DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

Job Description: Technical Project Management Professional IV REQUIRED QUALIFICATIONS • Bachelor's degree in Computer Science/Computer Engineering or in related field • Seven or more years of demonstrated experience dedicated to disaster recovery operations and management in a large complex IT organization • Seven or more years of experiences in IT operations in supporting Infrastructure and/or Software Solutions • Seven or more years of experiences in IT Project Management • Advanced knowledge of all aspects of computing and communications including hardware infrastructure, networking, software, operations and disaster recovery • Successfully developed and…
Monday, 18 June 2018 14:52

What Happened At Facebook?

Lessons From The Giant

While not every organization is a nearly 2 billion user, social media giant like Facebook, there’s a lesson to be learned for all organizations from recent events: in today’s data-driven business environment, customer trust matters more than ever before. In this article, Gartner’s Stephanie Quaranta outlines steps privacy and compliance executives need to take in order to protect the value of their customer relationships and ultimately minimize their company’s exposure to privacy risk.

By now, the saga of Facebook and Cambridge Analytica is familiar to us all. In 2013, University of Cambridge researcher Aleksandr Kogan collected personal data from 270,000 Facebook users through a personality test app called “thisisyourdigitallife.” At the time, Facebook’s policies allowed app developers to collect data not just from users who had explicitly consented, but from those users’ friends as well. Kogan assigned test takers and their friends to psychographic segments using the collected data, then sold that information to a political consulting firm called Cambridge Analytica.

Though Facebook discovered this at the end of 2015, it chose not to alert impacted users. Instead, Facebook simply asked Cambridge Analytica to delete the data. Only in March of this year, after an exposè by The New York Times and The Observer of London reported on the data harvesting and Cambridge Analytica’s use of that information to micro-target voters in advance of the 2016 Brexit vote and US presidential election, did Facebook go public with what had happened.

The immediate backlash was fierce. Facebook stock plummeted 18% in 11 days, wiping out $80 billion in value. The hashtag #deletefacebook emerged, with Google searches on how to delete your profile more than quadrupling in the week the scandal broke. Regulators and lawmakers across the globe opened investigations into Facebook’s privacy practices.



There is no better time to prepare for an economic downturn than when business is good. With the severity of the 2007–2008 financial crisis still fresh on the minds of many directors and executives, how should companies prepare for an economic downturn in the cool of the day rather than reacting in crisis mode in the heat of the moment?

At this time, most established business plans do not contemplate an economic downturn. However, some observers are forecasting a recession in the United States within the next couple of years – say, by 2020. Everyone is watching interest rates, trade, government spending, geopolitical tensions and other “tea leaves” carefully. The truth is, no one knows what the future has in store. But memories of the severity of the last downturn and its consequences for most organizations have not faded. That’s why, for most companies and their management teams and boards, a contingency plan makes good business sense, as it positions them to act decisively when recessionary storm clouds begin to loom on the horizon.

Contingency plans are certainly not new, as organizations have been developing them for a long time. Plans are documented with specific action steps that are triggered if certain harmful events occur. Such events might include natural disasters (floods, earthquakes, etc.), cybersecurity breaches, terrorist activities, fire, fraud, theft or embezzlement. Notably, these perils may never occur, but the plan stands ready nonetheless if they do. Plans are also developed to address market opportunities, should they arise.



On June 12, Advisen held a webinar entitled “Big nasty claims. What are the large loss trends in the casualty sector?” To qualify as big and nasty, the casualty claims stem from injury and/or property damage resulting from incidents such as train derailments, chemical spills and food contamination, frequently involving multiple parties, and costing $100 million or more each.

Advisen’s large loss dataset yielded some interesting insights into trends in this area, and Jim Blinn, Advisen’s moderator, was joined by two Allied World claims experts, James Minniti and Paul DeGiulio.

Advisen’s dataset reveals that pharmaceutical and medicine manufacturing, transportation equipment manufacturing, and machinery and electronics manufacturing are the top three industries involved in large claims, with public administration in fourth place.



Charlie Maclean Bristol, FBCI, FEPS, explains how you can improve your business continuity plans by altering the format and following five key steps.

When developing business continuity plans, I try to make them accessible, practical and easy to use. For a long time, I followed a traditional format, with the first few pages being filled up with scope, assumptions, objectives and the like. The problem with this format is that you have to wade through several pages before getting to the bit of the plan which would actually be used during an incident.

After a while, it occurred to me that when you make use of the plan in anger, what you don’t need to read first is a set of assumptions in the plan. By then it is a bit too late to ponder on whether the assumptions are right! This is when the radical idea came to me, of putting what you need first early in the plan; and then other information and the reference material at the end. From this idea, five steps were born:'



The 2018 FIFA World Cup has now started, with four weeks of football to enthuse fans across the globe. Behind the sporting glory and the celebrations, there will be a firm spotlight on the resilience not just shown by the teams, but also the wider infrastructure in place to make it all happen. Dr. Sandra Bell looks at the lessons that organizations can take from the event.

As with any global sporting event, attention always turns to the host city and their readiness to host such an occasion -  everything from stadium capacity and accessibility, to hospitality in the stadium is called into question. However, while the onus is currently on Russia to host a smooth and successful event, the World Cup should be seen as a catalyst for all businesses to improve the long-term resilience of both their workforce – their ‘teams’ -  and their own infrastructure.

So, what lessons can businesses learn from the World Cup about readiness to be resilient?

Dealing with emerging security threats

Security threats have always been a factor for major hospitality events, but even in recent years these threats have changed both in nature and severity. FIFA has already discussed upping the security for the World Cup, with growing cyber security attacks on infrastructure becoming increasingly prevalent.

The World Economic Forum's (WEF) Global Risks Report 2018 names cyber attacks and cyber warfare as a top cause of disruption in the next five years, coming only after natural disasters and extreme weather events. In this same vein as World Cup organizers, businesses cannot just look at what has gone on before but need to constantly keep one step ahead of new threats. The nature of attacks is constantly evolving, with Internet of Things devices and critical supply chains becoming frequent targets - and no industry will be immune.

As more applications migrate to the cloud, it’s crucial that security moves further up the agenda for business leaders. Cyber threats continue to evolve, and defences will need to be a central component of any digital and business strategy to ensure you aren’t the one caught out.



Organizations are increasingly focusing on becoming resilient; that is, to be able to anticipate, adapt and respond both to incremental and sudden changes or disruptions. But while many organizations are starting to understand what these three components of organizational resilience are, few understand the need to integrate them in order to ensure resilience is actually achieved. Even fewer understand how to structure this collaboration. Philippa Chappell looks at how to achieve this.

The challenge is that while each of the three components of organizational resilience is critical, they are typically the responsibility of different role-players. The ‘anticipate’ component, which involves scoping the threat landscape and putting a risk strategy in place, is handled by the enterprise risk management department. ‘Adapt’, which focuses on operational resilience, would be governed by the COO and the business units concerned. ‘Response’ is addressed by the business continuity manager and covered by the business continuity plan.

In dealing with any threat, it is vital that each of these areas works closely with the others. For example, in the case of a cyber attack, it is vital that the organization knows what cyber risks it faces: What confidential information and intellectual property are held in the systems, and what controls are in place. It would be necessary for the risk management team to collaborate with IT in this case, and the results of its work would inform the actions taken by the operations team. The latter would have to consider the vulnerabilities and identify any single points of failure, such as central legacy system on which all other systems depend. It would also have to put contingency plans in place in the event of an attack.

Clearly, for maximum organizational resilience, these role-players must collaborate across the whole process.



Monday, 18 June 2018 14:44

Situational Awareness

Recently I was walking through the airport, I was in a hurry, of course, and I was running late for my flight.  I had my backpack on, my left hand pulling my carry on, and my phone in the right hand.  For productivity purposes I was walking, reading, responding to emails, and then BOOM! – someone walked right into me.  OK maybe I walked into them, I’m not certain.  Thankfully we both were ok, courteous, and we apologized simultaneously.  Both of us were not paying attention, we had weak peripheral vision, and very poor Situational Awareness.  My lesson was learned. I am not going to be using my phone in any way while walking anywhere any more.  Just like I don’t touch my phone at all while driving my car.  Ok maybe I take a quick glance at my Waze App, but I should stop doing that too.  It’s better to take a wrong turn and get lost than to get into an accident.  Right?  I mean come on, I am in the business of risk mitigation.

In today’s world, we always must be cognizant of Situational Awareness.  Situational Awareness or situation awareness (SA) is the perception of environmental elements and events with respect to time or space, the comprehension of their meaning, and the projection of their status after some variable has changed.  SA is also a field of study concerned with understanding the environment critical to decision-makers in complex, dynamic areas from aviation, air traffic control, military, police, and firefighting.  Heck it’s incorporated into our Incident Management component and maps within BC in the Cloud.  Situational awareness also covers the more ordinary but nevertheless complex tasks such as driving a car, riding a bike, sports, or just walking through the airport.  Someone smart once said ‘Common Sense is not so Common’.  Some say that quote came from Voltaire, some say it was Mark Twain AKA Samuel Clemens.  Anyways, it is such a true statement, and that’s probably a huge reason why we all have jobs in this industry.