Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Jon Seals

Jon Seals

“Give me your gut!” (as in “gut feeling”) has long been the cry of business continuity management in meetings, trying to make sense of complex situations or cut through to the essentials.

Gut feelings are nonetheless only as good as judgement and the experience used to make them. They may therefore be wrong, for any number of reasons, including incomplete information, personal prejudice, and faulty reasoning. In business continuity, as in other domains, organisations cannot afford to run on gut feelings when the risk of error is too high. But are data-driven decisions on business continuity a better option?

Business analytics are often suggested as the “cure” for gut feeling.

Instead of trying to deal with emotions or personal preferences, the idea is to use facts as the basis for decision.

...

http://www.opscentre.com/business-continuity-gut-feeling-data-driven-decisions/

As I’ve said many times, cybersecurity seems to be more about reacting than acting or being proactive. Now, a new study by 1E found that, in fact, IT professionals spend a third of their time reacting to emergencies.

Nearly 30 percent of the IT tasks are unplanned, which works out to be about 14 weeks of job time per year. More than half of the respondent admit that a problem that is found relatively quickly (within an hour) can take most of the day to resolve.

While this study looks at IT as a whole, it fits into the scope of security, as well. Think of the amount of downtime that is caused by a security incident and how long it takes you to get the company up and running properly again, or how long it takes to resolve that incident. Then ask yourself if you were prepared to address the security incident. Again, I think the formal statement that Sumir Karayi, founder and CEO of 1E, made is as applicable for security as well as overall IT functions:

We knew that IT teams spend a lot of time on unplanned incidents, but we didn’t think it was this high – one third of their time. That’s taking a huge toll on their ability to innovate.

...

http://www.itbusinessedge.com/blogs/data-security/why-your-business-must-be-prepared-for-security-incidents.html

More than 30,000 people in low-lying coastal areas have been urged to evacuate their homes ahead of powerful Cyclone Debbie, as it bears down on the Queensland coast in northeastern Australia.

With landfall expected early Tuesday, Cyclone Debbie is currently a Category 4 storm and could intensify to Category 5. A Category 4 storm on the Australian scale equates to wind gusts of more than 140 miles per hour, the New York Times said.

Storm surge poses the biggest threat as the cyclone strengthens, according to major weather forecasters and news outlets.

...

http://www.iii.org/insuranceindustryblog/?p=4885

IRVINE, Calif. – Vision Solutions, a leading provider of business resilience solutions for IBM Power Systems, published episodes two and three of its “Power Talk” podcast. 

 

Episode two features a conversation with guest Larry Youngren, retired leader of IBM’s remote journaling team for IBM i and well-known author and speaker on high availability (HA). Topics covered include: 

  • Meeting timely recovery point goals through remote journaling 
  • Understanding the key differences between hardware and software replication
  • Techniques for optimizing remote journaling performance and bandwidth usage
  • Three tips for evaluating HA options

Tweet about episode two of the Vision Solutions podcast.

 

Episode three features a conversation with guest Ron Peterson, retired leader of IBM’s clustering team for IBM i and former senior product strategist for MIMIX. Topic related to IBM i HA are covered, including: 

  • Clustering in today’s HA options
  • Unique HA challenges for IBM i systems
  • Significant differences between SAN and software replication
  • Tips for finding the right high availability solution

Tweet about episode three of the Vision Solutions podcast.

 

The Vision Solutions Power Talk podcast series is available at: http://www.visionsolutions.com/powertalk

 

“The conversations in these episodes continue what we started with our first podcast: tapping industry legends to give their invaluable perspectives on modern trends,” said Edward Vesely, EVP and CMO of Vision Solutions. “The stories and commentary in our Power Talk podcast series are invaluable to IT professionals seeking to better understand and optimize the technologies they rely upon to keep their organizations up and running.”

 

About Vision Solutions

Vision Solutions is a leading provider of business resilience solutions – high availability, disaster recovery, migration and data sharing – for IBM Power Systems. For more than 25 years, customers and partners have trusted Vision to protect and modernize their environments, whether on-premises or in the cloud. Visit visionsolutions.com and follow us on social media, including Twitter, Facebook and LinkedIn.

New Ransomware Prevention Checklist Provides Actionable Steps to Recover from and Prevent Costly Cyber Attacks

 

SUNNYVALE, Calif.  – Zetta, a leading provider of high-performance business continuity solutions, today released a new Ransomware Prevention Checklist which provides actionable advice to help recover from and prevent ransomware attacks. It includes immediate steps that can be taken when infected by ransomware to mitigate its impact along with top attack prevention tips that can be implemented to minimize threat risk. 

“The high cost of ransomware has made threat mitigation a top priority for businesses of all sizes,” said Mike Grossman, CEO, Zetta. “To help prevent the risk of ransomware, and to provide immediate guidance for those that have had the unfortunate experience of being hit by an attack, our new Ransomware Prevention Checklist is an excellent resource. It offers simple, actionable advice that can help any data-driven business protect themselves from the high cost, and agony, of ransomware.” 

According to the Federal Bureau of Investigation, ransomware attackers collected more than $209 million from victims during the first quarter of 2016 alone and as many as 50% of ransomware victims paid the ransom in an attempt to recover their data. Adding to the high cost of ransomware, is its impact on IT downtime. The State of Disaster Recovery Surveyreports that virus and malware attacks are the fourth cause of IT downtime, following power outages, hardware errors and human errors. 

The Zetta Ransomware Prevention Checklist offers top steps to prevent the impact of a ransomware attack and tips for safer online behavior, security tools and computer protection to minimize risk and safeguard valuable data from compromise. 

To view the Zetta Ransomware Prevention Checklist, visit: http://www.zetta.net/resource/ransomware-prevention-checklist.

About Zetta
Zetta is an award-winning provider of high-performance cloud-first data protection and disaster recovery solutionsthat are a worry-free choice for businesses and managed service providers. The Company’s direct-to-cloud approach provides businesses a fast and reliable way to protect, access and quickly recover their business-critical data and systems—both physical and virtual – without the need for costly extra hardware. For more information, visit www.zetta.com.

We have been a fan of the Incident Command System (ICS) since the 1990s. It was created in my fair state – California – to manage wildfires. Everyone realized early on, it had many more uses that just the fire service.  It it now required for all city, county, state and federal departments and agencies. What about a company?

Many companies fail to have a great Crisis Management Team because they lack four simple things. Are you developing or retooling the team you have? Then you should consider using ICS.

On Wednesday, March 29, I will be doing a general session at DRJ in Orlando with one of our clients,Salt River Project (SRP), who have embraced ICS.  We will both be speaking so you will learn from the “horses mouth” how SRP reorganized their team and the results.

The goal of this presentation is to help you create both a great team and a great process in order to manage incidents large and small. There are four key things that we often find missing in company teams and plans:

  1. A clearly defined structure
  2. Identified roles and responsibilities
  3. A formal assessment process and team
  4. The ability or knowledge to develop an Incident Action Plan (IAP)

You will learn how SRP has embraced the Incident Command System, refocusing their Crisis Management Team and their processes to be even more effective.

Topics Covered

  • Incident Command System – a powerful methodology.
  • Crisis Management Teams – Roles and responsibilities.
  • Initial Assessment Team – Who should be on the team.
  • Incident Action Plan (IAP) – How to write one.

Speakers

  • Regina Phelps, EMS Solutions Inc.
  • Kenneth Lewis, Salt River Project, Principal Emergency Management Program Analyst

http://www.drj.com/springworld/index.php/event-program/general-sessions

You lock your home—now lock your network. This means having a reliable and secure data center and following basic safety rules, like locking down ports, shutting off services, removing rights and privileges when no longer justified, and using firewalls. You’ll also need host and network intrusion detection and prevention (IDS/IPS) as well as physical access controls such as badge, PIN pad and biometrics etc., to ensure you let only the right traffic and the right people in.

The best way to keep a secret is to encrypt it. But what to encrypt? Encryption can occur at many layers—the network, the physical disk drive, the database, or individual fields. All encryption is not the same; algorithms have different key lengths, some are slower in performance than others and some have been compromised through the ages. Be aware, and keep current with encryption techniques.

At the application layer, strong authentication is key. Create a process for good passwords and keep it simple so people will use it, but make it strong to keep the bad guys out. Passphrases, account ID images and challenge questions are other techniques. A simple technique to use for challenge questions is to not respond with the answer to the question being asked. If the question is “What is your mother’s middle name” use a word like “chair” or “fish.” These red herring responses cannot be traced back to your Facebook or other social accounts.

...

http://www.mir3.com/cybersecurity-principle-locked-door/

A man drives a car into pedestrians on Westminster Bridge, keeps driving, crashes the car outside the Houses of Parliament, then tries to enter the complex armed with a knife. Four people are dead, including a policeman and the assailant, and at least 40 injured.

The investigation into yesterday’s terrorist attack in the heart of London is ongoing, as Westminster bridge reopens and Parliament gets back to work.

Small group and “lone wolf” terrorist attacks are seen as indicative of the shifting nature of terrorism, according to experts (here and here).

...

http://www.iii.org/insuranceindustryblog/?p=4875

Monday, 27 March 2017 20:38

Crowds in Crises

Back in 2015 the world was captivated by the Universal film “Jurassic World”. Viewers praised Chris Pratt’s performance in this science fiction thriller, but were more entertained by a different kind of hero. During a pterosaur attack causing resort guests to push, shove, and trample each other as they flee, a man is spotted grabbing two margaritas before seeking his own safety…or the safety of the second margarita’s owner. #priorities

Movies typically depict a crowd’s response to an emergency or disaster scenario as emotionally driven, almost irrationally selfish. It’s widely assumed that as mass hysteria and panic take hold of a crowd, people do whatever they can to better serve themselves. But does this actually occur off the screens? Are we really all the margarita man?

Social psychology says no. Research dating back as far as the 1950’s show that behavior in disaster response is generally pro-social and collaboratively altruistic. History backs this theory up.

...

http://www.bcinthecloud.com/2017/03/crowds-in-crisis/

In theory, BYOD or bring your own device lightens the load in terms of IT sourcing, because it transfers the work (and cost) of acquiring a device to the user of that device.

 

Users are happy because they can use the devices they favour, while IT departments can free up time and budget to use elsewhere. Everyone is happy, end of story – or not quite.

Paranoid IT managers can over-compensate for the wide variety of different devices, going overboard on security and bandwidth investments.

On the other hand, unwary IT organisations can end up with more problems than they solve, if they fail to put IT management in place (which requires IT sourcing of its own) and users swamp out helpdesks with issues that mix personal and professional device usage.

Is CYOD rather than BYOD the answer?

...

http://www.opscentre.com/adapting-sourcing-byod-cyod/

Page 1 of 2503