infrastructure-as-a-Service (IaaS) solutions this year, if you haven’t chosen one already. As you consider options, it can be difficult to evaluate the different management platforms and sort through the vendor claims. A team of technical experts developed a list of evaluation criteria to make it easier. They have recently published a white paper that provides a clear comparison between Cisco UCS Director and HPE OneView.  The paper looks at three critical areas of IaaS functionality:

  • Orchestration and automation
  • Self-service provisioning
  • Heterogeneous provisioning and management

A concise side-by-side comparison is provided in a table on page 5 of the document with details provided in the other sections of the paper.



AUSTIN, Texas – Texas homeowners and renters who have registered for disaster assistance with the Federal Emergency Management Agency (FEMA) are encouraged by recovery officials to “stay in touch,” even after the Jan. 25 application deadline.

Applicants changing their addresses or phone numbers should update that information with FEMA. Missing or erroneous information could result in delays getting a home inspection or in receiving assistance.

FEMA has provided two ways for homeowners and renters to update their information:

  • Log on to the FEMA website at DisasterAssistance.gov to upload documents, and
  • Call the toll-free FEMA Helpline (voice, 711 or relay service) at 800-621-3362. TTY users should call 800-462-7585. Lines are open 7 a.m. to 10 p.m. seven days a week. Multilingual operators are available.

When updating status information, callers should refer to the nine-digit number issued at registration. This number is on all correspondence applicants receive from FEMA and is a key identifier in tracking assistance requests.

For more information on Texas recovery, visit the disaster web page at www.fema.gov/disaster/4245, Twitter at https://www.twitter.com/femaregion6 and the Texas Division of Emergency Management website, https://www.txdps.state.tx.us/dem.


All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.  

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

Last Updated: 
January 19, 2016 - 09:32
State/Tribal Government or Region: 

Skip footer content.



(TNS) - State officials have ended a ban on public bird shows and sales in North Carolina because they say it’s no longer needed to prevent the spread of a deadly avian flu virus.

But state and industry officials also say the threat of a flu outbreak will never go away, meaning some of the measures adopted in recent months to protect the state’s $5 billion poultry-growing industry will become common practice.

“Some of the ways we’ve done business in the past can’t be the way we do business going forward,” said State Veterinarian Doug Meckes. “All that guidance, all the caution, has been taken to heart, and I know the poultry industry has changed the way they do business.”



Wednesday, 20 January 2016 00:00

New 911 Center Enters Final Stretch

(TNS) - Construction of a new, $8.25 million 911 call center, which will serve residents throughout Doña Ana County, has entered the final stretch.

The project has seen several delays, putting it months behind schedule. But it is still within budget, according to county and 911 call-center officials.

Staff with the 911 dispatch center organization, known as the Mesilla Valley Regional Dispatch Authority, have been eager to move into the new building, which will replace an aging and outdated facility near Lohman Avenue and South Main Street.

MVRDA Executive Director Hugo Costa said the work is in its final weeks.



Wednesday, 20 January 2016 00:00

Putting the Cloud Pricing Wars in Perspective

As the enterprise becomes more steeped in the cloud, greater attention is being paid to the real costs of moving workloads onto third-party infrastructure.

The prevailing attitude is that the cloud is cheaper than on-premises in just about every circumstance, and by a wide margin. But is this really true? And does that mean we don’t need to run the same cost-benefit analysis in the cloud to make sure we are getting an optimal return on our investment?

After a brief respite, it seems that the price-cutting has resumed among the top public cloud providers. AWS and Google both announced price cuts shortly after the new year, and now Microsoft is following suit for its Azure service. All three are playing fast and loose with the cost basis, however, as they usually revolve around service bundling, machine categories, automated tiering and a host of other factors that can cause prices to fluctuate wildly.



Wednesday, 20 January 2016 00:00


The Bank Secrecy Act (BSA) requires that every Money Services Business (MSB) implement a BSA/anti-money laundering (AML) compliance program.  Risk assessments provide a clear view as to the organization’s policies and procedures. Failure to implement a comprehensive BSA/AML compliance program may result in significant fines and/or penalties by state and federal regulators. So what does this have to do with risk management?  Having a risk assessment allows the company to establish a comprehensive AML compliance program.

Regulations state that a company’s BSA/AML compliance program must be commensurate with the risks posed. This means that a comprehensive risk assessment must effectively evaluate the adequacy of policies, procedures and internal controls that have been developed to mitigate the company’s risk.



Cybercrime is quickly rising as one of the leading causes of data center outages.

After having risen from being behind 2 percent of outages in 2010 to 18 percent in 2013, cybercrime caused 22 percent of data center outages in 2015, reported in a recent survey conducted by the Ponemon Institute and sponsored by Emerson Network Power. Cybercrime is now the fastest-growing cause of data center outages, the report’s authors said in a statement.


The biennial report’s primary focus is cost of data center downtime to the operators, and that cost is quickly rising. Among operators of the 60-plus data centers surveyed, the average total cost per minute of unplanned downtime went from about $8,000 in 2013 to about $9,000 last year.



Wednesday, 20 January 2016 00:00

Nine Main Challenges in Big Data Security

Every year the protection of private and confidential information gains more and more attention. According to the World Quality Report 2015-16, the only global report for application quality, security is the most highly ranked priority in the IT strategies used by survey respondents.

Until recently, a company’s applications were mainly internal and its security was viewed as low risk. However, with the increased adoption of web-based, mobile and cloud-based applications, sensitive data has become accessible from different platforms. These platforms are highly vulnerable to hacking, especially if they are low-cost or free.

Nowadays, organizations are collecting and processing massive amounts of information. The more data is stored, the more vital it is to ensure its security. A lack of data security can lead to great financial losses and reputational damage for a company. As far as Big Data is concerned, losses due to poor IT security can exceed even the worst expectations.



Wednesday, 20 January 2016 00:00

The IoT, IPv6 and DDoS: A Dangerous Mix

The Internet is awash in new things, and two of them, IPv6 and the Internet of Things (IoT), could potentially lead to a whole lot of trouble. Experts say that it is possible that the new addressing scheme, which is necessary to accommodate the explosion of wireless technology and the billions of IoT devices that are flooding the Internet, will create a landscape that allows malicious hackers (crackers) to launch potentially potent distributed denial of service (DDoS) attacks.

A DDoS attack is launched when crackers take over numerous Internet endpoints and turn them into “bots.” These bots, as the name implies, do the bidding of the bad guys. In a DDoS attack, the bots are instructed to repeatedly send data in an effort to overwhelm the target and take it offline.

Together, the IoT and IPv6 raise a series of concerns, as Rene Papp has pointed out at Dark Reading, writing that a number of factors point to potential danger: Tools aimed at identifying malicious traffic in IPv6 are immature and the devices that translate between IPv4 and IPv6 are “brittle.” The term is a shortcut for the idea that the devices’ CPU, memory and bandwidth tend to be maxed out by the stringent demands of mediating the relationship between IPv4 and IPv6.



AUSTIN, Texas – State and federal recovery officials encourage Texas residents to watch for and report any suspicious activity or potential fraud from scam artists, identity thieves and other criminals who may try to prey on survivors vulnerable due to the October severe storms, tornadoes, straight-line winds and flooding. The Federal Emergency Management Agency (FEMA) does not endorse any commercial businesses, products or services. FEMA encourages survivors to be especially vigilant for these common post-disaster fraud practices: 

• Fraudulent building contractors. When hiring a contractor: 

o Use licensed local contractors backed by reliable references. 

o Demand that contractors carry general liability insurance and workers’ compensation. 

o Don’t pay more than half the costs of repairs upfront. 

• Bogus pleas for post-disaster donations: Unscrupulous solicitors may play on the emotions of disaster survivors. Disaster aid solicitations may arrive by phone, email, letter or face-to-face visits. 

o Verify legitimate solicitations by asking for the charity’s exact name, street address, phone number and Web address, then phone the charity directly and confirm that the person asking for funds is an employee or volunteer. 

o Don’t pay donations with cash. 

o Request a receipt with the charity’s name, street address, phone number. 

• Fake offers of state or federal aid: 

o Beware of visits, calls or e-mails — claiming to be from FEMA or the State of Texas — asking for an applicant’s Social Security number, bank account number or other sensitive information. Avoid scam artists who promise a disaster grant and ask for large cash deposits or advance payments in full. 

o Federal and state workers do not solicit or accept money. FEMA and U.S. Small Business Administration staff never charge applicants for disaster assistance, inspections or help in filling out applications. 

• Phony housing inspectors: Homeowners and registered FEMA applicants may be vulnerable to phony housing inspectors claiming to represent FEMA or the SBA. 

o Inspectors have each applicant’s nine-digit registration number. FEMA inspectors NEVER require banking or other personal information. 

o The job of FEMA housing inspectors is to verify damage. Inspectors do not hire or endorse specific contractors to fix homes or recommend repairs. They do not determine eligibility for assistance. 

If you suspect fraud, call the FEMA Disaster Fraud Hotline at 866-720-5721. If you are the victim of a home repair scam or price gouging, call the Office of the Texas Attorney General at 800-252-8011. Texas homeowners and renters who register for disaster assistance with the Federal Emergency Management Agency (FEMA), prior to the Jan. 25 deadline, are encouraged by recovery officials to "stay in touch." Survivors changing their address or phone numbers should update that information with FEMA. Missing or erroneous information could result in delays getting a home inspection or in receiving assistance. 

Survivors with questions regarding the application or the appeals process, or who need to register for assistance may visit online at DisasterAssistance.gov or by phone (voice, 711 or relay service) at 800-621-3362. (TTY users should call 800-462-7585.) The toll-free lines are open 7 a.m. to 10 p.m. seven days a week. Multilingual operators are available. For more information on Texas recovery, visit the disaster web page at www.fema.gov/disaster/4245Twitter at https://www.twitter.com/femaregion6 and the Texas Division of Emergency Management website, https://www.txdps.state.tx.us/dem


All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD). 

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. 

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339. 

Visit www.fema.gov/texas-disaster-mitigation for publications and reference material on rebuilding and repairing safer and stronger.

Last Updated: 
January 19, 2016 - 15:32
State/Tribal Government or Region: 
Wednesday, 20 January 2016 00:00

Destroying Data: Mission Impossible

Why is it possible to recover files that have already been deleted? It’s because a file remains on the hard drive until the physical place where it’s stored becomes overwritten with another file. The process of overwriting is beyond the user’s control (although of course the likelihood of deleted files being overwritten is higher the more files you subsequently save onto your hard drive). Both deleting a single file and formatting a partition are processes that involve system modifications within the file allocation tables (some of the most popular file systems – such as FAT and NTFS – are based on a system of file allocation tables). This process doesn’t include the disk space, which is modified only when another process of writing a file begins, after the file has been ‘deleted’ or the partition has been formatted. So if nothing gets written over the physical space that is occupied by the removed file, it will be fairly easy to restore it (there’s a detailed instruction of how to do it on our blog).

The same goes for all system files that I mentioned previously (such as temporary files, paging files, print and hibernation files), even if a file has been overwritten in one place, it could still be restored from some other place on the hard drive. So as you can see, ‘manual’ deletion is more like playing a game of cat and mouse with your data.



Welcome to 2016 – the year of our digital [r]evolution.

The next few years will be defining moments for the modern data center and the entire cloud ecosystem. We’re beginning to see more markets, industries, and verticals adopting next-generation technologies. All of this impacts the way we design data centers and all of the resource supporting our diverse applications and users.

We’ve reached a point where almost every person has a digital footprint. We can create a digital identifier with critical pieces of information for babies who don’t even have a heartbeat yet. Our data is in the cloud before we’re even born. That’s something we must all become accustomed to.

Today, new market disruptors are pushing organizations to rethink their entire business strategies and find ways to intelligently align their IT environments. With all of this in mind, let’s take a look at the top five trends that will be impacting your data center and cloud environments in 2016.



Five of the seven individual billion-dollar insured loss natural disaster events in 2015 were recorded in the United States, according to Aon Benfield’s Annual Global Climate and Catastrophe Report.

The other two billion dollar events were recorded in Europe.

All of the events were weather-related and below the average of eight. The five events in the U.S. were equal to the 2000-2014 average.



Tuesday, 19 January 2016 00:00

BCI: The high cost of natural disasters

The high cost of natural disasters

Not much more than a quarter of global economic losses caused by natural catastrophes during 2015 were covered by insurance according to a new report by Aon Benfield. During the year there were 300 separate global natural disasters, as defined by the report's authors, significantly more than the 15-year average of 269 events. These caused a combined global economic loss of US$123, yet only US$35 billion was covered by insurance.

Despite the higher than average number of incidents, losses were down overall with the global economic loss being 30% below the 15-year average of US$175 billion, and the total insured loss being 31% below the 15-year average of US$51 billion. The Annual Global Climate and Catastrophe Report highlighted that there were 14 multi-billion dollar economic loss events around the world, with the costliest being forest fires that burned out of control in Indonesia. At US$16.1 billion, The World Bank noted that the economic loss from the fires represented 1.9% of the country's GDP.

Stephen Mildenhall, Chairman of Aon Analytics, said: "In many regions, economic catastrophe losses are very material relative to national GDP and yet are insured at much lower levels than in the United States and Europe. Of our top five economic losses, four occurred outside the United States and yet none of these was a top 10 insured loss owing to low insurance penetration in the affected countries."

The study reveals that the three costliest perils – flood, severe thunderstorm, and wildfire – accounted for 59% of all economic losses during the 12 months under review.

Steve Bowen, Associate Director and Meteorologist at Impact Forecasting, said: "While a notable uptick in recorded natural disaster events did not directly translate to greater financial losses in 2015, the year was marked by 31 individual billion-dollar disasters, or 20% more than the long-term average. For just the fourth time since 1980, there were more than 30 such events in a year. Asia once again incurred the greatest overall economic losses, representing 50% of the world total and four of the five costliest events. Despite 32% of global economic losses occurring in the United States, it accounted for 60% of the insured loss and seven of the top 10 costliest insured events."

Tuesday, 19 January 2016 00:00

Striving for Balance Between Data and Power

The data center is becoming more efficient by the day. This much is a given. But data loads are also increasing at an exponential rate, which leads many to believe that the two trends will cancel each other out: more data, but processed more efficiently, leading to a net neutral effect on things like energy consumption.

But is this really the case? Will our insatiable demand for data be met in perpetuity, or is there a risk that at some point it will exceed the support capabilities of worldwide energy production?

For starters, let’s look at the data side. According to Synergy Research Group, the cloud market alone is growing at a rate of about 28 percent per year. This is in terms of revenue growth, not infrastructure development, but it still points to a rapidly expanding market that will have to invest in new buildings and systems if it hopes to maintain this pace. And since this is the cloud, expect these facilities to be large and getting larger. The silver lining, of course, is that giant regional facilities serving multiple enterprises are bound to be more efficient than multiple smaller data centers each serving one owner.



On Monday, the U.S. Supreme Court declined to consider an appeal from Nestle, Archer Daniel Midlands Co. and Cargill Inc., allowing a slave and child labor lawsuit to proceed against the three food industry giants.

Three plaintiffs who claim they were trafficked from Mali as child slaves and forced to work harvesting and cultivating beans in Cote d’Ivoire, and allege that the companies aided, abetted or failed to prevent the torture, forced labor and arbitrary detention they suffered.

According to Reuters:

The plaintiffs, who were originally from Mali, contend the companies aided and abetted human rights violations through their active involvement in purchasing cocoa from Ivory Coast. While aware of the child slavery problem, the companies offered financial and technical assistance to local farmers in a bid to guarantee the cheapest source of cocoa, the plaintiffs said.



Following is a summary of key federal disaster aid programs that can be made available as needed and warranted under President Obama's disaster declaration issued for the State of Washington.

Assistance for the State and Affected Local and Tribal Governments Can Include as Required:

  • Payment of not less than 75 percent of the eligible costs for emergency protective measures taken to save lives and protect property and public health. Emergency protective measures assistance is available to state, eligible local and tribal governments on a cost-sharing basis. (Source: FEMA funded, state administered.)
  • Payment of not less than 75 percent of the eligible costs for repairing or replacing damaged public facilities, such as roads, bridges, utilities, buildings, schools, recreational areas and similar publicly owned property, as well as certain private non-profit organizations engaged in community service activities. (Source: FEMA funded, state administered.)
  • Payment of not more than 75 percent of the approved costs for hazard mitigation projects undertaken by state and local governments to prevent or reduce long-term risk to life and property from natural or technological disasters.  (Source: FEMA funded, state administered.)

How to Apply for Assistance:

  • Application procedures for state, local and tribal governments will be explained at a series of federal/state applicant briefings with locations to be announced in the affected area by recovery officials. Approved public repair projects are paid through the state from funding provided by FEMA and other participating federal agencies.

FEMA’s mission is to support our citizens and first responders and ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Stay informed of FEMA’s activities online: videos and podcasts available at http://www.fema.gov/medialibrary">www.fema.gov/media-library and http://www.youtube.com/fema">www.youtube.com/fema; follow us on Twitter at www.twitter.com/fema and on Facebook at www.facebook.com/fema.

OXFORD, Miss. – Less than a month after severe storms, tornadoes and flooding swept across Mississippi, more than $1.5 million in state and federal disaster assistance has been approved to help those affected by the storms.

The Federal Emergency Management Agency has been contacted by 775 people for help or information regarding disaster assistance.

In addition to FEMA grants for individuals and families, other forms of disaster assistance are provided by partner agencies such as the U.S. Small Business Administration and voluntary agencies. The Mississippi Emergency Management Agency and FEMA often refer survivors to those agencies. All businesses are also referred to the SBA. Some survivors may be interested in other programs such as disaster unemployment assistance and disaster legal services.

The following is a snapshot of the disaster recovery effort as of Jan. 15:

  • Nearly 170 individuals and households approved for FEMA grants, including:
    • Nearly $1.3 million approved for housing grants, including short-term rental assistance and home repair costs.
    • More than $264,000 approved to cover other essential disaster-related needs such as medical and dental expenses and lost personal possessions.
  • 489 home inspections completed.
  • 283 visits to disaster recovery centers by people affected by the disaster.
  • Five disaster recovery centers open in Individual Assistance-designated counties.

No matter the degree of loss or insurance coverage, survivors in the five disaster-designated Mississippi counties are urged to apply for help. The Individual Assistance-designated counties are Benton, Coahoma, Marshall, Quitman and Tippah. Survivors can use any of the following methods to register:

  • By phone, call 800-621-FEMA (3362). People who are deaf, hard of hearing, or speech-impaired and use a TTY should call 800-462-7585. Lines are open 7 a.m. to 10 p.m. local time. Assistance is available in most languages.
  • Online registration can be done by computer, tablet, iPhone, Android or other mobile device at www.DisasterAssistance.gov.

Survivors who register with FEMA and are referred to SBA will be contacted with options on how to apply for a low-interest disaster loan. After being contacted by SBA, survivors should complete and submit an application even if they do not plan to accept a loan in order to continue the federal assistance process. It is part of the FEMA grant process and can pave the way for additional disaster assistance. SBA disaster loans are available with interest rates as low as 2.188 percent and terms up to 30 years.

Complete the SBA application online at https://disasterloan.sba.gov/ela. Call the SBA customer service center with questions at 800-659-2955. People who are deaf or hard of hearing and use a TTY can call 800-877-8339. For more information, visit sba.gov/disaster.

For more information on Mississippi disaster recovery, go to fema.gov/disaster/4248. Visit the MEMA website at msema.org or on Facebook at facebook.com/msemaorg.


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

Tuesday, 19 January 2016 00:00

BCM / DR: Managing a Schedule

When planning our various BCM/DR components, you need to build and maintain some level of a schedule.  If you don’t have a schedule built for let’s say the BIA or the development of a Crisis Communications Plan, then Executives will never know when to expect the results and participants will continually ‘put you off’.  This is because they’ll know there’s no deadline so there’s no level of urgency to complete their tasks and thus, the BCM/DR component will never be completed.

When you do develop a schedule, don’t develop it in a silo.  You need participation and feedback from everyone involved so that dates and timelines are realistic and achievable.  If not, then no one will buy into your schedule and will do what they want when they want to- if at all.

A schedule also helps other managers assign resources at the appropriate times, as it’s their job to ensure their department employees are fully engaged with work and those that have timelines and specific goals and objectives will end up with the resources.  Your project – BCM program components – will fall by the wayside because you don’t have it mapped out for when they need to have a resource(s) available to assist.  If they don’t/ know when you need someone, they can’t and won’t, keep a resource sitting on the sidelines.



Following is a summary of key federal disaster aid programs that can be made available as needed and warranted under President Obama's emergency disaster declaration issued for the State of Michigan.

Assistance for the State and Affected Local Governments Can Include as Required:

  • FEMA is authorized to provide appropriate assistance for required emergency measures, authorized under Title V of the Stafford Act, to save lives and to protect property and public health and safety, or to lessen or avert the threat of a catastrophe in the designated areas.
  • Specifically, FEMA is authorized to provide emergency protective measures (Category B), limited to direct Federal assistance, under the Public Assistance program at 75 percent Federal funding. This emergency assistance is to provide water, water filters, water filter cartridges, water test kits, and other necessary related items for a period of no more than 90 days. 

FEMA’s mission is to support our citizens and first responders and ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Stay informed of FEMA’s activities online: videos and podcasts available at http://www.fema.gov/medialibrary">www.fema.gov/media-library and http://www.youtube.com/fema">www.youtube.com/fema; follow us on Twitter at www.twitter.com/fema and on Facebook at www.facebook.com/fema.

Tuesday, 19 January 2016 00:00

What is the black market value of your data?

In 2008 two big banks — The Royal Bank of Scotland (RBS) and NatWest — experienced a massive security breach. When an employee sold an old company computer on eBay, private data of over a million clients was compromised — their credit histories, details of their bank transfers and even their signatures leaked out. All of this valuable and sensitive data had been purchased for a mere £35. Two years later, in 2010, a similar story happened at NASA – the agency decided to sell redundant IT equipment left over from the defunded space programme. It soon turned out that many of those computers had contained ‘highly sensitive’ data, and the whole thing ended in a scandal.

Gigantic dumping grounds of e-waste, most of which are located in Africa, Asia and South America, are routinely scoured by professional scavengers who specialise in salvaging old equipment and retrieving valuable data left on old hard drives. In Ghana, Nigeria and Guatemala, our old hard drives full of sensitive data collected by banks, the healthcare industry and e-commerce end up on piles of landfill. Some of that data could potentially compromise national security (of most countries, including the US), while some could no doubt compromise your personal online identity. All it takes to dig it out is a lot of free time and some determination.

There are plenty of takers for your bank accounts, infrastructure and personal data. Some of them might be closer to you than others, but they all know exactly what to look for. If you’re still not convinced that it’s worth your while to wipe your storage devices properly, just take a look at this list of things that could be found on them:



Employers focus on flexible working to manage absence rates

Blue Monday is considered by some to be the day when employers should brace themselves for the possibility of increased absences as staff struggle with low morale and motivation following the Christmas break.

While a quarter (25%) of UK employers have seen their absence rates improve over the last 12 months, one in 10 have seen their rates worsen over the same time period according to new research from Group Risk Development (GRiD).

Of course it is not just on Blue Monday that organizations should be prepared to manage staff absences, but every day. There are many reasons why staff could be absent with illness being one of them. The Business Continuity Institute’s latest Horizon Scan Report highlighted that Human Illness was a major threat to organizations with 42% of business continuity professionals expressing concern about the prospect of this threat materialising. It is therefore essential that organizations have succession plans in place, so important work does not get missed during someone’s absence.

According to the study by GRiD, 57% of businesses said absence cost them up to 4% of payroll, but employers are using a range of initiatives to address this, and to improve general attendance. This includes introducing flexible working initiatives (36%), a 4 percentage points increase on last year, allowing employees to work around schedules which suit them. By introducing flexible working, it also enables organizations to become more adaptable to other crises that may arise.

It is estimated that long-term sickness absence costs private sector businesses in the UK a total of £4.17 billion a year, and is set to reach £4.81 billion a year by 2030. This makes it all the more important that employers work with staff to manage their return to work, maintain morale and invest in their wellbeing.

Katharine Moxham, spokesperson for Group Risk Development, said: “It’s important that strategies to manage absence are kept up, and that rates aren’t allowed to increase as it really will have a significant impact on business costs in the long-run. That said, it can’t be denied that a quarter have seen rates improve – whether or not this is down on last year – and employers are actively introducing initiatives that focus on the health and wellness of their staff. Flexible working can help to retain talented staff, allowing them to balance home commitments as well as focus on work.

(TNS) - Recent storms that deluged homes and cars, along with the likely prospect of more to come because of El Niño, have thrown into stark relief the region’s age-old approach to flood control.

Ahead of this month’s rain-related flooding, San Diego city officials repeatedly debated how fast and aggressively to perform the costly stormwater maintenance on its channels that are considered most prone to spilling over.

Officials said they inspected and cleared all of the city’s more than 24,000 storm drains and repaired several corrugated metal pipes in the run-up to the first series of storms.



(TNS) - A quiet, Pittsburgh-based cybersecurity nonprofit expects to announce plans this week for offices in New York City and Los Angeles, marking its first expansion out of Western Pennsylvania, the Tribune-Review has learned.

The National Cyber-Forensics & Training Alliance keeps a low profile but has been hailed by President Obama and national leaders for bringing together public agencies and private companies to fight online crime.

The group began informing its members about the expansion during the past two weeks.

“It's only going to make us stronger,” Matt LaVigna, the group's interim president, CEO and director of operations, told the Trib. “By going to Los Angeles and New York, these are going to be extensions of the work we're doing here. The command and control will still be here in Pittsburgh.”



Tuesday, 19 January 2016 00:00

Flood Insurance: A Roll of the Dice

(TNS) - You’ve seen the headlines, and you’ve heard the hype.

Now you’ll have to decide: Does the arrival of El Niño call for buying flood insurance?

“Yes,” thousands of Californians have concluded. The Federal Emergency Management Agency, which administers the nation’s public flood insurance program, says more than 28,000 new policies were purchased from September through November, a 12 percent increase that is unmatched in recent history.

Stockton and much of San Joaquin County are prone to flooding at the bottom of this Central Valley bathtub. And this year, some Calaveras County residents may be vulnerable to mudslides from the Butte Fire burn scars.



(TNS) - Behind New Orleans, streets in Hampton Roads are the most vulnerable in the nation to sea level rise.

Picture Boush Street near Nauticus and City Hall Avenue up to MacArthur Mall as a new urban canal. Bits and pieces of roads in Chesapeake, Virginia Beach and Norfolk would be water.

That picture is bad, but even a little bit of permanent flooding drastically alters connectivity. Easy access from Downtown Norfolk to I-264 would be severed by the Boush Street/Waterside Drive artery. Many bridges are not expected to be inundated, but the roadway approaches are susceptible to flooding, making bridges inaccessible.



Users of eBay may be the latest victims of a spearphishing campaign, thanks to an XSS security vulnerability. The good news is that eBay has patched the vulnerability. The bad news is that it is an example that spearphishing is a problem that’s not going away and, in fact, tops the list of security concerns among enterprises, according to a new study from Cloudmark.

Let’s start with the eBay story. According to ZDNet:

The Cross-Site Scripting (XSS) vulnerability, implemented through Java, allowed an attacker to inject their own malicious page within eBay via an iframe. MLT leveraged the weakness in eBay's domain to inject a login page into eBay's URL system, which made the malicious URL look like it was hosted on the legitimate eBay website.



OXFORD, Miss. – The Mississippi and federal emergency agencies are operating five disaster recovery centers in Mississippi to offer a number of services to individuals affected by the December storms. The centers, located in Benton, Coahoma, Marshall, Quitman and Tippah counties, are jointly operated by the Mississippi Emergency Management Agency and the Federal Emergency Management Agency in partnership with county and local agencies. They serve as one-stop-shops to provide community access to recovery services, referrals and information.

Anyone who needs reasonable accommodations when visiting the centers may request them by calling the FEMA helpline at 800-621-3362, or (TTY) 800-462-7585. Accommodations include American Sign Language interpreters, listening devices for the hard of hearing, magnifiers for low vision and video remote sign language interpreting. Service animals are welcome, and the centers are accessible to everyone.

While individuals are encouraged to register with FEMA before visiting a disaster center, they can use on-site services to contact FEMA and register for disaster assistance by calling 800-621-3362 or (TTY) 800-462-7585. Those who use 711-Relay or Video Relay Services can call 800-621-3362 to register. Online registration can be done at DisasterAssistance.gov by computer, tablet, iPhone, Android or other mobile device. MEMA and FEMA staff are available to answer questions on the status of applications and on special programs such as disaster unemployment assistance and disaster legal services.

Survivors are strongly encouraged to submit their claims to their private insurance providers early. If private insurance leaves coverage gaps, survivors may be eligible for FEMA assistance for their remaining needs. “Remaining needs” includes temporary lodging, personal property losses, medical or dental expenses, moving and storage fees or other costs not covered by personal insurance.

Applicants with questions about the determination letters they receive from FEMA can sit and talk with staff members who are prepared to explain the terms of the letters and to help applicants with the appeal process.

The Mississippi State Board of Contractors has provided the centers with two handouts – “A Consumer’s Guide to Home Improvement Contracts” and “Don’t Get Scammed!” – to aid people facing property repairs. State regulations require contractors to be licensed. Consumers can contact the Board’s hotline at 800-880-6161or 601-354-6161 to report fraudulent activity.

Center staff may direct storm survivors dealing with high levels of stress after the December storms to call the Mississippi Department of Mental Health hotline at 877-210-8513 from 9 a.m. to 4 p.m. Monday through Friday. The call is free and confidential.

Business owners, homeowners, renters and private nonprofit organizations whose losses were not fully covered by their private insurance can apply for a low-interest loan from the U.S. Small Business Administration. The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. An SBA representative is available at each center to assist applicants with the application process. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

All of these resources are located at the following disaster recovery centers:

Benton County

Ashland Fire Department

60 Third St.

Ashland, MS 38603

Coahoma County

Clarksdale Civic Auditorium

506 East 2nd St.

Clarksdale, MS 38614

Marshall County

Spring Hollow Plaza

198 N. Memphis St.

Holly Springs, MS 38635

Tippah County

The former Magnolia Women’s Center

41 B Mitchell Ave.

Walnut, MS 38683

Quitman County

Marks Fire Department Station

108 W. Main St.

Marks, MS 38646


All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

Last Updated: 
January 18, 2016 - 17:53
State/Tribal Government or Region: 

Once upon a time, enterprises made products and supplied the occasional service. Now it seems this situation is being turned upside-down. The trend is to supply far more as a service or a subscription, with one-off product sales becoming the exception, instead of the rule. Much of this started in IT, as cloud computing became popular. Enterprises saw the advantage of paying for software and hardware usage month by month and according to how much they wanted, instead of large lump sum capital payments for resources they did not always use fully. Cloud providers often offered better business continuity too. But will the same be true when the client enterprises become service providers in their own right?



Remember Alice in Wonderland? For most of us, the world of data is a wonderland — we don’t care how it works, we just want it to work. But I’m here to take you all the way down the rabbit hole of binary code to show you what’s hiding at the bottom. You’ll have to be vigilant — a mole could follow you down there when you aren’t looking. You make a mistake, he infiltrates your hard drive!

Who could be a mole?

Data thieves, IT investigators, forensic data experts – one thing they all have in common is that they’d follow exactly the same traces when going through your hard drive (I will describe these traces in this part of the course). All of these could be used either against you, or to your advantage (for example, if you accidentally lose your data, it would be retrieved in the same way). Only someone intent on hurting you, who would go behind your back and without your consent, would be considered a mole. Here are some sample situations that would call for your heightened interest in thoroughly erasing your data:



Remember the hover boards in the "Back to the Future" movies--those levitating skateboards that characters in the films used to get around? As you’ve no doubt seen if you’ve stepped outside your house lately, more than 25 years after they first appeared in those movies, hover boards are finally here—in the real world—sort of. (They unfortunately don’t actually levitate.)

Science fiction often provides the inspiration for real-world innovations. And one very recent example in the medical industry offers an important lesson to you as an MSP. An amazing new personal medical device, which CNN reported on in early 2015, is based on the fictional medical “tricorder” from Star Trek. The real device is a handheld scanner that, when placed against your forehead, measures your heart rate, blood pressure, oxygen levels and other key details about your health.

Then (and here’s the lesson for your MSP business) the device will send all of this medical data wirelessly, via a Bluetooth signal, to a smartphone or other device—or directly to your doctor.



Tuesday, 19 January 2016 00:00

BCI: A world at risk in 2016

A world at risk in 2016

An increased likelihood for all risks, from the environmental to society, the economy, geopolitics and technology, looks set to shape the global agenda in the coming year, the World Economic Forum’s Global Risks Report 2016 has found.

In this year’s annual survey, almost 750 experts assessed 29 separate global risks for both impact and likelihood over a 10-year time horizon. The risk with the greatest potential impact in 2016 was found to be a failure of climate change mitigation and adaptation. This is the first time since the report was published in 2006 that an environmental risk has topped the ranking. This year, it was considered to have greater potential damage than weapons of mass destruction (2nd), water crises (3rd), large-scale involuntary migration (4th) and severe energy price shock (5th).

The number one risk in 2016 in terms of likelihood, meanwhile, is large-scale involuntary migration, followed by extreme weather events (2nd), failure of climate change mitigation and adaptation (3rd), interstate conflict with regional consequences (4th) and major natural catastrophes (5th).

Geopolitical instability is exposing businesses to cancelled projects, revoked licenses, interrupted production, damaged assets and restricted movement of funds across borders. These political conflicts are in turn making the challenge of climate change all the more insurmountable – reducing the potential for political co-operation, as well as diverting resource, innovation and time away from climate change resilience and prevention,” said Cecilia Reyes, Chief Risk Officer of Zurich Insurance Group.

One potential black swan event could be in the area of technological risk. While cyberattacks rises slightly in terms of likelihood and impact in 2016, others, including failure of critical information infrastructure, appear to be declining as a risk in the eyes of experts. Technological crises have yet to impact economies or securities in a systemic way, but the risk still remains high, something that potentially may not have been fully priced in by experts.

Unemployment and under-employment appears as the risk of highest concern for doing business in more than a quarter of the 140 economies covered, and is especially featured as the top risk in two regions, sub-Saharan Africa and the Middle East and North Africa. The only region where it does not feature in the top five is North America. Energy price shock is the next most widespread risk, featuring in the top five risks for doing business in 93 economies. Cyberattacks, mentioned above, feature among the top five risks in 27 economies, indicating the extent to which businesses in many countries have been impacted already by this rising threat.

Tuesday, 19 January 2016 00:00

Enterprise Still Unclear on Storage

Of the three pillars of enterprise hardware – compute, storage and networking – the future of storage is the least clear. Servers are being virtualized and containerized, networking is being defined by software, but storage is still swirling amid a plethora of media types and architectures.

For any given application, then, data managers or their automated systems have to match data loads to tape, disk, Flash or optical systems, using in-line, near-line or even off-line architectures in the data center, on the cloud or in a colocation setting for real-time, short-term, medium-term or long-term archival purposes. And all of these situations must be built, managed and maintained under tight budgets and in ways that accommodate rapidly shifting data requirements.



El Niño refers to the periodic disruption to the normal climatological state over the central and east Pacific Ocean that causes widespread atmospheric changes across North and South America. This phenomenon, combined with recent climate changes, has caused this year’s El Niño to be one of the most disruptive on record. Areas like California and Missouri have already been experiencing the devastating effects of flooding caused by higher than average rainfall levels.

Recently, we sat down with Dr. Mike Gold from Weather Decision Technologies, Inc. (WDT) who helped shed some additional light on what exactly El Niño is, and what effects we can expect to see from this year’s event. Dr Gold is a senior scientist and forecaster for WDT, focused on providing long-term forecasting for high impact weather events, such as El Niño.

We also had the pleasure of speaking to Mike Gauthier, Senior Vice President of Enterprise Solutions for WDT. He gave us a short presentation on what tools are available to manage critical assets in both routine and severe weather events, including a use case involving the recent Oklahoma ice storms.



Energy consumption is perhaps the chief concern for data center operators, both in terms of cost and public image. A sensational headline at DatacenterDynamics highlights one perspective: “The truth is: data center power is out of control.” In the article, Peter Judge said, “The plain fact is that, no matter how efficiently we run them, data centers are expanding uncontrollably, and consuming increasing amounts of power. In fact, the efficiency improvements are contributing to the rapid growth.” He describes the effect of the Jevons paradox, which observes that efficiency increases with regard to consumption of a resource tend to increase—rather than decrease—demand for that resource.

Judge rightly notes that “there’s a very real way in which data center providers can’t be held responsible for ths [sic]. Data centers are just meeting a demand.” Effectively, it’s consumers of the services that data centers provide who are driving the increasing energy consumption. But even if data centers are increasing their consumption hand over fist, noting the larger energy picture is critical.



A lot of wholesale data center capacity was gobbled up last year and the bulk of it was leased by cloud providers and companies providing other popular web services.

Jim Kerrigan, managing principal at North American Data Centers, a data center-focused commercial real estate firm, said wholesale data center providers did a lot more business with cloud companies than they did in 2014. Cloud, he said, was one of the things responsible for 2015 being one of the best data center leasing years ever.

“I was surprised how much cloud has done last year,” he said. “Forty percent of those deals are cloud-based companies.”



PipelineDB announced the release of PipelineDB Enterprise today. The product is the first commercial version of the open-source product the company released last summer.

PipelineDB is built on a new way of looking at SQL databases, thinking about streams of data rather than data at rest in big silos, co-founder Derek Nelson explained.

He says the company made a big bet on this type of database and so far it appears to be working quite well. While they don’t have exact numbers, he pegs the number of installations in the low thousands with deployments running all day long in the low hundreds.



In his article for Security Week, Rafal Los asked an interesting question: Do you have a security policy for the Internet of Things (IoT) gadgets in your office?

We’re familiar with BYOD policies for our smartphones, tablets and laptops. Wouldn’t BYOD security policy cover IoT devices, which technically include smartphones and tablets? The difference, Los pointed out, is that many of our IoT devices are constantly connecting or streaming, and he asked:

How many things are showing up at the office this week that are an always-on conduit to your network from some external third party you really shouldn’t be trusting?



(TNS) - A rare January hurricane formed Thursday in the Atlantic, the first one to form in that month in 78 years.

Hurricane Alex, with maximum sustained winds of 85 miles per hour, is projected to head almost straight north, a track that would pose no threat to the United States. At 11 a.m. Thursday, the storm was about 1,100 miles off the coast of Morocco, a position that put it closer to Africa than North America, according to the National Hurricane Center.

A hurricane warning was issued for the central Azores, a cluster of islands about 900 miles west of Portugal.

Alex formed six weeks after the end of the official hurricane season, a period from June 1 to Nov. 30 that sees the vast majority of hurricanes.



Friday, 15 January 2016 00:00

Silent Data Corruption, the Backup Killer

Data corruption is simply an unintentional change to a bit. An occasional bad bit or unrecoverable read error is unlikely to take down an application or render a restore useless. However, corrupted data is not uncommon.

When data corruption goes undetected, it becomes silent data corruption and is a high risk for applications. And when they creep into backup and remain undetected, you have a real data integrity and restore problem on your hands.

Hardware and software both introduce errors into the data path. On the hardware side, head failures, noisy data transfer, electronic problems, aging and wear can introduce bit errors. And with a nod to 1950s science fiction movies, cosmic rays can cause DRAM soft errors (memory bit flips.)



Many firms are dealing with the explosion of data, applications and new technology that are stretching IT infrastructure to its limits. According to recent reports, analysts expect to see continued growth in data center consolidation as data-centric companies seek efficiencies while mega-data centers continue to offer benefits of scale.

Data centers can enable customers to ‘right-size’ their environment, deliver enterprise-class DR solutions and provide trusted advisers with new IT solutions. Importantly, they can also support IT consolidation efforts.

Complementary actions, such as upgrading equipment and retrofitting sites, are top priorities for enterprise efficiency. Additionally, greater coordination and deployment of resources can include aligning facilities and IT teams’ processes.



If you’ve noticed a few more empty offices or cubicles than usual around your workplace, there may be a good reason. This week, the Center for Disease Control (CDC) reported elevated flu activity in several regions of the country. Flu season in the U.S. is about to peak.

Thankfully, it doesn’t appear a major epidemic is on the horizon. However, even localized outbreaks of the flu can be highly detrimental to an organization’s operations. Each year more than 111 million work days are lost due to the flu. This equates to approximately $7 billion per year in sick days and lost productivity, according to www.flu.gov. That number doesn’t even include other seasonal illnesses.

A number of measures can be taken by employers to reduce the business impact of illness. Most of these measures involve some form of persistent and effective communications with employees, suppliers, partners and other stakeholders.



Cyberattacks are now the greatest risk to doing business in North America, according to the just-released World Economic Forum’s (WEF) Global Risks Report 2016.

In North America, which includes the United States and Canada, cyberattacks and asset bubbles were considered among the top risks of doing business in the region.

The WEF noted that in the United States, the top risk is cyberattack, followed by data fraud or theft (the latter ranks 7th in Canada, which is why it scores 50 percent in the table below).

The risks related to the internet and cyber dependency are considered to be of highest concern for doing business in the wake of recent important attacks on companies, the WEF observed.



Thursday, 14 January 2016 00:00

CDC: Global Health Security Agenda

The Plan for 2016: CDC and the President’s Global Health Security Agenda

2015 was a powerful reminder that a health threat anywhere is a health threat everywhere.  In 2016, CDC and partners are looking forward to continuing work on the President’s Global Health Security Agenda (GHSA), an initiative led by the Department of Health and Human Services.

In 2012, only 1 in 6 countries reported being fully prepared for disease outbreaks. As the Ebola epidemic in West Africa tragically demonstrated, it is often the countries with the fewest resources who are hit hardest by public health emergencies.  To better protect people everywhere, the United States has committed more than $1 billion over the next 5 years to help 30 countries better prepare for the health impacts of natural and man-made disasters.  More than half of this historic investment will focus on the continent of Africa to help prevent future outbreaks.

World map of pixels in gray and light gray

There are 30 GHSA countries: Bangladesh • Burkina Faso • Cameroon • Cambodia • Côte d’Ivoire • Democratic Republic of Congo • Ethiopia • Georgia • Ghana • Guinea • Haiti • India • Indonesia • Jordan • Kazakhstan • Kenya • Laos • Liberia • Mali • Mozambique • Pakistan • Peru • Rwanda • Senegal • Sierra Leone • Tanzania • Thailand • Uganda • Ukraine • Vietnam

Global Health Security Agenda Goals

The vision of GHSA is to stop disease outbreaks as quickly as possible.  Partners will work together to build a global network that can respond rapidly and effectively to disease outbreaks and help countries build their own capacity to prevent, detect, and respond to public health emergencies.

The GHSA focuses on accelerating progress toward a world safe from disease threats by supporting enhanced surveillance and biosecurity systems, immunization campaigns, and curtailing antimicrobial resistance. Establishing national laboratory and disease reporting systems will help detect threats early.  In addition to building epidemiologic and laboratory workforce capacity, GHSA also focuses on incident management system training and establishing emergency operations centers around the globe.

As President Obama said at the Global Health Security Agenda Summit in 2014, “We issued a challenge to ourselves and to all nations of the world to make concrete pledges towards three key goals:  prevent, detect, and respond.  We have to prevent outbreaks by reducing risks.  We need to detect threats immediately wherever they arise.  And we need to respond rapidly and effectively when we see something happening, so that we can save lives and avert even larger outbreaks.”

CDC’s Role in Global Health Security
CDC is improving preparedness and response internationally by building close relationships with ministries of health and other public health partners abroad to encourage public health and emergency management capacity building. The agency also provides GHSA countries with resources such as funds, administrative support, and dedicated personnel, including experts in emergency response, electronic surveillance systems, and specific health threats. CDC also links emergency response efforts to recovery efforts to ensure systems and processes that have been put in place for one response can be ready for the next public health emergency.

A person is giving another person a vaccine.

Ebola has reminded us that  to protect its citizens, each country should be equipped with a core set of public health capabilities to detect a threat when it emerges, respond rapidly and effectively, and prevent it wherever possible. All countries need to be prepared, since disease monitoring and emergency response begin at the local level.  Local responses will be quicker, more efficient, and more cost-effective than responding from a great distance. However, epidemics do not stay within borders and are not the problem of individual countries or regions. GHSA is an important step toward helping build capacity in other countries and ensuring that when national capacities are overwhelmed, the world moves immediately and decisively to contain the outbreak.

Three surveys provide data on the state of mobile development and security, and the news is not particularly heartening.

Perhaps the most interesting of the surveys is from Evans Data, which found that 56.7 percent of mobile developers follow security protocols set by their governments. The true nature of the result becomes more apparent when it is turned around: More than 40 percent don’t do what their governments tell them is the right thing.

The press release offered a vague but useful breakdown. In North America, 67 percent follow their governments. The percent in Asia was “only slightly less” but dropped to one-third in the combined Europe, Middle East and Africa (EMEA) category.



What are some technical considerations for cloud-based vulnerability scanners? originally appeared on Quora: The best answer to any question.

Answer by Sai Ramanan, Corporate Information Security Lead at Quora, on Quora:

Vulnerability scanning is a stalwart practice of the Information Security community.

Vulnerability scanners help identify potential security weaknesses at scale; e.g. missing patches, default passwords, coding or configuration weaknesses. As part of security best practices or meeting compliance requirements (PCI, HIPAA, GLBA and NERC CIP, etc), when you decided to implement a vulnerability scanning solution in your datacenter and scan your servers in the Cloud, you have to submit a third-party scan request to your cloud provider and whitelist the IPs, which can be time-consuming. There are also pre-authorized vulnerability scanning products available in the AWS marketplace such as Tenable Nessus Enterprise for AWS and QualysGuard Virtual scanner appliances, which can scan your instances on demand. In this article, I’m going to focus some of the considerations to keep in mind specific to pre-authorized vulnerability scanning products on Amazon Web Services environments.

As with any security tool, automated vulnerability scanners also play a vital role in helping you understand, manage, and remediate the security risks that may exist in your environment. There are multiple vulnerability scanning products available for free trial from AWS marketplace – Tenable Nessus, QualysGuard Virtual scanner appliance, Acunetix, Alert Logic, etc. Having evaluated the first two products for Quora, I can tell you that the cloud vulnerability scanning products has their own challenges and architectural considerations need to be properly vetted. Let’s look at some of these:



Have you ever looked at an IT security plan and wondered, “what’s wrong with this picture?” When words like “policy”, “procedure” and even “implementation” are prominent, but others like “user”, “training”, “performance” and “awareness” seem to be pushed into the background, there may be room for improvement. Unless your context is entirely “lights-out” and computer-driven (still rare even in this age), human beings will be an integral and fundamental factor in your IT security planning and management. And unless your context is completely on-premises without any connections to the cloud (increasingly rare), the days of the bolt-on, “bigger fence” are numbered.



Thursday, 14 January 2016 00:00

Key risk management issues for 2016

Chief risk officers (CRO) will need to keep close watch on a number of strategic, operational, and external risks this year, according to new research by KPMG LLP. Effective risk management and mitigation will be critical , since companies' strategies, business models, operations, reputations, and, ultimately, survival are on the line.   

"CROs today face an unprecedented number of new and emerging risks that can threaten corporate strategy if they are not identified quickly and managed properly," said Kelly Watson, National Service Group Leader for Risk Consulting at KPMG LLP.  "The CRO needs to lead an integrated, organization-wide risk management program that can turn potentially crippling risks into opportunities for innovation, cost reduction, improved compliance and competitive advantage." 

KPMG has identified seven key strategic, operational and external risk areas that should top CROs' risk management agendas this year:



Correspondent banking could arguably be one of the most difficult business lines for AML (anti-money laundering) suspicious activity systems to monitor, but are there any opportunities for improvement and increased sophistication? The fundamental conundrum for compliance departments monitoring correspondent banking payment activity is that they must rely on the respondent bank’s AML policies, procedures, controls and technology systems to identify suspicious activity and to take appropriate steps to mitigate the risks, which could result in the respondent bank ending relationships with nefarious customers. In order to remain proactive, banks providing access to the U.S. financial markets via correspondent banking relationships should consider increasing the sophistication of how they detect suspicious activity based on what information is already contained in the wire payments and existing watch lists.

If, correspondent banks are monitoring their customers’ customers, then it requires several parsing algorithms to determine several key pieces of information such as:

  • Creating pseudo account numbers based on the originator and beneficiary names and addresses referenced in the wire payments.
  • Extracting country codes for the originator of the payments and, when available, for the beneficiary as well.



If you are a tech investor trying to follow the money right now, then the market can be very confusing in terms of deciding where to place your bets. If you are a tech job seeker thinking about a career change in 2016, then the market can be just as confusing when it comes to finding a position with the most upward mobility.

But if you properly separate out your view on the various sectors within tech, then it all becomes quite clear.

Personal computers (PCs) and software made for those machines were originally referred to as ‘tech’ - as in the ’tech industry’.  Tech broadened into information technology (IT) and more recently the cloud – or cloud computing. The internet and digital media are also called tech, along with all things mobile including smart phones and apps for those devices. Cybersecurity is a tech sector that was originally categorized within IT, but it has evolved to become relevant to the entire tech industry.

Here’s a fresh look at polar opposites in tech (in terms of growth) – the PC market and the cybersecurity market:



Thursday, 14 January 2016 00:00

Big Data Goes Mainstream: What Now?

Now that big data initiatives are going mainstream in Fortune 1000 companies, CIOs and other C-level executives are targeting the next frontier -- how to transform all that information into products and services – according to a new report.

As we enter 2016, big data initiatives are becoming more the mainstream than cutting-edge, and many CIOs are now heading up efforts that go well beyond what they dreamed of implementing a decade ago.

Many organizations are still in transition as they look at the data they have, the data they want to add, the products and services they want to create with that data, and what infrastructure and tools they need to accomplish those goals, according to Randy Bean, CEO and managing director at NewVantage Partners, a management consulting firm that works with C-level executives at many financial services firms in the Fortune 1000.

"The past five years have been about big data," he told InformationWeek. "Organizations want to bring in new sources of data. They want to create new information-based products and services."



Wednesday, 13 January 2016 00:00

Converging Your Way to a New Data Center

Vested interests in the IT industry have a lot riding on the hope that the enterprise will want to keep some of its infrastructure in-house rather than push everything onto the cloud as the decade unfolds. But this is only likely to happen if on-premises hardware is low-cost, highly scalable and maintains a tight footprint.

This is why so many designers are touting converged and hyper-converged infrastructure. By filling small, modular appliances with massive computing, storage and networking capabilities, converged solutions will offer an efficient means to support critical workloads without sending data beyond the corporate firewall.

Expect CI and HCI to take the lion’s share of the IT narrative in the coming year, says NetApp’s Lee Caswell. By breaking down the barriers between servers, storage and compute, convergence not only simplifies hardware infrastructure, but makes it easier to manage as well. Admins will finally be able to shake off the tedium of hardware integration and focus on the more productive aspects of software innovation. This is why 451 Research predicts that 40 percent of enterprises plan to increase spending on converged solutions in the coming year.



After a rough year of cyberattacks and data breaches, the federal government is getting serious about protecting its sensitive information when in the hands of its contractors. As a result, contractors are being sent to the front lines of the fight.

Already, the Defense Department has imposed requirements to protect ""unclassified controlled technical information"," and it recently expanded these obligations via interim rules with immediate effect. The National Archives and Records Administration is about to complete its new regulation to better protect sensitive but unclassified federal information. The National Institute of Standards and Technology has issued new cyber protection standards intended for commercial companies. And the General Services Administration stands poised to issue new rules for schedule holders.

We are going to see new cyber protection requirements in many solicitations and contract modifications. And an unwary contractor might become a casualty when it certifies compliance, even implicitly, with "all IT security standards." For example, the second draft request for proposals for GSA's Alliant 2 subjects contractors to "all ordering activity IT security standards … and government wide laws or regulation applicable to the protection of government wide information security." How can a contractor certify before it knows what "sensitive data and information" will be part of the performance of a task order? Or even what all the standards will be? Yet if a contractor does not certify or impliedly certify, it may lose the chance to compete for award.



Wednesday, 13 January 2016 00:00

Measurement: the next big resilience challenge?

Robin Gaddum looks at the ‘capabilities and capacity’ aspect of organizational resilience and explains why dynamic measurement is an essential requirement.

Resilience is a journey, not a destination. It is a dynamic characteristic because every organization is in a constant state of change, as are the environment in which it operates and its direct and indirect inter-dependencies with other organizations. An Organization may pursue resilience but may only be demonstrably resilient to a particular disruptive event at a moment in time.

So, how do you measure resilience? This is an important question. If you cannot measure its benefits, then making the business case for a resilience programme will be challenging. Quantifying return on investment (ROI) requires some form of measurement to show how the investment input results in valuable output. But how do you measure the unmeasurable?



This month, we focus on data center design. We’ll look into design best practices, examine in depth some of the most interesting recent design trends, explore new ideas, and talk with leading data center design experts.

Groupon may be the future of merchant discounts, but it uses a mathematical problem solving method formulated in the 1930s to optimize the data center design that supports its popular service.

Linear Programming models are used to maximize specific outcomes given numerous variables. The word “linear” refers to linear relationships between the variables.

The approach is common in other industries, such as transportation, energy, and telecommunications, but it also applies well in data center design, the Groupon team found, since there are clearly desirable outcomes and lots of variables.



(TNS) - As was the case in both 2014 and 2015, flood recovery will again dominate much of Boulder County government's work load this year, county commissioners said Tuesday.

"Even though flood recovery may no longer be at the forefront of the general public's mind, our staff continues to work tirelessly on this issue," Commissioner Cindy Domenico said.

Flood-related issues were just part of a package of topics that Domenico and Commissioners Elise Jones and Deb Gardner covered in their "State of the County" review of what they identified as Boulder County's accomplishments in 2015 — and what residents can expect from their county government in 2016.



With Director 7.7, you have the capability of configuring policies, rules and conditions that will alert you when the configured threshold has reached in your XenDesktop 7.7 environment. You can configure and manage proactive alerts and notifications either through the Director UI or using Powershell cmdlets.

In this post, we will take a look at how to configure, visualize your alerts, manage them, analyze their details and historically track alert trends.



Wednesday, 13 January 2016 00:00

BCI: Cyber incidents rank as major new threats

Cyber incidents rank as major new threats

The risk landscape for businesses is substantially changing in 2016 according to a new report by Allianz Global Corporate and Specialty. While businesses are less concerned about the impact of traditional industrial risks such as natural catastrophes or fires, they are increasingly worried about the impact of other disruptive events such as cyber incidents.

According to the Allianz Risk Barometer, business and supply chain interruption (BI) remains the top risk for businesses globally for the fourth year in succession. However, many companies are concerned that BI losses, which usually result from property damage, will increasingly be driven by cyber attacks, technical failure or geo-political instability as new 'non-physical damage' causes of disruption.

The corporate risk landscape is changing as many industrial sectors are undergoing a fundamental transformation,” explains AGCS CEO Chris Fischer Hirs. “New technologies, increasing digitalization and the ‘Internet of Things’ are changing customer behaviour, industrial operations and business models, bringing a wealth of opportunities, but also raising awareness of the need for an enterprise-wide response to new challenges. As insurers we need to work together with our corporate clients to help them to address these new realities in a comprehensive manner.

An area of increasing concern for businesses globally are cyber incidents which not only include cyber crime or data breaches, but technical IT failures as well. Loss of reputation (69%) is the main cause of economic loss as result of a cyber incident followed by business interruption (60%) and liability claims after a data breach (52%). These three cyber incidents are also the top three concerns for business continuity professionals according to the Business Continuity Institute's latest Horizon Scan Report.

The top ten risks according to the Allianz Risk Barometer are:

  • Business interruption (incl. supply chain disruption)
  • Market developments (volatility, intensified competition, market stagnation)
  • Cyber incidents (cyber crime, data breaches, IT failures)
  • Natural catastrophes (storm, flood, earthquake)
  • Changes in legislation and regulation (economic sanctions, protectionism)
  • Macroeconomic developments (austerity programs, commodity price increase, inflation/deflation)
  • Loss of reputation or brand value
  • Fire, explosion
  • Political risks (war, terrorism, upheaval)
  • Theft, fraud and corruption

Do businesses understand the cloud and its benefits? Recent data indicates confusion and doubt are prevalent among many cloud adoptees. 

A May 2015 survey of 300 IT managers completed by West IP Communications showed that many businesses are divided on the inherent benefits and risks associated with the cloud.

The survey results included:



AUSTIN, Texas – Disasters such as floods and tornadoes commonly result in the loss of important documents. While it can seem like a daunting task, the good news for Texans is that many official papers and vital records are relatively easy to replace.

Survivors of October’s severe storms, tornadoes, straight-line winds and flooding, who have registered and applied for federal disaster assistance, should keep their personal information updated with the Federal Emergency Management Agency (FEMA) throughout the recovery process. Supplying copies of important documentation is a necessary part of registering with FEMA. Applicants should share any change of address, telephone and bank account numbers and insurance information with FEMA to keep that information up to date.

Check the list below to find out where to obtain official copies of your lost or damaged documents.

SNAP Card (Food Stamps):
Phone: 800-777-7328
Website: https://www.hhsc.state.tx.us/providers/LoneStar/EBT/EBThowto.html

Green Cards:
Phone: 800-375-5283
Website: http://www.uscis.gov/green-card/after-green-card-granted/replace-green-card

Birth and death certificates:
Phone: 888-963-7111
Website: https://www.dshs.state.tx.us/vs/reqproc/default.shtm

Texas Driver License:
Phone: 512-424-2600
Website: https://www.txdps.state.tx.us/DriverLicense/replace.htm

Bank Checks, ATM/Debit Cards, or Safe Deposit Boxes:
Phone: 877-275-3342
Website: www.fdic.gov

Credit Cards: Contact the issuing institution:

Texans in the following counties may register for disaster assistance for damage or losses sustained during the period Oct. 22 to Oct. 31: Bastrop, Brazoria, Caldwell, Cameron, Comal, Galveston, Guadalupe, Hardin, Harris, Hays, Hidalgo, Liberty, Navarro, Travis, Willacy and Wilson.

Survivors can apply online at DisasterAssistance.gov or by phone (voice, 711 or relay service) at 800-621-3362. TTY users should call 800-462-7585. The toll-free lines are open 7 a.m. to 10 p.m. seven days a week. Multilingual operators are available.

For more information on Texas recovery, visit the disaster web page at www.fema.gov/disaster/4245, Twitter at https://www.twitter.com/femaregion6 and the Texas Division of Emergency Management website, https://www.txdps.state.tx.us/dem.

# # #

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. 

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing disastercustomerservice@sba.gov, or visiting SBA’s website at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

Visit www.fema.gov/texas-disaster-mitigation for publications and reference material on rebuilding and repairing safer and stronger.

(TNS) - Gov. Rick Snyder on Tuesday night activated the Michigan National Guard to assist with the ongoing crisis of the lead contamination of Flint's drinking water.

"As we work to ensure that all Flint residents have access to clean and safe drinking water, we are providing them with the direct assistance they need in order to stretch our resources further," Snyder said in a news release late Tuesday.

"The Michigan National Guard is trained and ready to assist the citizens of Flint."

Members of the National Guard are expected to staff fire stations and distribute bottles of water and water filters, freeing members of the American Red Cross to handle the door-to-door distribution of those items, Snyder Chief of Staff Jarrod Agen said. There were no immediate plans to use tanker trucks to distribute water, he said.



Nitin Donde is CEO of Talena, Inc.

To succeed in today’s data-rich and data-centric world, companies are building new, high-value applications on top of NoSQL, Hadoop and other modern data platforms. According to IDC, the big data market will reach $48 billion by 2019. At the same time DevOps processes are rapidly penetrating the Global 2000, impacting the very companies that are adopting these new data platforms. These teams and their processes are now responsible for managing data infrastructures that are orders of magnitude larger than anything companies have dealt with previously. As a result, big data, DevOps and data management are rapidly intersecting, and the speed at which groups are expected to support this new world order and launch new applications raises a new set of challenges, considerations and questions, including:

  1. How do data management principles change in the world of Big Data?
  2. How can agility and security co-exist in modern data environments?

Let’s address each of these issues in more detail.



Data volumes have been on a dramatic upswing since the decade began and are about to rise even faster now that Big Data and the Internet of Things are ramping up. So it would seem that enterprises of all sizes should be scrambling to boost their storage capacity, and yet the market is largely flat.

What’s going on here? Is storage infrastructure becoming so efficient that organizations are really doing more with less? Or are workloads already porting to the cloud in such great amounts that commodity platforms are supplanting high-cost on-premises deployments?

There is probably a little bit of truth to both notions, but many other factors are affecting the storage industry right now. Chief among them is the plethora of storage media in the channel that makes it hard to gauge exactly what is happening with storage in general. Gartner, for instance, notes that solid state storage and traditional hard disk are on pace to cross each other in 2017; that is, Flash is growing by about 20 percent per year while HD is at 4 percent. By mid-2017 or so, Flash will start to exceed hard disk in terms of revenue. Meanwhile, shipments of sub-1TB capacity are at the lowest level since 2012, which is counterintuitive considering that, while speed is important in modern architectures, raw capacity should also be growing to accommodate increasing volumes.



By Talkin’ Cloud

2016 could provide many growth opportunities for cloud services providers. Here’s why:

1. Total Cloud Infrastructure Spending Could Grow

International Data Corp predicted total spending on cloud IT infrastructure (server, storage and Ethernet switch, excluding double counting between server and storage) would grow by 24.1 percent to $32.6 billion in 2015. In addition, IDC noted it expected cloud IT infrastructure spending to expand at a compound annual growth rate (CAGR) of 15.1 percent through 2019.

2. Cloud Security Will Remain a Top Priority

Cloud application security provider Elastica recently found that the cost of exposed data in software-as-a-service (SaaS) may total up to $13.85 million per incident. However, CSPs can resolve security issues for businesses, ensuring these companies can protect their sensitive data that is stored in the cloud at all times.



Muda. It’s the Japanese word for waste and the enemy in modern supply chain management and manufacturing. Since the 1980s, lean thinking has revolutionized the way businesses operate by seeking to eliminate muda and free capital held in wasteful assets—that is, assets that do not add value to the overall process (e.g. excess inventory or underutilized equipment). Lean thinking is important and helps businesses to improve their processes and their bottom lines. It does however beg one key question that risk managers and business continuity professionals must ask: “how lean is too lean?” Wantonly cutting out all perceived muda to save money can actually have the opposite effect down the road. Organizations with global supply chains inherit significant risk due to the potential impact associated with a supply chain disruption.  In some cases, a disruption could threaten an organization’s ability to continue business or require large amounts of capital to recover. Organizations must fully examine their processes and supply chains to identify risk and make informed decisions on how lean is too lean.

This perspective—the third in the Risky Business Series—leverages a case study of the recent west coast dock worker strike to demonstrate the inherit risk of a supply chain that is too lean due to a virtual monopoly. This article also revisits evaluation and mitigation strategies from the first two Risky Business perspectives that organizations can use to reduce risk to an acceptable level.



Sticking to the rules of business continuity

Why do we have business continuity management programmes? Is it because we want to make sure our organizations are able to respond to a disruption? Probably yes! It is common sense that we would want to be prepared for any future crisis.

In some cases however, it is also because there is a legal obligation to do so. Many organizations are tightly regulated depending on what sector they are in or the country they are based, and therefore must have plans in place to deal with certain situations. Furthermore, the rules and regulations that govern us are often being revised, and sometimes it can be difficult to keep up with which ones are applicable.

There is a solution however. The Business Continuity Institute has published what it believes to be the most comprehensive list of legislation, regulations, standards and guidelines in the field of business continuity management. This list was put together based on information provided by the members of the Institute from all across the world. Some of the items may not relate directly to BCM, and should not be interpreted as being specifically designed for the industry, but rather they contain sections that could be useful to a BCM professional.

The ‘BCM Legislations, Regulations, Standards and Good Practice’ document breaks the list down by country and for each entry provides a brief summary of what the regulation entails, which industries it applies to, what the legal status of it is, who has authority for it and, of course, a link to the full document itself.

The BCI has done its best to check the validity of these details but takes no responsibility for their accuracy and currency at any particular time or in any particular circumstances.

A new year brings new resolutions—commitments to achieve certain goals or make specific improvements.  While it’s certainly a good time for pledging to lose those few extra pounds, it’s also a great time to make resolutions for improving your business continuity communications. Maybe your mass notification program could use an improved diet and more exercise in 2016?

Feeding Your Emergency Communications System

A successful notification program starts with “feeding” the service with the right data. Accurate, up-to-date contact information is essential for effective enterprise alerting. Consider these tips for improving your notification system’s data diet:



Nearly four-fold increase in computing capacity to innovate U.S. forecasting in 2016


NOAA’s Weather and Climate Operational Supercomputer System is now running at record speed, with the capacity to process and analyze earth observations at quadrillions of calculations per second to support weather, water and climate forecast models. This investment to advance the field of meteorology and improve global forecasts secures the U.S. reputation as a world leader in atmospheric and water prediction sciences and services.

The computers — called Luna and Surge — are located at computing centers in Reston, Virginia and Orlando, Florida. They are now running at 2.89 petaflops each for a new total of 5.78 petaflops of operational computing capacity, up from 776 teraflops of processing power last year.

“This significant investment in our operational supercomputers equips us to handle the tidal wave of data that new observing platforms will generate and allows us to push our science and operations into exciting new territory, said Kathryn Sullivan, Ph.D., NOAA’s administrator. “The faster runs and better spatial and temporal resolution that Luna and Surge provide will allow NOAA to improve our environmental intelligence dramatically, giving the public faster and better predictions of weather, water and climate change. This enhanced environmental intelligence is vital to supporting the nation’s physical safety and economic security.”

Sullivan said the ultimate goal of investment in operational and research supercomputing capacity is to build resilient communities in the United States by arming people with reliable environmental intelligence to make good decisions, as NOAA works to build a Weather-Ready Nation.

The increase in supercomputing strength will allow NOAA to roll out a series operational model upgrades throughout 2016. For example:

  • Upgrades to the High Resolution Rapid Refresh Model (HRRR) will help meteorologists predict the amount, timing and type of precipitation in winter storms and the timing location and structure severe thunderstorms.
  • Implementation of the Weather Research and Forecasting Hydrologic Modeling System (WRF-Hydro) will expand the National Weather Service’s current water quantity forecasts at 3,600 locations to forecasts of flow, soil moisture, snow water equivalent, evapotranspiration, runoff and other parameters for 2.67 million river and stream locations across the country, representing a 700-fold increase in spatial density. This new information, provided nationally at the neighborhood scale, will enable forecasters to more accurately predict droughts and floods, and better support water resources decisions.
  • Upgrades to the Hurricane Weather Research and Forecasting Model (HWRF) will mark the first time NOAA models have had direct connections between the air, ocean and waves to improve forecasts of hurricane tracks and intensity. This upgrade will increase the number of storms NOAA can forecast for at any given time to 8.

The increase in supercomputing capacity comes via a $44.5 million investment using NOAA's operational high performance computing contract with IBM, $25 million of which was provided through the Disaster Relief Appropriations Act of 2013 related to the consequences of Hurricane Sandy. Cray Inc., headquartered in Seattle, serves as a subcontractor for IBM providing the new systems to NOAA.

NOAA’s mission is to understand and predict changes in the Earth's environment, from the depths of the ocean to the surface of the sun, and to conserve and manage our coastal and marine resources. Join us on FacebookTwitterInstagram and our other social media channels.

Business continuity priorities don’t come much bigger than having a properly functioning supply chain. Whether an organisation is in the private or the public sector, supply chains have to work without interruption, profitably and to the satisfaction of end-customers. Over time, observations and experience have helped put together the following list of tips for BC management of this critical part of all companies. As we progress through 2016, here’s what to look out for.



Tuesday, 12 January 2016 00:00

Revive Your PC or Mac with an SSD

SSD hard drive technology is extremely fast in terms of reading data. It can either optimise a PC that is usually dedicated to video games with premium features, such as 4K or 3D, or revitalise an old PC or Mac. Most importantly, the computer can be adapted to accommodate a standard 3.5″ desktop or a 2.5″ laptop hard drive.

What is the procedure to be followed?

Changing a hard drive requires several steps. It can be done by yourself or by a professional. There are several things you should know before having a go at this task, in particular, including software that allows copying from one hard drive to another if you want to keep your regular working environment. In addition, you may need more specific software if you intend to copy a Macintosh hard drive (a PC can copy Macintosh hard drives) because the purpose of the drive-to-drive copy is that the software knows how to copy correctly the so-called partitions.

In the case of Macintosh, these are partitions of the HFS+ type, while Windows partitions are of the NTFS type. Generally, it is best to have a desktop PC running Windows (7, 8 or 10) to perform the operation because you may actually use the original PC drive to work with the copying software. This is then used to copy to the replacement drive or to copy the laptop drive to the SSD that will replace it.



Organizations are moving past the hype and into actual value when it comes to big data and analytics implementation, according to a new survey by CompTIA. But challenges remain, including a skills gap and the struggle to wrangle the growing quantity of data generated.

Companies are moving to the next stage with big data -- past the hype and into broader adoption. But new challenges are on the horizon, such as how to master all that data. Those are a couple of several key findings in a recent Computing Technology Industry Association (CompTIA) study.

The industry organization surveyed 402 IT professionals for the report released in December and found that 72% of respondents said big data projects had exceeded their expectations, and about 75% said their businesses would be stronger if they could harness all of their data.



Tuesday, 12 January 2016 00:00

The Hybrid IT Mash-up

Matt Gerber is CEO of Digital Fortress

Love it or hate it, hybrid IT is here in force and it’s here to stay. The global market for hybrid cloud computing is estimated to grow from $25.28 billion in 2014 to $84.67 billion in 2019, according to a 2015 study published by Markets & Markets. Nearly half (48 percent) of enterprise respondents say they will adopt hybrid cloud systems and services in the near future.

Public cloud purists don’t like the idea of companies taking a steppingstone approach to cloud adoption; yet the reality is, many large companies are not ready to make a wholesale change. Compliance and regulatory requirements may stand in the way, or, they have invested too much money in on-premise systems that are still business-critical and don’t transition easily to the cloud. Hybrid cloud is, for many companies, a wonderful blend of the old and the new, offering a highly practical and manageable approach to innovation. You can maintain your highly customized, workhorse ERP system inside your own data center, while adding new agile customer-facing apps to the cloud.



One of the first use cases that most organizations have for the cloud involves some form of data protection. Rather than invest in a massive amount of infrastructure to house data that will be rarely accessed, many organizations prefer to take advantage of low-cost cloud services.

With that in mind, Quantum Corp. today extended its support for AWS with the release of Q-Cloud Protect, a virtual data deduplication appliance that serves to reduce the amount of data that organizations host on AWS. As a monthly service, Eric Bassier, director of product marketing for Quantum, says that unless AWS is actively managed, the amount of data on the cloud service can grow rapidly. Over time, the cost of hosting that data on AWS grows as well. Q-Cloud Protect is designed to reduce the amount of data on AWS by working with other data protection software from Quantum on AWS to identify data that is duplicated, says Bassier.

Bassier notes that over an extended period of time, storing data on AWS and other public clouds can wind up being more expensive than hosting it locally. For that reason, many organizations prefer to archive data in a public cloud, while using data protection software to store a copy of their more recent and important data locally. That hybrid cloud approach frequently eliminates the need to access data in AWS in all but the most dire of disaster recovery scenarios, says Bassier. That’s critical because while storing data in AWS is relatively inexpensive, accessing that data remotely over the network is an expensive proposition. More challenging still, the amount of time it can take to pull data down from the cloud probably exceeds most organizations’ recovery time objectives.



The city of Sacramento, Calif., is at the center of a video warning presumably posted by the hacker group Anonymous regarding an anti-camping ordinance aimed at the homeless Jan. 6.

In the roughly three-minute video, shown below, a masked figure claiming to represent the group said the city would face the “formidable talents” of its hackers unless the ordinance disallowing camping in public spaces was reconsidered.

Though the reported cases of Anonymous targeting local governments are relatively few, cities and counties nationwide have experienced similar threats over the last few years: In November of 2013, a Missouri town was singled out for the way it handled the rape investigation of two teenage girls; in December of 2014, the city of Fort Lauderdale, Fla.’s website was targeted due to laws passed around homeless behavior; and in mid-May of 2015, the Hancock County, Miss., Department of Human Services was included among threats made by the group as it pushed for reform in child protection agencies and family courts.



(TNS) - The unique topography of southern W.Va. has dictated a somewhat steady regime of flooding events.

In Logan County, the confluences of streams from Island Creek, Copperas Fork and Mud Fork into the Guyandotte River as well as myriad other streams and waterways have presented a constant challenge for residents.

Over the last year, fema.gov reports there were five disaster declarations in W.Va., and three of the five included flooding-related events in Logan County.

In response to continued problem in Logan County, local and state governments have addressed the issue with mitigation projects at Garrets Fork, Island Creek, Deskins Addition and Copperas Fork.



(TNS) - The federal government's disaster relief agency has sent three officials to assist Michigan with the Flint drinking water crisis at the state's request, but Gov. Rick Snyder has not yet requested federal financial aid in connection with the ongoing public health emergency, a Michigan State Police spokeswoman said Saturday.

Rafael Lemaitre, director of public affairs for the Federal Emergency Management Agency in Washington, D.C., said on Twitter on Friday that FEMA has deployed two liaison officers to the Michigan Emergency Operations Center to provide technical assistance. A third FEMA liaison officer arrived Saturday, a state police official said.

Capt. Chris Kelenske, deputy director of emergency management and homeland security for the state police, asked FEMA on Wednesday to send the officials "to provide support if we have any questions" about the emergency response process, MSP spokeswoman Nicole Lisabeth told the Free Press on Saturday.



(TNS) - With their own muscle and help from platoons of volunteers, victims of the recent flood spent much of last week hauling soggy debris out of their homes.

Hopes for quickly repairing their lives hinge on two questions: Did they have flood insurance, and did they have enough of it?

Joe Nelson didn’t. His little wood-frame home in Eureka had 20 inches of water in the first floor. When the water went down, he called his insurance company. “They said there was nothing they could do for me,” he said.

Nelson rents the house from his 97-year-old grandfather. Nelson had a renters insurance policy, but standard policies don’t cover flood damage. To get coverage, renters must buy a separate policy.



(TNS) - Lori Lawrence said she was standing in the hallway of her home near Central and Hillside on Wednesday night when the bedroom door started rattling. It was, she said, the sixth earthquake she’s felt in the past two years.

Friends filled up her Facebook feed with comments about the latest quake, which was actually two back-to-back quakes, the largest of which had a magnitude of 4.8.

It was intense enough that the city of Wichita, for the first time, sent out a team to examine whether any of its infrastructure had been affected by an earthquake. Reports had already been coming in about three water lines that had burst around the time of the quake. After a day of inspections, a few more potential cracks had turned up, including one at a wastewater treatment plant.



For years, cyber security has been the province of IT specialist and technicians. Those days are long gone. If you ask a Board of Directors to identify a company’s most significant risk – cyber security is tops.

That is no big surprise. When you consider the consequences of a cyber intrusion or a more likely breach, companies suffer serious reputational and financial harm. Directors, senior executives and compliance officers should be concerned about cyber security.

But what is the role of the Chief Compliance Officer in cyber security risk management?

A CCO is not the sole owner, or even the most significant owner, of cyber security risk management. The Chief information Security Officer (CISOs) owns the risk. However, the CCO should be a strategic partner to the cyber security risk management program.



Monday, 11 January 2016 00:00

5 Steps To Good Social Media Governance

“How can compliance officers meet the challenge of building good governance in a world where new communications are consistently emerging?” asked Melissa Callison, Global Marketing and Corporate Affairs Compliance Executive of Bank of America during a recent event. Callison joined other financial services compliance professionals on a panel to discuss how to enable the business to use social media and other new forms of communications while meeting the regulatory requirements for communications with public.

In the end, it boils down to five key steps:

Clarify Everything

Callison said the first step is to define the entire social media program. Clarify the channels that you plan to use. Discover which entity of the business wants to use social media and why. Various job functions and activities within your firm may be regulated differently, so you need to know exactly who will be using social media so you may set employee use polices that comply with various rules and regulations. Build those policies by bringing the key stakeholders into the conversation to identify and mitigate risks together. These could include representatives from the business, sales, marketing, investor relations, compliance, risk, HR, Data, Security, Privacy and IT. Callison concluded by saying “good governance is really good social.”



Monday, 11 January 2016 00:00

Who May Buy Verizon’s Data Centers?

While officially Verizon remains quiet about the alleged auction for its massive data center portfolio, the report that it is looking to offload some $2.5 billion worth of data centers isn’t far-fetched.

Other telecoms too have realized they aren’t prepared to spend as much as they learned was necessary to grow a data center business and stay competitive. This is generally considered a good time to sell, and at least some of the data centers in Verizon’s portfolio are highly valuable from a strategic point of view. There are plenty of companies that could benefit from taking them over, given that the price is right.



(TNS) - The ranking member on the congressional committee overseeing the American Red Cross wants answers to how the organization's West Virginia chapter responded to several natural disasters in the state.

A letter, sent by Rep. Bennie Thompson, D-Miss., presses the organization's CEO Gail McGovern on how layoffs and cutbacks have affected its ability to respond to disasters. Thompson, the second-highest member sitting on the House's Homeland Security Committee, specifically asked about the effects on West Virginia and California.

Heavy criticism is aimed at the organization's national office in Washington, D.C., as McGovern leads the Red Cross through unprecedented cuts in both services and manpower while focusing more attention on fundraising. As a result, local emergency officials, not-for-profits and people closely associated with the regional chapter said services have declined drastically.



Monday, 11 January 2016 00:00

Avnet CIO: Put Business At The Center Of IT

As an IT and electronics distributor, Avnet is in a unique position to view the trends driving the technology industry. It's also in the position of implementing those trends itself, including cloud computing and customer self-service. Here's how CIO Steve Phillips aligns IT with business at Avnet.

The giant tech distribution companies that serve as conduits between technology buyers and sellers are uniquely suited to observe trends in the IT space. Distributor Avnet's vantage point offers a particularly broad view, because it serves not only the IT market -- its Technology Solutions market -- which is in the midst of a big transformation to digital business, but also the Electronics Marketing business, serving the component market, which has gained more visibility with the rise of the Internet of Things (IoT).

And Avnet is not simply witnessing the transformation of the tech market, it's experiencing it, too.

Avnet CIO Steve Phillips, who also serves as a member of the InformationWeek Editorial Advisory Board, is driving that transformation within the distribution company by aligning his IT organization with the goals of the overall business. It's not a job he started yesterday, either. He's been in the role for 10 years at this $27.9 billion company, which has 19,000 employees in 90 countries.



The National Capital Region (NCR), a collection of 18 sovereign jurisdictions including DC and parts of Maryland and Virginia, is responsible for promoting a safe environment for over five million residents. Equally important, NCR needs to communicate securely and effectively to their resident-base during both emergencies and non-emergency events.

After 10 years with the same notification system, NCR was looking for additional technology.  They turned to Sulayman Brown of Fairfax County for help. Sulayman, who is the Assistant Coordinator for the Fairfax County Office of Emergency Management, led the team charged with identifying and implementing a technology that could facilitate communication within and between jurisdictions.

We recently sat down with Sulayman who took us through the selection and implementation process and then described the system usage, not only for Fairfax County but for NCR as a whole.  Sulayman detailed the challenges the team faced throughout the entirety of the project, as well as the lessons learned.



Defining your data via data discovery and classification is the foundation for data security strategy. The idea that you must understand what data you have, where it is, and if it is sensitive data or not is one that makes sense at a conceptual level. The challenge, as usual, is with execution. Too often, data classification is reduced to an academic exercise rather than a practical implementation. The basics aren’t necessarily simple, and the existing tools and capabilities for data classification continue to evolve.* Still, there are several best practices that can help to put you on the road to success:



Time Warner Cable (TWC) has reported the email addresses and passwords of up to 320,000 of its customers may have been compromised.

And, as a result, TWC tops this week's list of IT security newsmakers to watch, followed by Uber, WhatsApp and the Internal Revenue Service (IRS).

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week's edition of IT security stories to watch to find out:



Andres Rodriguez is CEO of Nasuni.

Two seemingly incompatible forces have collided in the enterprise over the past few years. The standard approach to storing and protecting files has come into direct conflict with the employee’s demand for mobile access to data. Employees want their files no matter where they are or what device they happen to be using. And they have proven that they’ll do anything to get those files, even if it means circumventing IT departments and all their carefully constructed security and enterprise controls.

So, how should enterprises extend employees the mobile access they demand without sacrificing performance and access for control, security and compliance? Most providers have approached this problem from one of two directions – consumer file sharing or enterprise storage.



The flooding  in the UK during Christmas of 2015 has been truly saddening. Many people losing homes, livelihoods and irreplaceable mementoes. While the political world points fingers at one another they seem to forget that people, like you and I are caught up in all of this. Worst of all storm Frank is moving in as I write this on the 29th of December 2015. This is expected to bring more heavy rain and with that, more flooding. With the water courses already at capacity it is a prediction that will most likely come true.

On the 29th I was finally able to catch up with a few of my friends from the affected areas to get their thoughts on how they were coping and if I could offer help. First and foremost I’m happy to say everyone is well and safe.

The overwhelming message I received was that no one knew what was going on. There was no communication to tell people to evacuate. Or areas that were given a risk level in the morning, were revised later in the day and the residents didn’t get the updated message. For example, an area deemed as low risk just outside of Blackburn unexpectedly flooded. This left a young man with health issues marooned in his home with no idea what to do. “We were told it was safe and nothing more, we did not know what to do when the river burst its banks”. This is a story that is repeating its self over and over again.



Friday, 08 January 2016 00:00

Why Working Sets May Be Working Against You

Lack of visibility into how information is being used can be extremely problematic in any data center, resulting in poor application performance, excessive operational costs, and over-investment in infrastructure hardware and software.

One of the biggest mysteries in modern day data centers is the “working set,” which refers to the amount of data that a process or workflow uses in a given time period. Many administrators find it hard to define, let alone understand and measure how working sets impact data center operations.

Virtualization helps by providing an ideal control plane for visibility into working set behavior, but hypervisors tend to present data in ways that can be easily misinterpreted, which can actually create more problems than are solved.



Friday, 08 January 2016 00:00

Data Security Needs To Improve

2015 was very much the year when the media woke up to the potential damage that data theft can bring for consumers and businesses.

The most covered hack was the Ashley Madison hack, where 32 million users had their details stolen. This was more than simply their credit card numbers and addresses, as it included extremely personal aspects such as fetishes and what they were looking for in a partner. When the hacker's demands were not met and the information was made public, the damage went far beyond financial loss - there have been reports of divorces, loss of reputations and at least two reports of suicides.

Ashley Madison may have been the most high profile leak, but the larger and potentially more serious hacks at Anthem saw 80 million people having their records stolen from the medical insurer. Although the number of people affected was astronomical, arguably the most serious was Carphone Warehouse, where 2.7 million customer had their personal details and credit card information leaked.

These kinds of hacks are not only happening at irresponsible companies. The Office Of Personnel Management had a significant breach, and according to Reuters - 'said data stolen from its computer networks included Social Security numbers and other sensitive information on 21.5 million people who have undergone background checks for security clearances.' This is perhaps some of the most personal and important data that can be stolen, potentially leaking the (remove) information of some of the most important and powerful people in the US.