Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (7050)

Network WorldThis vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Cloud computing has transformed the way IT resources are utilized, but the externalization of infrastructures and applications has brought with it the perception of increased risk, which seem to swirl around visibility and control.

This perception of increased risk has prevented the adoption of cloud solutions in a number of industries, so the key question is how to make decisions about moving your organization's IT solutions to the cloud while considering the risks involved. A

Let's review the key advantages of cloud computing:



Alan Elwood
Risk and Resilience Ltd

So far I have posted about the need to concentrate on ensuring your OODA Loop can operate faster than the emergency and talked about how to manage information and actions in a crisis. To complete this series of three blog posts I am going to look at how you can structure crisis decision making. Decision making in a crisis is not the same as in everyday circumstances so you will need access to different tools. Here are five things to consider:

Key Questions: Have a system to guide your decision making that analyses the situation but also allows you to use your experience and intuition. Think about the key set of questions you need to ask yourself and write them down in advance. These questions should help you (1) understand what is going on and the implications of that; (2) appreciate what needs to be done and why it needs to be done; (3) be clear on where your priority lies; and (4) identify, resource and co-ordinate tasks. Once you have this in place make its use is second nature - rehearse, rehearse, rehearse!



Tuesday, 22 October 2013 15:51

5 Tips for Managing Clouds at Scale

Network World — The enterprise adoption of cloud computing resources has taken a precarious path. Many organizations have started by running small workloads in the public cloud, reticent to use the platform for bigger mission-critical workloads.

But once they get comfortable with say a test and development use case in the cloud, or an outsourced e-mail platform, perhaps CIOs and CTOs warm up to the idea of using outsourced cloud resources for more jobs.

At a recent panel of cloud users, one thing became clear though: Managing a public cloud deployment at small scale is relatively straightforward. The problem comes when that deployment has to scale up. "It gets very complex," says IDC analyst Mary Turner, who advises companies on cloud management strategies. "In the early stages of cloud we had a lot of test and development, single-purpose, ad-hoc use case. We're getting to the point where people realize the agility cloud can bring, and now they have to scale it."

And doing so can be tough. The panelists at the recent Massachusetts Technology Leadership Cloud Summit had some tips and tricks for users though. Here are five.



While good planning and processes are at the heart of business continuity and disaster recovery, technology can accelerate the benefits as well. We live in an age of cloud computing and smartphones. Both can be used to help an organisation get back on its feet after incidents, or simply ride them out without severe or permanent consequences.

Mobile Apps. With a billion smartphones in the world, the mobile app is now a familiar concept. The MIRA smartphone app makes use of the extensive capabilities of mobile devices to communicate with and localise respondents in order to coordinate DR and BC processes and exchange crucial information.



Tuesday, 22 October 2013 15:48

Thornton May: The Future Will Need CIOs

Computerworld — Several weeks ago, a group of enterprise CIOs gathered to celebrate the 32nd birthday of CIO-ness. That's right, the "chief information officer" job title is 32 years old.

There are several origin myths associated with the CIO position floating around our industry, but all of them roughly place the moment of CIO conception as sometime during 1981. I asked the hundred-plus CIOs in attendance to think back to what they were doing when they were 32. Doing pattern recognition on the responses revealed much. The most important observation was that by age 32, the executives in the room emphatically concluded that their careers were not over. They unanimously agreed that from age 32, their jobs got bigger, better and different.

We should all be able to conclude with equal certainty that at age 32, CIO job is not over either. Not even close. Things are going to get bigger, better and different on a massive scale.



Tuesday, 22 October 2013 15:37

Picking Up the Insurance Tab

Your broker will help you determine your insurance needs, go out to market, and obtain competitive quotes. She’ll guide you through the buying process, price negotiations and policy terms. She might even take you out to a nice lunch and introduce you to the key players at your carrier. There’s no debating it – your broker is a great help when you’re purchasing insurance.

But the one thing your broker won’t help you with is paying your insurance bill. For that, you’ll need a budget.

Preparing an insurance budget is a lot like splitting the tab after an expensive meal. You’re pretty sure that everyone sitting at the table should pay something, but how much? Should the bill be divided evenly? Should each person pay according to what he ordered? Should you skip all the awkwardness and just pay the thing yourself?




In 2011, Chris Kloosterman joined the IT team at Saint Michaels University School (SMUS) in Victoria, BC, Canada after leaving his position at nearby Brentwood College School. St. Michaels University School is a private co-educational, independent day and boarding school of 930 students from kindergarten through grade 12.

The timing of Kloosterman’s hiring as the new systems administrator could not have been better as SMUS was facing major challenges with its data backup and recovery system. Fortunately, he had just spent months in his previous role evaluating backup solutions and had great insight to share with SMUS manager of computer services, Rob Przybylski.

With the previous system, Symantec Backup Exec 2010 version 13, the school was backing up full plus incrementals over seven days, but wanted the ability to back up all data every day. SMUS also needed an easier and more robust solution for performing file level restores and looking at data retention policies to ensure they had copies of data where they needed copies. With Backup Exec 2010 version 13, doing multiple copies was cumbersome. During testing, they generally did not work. SMUS went to disk and archive to tape, but because tape was so unreliable, they had to back up to two different disk boxes in two different locations. That was problematic.

As it came time to evaluate and implement a new backup solution, Przybylski relied heavily on Kloosterman who had been part of Brentwood College School’s extensive research into backup systems. With his thorough knowledge of the available systems, SMUS didn’t need to replicate his research efforts.

Based on Kloosterman’s endorsement of the STORServer Backup Appliance, SMUS implemented the system in June 2011. The competitive solutions were either significantly more expensive or lacked the robust features that the Appliance offered.

Driven by IBM® Tivoli® Storage Manager (TSM) and other proven technologies, the STORServer Backup Appliance is a comprehensive, fully integrated, backup, archive and disaster recovery solution in a single, easy-to-use configuration of hardware and software technologies.

STORServer has enabled much faster backups for SMUS. Previously, with Backup Exec 2010 version 13, the school was doing incremental backups daily and full backups during the weekend, which proved to be incredibly challenging for performing restores. In order to restore a file, Przybylski had to go to the latest full backup and look up all backups since then. If a file changed daily, that meant they backed it up daily. So, if a file changed every day for 30 days, SMUS had 30 copies of it due to a 30-day retention requirement. STORServer enabled the school to get proper file retention policies back to a year and eliminated the worry about all the different data sets they were backing up every day.

SMUS is currently backing up 17.5 terabytes (TBs) of raw data across two locations—one at its main facility and the other at a nearby junior school. The school is fully virtualized with 60 virtual servers and runs Windows and Linux and a 10 gigabyte network in its server room.

Using Backup Exec 2010 version 13, backups started running at 10 p.m. every evening and usually finished by 7 a.m. the next day. However, if there was ever an issue, backups would go into the next work day and make the system very slow. The backup window was growing and growing and Przybylski feared SMUS would eventually run out of physical time to perform backups. Now, STORServer’s backup window is a quarter of that—mere hours.

The Appliance has saved the school immense amounts of time. Restores previously took half an hour to 40 minutes depending on when the file was deleted. Now, restores happen instantly with STORServer.

In October 2013, SMUS had a major storage crash. The process of restoring all of the data using the STORServer Backup Appliance included more than 7.1 million files restored to the main file server, 900 student email boxes and a couple of bare metal server restores. With no hiccups, problems or errors, STORServer had all of the data restored in a matter of a few days.

Although quantifying a cost savings of implementing the Appliance is difficult, Przybylski says the peace of mind the solution offers is invaluable.

The daily time period we would need to spend on managing the STORServer Backup Appliance is probably a quarter of the time we were spending on the old system,” says Przybylski. “We now spend at most 10 minutes a day maintaining the system. Time wise, it is a huge savings. And, my level of comfort is priceless.”

Since implementing the Appliance, the system has been able to meet SMUS’s growing needs. The school has bought extra tapes—as its backup data set has grown—and changed out the hard drives in the unit with help of STORServer. According to Przybylski, there wouldn’t be any issue expanding the system even if their file data volume doubled, which it likely will. STORServer could handle that growth.

STORServer is quite a hands-off system,” says Przybylski. “You set it up at the beginning with the retention policies, and then it really does run itself. Restores are instant and can be done by any of our technical staff. It doesn’t require expertise of the TSM platform. But, the biggest benefit is the peace of mind that my data is backed up and I can get it back in case of disaster. That was not the case with our old system.”

One of the biggest topics in IT today, specifically for anyone in the backup field, is deduplication. Using STORServer, SMUS is able to store 17 TBs of data on 9 TBs with compression and data deduplication.

Our WAN backups used to take seven nights to get a full backup, but with deduplication, we now get a full backup every night in just minutes over the same WAN connection,” says Przybylski “This has helped us out more than any of the other features of the Appliance. Compression and deduplication mean we have a quarter of the disk space our old system had. Now, we can store more data and archive sets than was previously possible. We don’t have to store data for specified periods of time. Some files are archived forever and most have retention policies.”


Katie Collison

Crossrail is the biggest construction project currently in Europe and is one of the largest single infrastructure investments ever undertaken in the UK. It is a rail link that will run 118km from Maidenhead and Heathrow airport to the West of London, through new twin bore 21 km tunnels under central London to Shenfield and Abbey Wood, east of London. Crossrail will increase London’s rail based transport network capacity by 10% and bring an additional 1.5 million people to within 45 minutes of commuting time to London’s key business districts, supporting regeneration across the capital. It represents construction on a staggering scale.



Over the past few months, the discoveries of two engineers have led to a steady trickle of alarms from the Department of Homeland Security concerning a threat to the nation’s power grid. Yet hardly anyone has noticed.

The advisories concern vulnerabilities in the communication protocol used by power and water utilities to remotely monitor control stations around the country. Using those vulnerabilities, an attacker at a single, unmanned power substation could inflict a widespread power outage.

Still, the two engineers who discovered the vulnerability say little is being done.

Adam Crain and Chris Sistrunk do not specialize in security. The engineers say they hardly qualify as security researchers. But seven months ago, Mr. Crain wrote software to look for defects in an open-source software program. The program targeted a very specific communications protocol called DNP3, which is predominantly used by electric and water companies, and plays a crucial role in so-called S.C.A.D.A. (supervisory control and data acquisition) systems. Utility companies use S.C.A.D.A. systems to monitor far-flung power stations from a control center, in part because it allows them to remotely diagnose problems rather than wait for a technician to physically drive out to a station and fix it.



It seems many organizations are starting where they are with Big Data. On a practical level, what that means is:

Now, I’m not going to be the one to say whether that’s a good idea or not at this point. You do what you need to do.



There was a time when data facilities had to be kept close to the knowledge workforce because the cost of building and maintaining broadly distributed network architectures was just too high, as was the latency they created.

Today’s high-speed, high-bandwidth networks have put an end to that, however, resulting in global cloud configurations that can connect data to virtually any device at a moment’s notice. The end result is that data centers are starting to crop up in the most unusual places, most often driven by the desire to implement the broadest possible data footprint while keeping costs to a bare minimum.

In many cases, this has led to a building boom of sorts in the coldest climates of the globe. Facebook, for one, recently took the wraps off its newest hyperscale facility, located in the small town of Lulea, Sweden. The facility lies just south of the Arctic Circle where the temperature rarely hits 70 degrees F and can easily slip to below zero in the dead of winter. Using ambient air and Sweden’s ample supply of renewable energy (mostly hydroelectric), the facility boasts a PUE of 1.04, which means that just about all the energy it consumes goes to data infrastructure, not cooling or power generation. For a center that handles upwards of 10 billion messages per day, that adds up to quite a savings for Facebook.



Friday, 18 October 2013 19:11

Be Cyber Smart. Stay Cyber Secure

CHICAGO – Cybercriminals don’t discriminate, so don’t be a target - protect your privacy and guard against fraud by practicing safe online habits. Cyber security threats and attacks are gaining momentum. With more than $525 million in losses due to online criminal activity in 2012, proper security measures are a critical component in keeping your identity and finances secure. <?xml:namespace prefix = o />

October is National Cyber Security Awareness Month (NCSAM), and the Federal Emergency Management Agency (FEMA) is taking this opportunity to remind our partners and the general public to create a safe, secure, and resilient cyber environment.

“Computers, smartphones and other electronics have become a prevalent part of our daily lives,” said FEMA Region V Administrator Andrew Velasquez III. “Everyone needs to understand how frequently cybercrimes occur and arm themselves with the latest information and tools necessary to protect their families against potential fraud.”

Helpful information on protecting kids online, securing your computer and avoid scams can be found at OnGuardOnline.gov. Here are a few tips to safeguard yourself and your computer:

Set strong passwords, change them regularly, and don’t share them with anyone.

Keep your operating system, browser, and other critical software optimized by installing updates.

Maintain an open dialogue with your friends, family, colleagues and community about Internet safety.

Use privacy settings and limit the amount of personal information you post online.

Be cautious about offers online – if it sounds too good to be true, it probably is.

Report a cybercrime to the Internet Crime Complaint Center (www.ic3.gov) and to your local law enforcement or state attorney general as


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Follow FEMA online at twitter.com/fema, twitter.com/femaregion5, www.facebook.com/fema, and www.youtube.com/fema.  The social media links provided are for reference only.  FEMA does not endorse any non-government websites, companies or applications.



One thing that has become all too transparent with social media and the Internet is that there are an awful lot of ugly, nasty people out there. And when they can hide behind anonymity they can get real ugly. That reality has driven a whole new class of reputation crisis. But left many with the question of what do you do when the uglies, nasties and digital mob start creaming you online?

My sense is that the standard answer (certainly mine has been) is that it doesn’t make sense to respond to any and every gratuitous attack. Monitor, monitor, monitor and if it looks like some accusation is getting legs then respond. However, I continually am surprised by the remnants of the old Mark Twain comment (I think it was Twain) who said never pick a fight with someone who buys ink by the barrel. While that refers to news, because of the impossibility of determining a meaningful distinction between new media and old media, it also applies in some thinking to online attacks as well. Particularly if the attack is coming from someone with a large following.



As the one-year anniversary of Hurricane Sandy approaches in late October, Allianz Group’s specialist corporate insurer, Allianz Global Corporate & Specialty (AGCS), warns that while there is heightened awareness, many businesses have not yet implemented adequate changes.

A new Risk Bulletin from AGCS entitled ‘Superstorm Sandy - Lessons Learned: A Risk Management Perspective’ examines the cost of the disaster and outlines what businesses need to do now to ensure they can mitigate the adverse financial impact of future storm events.

“Many businesses are not as prepared as they could be. Today businesses need to prepare for the new normal of weather events and this can be a laborious process,” said Tom Varney, Regional Manager for Allianz Risk Consulting in the Americas. “For many companies it takes time—in some cases years—to appropriate funding and actually make the much needed changes. For others it may just be about focusing on the right things at the right time. Allianz is committed to helping clients identify vulnerabilities, mitigate risk and be as prepared as possible.”

Superstorm Sandy - Lessons Learned: A Risk Management Perspective identifies four key steps that businesses can implement now to be better prepared for future extreme weather events:



Friday, 18 October 2013 19:08

Horizon Scanning

Colin Ive

As new threats appear, it is easy for busy Business Continuity practioners to miss these with their heads so deeply burrowed into the challenges of organisations. Practitioners are already overloaded with work and, as we have seen in recent years, this is often due to cutbacks, to having an amalgamation of roles or simply by being directed to focus on achieving compliance with new standards and increasing demands from customers etc. Yet without an effective and externally focused ‘risk radar’ seeking out these threats on a permanent, efficient and effective basis, an organisation can find itself suddenly confronted with unwelcome surprises which could impact their business either directly or via a failing supply chain. Surprises which can severely damage their bottom line!



Being involved in a legal action, even it the organization prevails, is expensive and can lead to an interruption to "business as usual."


Lately I have been reading about more and more court cases on complaints by workers claiming they were not paid for mandatory work done prior to, and following, work hours.

For example, a bus driver has to report 15 minutes early to inspect and prepare his bus to accept passengers. His formal work shift begins at 7 a.m., but because he has 15 minutes "prep" time, he actually begins work at 6:45 a.m.

Think about the person who has to "suit up" to work in either a clean room or a potentially contaminated area - a nuclear plant, for example. Not only does the employee have to take time to prepare for the job, the employee also needs time to doff the protective gear after the work day is complete.



Thursday, 17 October 2013 15:05

Walk a mile in their shoes

David Tickner
Computrix Services

Whether a consultant or an internal business continuity planner, it’s never easy to get management to commit to a continuity program. Perhaps it’s the approach you take or that you find management a bit too bottom line focussed.

Where is the key to gaining corporate commitment for BC programs - the CEO’s office, the CFO or the Risk Manager? Perhaps it’s not even inside your organisation, there could be other options.



One of the biggest factors in helping people to get along and making businesses profitable is communication. Mobile phones in particular have become the symbol of this: depriving somebody of his or her mobile phone is today akin to torture, at work, at home or anywhere else. The trend continues too towards more advanced and more diverse communications technology, as workers bring in their own mobile devices for work and customers increasingly put their faith in the cyberspace.  Yet, our communication fails when we’re in an elevator, in a tunnel, underground or any place similarly isolated from the business network. Do military communications hold an answer?

If communications are important to most businesses, for the armed forces they are vital. With this in mind, military communications have often been in the forefront of communications technology in sophistication, performance and availability. The Internet that we now take for granted was originally a DARPA (US Defense Advanced Research Projects Agency) project. The goal was to construct a communications network that would automatically reroute information to deal with any part of the network breaking down or being destroyed. Similarly, the army, navy and air force (and the police) had two way radios and radio networks long before the first mobile phones became available for consumers.



I’ve flogged this horse before, but this new info graphic from istock (and video version of it) reminded me of the importance of video on the web.

Imagine it was 1994 and we were having a conversation about crisis communications. You said to me, “You know, this Internet thing might be big. I think crisis communicators ought to look at how this thing called a ‘web site’ might help in a crisis.”

“Pah, fooey,” I would say. “Why would anyone need that? Everyone knows that crisis communication is about putting out press releases and handing them out to the waiting press mob outside the door.”



by Hilary Tuttle


In the October issue of Risk Management, social media and eDiscovery expert Adam Cohen chatted with me about the biggest corporate risks in sites like Facebook and Twitter, and outlined some best practices for developing and enforcing a social media policy. But behind every account sits one major risk that’s hard to control: a person.

Not all of Cohen’s advice could make the magazine, so here are some of his extra tips for how to mitigate the risks of personal social media – both to protect your company and to protect yourself.



It’s sometimes easy to forget that, as far as most end users are concerned, analytics is merely a means to an end. As such, those users are generally a lot more interested in the path of least resistance when it comes to applying analytics.

With that issue firmly in mind, Adobe this week at the Digital Marketing Association 2013 conference updated Adobe Analytics, a service that allows users to analyze massive amounts of unstructured Big Data.

Nate Smith, product marketing manager at Adobe, says Adobe Analytics eliminates all the complexity associated with Big Data by exposing analytics applications as a service. As a result, organizations don’t have to invest in expensive data scientists to organize their data; they just load it into the Adobe Marketing Cloud.



It’s sometimes easy to forget that, as far as most end users are concerned, analytics is merely a means to an end. As such, those users are generally a lot more interested in the path of least resistance when it comes to applying analytics.

With that issue firmly in mind, Adobe this week at the Digital Marketing Association 2013 conference updated Adobe Analytics, a service that allows users to analyze massive amounts of unstructured Big Data.

Nate Smith, product marketing manager at Adobe, says Adobe Analytics eliminates all the complexity associated with Big Data by exposing analytics applications as a service. As a result, organizations don’t have to invest in expensive data scientists to organize their data; they just load it into the Adobe Marketing Cloud.

How would you coordinate 30,000 volunteers in 5,000 locations across an arc 500 miles long in just eight weeks?

That was the challenge Aaron Titus faced in the wake of Superstorm Sandy. Undaunted, he went to work. Realizing he couldn't do it alone, he focused on building a solution that decentralized the coordination process, worked across agencies, and empowered leaders in the field. He succeeded. 

- See more at: http://blogs.csoonline.com/security-leadership/2802/conversation-aaron-titus-using-open-source-coordination-transform-disaster-recovery#sthash.dSBium9X.dpuf

Our staff recently was informed of a new emergency and disaster preparedness free mobile app solution called the “In Case of Crisis” mobile solution.

The “In Case of Crisis” mobile solution —  created and developed by Irving Burton Associates (IBA) –allows institutions – e.g. educational, corporate, government or hospitality — convenient and secure access to emergency information with features such as easy-to-read instructional and building diagrams, one-tap key contact calling, and push notifications for updates/alerts and maps.

The app includes access to a library of 85 possible emergency event scenarios with templates and images or organizations can customize with their own event details. A dedicated client success team provides hands-on coaching and best practice tips for publishing emergency plans to mobile devices.

Thursday, 17 October 2013 14:48

Cavalcade of Risk #194: Is this just fantasy?

Is this the real life? Is this just fantasy? Either way, we’re delighted to be taking our first turn at hosting Cavalcade of Risk #194. For those of you who, like us, are new to this, the CavRisk blog carnival is a round-up of risk and insurance-related posts from around the blogosphere.

Our debut as a Cav host kicks off with a post on fantasy insurance in which Hank Stern of InsureBlog poses the question: What if your Fantasy Footballer gets sidelined in real life? The good news is there’s an insurance policy for that. Game on.

Next up, at Workers’ Comp Insider, Julie Ferguson, brings us back to real life with a roundup of the impact that the government shutdown is having on workplace health & safety and various regulatory and employment-related matters. It’s her second, and hopefully last, roundup on the shutdown, Julie notes.



with Dan Zitting

5 Steps to Integrating Governance, Risk Management and Compliance Activities Across the Organization

Governance, risk management and compliance (GRC) efforts are often spread across an organization. Each department takes a different approach with its own systems, technologies and tools to engage in risk management activities. Senior management is often stymied in trying to get a clear picture of risk across the organization, having to compare apples and oranges served up from various silos of GRC activity.

Without a consistent way to look at the universe of risk across the organization, how can you weigh impact and likelihood and keep up to date on ever-changing risk profiles?



Wednesday, 16 October 2013 14:51

Recovery Strategies

Ian Charters
Continuity Systems Ltd

It is a pity that the term ‘recovery strategy’ was ever coined. It gives the impression that an organisation has one high level recovery strategy which will provide a response to all BC issues and around which all recovery plans and procedures will be based. For example – “in the event a disruption the organisation will move priority staff to operate from its recovery centre at...” which is seen as a solution to all problems.

Instead the ‘recovery strategy’ of an organisation is likely to be a whole raft of measures put in place before an incident occurs that will, hopefully, give it some workable options for response when an incident occurs whatever the circumstances.



Wednesday, 16 October 2013 14:49

Disaster Update: Cyclone Phailin

Cyclone Phailin made landfall on October 12th, striking the East coast of India including the states of Odisha and Andhra Pradesh.  Wind speeds reached 130 miles per hour and the storm surge reached 10 feet in some areas.

The storm triggered India’s biggest evacuation operation in 23 years with close to one million people evacuated by government authorities with support from the Indian Red Cross.  More than 110,000 are taking refuge in Red Cross run cyclone shelters. Phailin had a devastating impact damaging or destroying more than 250,000 homes and nearly 1 million acres of crops. 

The emergency response has been constrained by the cancellation of air-flights and trains, damage to highways and roads along the coastline, and disruption to mobile communication.

The Indian Red Cross (IRCS) has deployed teams to assess the affected areas and is mobilizing emergency relief items, clean water, and shelter materials.  More than 2,500 volunteers are responding. Three water treatment units have been deployed along with 11,000 tarps. The IRCS is planning to support some 200,000 people with initial assistance including distribution of shelter and relief supplies, health checks and provision of safe water.

The cyclone affected 11 million people but due to intensive preparedness efforts few lives were lost. In 1999 Cyclone Orissa made landfall in a similar area and killed more than 10,000 people.  Since that time the Indian Red Cross has increased its disaster preparedness efforts and training in the communities. 

 “Disaster risk reduction interventions for the last many years in Odisha, especially the construction of 75 cyclone shelters and training of large number of volunteers made it possible for nearly 110,400 people to get protection in these Red Cross Cyclone Shelters during the evacuation,” said Dr. S.P. Agarwal, Secretary General of the Indian Red Cross.


Wednesday, 16 October 2013 14:46

Listen to Understand – Not Simply to Reply


I have worked for a few organizations where the concept of the CEO was to help customers improve their business by understanding their business and business needs, create solutions via services with hardware and software, and provide support throughout the entire life-cycle.  Using these concepts in addition to my own beliefs, I recently presented to a group of prospects and customers.  I have long been convinced that selling a widget only goes so far.  Solving business problems, embeds you into the fabric of an enterprise.

Far too often, people believe in what they are doing without understanding it.



By Loraine Lawson

You hear it all the time: There simply aren’t enough trained data scientists to support the demand for Big Data analytics.

But here’s an interesting fact from TDWI’s best practices report on “Managing Big Data”: The data scientists aren’t really managing it now.

Actually, there’s an incredible range of job titles that manage Big Data. Out of 297 responses from 166 respondents (they could choose multiple options), only 6 percent said data scientists manage Big Data in their organizations.



Wednesday, 16 October 2013 14:43

What the Internet of Things Means for Security

You've probably been hearing a lot lately about the Internet of Things (IoT). The IoT (see: "The IoT: A Primer" at the end of this piece), while still in the early stages of development, is slowly making its way into the mainstream as more objects become connected via technology such as radio frequency identification (RFID) and the iniquitousness of the Internet.

By Bob Violino


CSO — You've probably been hearing a lot lately about the Internet of Things (IoT). The IoT (see: "The IoT: A Primer" at the end of this piece), while still in the early stages of development, is slowly making its way into the mainstream as more objects become connected via technology such as radio frequency identification (RFID) and the iniquitousness of the Internet.

Regardless of how the development of the IoT plays out in the months and years to come, or what specific plans organizations have for deploying related projects, there will clearly be security implications. IT and security executives might want to start thinking about the security aspects of IoT today, even if they have no immediate plans to link objects via the Internet.



Wednesday, 16 October 2013 14:42

Insider Threats and How They Can Be Mitigated

Any employee with access to sensitive data is a potential threat, whether they know it or not. Even if they don't have malicious intentions, the inherent nature of their privilege is what makes them so dangerous.

By Grant Hatchimonji

CSO — Any employee with access to sensitive data is a potential threat, whether they know it or not. Even if they don't have malicious intentions, the inherent nature of their privilege is what makes them so dangerous.

Vormetric recently published its 2013 Insider Threat Report exploring the very nature of these dangers while also tallying the results of a survey it conducted over two weeks in August of this year. The numbers, which were tabulated in September, indicated the responses from 707 IT professionals to questions regarding insider threats and they choose to combat them. Needless to say, the pervasive theme of the survey results was that insider threats are a very serious concern to just about everyone.



Wednesday, 16 October 2013 14:41

Plan to fail for better security and continuity

Tom Davison looks at how failures can be used to boost security and help business continuity: if approached in the right way.

We’ve all heard the old saying: “If you fail to plan, you’re planning to fail.” Of course, it’s true: and from a security viewpoint, it’s also interesting to turn the cliché on its head. Shouldn’t a major part of any robust IT security strategy be about planning to fail? About preparing for the ‘what if’ scenarios that can disrupt normal business operations, and attempting to mitigate the potential impact of those disruptions?

A majority of businesses already do this to some extent, by performing regular vulnerability scans and penetration tests on their networks. But all too often these tests will look only at issues such as vulnerabilities on Internet gateways, systems with out-of-date patches or the presence of malware. They don’t include other security problems that are just as capable of causing outages, failures and damage – such as DDoS attacks, phishing attempts and more – which almost always strike seemingly at random and unexpectedly.

So how do you widen the scope of your security planning to ensure you’ve covered all the outage and security scenarios that could have a catastrophic effect on your business?



The Business Continuity Institute has published the shortlist for its annual Global Awards, which will be presented at a ceremony on 6th November in London.

The BCI Global Awards ‘recognise the outstanding achievements of business continuity professionals and organizations worldwide and pay tribute to some of the finest talent in the industry’.

The shortlist for the BCI Global Awards is as follows:

Business Continuity Consultant of the Year

  • Louise Theunissen MBCI
  • Thomas Keegan MBCI, Director of Business Resilience, PwC
  • Saul Midler MBCI, Managing Director, LINUS Information Security Solutions
  • Muhammad Ghazali MBCI, Head of BCM Services, Protiviti
  • Pierre Wettergren AMBCI, Senior Consultant, 5G Continuity AB

Business Continuity Manager of the Year

  • Millington Gumbo MBCI, Head of BCM, Standard Bank
  • Arnab Kumar Mukherjee MBCI, Business Continuity Manager, Colt Technology Services India Pvt. Ltd.
  • David Clarke MBCI, Business Continuity Manager, Telefónica UK Limited
  • Neyaz Ahmed MBCI, Ag. Director – Business Continuity, Etihad Etisalat - Mobily
  • Tom Clark MBCI, Director of IT Business Continuity Management Services, Liberty Mutual Insurance
  • Elaine Tomlin MBCI, Business Continuity Manager, Certus
  • Abdulrahman Alonaizan MBCI, Business Continuity Manager, Arab National Bank
  • Nisar Ahmed Khan MBCI, Manager – Business Continuity Management, Kuwait Finance House

Business Continuity Team of the Year

  • BT
  • Orion Group
  • Standard Life plc

Public Sector Business Continuity Manager of the Year

  • Glen Redstall CBCI, Manager, Business Continuity & Emergency Management, Inland Revenue
  • Mary-Ellen Lang MBCI, Resilience Manager, The City of Edinburgh Council
  • Brian Duddridge MBCI, Business Continuity Manager, Welsh Government
  • Alan Jones MBCI, Head of Resilience & Emergencies, West Sussex County Council

BCM Newcomer of the Year

  • Akintade Ayelomi AMBCI, Senior Manager, Business Continuity Management, MTN Nigeria (MTNN) Communications Limited
  • Andrew MacLeod AMBCI, Consultant, Needhams 1834 Ltd
  • Maan Al Saqlawi, Head of BCM, Bank Muscat
  • Nicola Huxley, Security Risk and Resilience Manager, British-American Tobacco (Holdings) Limited

Business Continuity Innovation of the Year (Product/Service)

  • Blue Zoo
  • Fusion Risk Management, Inc.
  • Vocal Ltd
  • Everbridge

Business Continuity Provider of the Year (BCM Service)

  • NCS Pte Ltd
  • Continuity Shop
  • SunGard Availability Services

Business Continuity Provider of the Year (BCM Product)

  • IBM
  • LINUS Information Security
  • eBRP Solutions Network, Inc.

Most Effective Recovery of the Year

  • Etihad Etisalat - Mobily
  • NHS Blood and Transplant
  • Citi
  • NCB Capital

Industry Personality of the Year

  • Abdulrahman Alonaizan MBCI
  • Richard L. Arnold
  • Tim Janes MBCI
  • Mark Penberthy FBCI
  • Iain Taylor (Hon) FBCI

More details.

Daniel Dec
Cognizant Technology Solutions

The answer to that question is 'yes' - security and business continuity are a good fit and my reasons for this are based on observations and experiences over my career, along with some research evidence to support my position. My reasons can be summarised under five broad headings and these are:

Availability, core in security and BC
The definition of Information Security focuses on three main principles - confidentiality, integrity and availability. It is the availability part of this triad that illustrates the close relationship that BC has with security. Computerized information is only of value if it is available when needed. The concepts and objectives of BC support the availability of Information Security. In addition, there is more relevance as the need for high availability has increased which we will talk more about in a future section.



Controlling costs and improving clinical outcomes for injured workers are among the top priorities for workers' compensation payors. As the cost of medical care continues to rise and as the proportion of medical expense in the overall claim increases, a pharmacy benefit manager (PBM) is often looked upon to interject; lending insight and assistance to control pharmacy utilization and cost.


Add to FacebookAdd to TwitterAdd to LinkedInWrite to the EditorReprints

Today's workers' compensation claims environment requires a PBM to provide pharmacologic expertise, a robust network and service excellence while melding together the characteristics of analyst, clinician, processor, service representative, problem solver, educator, mentor, advocate, investigator, researcher and partner into one solution.

For even the most experienced this can be quite a challenge. Progressive Medical, however, is one PBM rising to the occasion.



Tuesday, 15 October 2013 13:21

Stretching Risk Management


Visit the offices of progressive, safety-minded construction companies these days and you'll see each and every employee -- management level and otherwise -- stretching, bending and reaching before starting the workday.

    In an industry where strains and sprains are by far the most frequent and costly injuries -- followed by falls, which are less common but more severe in terms of the damage -- more and more construction professionals have adopted a "stretch and flex" regimen to minimize on-the-job hazards.

    To protect their bottom lines, they need to. In some regions of the country, New York City in particular, some insurance carriers have found the workers' compensation market for construction so troubling they have withdrawn from it altogether. Contractors have taken on more retentions and are much more vigilant about safety as a result.



    IT is at the heart of most business today. Whether it’s in marketing systems and CRM, design software applications, production line automation or finance and accounting, if the information technology being used breaks down, so do business operations. Conversely, when service from the IT department is defined in terms of the business objectives of the organisation, business continuity can be positively reinforced. ITIL (IT Infrastructure Library) and ITSM (IT Service Management) both take business goals as the starting point for defining and implementing levels of IT service. How then do ITIL and ITSM compare and what are their roles in helping to improve business continuity?



    Early in the summer, I noticed quite a few social media intern positions on some of the online job boards. Although I could see how it would make sense to some companies to get their feet wet in social media without spending much money, it gave me shivers to think that a solid business with good community standing might turn over its public media strategy to a kid whose only social media expertise was tweeting and Facebooking with friends.

    And apparently I’m not alone in my fears. I’ve read several articles that warn SMBs to not hire interns to take on social media—or at least not to hire them to be the sole voice of your company’s social media campaign.

    Although the younger crowd is quite familiar with the ins and outs of most social media platforms, it’s mostly what they aren’t yet familiar with that counts the most—your company’s relationship with its customers. I’m not saying that young men and women of college age have no understanding of business or marketing. What I am saying is that it often takes months or even years for a new employee to learn the real inner workings of a business and its marketing needs. Interns sign on for only a few months. By the time he or she begins to get into the groove, it’s time to move on.



    Tuesday, 15 October 2013 13:18

    Is Big Data Really a Problem?

    Only 8 to 10 percent of organizations have actually spent any money or time building Big Data applications or systems, according to a recent article in Datanami. But does that mean we’re all being conned about the growth of Big Data?

    Probably not. Even though that 8 to 10 percent figure was consistent when Datanami looked at surveys by Gartner, The Data Warehouse Institute (TDWI) and data integration vendor Talend, that particular statistic offers only a small view of the Big Data picture.

    As the article goes on to explain, there are other reasons to believe Big Data is still a major issue for organizations. In fact, the same Gartner study also found 64 percent of respondents either are investing or have plans to invest in Big Data technology this year. Other surveys show similar results.



    October, as you may know, is Cyber Security Awareness Month. The event is sponsored by the Department of Homeland Security, which means that Cyber Security Awareness Month is affected by the government shutdown.

    Luckily, the event has taken off since its inception and other organizations are instituting cyber security awareness programs. That’s the great news. The not-so-great news is the shortage of “cyber warriors” to stand on the front lines of cyber security.

    I’ve written about this security professional shortage before, of course. Even as more universities are stepping up cyber security education programs, there is still a lack of good, trained security professionals in the private sector – and even fewer in the public sector. As SourcingFocus.com put it:



    Tuesday, 15 October 2013 13:05

    Florida Looking for NFIP Alternatives

    Last week, Florida Insurance Commissioner Kevin McCarty announced that his office is in the process of developing guidelines for insurance companies to request approval to write primary flood insurance in the state. This announcement came just one day after Rebecca Matthews, McCarty’s deputy chief of staff, told the Florida Senate Banking and Insurance Committee that the Florida Office of Insurance Regulation (FLOIR) was in talks with various insurance companies regarding writing primary flood coverage in the state. These developments are in response to continuing concerns about escalating flood insurance rates due to the Bigger-Waters Act of 2012.

    The Biggert-Waters Act of 2012 extended the National Flood Insurance Program by several years while also putting in place several reforms meant to make the program more solvent. One of those reforms was a phasing in of actuarial flood insurance rates over time. For many the increased premium will be significant, if not severe. In Florida, the biggest hit will be to homes built prior to 1974 in high risk flood zones. At last week’s hearing it was reported that some of those homes could see rates rise from $500 to $16,000. Current owners of those properties will continue to receive subsidized rates, but those subsidies will discontinue once the property is sold thus hindering the Florida real estate market.



    NEW DELHI — India breathed a sigh of relief Sunday as assessment teams fanned out across the eastern part of the country in the wake of the biggest storm in 14 years and found extensive property damage but relatively little loss of life.

    The state news service, Press Trust of India, reported that 23 people died as a result of Cyclone Phailin, most from falling trees or flying debris.

    Many had predicted a far higher death toll from the storm in this country of 1.2 billion people, where crisis management, regulation, planning and execution are often inadequate and thousands lose their lives each year to natural disasters, building collapses, train accidents and poor crowd control.



    So how do you influence decision making as a compliance professional? That topic was explored in a session at this year’s Society of Corporate Compliance and Ethics (SCCE) annual Compliance and Ethics Institute by presenters Jennifer O’Brien, Chief Medicare Compliance Officer for UnitedHealthcare Medicare & Retirement and Shawn DeGroot, Associate Director for Navigant. They, together with a very participative audience, had some insightful thoughts for the compliance practitioner on “how to get to effective.”

    The single best piece of advice O’Brien said that she had ever received came from the recently retired Chief Compliance Officer (CCO) of Microsoft, Odell Guyton. It was to “be relevant.” Although Guyton used that term in the context of senior management meetings, O’Brien thought it so profound that she applied it to all of her work as a compliance professional. In meetings, you have to know both when to speak up at the relevant times and when to keep quiet.



    Kathleen Lucey
    Montague Risk Management
    The bleeding edge of our profession is now resiliency – not recovery, not continuity. But the most interesting part of this is the analysis of events as they occur: calculating the effects of these events and responding in new and different ways.
    Coupled with detailed current information and analytics engines to help us to understand the impact of events on our markets, our competitors, and our operations, we are now beginning not just to respond faster and better, but to position ourselves to be able to manage improbable, adverse events – sometimes called 'black swans' – to our advantage. We are able to generate additional revenues and/or open new markets for existing products, rather than just minimizing event damages.
    I don’t know about you, but I would like to move to the side of the organization that deals with revenue enhancement – marketing and new product development – and move away from compliance. There is more funding there to get the job done right!

    Kathleen will be discussing this and the issue of resilience within the 'Thought Leadership' stream at the BCM World Conference on Thursday 7th November, starting at 10:35.


    NEW DELHI — A powerful cyclone whose spinning arms engulfed much of the Bay of Bengal weakened Sunday morning as it crashed into India’s eastern coast, flooding homes and roads throughout the region and disrupting electricity and communications.

    The authorities evacuated about 800,000 people, one of the largest such evacuations in India’s history. The storm’s maximum sustained winds, which were approximately 124 miles per hour when the storm made landfall about 9 p.m. Saturday, had dropped to less than half that strength nine hours later.

    At least five people were killed in the coastal city of Gopalpur because of heavy rain and high winds before the storm made landfall, officials said. The storm was expected to drop up to 10 inches of rain over the next two days in some areas.



    I know the Terminator mythology dictates that Skynet is a military system, but personally, I think we might want to keep tabs on IBM.

    Everyone knows about Watson, which topped PC Magazine’s “Five Real Computer Systems That Could Become Skynet” list back in 2011. And we know IBM is putting Watson to work in new, more commercial ways.

    But a recent CMSWire article, “Has IBM Just Changed the Big Data Analytics Market?” only adds to my suspicions.

    IBM announced this week it would offer a new type of Big Data solution — the Accelerated Discovery Lab (ADLab), which is based in IBM’s Almaden facility in San Jose.



    In times of momentous change such as the enterprise is undergoing right now, it is easy to forget that most organizations are still trying to deal with some very mundane issues. Although it has largely dropped off the radar in the trade press, one of the most crucial is the ongoing integration of virtual technology into legacy data infrastructure.

    Server virtualization, in particular, has progressed unabated to the point that it is now the common approach to hardware consolidation and the development of all the software-defined, cloud-ready architectures that are remaking the data center. And yet, we are still struggling with ways to implement virtualization on the server side without overloading resources elsewhere, namely storage.

    This may seem odd, given that the public cloud provides virtually limitless storage for all manner of functions. But the fact remains that those who prefer to keep data in-house need to find innovative solutions to scale storage on par with servers and networking if they are to have any hope of maintaining on-premise infrastructure in support of private cloud deployments. Fortunately, storage can be ramped up in a virtual environment in a number of ways.



    David Clarke
    Telefónica UK

    At Telefónica UK we are proud to be one of the first UK businesses to achieve the international ISO 22301 accreditation for business continuity management. We’ve always worked hard to ensure that all parts of our business are robust. Our business continuity provisions were accredited under the former British standard BS 25999, so the transition to ISO 22301 was a natural one for us.

    Our COO and business continuity champion on the Board, Derek McManus, summed it up nicely when he said: “Achieving ISO 22301 accreditation demonstrates our commitment to providing a reliable, high quality service to our customers. It shows that we have the resources, investment and processes in place to protect ourselves from potential service disruption – minimising the impact on our customers.”



    Friday, 11 October 2013 12:37

    The State of HP, As Told by Meg Whitman

    CIO — HP CEO Meg Whitman provided a financial update this week during the firm's securities analyst meeting. It's a pleasure to see someone like Whitman speak; she prepares properly, articulates her points clearly and has been trained to pace a talk.

    Often the folks giving financial statements seem ill-prepared. One, they don't rehearse enough. Two, edits are being made right up to show time. These are bad practices that distract significantly from the presentation and from the appearance of capability for both the CEO and the firm.



    The first I ever heard of the WhatsApp mobile messaging app was a couple of months ago, when a friend told me she had downloaded it. Two days later, I began getting messages in my inbox telling me that I had voicemail on WhatsApp. Obviously it was spam, since I didn’t have that app installed on any of my devices, but it was an odd coincidence. I warned my friend about the spam, which was loaded with malware. She thanked me profusely; she was using her phone for BYOD purposes as well as personal, and you can imagine the problems that could have ensued.

    As if the malware spam wasn’t enough for WhatsApp’s reputation, the site was one of several sites—including several antivirus software sites—to be hit with a DNS attack this week. As Grayson Milbourne, security intelligence director at Webroot, explained to me in an email:



    A mere 16 percent of companies support full integration between CRM and other business systems, according to a recent survey by Scribe Software.

    The integration vendor annually conducts a State of Customer Data Integration survey. This year, it received 900-plus responses.

    If full integration strikes you as perhaps an over-ambitious goal, the findings are still troubling when you look at just general integration of CRM with any other business systems.



    Friday, 11 October 2013 12:34

    Testing DR/BC: What’s the Point?

    All too often, organizations that do have Business Continuity Plans (BCP) in place rarely test them.  Those that do, go through a typical tabletop exercise.  Organizations that have Disaster Recovery Plans (DRP) generally test them, but why?  I ask why because it has been my experience that the “tests” are an exercise in futility.  I say futility because they are tests to satisfy an audit that prove very little.

    It is kind of like high school in that class you had to take.  It was being audited by the state so the administration made certain to put it on display.  Funny thing was that everyone knew the answers to the questions because they had taken previous tests over the same topics many times. This is what a great majority of Disaster Recovery (DR) tests mimic.



    Friday, 11 October 2013 12:33

    How to Build the Immortal Data Center

    Network World — Orlando -- If your data center is reaching capacity and you're thinking about cracking open the corporate piggy bank to fund a new data center, stop right there.

    By following some simple best practices, you may be able to take your existing data center and retrofit it to last pretty much forever, says Gartner analyst David Cappuccio.

    "If you do it right, there's a good chance you could live in a fairly well designed data center for decades,'' Cappuccio says.

    So, how do you get there? First, you need to identify the goals of the infinite data center. It needs to be energy efficient. It needs to be economical to build. It needs to be able to adapt to new technologies. And it needs to be able to support continuous growth.



    Friday, 11 October 2013 12:32

    7 Top Wishes of IT Project Managers

    CIO — Ah, the joys of being a project manager. From being treated like a servant of management and not being included in key decisions, to having priorities, tasks and deadlines constantly changed on them -- and then being blamed for delays and slipups -- IT project managers have a lot to deal with.But what if project managers could change all that? What if a genie could grant IT project managers three (project-related) wishes? What would project managers wish for?

    CIO.com decided to find out -- and asked IT project managers, If you could have three project management-related wishes, what would they be? Here are the seven most-wished-for items.



    Friday, 11 October 2013 12:31

    A Thorough Guide to IT Security Challenges

    For IT security professionals, the game is to always stay a step ahead of hackers, security standards and governing regulations. The best way to keep on top of everything is research—reading up on the latest threats, vulnerabilities, and secure hardware and software.

    The book “Information Security Management Handbook,” is one detailed source for all things IT security. The integral security topics covered in this book include:

    • Networking
    • Telecommunications
    • Cloud computing
    • Policies and standards
    • Application development
    • Architecture
    • Training

    It goes beyond typical security books and provides detailed practices for many areas for which IT provides security. The intro provides a look at threats and vulnerabilities that have cropped up since the last version of the book and that the publishers predict will pervade IT security for years to come:



    In my previous post about Lionbridge, I wrote about how its enterprise crowdsourcing division is challenging the traditional outsourced services model with “business process crowdsourcing” for the enterprise. This managed crowdsourcing strategy adds governance and high quality to the crowdsourcing approach to provide an alternative that Lionbridge says is in the range of 30 percent cheaper than what traditional business process outsourcers charge. So how does Lionbridge do it?

    According to Dori Albert, Lionbridge’s enterprise crowdsourcing practice manager, it starts with attracting qualified workers for the company’s private crowd. She explained that these workers are thoroughly screened and tested before they’re accepted into the crowd, and that they’re paid an “equitable wage.” I asked Albert if she could quantify what Lionbridge considers to be an equitable wage, and she said it depends on the task:



    Thursday, 10 October 2013 17:46

    Technology Use by MSSPs - CHECK OUT OUR SURVEY

    Technology is essential in any managed security operations center. Technology has come a long way to create an active defense of the enterprise. There are vendors that offer solutions for log management, web application defense, firewall, incident event correlation, and many others. In order to understand the size of the security technology market Forrester and the MSP Alliance are partnering in a survey to look at the managed security functions and the technology MSSPs use to deliver their services. If you are an MSSP or an end-user of these technologies you can complete this survey at:


    For completing the survey you are automatically entered into a contest to win an I-Pad mini. Also for completing the survey you will receive a complimentary copy of the resulting research paper.

    Thursday, 10 October 2013 17:45

    Implementing BCM through complexity

    Thomas Puschnik
    Zurich Financial Services

    Leading a BCM framework in a complex and challenging operating environment is no easy task but one potential key to success is effective relationship management. There are at least two key components to achieving this.

    First is in terms of the BCM workforce. Having a team identity or common purpose, a set of agreed goals and clear roles and responsibilities all help to form the basis of a good team. Going from 'good' to 'great' requires a focus and commitment to building strong trusted relationships and recognising there will be setbacks along the way. This requires strong leadership and the will to take time out to listen and get to know team members and to understand their needs and concerns. This is especially true in regions where languages and cultures differ significantly.



    Privacy and compliance laws are significantly expanding, the need for transparency is increasing and how organizations use and share private information is evolving. All this means the role of  Chief Audit Officer (CAO) is an essential one in many corporate and healthcare organizations. A CAO has several key responsibilities, including conducting a thorough examination of an organization’s business operations, recommending operational efficiencies, ensuring compliance with privacy and security laws such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX) and the various state breach notification laws. And if the organization operates globally, the governance mandate of the CAO grows exponentially as the organization must comply with regional and international privacy and compliance laws.

    Often it becomes the responsibility of the CAO to recommend ways the organization can improve operating efficiencies. As part of making such recommendations,  the officer needs to perform risk assessments, identifying areas where the organization may be vulnerable now or in the future.

    Being able to identify these vulnerabilities quickly and address them is one of several key attributes of an effective chief audit officer. Other key attributes include:



    Thursday, 10 October 2013 17:43

    How to Beat Storage Bottlenecks in a Flash

    CIO — It's difficult to identify and address application performance issues when they're tied to storage I/O bottlenecks, but a company that specializes in data analysis has found a way to eliminate those storage performance roadblocks - it hopes once and for all.

    Pete Koehler, the IT Manager and Virtualization Architect for Tecplot, says his company was looking for a storage acceleration option that didn't involve buying an entirely new array.



    Thursday, 10 October 2013 17:42

    How Not to Be a Victim of Your Own Data Centre

    Nowadays, IT plays a vital role in supporting business functions for many organisations. They depend on their data centres to keep their activities going and to come up with new ideas about how to improve them. However a report by research company IDC (International Data Corporation, 2012) suggests that both business operations and innovation may be compromised in the majority of cases (84 per cent). The issues are mainly data centre power, space, cooling capacity, assets and uptime. The consequences can be degradation in customer service, the need to reverse gears on a key application deployment or other impacts on business continuity.



    It seems that most SMBs have or are considering adopting some sort of cloud computing technologies. Recent surveys, like this State of SMB IT Report from Spiceworks (registration required), have shown that 61 percent of SMBs are using cloud-based technologies in some form within their organizations. But how will this trend play out in coming years?

    A recent report from TechNavio forecasts SMB IT spending market for the next four years. The report indicates that global SMB spending in the IT arena has increased in the sector of cloud technologies. Though deploying cloud infrastructure, it says, is becoming increasingly expensive and could pose a threat to its future growth and adoption by SMBs.



    Thursday, 10 October 2013 17:39

    Big Data, the Cloud and the Exascale Dilemma

    For enterprises looking to build their own private clouds, the rule of thumb is quickly becoming: Go big or go home.

    It’s been clear from the beginning that one of the chief advantages the cloud brings to enterprise data environments is scale. But even the most advanced cloud architecture in the world can only expand so far before it hits the limits of physical infrastructure. That’s why enterprises that have the resources, like General Motors, are doing their best to match the hyperscale infrastructure of Amazon, Google and other top providers. With a big enough physical footprint, they will be able to broaden scalability and flexibility without having to entrust critical data and applications to public resources.

    Naturally, building data infrastructure on a grand scale is not without its challenges. One of the chief obstacles is delivering adequate power to hyperscale, or even exascale, architectures – something the NSA has apparently discovered at its new Bluffdale, Utah, facility. To the joy of civil libertarians everywhere, the plant has been experiencing unexplained electrical surges that have fried components and caused mini explosions. The situation is so bad that insiders are reporting that the center is largely unusable, and even leading experts in the facilities and data fields are at a loss to explain what is going on.



    An earlier blog article by my colleague highlighted the importance of understanding the Causality Chain in effective Incident Management.  Underlying the Causality Chain is the knowledge of the interdependencies of organizational assets which enable the delivery of products and services.

    The same dependency mapping that enlightens the Causality Chain also produces information which, if used properly, can aid both Risk Management and Recovery Strategy planning.  That tool is commonly referred to as a “What-if?” Analysis.



    Thursday, 10 October 2013 17:37

    Lessons learned from a cloud evaporation

    Computerworld - Cloud capacity provider Nirvanix croaked recently, giving clients two weeks to get their data out of there. I estimate that most clients would require two months or more to accomplish this. Some need two years. There is physics involved, unfortunately. The "Beam My Data Up" feature turns out to be fictitious. Go figure.

    If you never contracted with Nirvanix, it's easy for you to think, "Well, serves them right for using a little startup. I would never do that!" Think again. IBM and HP resold Nirvanix. They put a lot of customers on that cloud.

    Fortunately for many Nirvanix customers, it may not be catastrophic if they can't get their data out. The cloud provider mostly handled fixed file content, and 99% of the data was non-transactional -- and not the only copy. It was mostly cold storage. Nonetheless, some customers are screwed. And all will suffer in one way or another.



    Wednesday, 09 October 2013 13:54

    The Top 10 IT Altering Predictions for 2014

    Gartner analysts today whipped out their always interesting and sometimes controversial look at what the consultancy thinks will impact the IT arena in the near future.

    By Michael Cooney

    Network World — Gartner analysts today whipped out their always interesting and sometimes controversial look at what the consultancy thinks will impact the IT arena in the near future.

    Some of the technology trends are not new The so-called Internet of Things and cloud computing for example, but there are some hot new areas A like 3D printing and Software Defined Networking that will be making an impact on IT sooner rather than later.

    These changes are due in no small part to the fact that by 2020, there will be up to 30 billion devices connected with unique IP addresses, most of which will be products. "This creates a new economy. Gartner predicts that the total economic value add for the Internet of Things will be $1.9 trillion dollars in 2020, benefiting and impacting a wide range of industries, such as healthcare, retail, and transportation."



    Wednesday, 09 October 2013 13:53

    The return on investment of a BCM programme

    Rainer Hübert
    HiSolutions AG

    When will the investment for a BCM programme pay off? Most people think that the only correct answer is when a damage scenario has taken place. Hopefully then an effective BCM programme will reduce an otherwise much more costly, or even possibly fatal financial impact to a bearable amount. Then, and only then, will the investment in BCM be paid off – just like insurance policy.

    In our finance driven business world however, investment in BCM needs to be justified in financial terms, unless a BCM programme is forced upon an organization by its clients or by regulatory authorities.



    Wednesday, 09 October 2013 13:52

    Downtime, data loss and natural disasters

    As the anniversary of Hurricane Sandy approaches, a Carbonite survey has found that most small businesses in the affected area are not prepared for the next disaster.

    The survey, conducted by Wakefield Research, found that more than 40 percent of small businesses in the tri-state area hit by Superstorm Sandy last October (NY, NJ, and CT) think it's likely they will be impacted by a natural disaster in the next year, and that only 22 percent feel they are ‘very prepared’.

    Downtime and data loss caused by natural disasters can be detrimental to any small business. On average, survey respondents said it would take 16 days to recreate or recover their files – and nearly a third said they would never be able to recover or recreate all of their important business data if it was lost.

    In addition to lost time, data loss can hit a small business where it hurts – their bank account. Carbonite found that on average, small businesses would lose $2,976 per day if they were unable to operate. This means the average small business could lose a devastating $47,616 over the 16 days it takes them to recover their data.



    HP has published the results from a study conducted by the Ponemon Institute, indicating that the cost, frequency and time to resolve cyber-attacks continue to rise for the fourth consecutive year.

    Conducted by the Ponemon Institute and sponsored by HP Enterprise Security Products, the 2013 Cost of Cyber Crime Study found that the average annualized cost of cybercrime incurred by a benchmark sample of US organizations was $11.56 million, representing a 78 percent increase since the initial study was conducted four years ago.

    The results also revealed that the time it takes to resolve a cyber-attack has increased by nearly 130 percent during this same period, with the average cost incurred to resolve a single attack totalling more than $1 million.

    Key findings from the 2013 study include:




    I love it when technology people start to focus on a new area, because they always seem to offer a fresh view, even when the topic is well dissected. I think that’s one reason why tech is known for lowering costs in all industries, except one: health care.

    MIT Technology Review recently published an excellent package, “A Cure for Health-Care Costs.” At the heart of the articles is this question: Why is it that technology raises the costs of health care, rather than lowering it, and how can we change that?

    “Computers make things better and cheaper. In health care, new technology makes things better, but more expensive,” quips Jonathan Gruber, an economist at MIT who leads a heath-care group at the National Bureau of Economic Research, in one article.



    SDN benefits include automating and easing network administration duties and improving application performance. But it also introduces a number of potential threat vectors into your environment. What should you know before you invest in SDN?

    By David Geer

    CSO — Software defined networking (SDN) moves networking from hardware to the software plane, under management of a software controller. Benefits include automating and easing network administration duties and improving application performance. As a new technology, SDN is subject to vulnerabilities.

    But with SDN, the industry knows certain vulnerabilities are native to the approach. First, according to Chris Weber, Co-Founder, Casaba, centralizing control in an SDN controller removes protective, layered hardware boundaries such as firewalls. Second, according to Gartner analyst Neil MacDonald, by decoupling the control plane from the data plane, SDN introduces new surface areas such as the network controller, its protocols and APIs to attack.



    Wednesday, 09 October 2013 13:41

    Cloud And Cloud Security – Get Rid Of The Box

    by Edward Ferrara

    Peter Kujawa CEO of Locknet, Steve Tallent from Fortinet, and I were speaking at the recent  Conference in San Jose, California about the cloud revolution. Steve was interested in the conversation because Fortinet is now offering virtualized versions of their Fortigate UTM solution. Peter was interested because his business is built on taking the pain away that platform management entails. Obviously security intersects both of these worlds.

    We discussed the changes cloud computing was making to the MSP/MSSP markets and the differences between the SMB and enterprise businesses and what motivates them to consider the cloud IaaS, SaaS, and PaaS model.

    Peter talked about one of his clients – a smaller client – that managed their business from a small server stashed in the closet of their offices. Peter’s company offered to replace the box with a cloud-based system that took over patching, updates, and maintenance for the system for a simple monthly fee. The client would access their applications via the Internet.  The risk to this business was huge for so many reasons. The customer leapt at the chance to get rid of the box.



    by Hilary Tuttle

    In an interview for this month’s issue of Risk Management magazine, lawyer and social media specialist Adam Cohen cautioned businesses that the risks of social networking sites extend beyond explosive posting faux pas.

    “In most cases, corporations don’t realize that what they put on these social media services is all subject to the privacy policies and terms and conditions of the services,” said the eDiscovery expert and author of Social Media: Legal Risk and Corporate Policy. “Those provide a shocking amount of access by the social media services where they may take your data.”

    As Twitter prepares for its much-anticipated IPO, the social media giant has released a torrent of information on its financial standing and practices. One of the most important tidbits for users concerns the site’s lesser-known side-business: data mining. In the first half of 2013, Twitter made $32 million by selling its data—namely, tweets—to other companies, a 53% increase from the year before.



    by Renee Murphy

    Outside of Tempe is a place called Sahuarita, Arizona. Sahuarita is the home of Air Force Silo #571-7 where a Titan missile, that was part of the US missile defense system and had a nine-megaton warhead that was at the ready for 25 years, should the United States need to retaliate against a Soviet nuclear attack.  This missile could create a fireball two miles wide, contaminate everything within 900 square miles, hit its target in 35 minutes, and nothing in the current US nuclear arsenal comes close to its power. What kept it secure for 25 years? You guessed it...four phones, two doors, a scrap of paper, and a lighter. 

    Photo Credit: Renee Murphy

    Technology has grown by leaps and bounds since the cold war. When these siloes went into service, a crew supplied by the Air Force manned them. These men and women were responsible for ensuring the security and availability of the missile. Because there was no voice recognition, retinal scanning, biometric readers, and hard or soft tokens, the controls that were in place were almost entirely physical controls. All of the technology that we think of as keeping our data and data centers secure hadn’t been developed yet. It is important to note that there was never a breach. Ever.



    David Hawkins
    Institute for Collaborative Working

    Over the past three decades the sourcing programmes and supply chains have increased exponentially not simply in terms of commodities and products, but also in a wider variety of outsourcing and service propositions. These extended networks have now bridged the traditional boundaries between organisations and in doing so introduce a significant spectrum of risk to business continuity and reputation. At the same time the implications for both natural and manmade disasters highlights the interdependence of companies of all sizes and in all sectors. Reliance on these extended relationships to deliver business performance raises the prospect that resilience and business continuity is no longer simply an internal issue for companies and prompts consideration for a much greater awareness in the identification of risk, selection of suppliers and increased focus on collaborative working and the capability of third parties to jointly perform when necessary.



    Wednesday, 09 October 2013 13:10

    Lesson from a doctor

    According to an article in the San Antonio Express-News’ mySA site heded Poor penmanship costs doctor $380,000, “A local physician whose illegible handwriting led to the fatal overdose of an elderly patient was ordered by a civil court jury Thursday to pay $380,000 in damages to the woman's family.”

    While most Enterprise Risk Management (ERM) and Business Continuity/COOP practitioners eschew the pen in favor of a keyboard, the point of the article, at least as this practitioner sees it, is the necessity to make certain the audience gets the correct message.

    It is not the audience’s job to try to interpret the practitioner’s words; it is the practitioner’s job to communicate to the audience in a manner the audience comprehends.

    By the way, the operative word is “comprehend,” not “education” or “position.” Neither necessarily equates to comprehension of a specific subject.

    According to the San Antonio paper, the doctor “changed his mind about the dosage, intending to increase it (from 10) to 20 millamoles(NB), testimony during the weeklong trial indicated.

    “However, instead of scratching out the original amount on the form or starting over, he attempted to write a “2” over the “1,” the doctor acknowledged.



    Tuesday, 08 October 2013 15:58

    Dell Creates Virtual Storage Blend

    When it comes to data storage, the less IT organizations have to think about it the happier they are. That’s the guiding principle behind a hybrid approach to data storage that spans magnetic disks and multiple types of solid-state drives (SSDs) that is being pursued by Dell.

    To bolster that strategy, Dell today announced that is offering a Flash optimized storage system that is priced less than 15K magnetic disk systems. In addition, Dell has developed a 5U rack capable of holding 336TB of magnetic disk storage.

    According to Bob Fine, senior product marketing manager for Dell Storage, these two announcements highlight an effort by Dell to bring Flash storage to IT organizations at a cost they can afford, while making management of that storage seamless. To achieve the latter goal, when data is first stored on a Dell Compellent system, it is automatically deposited on an SSD based on multi-level cell (MLC) technology that is optimized for enterprise applications. As usage of the data declines, the data is then automatically moved to less expensive single level cell (SLC) SSDs. If it’s not used for an additional period of time, the Dell Compellent array will automatically move that data to magnetic storage.



    Tuesday, 08 October 2013 15:55

    Maintaining Some Professional Distance

    Do you know your coworkers’ hometowns? Their favorite colors? Their current level in Farmville? If you answered “yes” to all three questions, there may be a very serious management concern here. More and more studies show that rather than creating tighter bonds, the intensifying drumbeat of social media is actually driving us further and further apart.

    A University of Birmingham (UK) researcher has gone so far as to suggest (in an extensive study) that the image-happy individuals among us actually harm personal and professional relationships with each new image they post (see “Tagger’s Delight? Disclosure and Liking in Facebook: The Effects of Sharing Photographs Amongst Multiple Known Social Circles“). And it’s not just that we’re getting to the point of annoyance with those who overpost. A University of Michigan study posits that the more time we spend in social media, the more depressed about our relationships we become (see “Social Relationships and Depression: Ten-Year Follow-Up from a Nationally Representative Study“).



    Since the financial collapse of 2008, new banking regulations have been put into place to prevent a similar crisis from reoccurring.  With these new regulations, banks are re-evaluating the way they enforce governance, risk and compliance (GRC) processes.  The purpose of GRC is to help these institutions identify and protect against unknown risks, monitor practices more closely and improve their overall operations.

    While an effective GRC strategy benefits the financial institution by helping saving both time and money, the challenges associated with implementing GRC can often seem overwhelming.  GRC entails changing the processes an organization is accustomed to, and as we all know, change is not easy to embrace.  As such, GRC implementation can present challenges, such as adapting the new processes and re-training the employees to do the same, leading to a new learning curve for the entire organization.  As a first step, it is important for banks to fully understand the new regulations and their impact before changing their processes. Incorrect interpretations of these new regulations can lead to confusion and even reputational damage in some instances.



    Tuesday, 08 October 2013 15:53

    Reputation becomes the top strategic risk

    Company reputation and the fallout from reputational damage are the highest priority strategic risk for large companies, according to the results of a global survey report by Deloitte.

    Reputational risk was ranked third among strategic risk concerns three years ago, according to companies surveyed. Also back in 2010, brand and economic trends were identified by senior executives as the key strategic risks, though both have fallen since. In some industry sectors, reputation has risen from outside the top five strategic risk concerns to the top of the list. In the energy and resources sector, for example, reputation ranked only 11th on the list of strategic risks in 2010, though three years later has risen to the top spot.

    The rise of reputation risk as the key strategic risk is mirrored by executives listing social media, which has transformed reputation management as the biggest technology disrupter and threat to their business model. Nearly 50 percent listed this above other technologies such as analytics, mobile applications, and cyber-attacks.

    “The rise of reputation as the prime strategic risk is a natural reaction to recent high profile reputational crises, as well as the speed of digital and social media and the potential loss of control that accompanies it,” explained Henry Ristuccia, Deloitte Global Leader, Governance, Risk and Compliance. “The time it takes for damaging news to spread is quicker, it goes to a wider audience more easily, and the record of it is stored digitally for longer. Even in an environment where economic conditions remain tough and technology threatens business models, this is why companies place reputation at the top of their strategic risk agenda.”



    IDG News Service (Miami Bureau) — A majority of CEOs are failing to steer their companies towards effective use of new computer technologies, which precludes their organizations from making major business improvements.

    That's the conclusion of a new study released Tuesday by the MIT Sloan Management Review and Capgemini Consulting titled "Embracing Digital Technology: A New Strategic Imperative."

    The study was based on a survey of more than 1,500 executives and managers worldwide and its authors sought to examine the concept of "digital transformation," which they define as the use of new digital technologies to trigger significant improvements.



    The big selling point about virtualisation, at least in disaster recovery terms, is the power it gives to handle single points of IT failure. The idea is to distribute applications the right way over a number of servers; then if one physical machine crashes, another one should be available to ensure that applications can continue to run.  However, if virtualisation is simply bolted on in the hopes that this alone will protect an IT installation, then you may be in line for a rude awakening. Virtualisation needs to be deliberately integrated into an overall DR plan.



    A Wall Street Journal article on its Corporate Intelligence page titled A Note to Firefighters: How Not to Extinguish a Flaming Tesla showed a photo of a crumpled Tesla with flames coming from beneath the vehicle followed by the following text:

    “In trying to put out that stock-market fire (caused by the accident and fire), Tesla founder Elon Musk has let real-world firefighters know that standard operating procedures aren’t going to work when dealing with a flaming electric luxury sedan. From Musk’s blog post on the incident.”

    According to the blog, “When the fire department arrived, they observed standard procedure, which was to gain access to the source of the fire by puncturing holes in the top of the battery's protective metal plate and applying water. For the Model S lithium-ion battery, it was correct to apply water (vs. dry chemical extinguisher), but not to puncture the metal firewall, as the newly created holes allowed the flames to then vent upwards into the front trunk section of the Model S. Nonetheless, a combination of water followed by dry chemical extinguisher quickly brought the fire to an end.”



    Computerworld — Any IT leader in the mood to complain about excessive regulation should first have a cocktail with Murat Mendi of Nobel Ilac, an Istanbul-based manufacturer of generic pharmaceuticals.

    Mendi, formerly CIO and now general manager of the company, which operates in 25 countries around the world, can talk about the time an overzealous bulldozer operator started excavating the foundation for a new structure next to his company's building without bothering to first confirm what might have been underground. It tore through Nobel's Internet cables, leaving hundreds of employees offline all day.

    Arguably, something like that could happen in Indianapolis too, but there would still be key differences: In Turkey, there aren't many rules or regulations regarding the protocol that should be followed before excavation begins and there are few options for restitution if something goes wrong. "That's part of the culture here," Mendi says. "If something happens, they'll say, 'Oops, sorry,' and move on."



    Tuesday, 08 October 2013 15:47


    DENVER – Volunteers who want to help the Colorado flood recovery efforts are being asked to look carefully before they leap.  Do not just show up in disaster areas hoping to help out; go first to www.HelpColoradoNow.org.

    The Colorado Office of Emergency Management and the Federal Emergency Management Agency (FEMA) urge agencies and individuals to use this website to register what they have to donate and how many volunteers they can provide.

    “Our goal is to coordinate and organize the many volunteer groups that are critical to helping their own communities come through a disaster,” said Robyn Knappe, Human Services Branch director for the Colorado Division of Homeland Security and Emergency Management. “When un-authorized or un-registered volunteers just show up at a location, it often interrupts the organized flow and pre-planned assistance.”

    Knappe explained that the Colorado Volunteer Organizations Active in Disaster (VOAD), FEMA Corps, and authorized volunteer organizations look at these on-line offers and pull what’s needed now from this database to help those affected by the flooding. “This lets us grab from the website and deliver goods or volunteers to the folks that need it most,” she said. 

    Jennifer Poitras, the state’s Volunteer Coordinator Lead, said, “This was a huge disaster. There will be a need for donations and volunteers to work for many weeks, months and even years to help those hit hardest recover. Just don’t get discouraged if you don’t get an immediate reply about your donation,” she added. “This website registration is critical to helping us maintain a coordinated response for a long time to come.”

    Knappe added that many new charities have registered with the authorized Colorado VOAD group lately, “often bringing their national affiliations to help. Citizens and volunteers have been extremely generous—an unprecedented response from citizens and groups statewide.”

    As of mid-September, approximately 52 national and state VOADs had been a part of Colorado’s disaster response and recovery operations. In that time, just five of these agencies reported nearly 100,000 volunteer hours valued at more than $2 million.  “It’s been a massive response from our existing volunteer agencies,” Knappe said.  “And new charities joining the authorized VOAD network have made a huge difference in our outreach efforts.


    By Eric Thomas

    Employees that expect federal paychecks, veterans that need benefits, impoverished families that rely on government programs, and federal CIOs that are mandated to meet the IT demands of a diverse stakeholder community are all adversely affected by the U.S. government shutdown.

    Of course, federal CIOs do not engender the most sympathy from the public or garner the most press coverage when it comes to the government shuttering many services. In fact, they might not receive any public sympathy and I have yet to see any mention of the plight of federal CIOs on CNN. But that is all the more reason they, and their staff, must be aptly prepared. The following is a list of seven things each federal CIO should understand about the government shutdown. Of course, many of these items are applicable to any CIO or IT leader who has to deal with business continuity, disaster recovery and other unexpected crisis situations.



    As I set out to write my column this month, I popped over to the NIST website to check some facts. The National Institute of Standards and Technology publishes security standards and guidelines for the U.S. government in its "800 series," and they are generally useful in the private sector as well. I visit the NIST website occasionally to check the facts on topics ranging from encryption algorithm lifespans to risk assessment methodology. But this week, the NIST website has been taken down due to the U.S. government shutdown.

    The NIST website is displaying a maintenance page saying, "Due to a lapse in government funding, the National Institute of Standards and Technology (NIST) is closed and most NIST and affiliated web sites are unavailable until further notice. We sincerely regret the inconvenience." I hope they do, because a lot of professionals rely on information provided by government agencies.

    This is a somewhat jarring experience. I hadn't realized the government affected my daily life in any meaningful way, but now that the documents I'm looking for are not available to me, I'm starting to wonder what preparations I should have made to account for this situation. In fact, I'm thinking like a business continuity planner.



    Risk groups produce tons of pertinent information that can be used by portfolio managers to generate superior returns, says a recent report from Woodbine Associates.  Yet, because risk management is often viewed purely for control or regulatory purposes, a lot of great information that is produced is simply overlooked and wasted.

    Risk management groups that calculate VaR for regulatory and/or control purposes also produce a host of timely information that could benefit groups charged with investment return generation, writes Jerry Waldron, director of risk and portfolio analytics at Woodbine. “But in firms that treat risk management as a control function, this information is walled off from the investment process.  The result is missed opportunities – day after day after day.”

    The risk management function aimed at regulation misses the upside opportunity in its focus on potential loss, he added.



    My last post opened the topic of cyber security for small business owners – what to worry about and when?  This post is going to focus upon Spear Phishing.   I asked for the help of one of our information security specialists, Scott “Shagghie” Scheferman to help with the technical details for this post. Spear phishing differs and is more serious than a simple phishing attach in that it is targeted either at a group, or worse, at the recipient specifically. Spear Phishing is an attack typically carried out via a targeted email sent with either a malicious attachment or with a link to a malicious website.  Most of our readers also know this is a bad thing, and that one shouldn’t click on links in emails sent from people the reader don’t know or trust.  A targeted and elegant spear phishing attack, however, is designed to bypass all of the conditioned barriers a typical user has to the “noise” on the Internet.

    To truly protect yourself from spear phishing attacks, it is critical to understand what happens both before and after the nasty email in your inbox got there, and what happens when someone in your organization falls prey.  Having better insight into the attack from cradle to grave is itself a part of defending your organization.



    NASA and the U.S. Department of Homeland Security are collaborating on a first-of-its-kind portable radar device to detect the heartbeats and breathing patterns of victims trapped in large piles of rubble resulting from a disaster.

    The prototype technology, called Finding Individuals for Disaster and Emergency Response (FINDER) can locate individuals buried as deep as 30 feet (about 9 meters) in crushed materials, hidden behind 20 feet (about 6 meters) of solid concrete, and from a distance of 100 feet (about 30 meters) in open spaces.

    Developed in conjunction with Homeland Security's Science and Technology Directorate, FINDER is based on remote-sensing radar technology developed by NASA's Jet Propulsion Laboratory in Pasadena, Calif., to monitor the location of spacecraft JPL manages for NASA's Science Mission Directorate in Washington.



    The latest research suggests that the Pacific Northwest may get slammed by a giant, coastal earthquake of magnitude 8 to 9 every 250 years on average — and it's been 313 years since the last one. Earthquakes may be unpredictable — but they are also inevitable. Here are some tips to help you get ready before the next one hits. Read the story for more.

    By Kelly Shea

    The Seattle Times


    Create a family emergency plan

    • Hold a home evacuation drill.
    • Choose a nearby meeting place.
    • Have a plan for reuniting.
    • Anticipate transportation failures.
    • Designate an out-of-state relative to be a check-in contact for everyone.
    • Mobile apps, like the Red Cross’ earthquake app, can allow family members to communicate.
    • Keep photos of family members and pets in your wallet, in case they turn up missing.
    • Text messages often go through when phone service is down.



    You know the adage. For want of a nail, the shoe was lost, triggering a chain of events that leads to much greater debacles. For want of a nail, ultimately, the kingdom was lost.


    Traders work on the floor of the New York Stock Exchange on October 1, 2013 in New York City. (Spencer Platt/Getty Images)

    That’s a great lesson in leverage—how the removal of one small, seemingly insignificant item can trigger much larger consequences. It’s also a great metaphor for the way in which the government shutdown is affecting the economy.

    Fox News may tell its audience that the shutdown is in fact a “slimdown.” Talking points may hold that the only federal employees furloughed are nonessential—useless, unproductive bureaucrats—so the effect on the private sector will be minimal. If you see the private sector as something that operates largely independent of government—a bunch of heroic entrepreneurs running around and getting things done as bureaucrats, politicians, and regulators try to hold them down—this view makes complete sense.



    Monday, 07 October 2013 15:37

    Promiscuous Authentication

    A growing number of customers use a single NetScaler Gateway virtual server to access XenApp/XenDesktop/XenMobile delivery controllers residing in multiple domains in the corporate network. One of the reasons might be that StoreFront, different to Web Interface, requires domain membership – so when you use Single Sign-On with NetScaler Gateway you need to know to which StoreFront cluster to direct users after a successful authentication at NetScaler.

    While the NetScaler 10.1 allows group extraction to map authentication to session policies (see https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/netscaler-adc/Citrix%20NetScaler%2010.1%20Release%20notes.pdf), currently there are two ways to use multiple authentication policies with a single NetScaler Gateway vServer.



    Heavy Rains and Flooding Possible in Some Areas

    WASHINGTON – The Federal Emergency Management Agency (FEMA), through its national response coordination center in Washington, D.C. and its regional offices in Atlanta, Ga., and Denton, Texas remains in close coordination with states potentially affected by Tropical Storm Karen.  According to the National Weather Service, tropical storm conditions are expected along areas of the Gulf Coast as early as this afternoon and into Sunday.

    “Residents along the Gulf Coast are encouraged to continue to monitor local conditions and follow the direction of local officials,” said FEMA Administrator Craig Fugate.  “As the storm continues to move toward land, residents may begin to experience strong winds and flooding. Remember that conditions can change with little or no notice.”

    Based on applicable legal requirements and consistent with its contingency plan, FEMA has recalled currently furloughed employees necessary to serve functions of the agency that protect life and property as they prepare for potential landfall of Tropical Storm Karen.

    FEMA has recalled staff necessary to deploy four incident management assistance teams (IMAT), including a national incident management assistance team (IMAT), to potentially affected states. Each IMAT is supported by its defense coordinating element staffed by the Department of Defense.  Liaison officers are currently positioned in emergency operations centers in Alabama, Florida, Louisiana, and Mississippi to assist with the coordination of planning and response operations. Additional teams are on standby and available for deployment as needed and requested.

    FEMA Administrator Craig Fugate spoke with Alabama Governor Robert Bentley, Florida Governor Rick Scott, Louisiana Governor Bobby Jindal, and Mississippi Governor Phil Bryant this week about ongoing efforts to prepare for Tropical Storm Karen. Fugate reiterated that Gulf Coast states have the full support of FEMA and the rest of the federal family in advance of the storm making landfall. Fugate’s calls were preceded by outreach from FEMA’s Regional Administrators to emergency management officials in potentially impacted states.

    According to the National Weather Service, a tropical storm warning remains in effect from Morgan City, La. to the mouth of the Pearl River. A tropical storm warning means that tropical storm conditions are expected within 36 hours.  Also, a tropical storm watch remains in effect for metropolitan New Orleans, Lake Maurepas, Lake Pontchartrain and from east of the mouth of the Pearl River to Indian Pass, Fla. A tropical storm watch means that tropical storm conditions are possible, generally within 48 hours.

    Severe Weather Safety and Preparedness Tips for Potentially-affected Gulf Coast areas:

    • Have important supplies ready to sustain you and your family, if needed. This includes water, a battery-powered radio, flashlight, extra batteries, cell phone charger, medicines, non-perishable food, and first aid supplies.
    • History shows that storm tracks can change quickly and unexpectedly, so FEMA encourages coastal residents to monitor weather conditions and take steps now to get prepared for potential severe tropical weather.  
    • Tropical storms can bring high winds and heavy rains, so listen to local officials and follow their instructions.

    FEMA, through its regional offices in Chicago, Ill and Kansas City, Mo., also is monitoring the storms affecting and potentially affecting areas of the Central U.S., including portions of Iowa and Nebraska, and has been in touch with state and local officials. FEMA deployed a liaison to the emergency operations center in Nebraska and activated an incident management assistance team (IMAT), positioning the team for immediate deployment should assistance be requested by the states affected.  FEMA continues to stand ready to support the states, as requested.   

    For more information on preparing for hurricanes, severe weather and other natural disasters, and what you can do to protect yourself and your family, visit www.Ready.gov or www.listo.gov. Information regarding emergency preparedness and what to do before and after a disaster can also be found at m.fema.gov or by downloading the FEMA app from your smartphone’s app store.

    Follow FEMA online at blog.fema.gov, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.



    CIO — Why are pirates called "pirates"? Because they just aaaargh! (OK, my niece told me that one, and it's better when she tells it.) This is a cheesy way for me to say that pirates are a good metaphor for BYOD, because confidential data theft is public enemy number 1 for CIOs setting sail for BYOD.

    In fact, in many of my stories I've described CIOs as navigating BYOD's troubled waters or making a journey to an undiscovered country with dangers lurking at every turn. Truth be told, BYOD is risky business. Here's a slideshow that shows you what I mean: 12 BYOD Disaster Scenarios.

    In July, TEKsystems seemed to agree and created a video called "Navigating Through BYOD: Bring Your Own Device." It touches on a lot of the complex issues CIOs face when implementing a BYOD program, but does so in a very simple way. You're aboard a cartoonish Old World sailing ship embarking on a journey of exploration, one wrought with dangers.



    IDG News Service (Washington, D.C., Bureau) — As a tropical storm and possible hurricane bears down on the Gulf Coast of the U.S., the National Weather Service's website was churning out weather alerts Friday, despite a partial U.S. government shutdown that has affected citizens' access to other online resources.

    The National Weather Service's website, Weather.gov, was one officials deemed as essential after a budget fight in Congress led to a partial government shutdown Tuesday. The website for weather service parent agency, the National Oceanic and Atmospheric Administration, displayed a notice saying it was unavailable during the shutdown.

    "Only web sites necessary to protect lives and property will be maintained," said a message at NOAA.gov.



    WASHINGTON – Federal Emergency Management Agency (FEMA) Administrator Craig Fugate today completed calls with Alabama Governor Robert Bentley, Florida Governor Rick Scott, Louisiana Governor Bobby Jindal, and Mississippi Governor Phil Bryant about ongoing efforts to prepare for Tropical Storm Karen.

    Fugate reiterated that Gulf Coast states have the full support of FEMA and the rest of the federal family in advance of the storm making landfall. The governors did not express any unmet needs at this time. Fugate’s calls were preceded by outreach from FEMA’s Regional Administrators to emergency management officials in potentially impacted states.

    FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

    Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.The social media links are provided for reference only. FEMA does not endorse any non-government websites, companies or applications.


    Prompting readers at The Wall Street Journal to comment that he may be making the situation more precarious, Steven VanRoekel, U.S. CIO, said this week that he is worried about the U.S. federal government shutdown’s effect on cyber security within the government’s systems. VanRoekel describes a multi-layered series of consequences, in which he is unable to even determine definitively which employees in which departments may be designated exempt from furlough. Agencies, other than the Department of Homeland Security, says VanRoekel, are running on “skeleton crews” and would have to call in staff should an emergency occur – a time-consuming process in itself.

    While it seems unlikely that his comments would alert any cyber terrorists or hackers to a situation that has been leading the news for weeks, the cascading effects are becoming more widely known.



    Monday, 07 October 2013 15:32

    Data Quality for the Rest of Us

    By now, most of us are familiar with data quality “best practices.” Involve the business user. Correct the source. Establish data governance.

    It sounds great—but it often falls flat in the real world. Why?

    It’s too difficult, states Lyndsay Wise, president and founder of the independent research and analysis BI firm, WiseAnalytics.



    Monday, 07 October 2013 15:30

    Climate Change Report Causes Alarm

    by Caroline McDonald

    New findings on climate change, establishing it as a manmade phenomenon, are garnering attention from the insurance industry, which recommends immediate action.

    The Intergovernmental Panel on Climate Change’s (IPCC) newest report  ”clarifies what businesses and investors already know, that climate change is happening now and human activity is the dominant reason why,” Mindy Lubber, president of CERES, a nonprofit organization that works with insurers and investors said recently on a conference call. “Climate change is disrupting all aspects of our global economy, including supply chains, commodity markets and the entire insurance industry, which is seeing exponentially large losses from extreme weather events.”



    Posted by: Lars Anderson, Director, Public Affairs

    nrcc staff work at desks
    Caption: October 4, 2013 - Staff work in FEMA's National Response Coordination Center in Washington, D.C. in response to Tropical Storm Karen.

    FEMA is preparing and coordinating with our partners for Tropical Storm Karen and the severe weather threat for the Central U.S. We’re encouraging those in the Gulf Coast and Central U.S. states to take time to make sure they’re getting prepared.  Here are some steps you can take today to prepare for any severe weather threat, including tropical storms, damaging winds, and severe thunderstorms:

    • Finish reviewing your family’s emergency plan (include your kids, too).  Plan for scenarios such as how you’d stay in touch during a storm, where you could meet up in the event of an emergency, and who your out of town contact is, should communications become difficult in the impacted areas.
    • Check on your family’s emergency supplies.  Basic supplies include:
      • battery-powered radio
      • flashlight
      • extra batteries
      • cell phone charger
      • medicines
      • non-perishable food
      • first aid supplies.

        red cross emergency kit photo

    • Stay up-to-date with the latest forecast in your area by monitoring local radio and TV reports. It’s also important to note that local officials may send out Wireless Emergency Alerts to provide brief, critical instructions to warn about imminent threats like severe weather. If you receive an alert like the one below, please follow the instructions in the message.

      emergency alert photo

      During all phases of a storm, continue to listen and follow the instructions of local officials. If Tropical Storm Karen brings significant rainfall to your area, follow local safety instructions and stay away from flooded roads – remember, Turn Around Don’t Drown. Follow ongoing updates from trusted emergency management accounts on social media, visit our Social Hub on your mobile device and computer

    • Download the FEMA app.  It’s packed with tips on how to stay safe before, during, and after a tropical storm.  You can also use it to track what’s in your family’s emergency supply kit, as well as store your family’s emergency meeting locations.

      google play store

      apple app store logo

      blackberry app world

    Finally, here is an update on what FEMA is doing to prepare for the impacts of Tropical Storm Karen:
    • Today, FEMA activated the National Response Coordination Center in Washington, D.C., a multi-agency coordination center that provides overall coordination of the federal response to natural disasters and emergencies, to support state requests for assistance from Gulf Coast and Southern states.  Regional response coordination centers in Atlanta, Ga. and Denton, Texas are also activated.
    • FEMA has begun to recall currently-furloughed employees necessary to serve functions of the agency that protect life and property as they prepare for potential landfall of Tropical Storm Karen, and for severe weather in the central U.S. based on applicable legal requirements and consistent with its contingency plan.
    • FEMA Regional Administrators for Regions IV and VI have been in touch with emergency management partners in Alabama, Florida, Louisiana and Mississippi.

      weather service official on phone
      Caption: October 4, 2013 - An official at the National Weather Service office in Tallahassee, FL speaks with emergency management partners. (Courtesy of @NWSTallahassee on Twitter)

    • FEMA has recalled and deployed liaisons to emergency operations centers in each of these states to coordinate with local officials, should support be requested, or needed.
    • Today, three FEMA Incident Management Assistance Teams (IMAT), recalled from furlough, are deploying to the potentially impacted areas to assist with the coordination of planning and response operations.
    We’ll continue to provide updates as needed.


    The cloud has proven itself to be an effective, efficient means to scale resources as the enterprise tries to cope with rising data loads and increasingly complex infrastructure challenges. But is it ready for prime time? Are we at a tipping point for the widespread migration of mission-critical applications to public cloud services?

    This is more than just an academic question given that many organizations have spent decades building rock-solid safety and availability into traditional infrastructure in order to keep core business activities afloat. Turning those responsibilities over to the cloud is not just a standard development in the evolution of data environments but a giant leap of faith that places crucial aspects of your business on still largely unproven infrastructure.

    Vendor-driven surveys should always be taken with a grain of salt, but if the latest report from Virtustream is even half-right, it seems many top data executives are ready to make that leap. The company reports that nearly 70 percent of respondents to a recent survey say they are planning to move mission-critical apps to the cloud within the next year. Although security, risk and loss of control still rank among the top concerns, the low cost of the cloud compared to traditional infrastructure is causing many organizations to put their fears aside. ERP applications have emerged as the leading candidates for groups looking to expand beyond mere cloud-based storage and backup.



    Company reputation and the fallout from reputational damage are the No. 1 strategic risk for large companies, according to a global survey released this week by Deloitte.  Overall, progress on strategic risk management is evident, though most executives admit that their programs do not support their business strategy well enough.

    Reputational risk was ranked third among strategic risk concerns three years ago, according to companies surveyed.  Also back in 2010, brand and economic trends were identified by senior executives as the key strategic risks, though both have fallen since. In some industry sectors, reputation has risen from outside the top five strategic risk concerns to the top of the list.  In the energy and resources sector, for example, reputation ranked only 11th on the list of strategic risks in 2010, though three years later has risen to the top spot.



    Computerworld — The U.S. government shutdown has taken some government Web sites offline, including data.gov. But the nation's most powerful supercomputers continue to operate -- for now, at least.

    Government supercomputers are running on reserve funds from last year, a U.S. Department of Energy spokesperson said. How long can these systems continue to do so? "That fact is unknown at this point in time," the spokesman said.

    The Energy Department's national laboratories run petascale supercomputers used in scientific research.



    In a recent joint advisory issued by the US Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA) and the Commodity Futures Trading Commission’s (CFTC) Division of Swap Dealer and Intermediary Oversight it was recommended, among other things, that “firms should consider keeping their business continuity plans, contact lists and other necessary documents, procedures and manuals at the alternative site, ideally in paper form in the event that electronic files cannot be accessed.”

    In response to the above, Continuity Central carried out a survey asking the question:“How important are paper-based business continuity plans?” Altogether 118 responses were received.


    The results

    55.6 percent of respondents believe that paper based business continuity plans are essential; 24.8 percent say that they are ‘quite important’; and 19.7 percent say that they are ‘not important’.

    There was some variation of opinion depending on the size of the respondent’s organization. 57.3 percent of business continuity professionals in large organizations see paper-based BCPs as essential; this drops to 42.9 percent in medium-sized organizations and 50 percent in small organizations. However, 63.6 percent of those in micro organizations say that paper-based BCPs are essential.



    BSI is conducting a public consultation to seek views on BS ISO 37500:2013, the first international standard for outsourcing.

    'BS ISO 37500:2013 Guidance on outsourcing' has been developed by outsourcing experts globally and is intended to provide recognized guidelines for an outsourcing project.

    BS ISO 37500 captures the main concepts and terms, phases, processes and governance aspects of outsourcing, independent of size or sector, and for each phase gives information for the client side as well as the provider side. It includes detailed guidance on assessment and management of outsourcing risks, including two risk management checklists on:

    • Outsourcing risk assessment
    • Risks per outsourcing life cycle phase.

    The commenting period closes on 31st October 2013.

    Take part at http://drafts.bsigroup.com/Home/Details/51735

    Developing risk maps, heat maps and risk rankings based on subjective assessments of the severity of impact of potential future events and their likelihood of occurrence is common practice. These approaches provide an overall picture of the risks, seem simple and understandable enough to most people, are often the result of a systematic process and provide a rough profile of the organization’s risks.

    Typical attributes of a risk map include: governing objectives drawn from a business strategy or plan that provides a context for the assessment, a common risk language that provides a perspective for understanding risk and predetermined criteria for conducting an assessment. While everyone agrees that an effective risk assessment should never end with just a list of risks, it is not unusual for traditional risk assessments to hit a wall, leaving decision makers with a list and little insight as to what to do next. In addition, there is the common complaint that risk assessments rarely surface an “a-ha!” that alters senior management’s view of the world.



    CIO — As federal CIOs ramp up initiatives in hot IT areas like cloud computing and virtualization, they are looking to dramatically reduce the number of data centers the government maintains around the country, though officials acknowledge that that effort will take years to complete as agencies work through a litany of challenges.

    For starters, the sheer size of the government's IT apparatus -- roughly $80 billion annually -- poses a challenge of a scale that dwarfs any single entity in the private sector.



    In September, the Information Security Forum (ISF) released a report, “Managing BYOD Risk: Staying Ahead of Your Mobile Workforce,” which found that many companies, in their rush to institute some kind of BYOD security policy, often neglected or rushed risk management. Incomplete or ineffective policies in effect leave the company open to threats against its network. Instead, ISF encourages organizations to take an “info-centric” approach to BYOD policy.

    I had the chance to speak with Steve Durbin, global vice president of ISF about the report.

    Poremba: When talking about risk management in terms of BYOD, what exactly do you mean? Is it just good security practices or something more?



    Thursday, 03 October 2013 17:09

    Shining a Light on Dark Data

    Data is exploding. The variety of data being created by workers inside and outside of the workplace and the velocity at which that data is being shared makes corporate compliance officers sleep with one eye open, because uncontrolled data equals unknown risk, and the unknown is scary. Think about it – in addition to the terabytes of data lurking in companies’ disparate systems, organizations today are creating new content that is expected to drive 60 percent growth in enterprise data stores (Worldwide Big Data Technology and Services 2012-2015 Forecast, Mar 2012, IDC).

    Most corporate compliance officers are concerned with the latter – newly created data is the shiny object grabbing attention. However, equal focus needs to be placed on legacy data (sometimes known as dark data), which is often unknown, unmanaged, and may be out of compliance with internal or external requirements. Many organizations today are dealing with information sprawl by throwing more storage at the problem – accepting the risk as a cost of doing business – or by simply ignoring it. None are ideal measures to protect the organization. In fact, 31 percent of organizations report that poor electronic recordkeeping is causing problems with regulators and auditors (Information Governance- Records, Risks, and Retention in the Litigation Age. AIIM 2013).  Further, the cost of an individual data breach costs organizations an average $5.5 million (2011 Cost of Data Breach Study: Ponemon Institute 2011).  There are also countless examples of fines, sanctions or adverse inference decisions being triggered by data being accidentally lost or mishandled.

    To get a handle on dark data, it is first important to understand what it is. Dark data can take many forms, including both structured data (machine-created information that typically fits in rows and columns) and unstructured data (human-generated information that is much more difficult to search). It can also come in many formats and reside in many places, making it more difficult to access. It can be amassed simply because of our reliance on cheap storage or because of special circumstances like M&A. In virtually all cases, legacy data poses legal, regulatory and internal risk if it isn’t managed effectively.



    Thursday, 03 October 2013 17:08

    Emerging wireless risks to consider

    Ian Kilpatrick considers the risks to businesses from the proliferation of wireless access points and discusses the benefits of deploying secure access points, which are directly linked to gateway security.

    Wireless, mobility and BYOD are all part of an unstoppable wave, based on widespread consumer and remote worker usage. With the new faster wireless standard, 802.11ac, due to be approved in November this year, and with 4G continuing to grow, demand for fast wireless in the workplace will increase inexorably.

    While this creates multiple opportunities, it also creates a great many challenges. If, for example, your existing wireless network is insecure, building on that base of sand is always going to fail.

    Historically, for many organizations, both large and small, wireless was a tactical solution to a user-driven demand for laptop (and subsequently smartphone and tablet) mobility in the office.



    Based on current disaster trends and economic values, the world is looking at a minimum cost in the region of 25 trillion dollars in disaster losses for the 21st century if there is no concerted response to climate change, one which puts the emphasis on practical measures to reduce disaster risk and exposure to future extreme events. This is according to a statement by the UN Office for Disaster Risk Reduction (UNISDR).



    CIO — The announcement last month that cloud storage provider Nirvanix was closing up shop set off a wave of hysteria in the IT world and sparked speculation about the viability of cloud storage as an option for businesses.

    The fear is understandable given the value of business data. However, with proper contingency planning and a solid backup/disaster recovery plan, such a closure doesn't have to be a big deal.

    Buzzword Backlash

    "This is not remarkable -- it has happened before. Just to name a few, EMC, Sun, Iron Mountain, a lot of 'big' companies have shut down solutions -- even cloud storage solutions- shuttered divisions, and ended the lifecycle of products with a huge install base," says Nicos Vekiarides, co-founder and CEO of Natick, Mass.-based cloud storage provider TwinStrata.

    "What's different in this case is the quickness with which it happened, and I think there's certainly a lot of hysteria surrounding this announcement simply because it involves the cloud," Vekiarides says.



    Whether or not rules are made to be broken, company policies are made to be reviewed. What was suitable for an organisation a few years ago may be out of date with requirements now. Paradoxically, this is an instance where business continuity management needs to introduce some discontinuity, to avoid the enterprise getting stuck in what could be an inefficient and even dangerous rut. A policy to use only one vendor’s IT equipment could stifle enthusiasm among employees who now want to work using their own devices. On the other hand, a policy of free access to company premises could now leave the company at risk of violating health and safety procedures.  The first question is – where do you start?



    Data protection is a huge concern for any company. For SMBs, many challenges to protecting virtualized data may not be as pertinent in the enterprise, but they still create a seemingly insurmountable problem. According to the Veeam Annual Data Protection Report for 2013 (registration required for download), surveyed SMBs said the key points of contention within the realm of protecting their virtualized data are:

    • Cost (85 percent)
    • Capability (83 percent)
    • Complexity (80 percent)

    The report covered a wide array of business industries, including manufacturing (28 percent), business and professional service providers (23 percent), retail and distribution (20 percent), and financial service providers (16 percent). All others not in these categories made up 12 percent of the sample. IT executives, including CIOs, from 500 SMB organizations from the U.S., UK, France and Germany were questioned.



    CIO — It's difficult to talk about big data without also discussing the big data skills gap in nearly the same breath. But is it as bad as it seems?

    According to a recent CompTIA survey of 500 U.S. business and IT executives, 50 percent of firms that are ahead of the curve in leveraging data, and 71 percent of firms that are average or lagging in leveraging data, feel that their staff are moderately or significantly deficient in data management and analysis skills.

    These firms see real costs associated with a failure to come to grips with their data, from wasted time that could be spent on other areas of their business to internal confusion over priorities, lost sales, lack of agility and more.



    When I first started writing about Big Data, I was very curious about use cases. But CIOs, it seemed, were not. For many, Big Data provided an answer to problems they’d long struggled to solve.

    So, Big Data wasn’t a hard sale for most IT organizations.

    But investing in a Big Data tool is one thing: Learning to really leverage the data sets is quite another.



    Generally, any large company with a varied set of products has a communications department, but the name doesn’t accurately reflect what that unit does. I think this is about to change in a major way as technologies come together from a variety of companies to finally make “communications” not only more accurate, but also a much more strategic element of the modern company. I don’t think I’m the only person who sees a massive change coming. IBM has announced its intent to acquire Now Factory, which could give it a lead position in this new world of communications. Let’s talk about why communications departments don’t communicate and how that will change dramatically in the coming years.



    by: Ben J. Carnevale, Managing Editor

    Wherever applicable, many organizations might well need to have solid business continuity plans and strong risk management teams in place to deal with the federal government shutdown.

    One of most important things an organization may need to with the federal government shutdown is to consider the risks posed to that organization under such shutdown conditions.

    Risk Register

    One example might be that of a multi-national manufacturer working closely with the Department of Energy, Department of Defense and/or the intelligence community — one of the first things such a manufacturer might do is to take the threat of a government shutdown and place it on their “risk register” or any kind of identifiable early warning system that their business continuity plan might have for putting their organization on notice or at least putting this potential incident on the agenda for the next BC/DR or disaster preparedness team meeting.

    According to JDSUPRA.com in an articled hededCQ Employees Who Work Abroad: Are They Covered by U.S. Employment Laws?, “just because an employee works beyond U.S. borders doesn’t automatically exempt him from the protections of the various federal employment statutes. This article provides a brief overview of the applicability (or inapplicability) of the major federal employment laws—Title VII of the Civil Rights Act of 1964 (Title VII), the Americans with Disabilities Act Amendments Act (ADAAA), the Age Discrimination in Employment Act (ADEA), the Fair Labor Standards Act (FLSA), the Equal Pay Act (EPA), and the Family and Medical Leave Act (FMLA)—to employees working abroad.”

    Some of the U.S. laws apply even when the employee is working for an organization only controlled by a U.S. company.

    According to the article from Bradley Arant Boult Cummings LLP, , not everyone working outside the U.S.’ borders are protected by Title VII, ADAAA, and ADEA. Excluded from the laws’ protections are “non-U.S. citizens even if they’re working abroad for an American employer or a foreign corporation controlled by an American employer, and U.S. citizens working abroad for foreign entities that are not controlled by an American employer.”



    Wednesday, 02 October 2013 17:23

    Scenario modeling is anything but a guess

    Emergency management professionals say,  “The plan is useless, but the planning is priceless.”  There is a lesson in there for risk managers and it’s about the value of scenario modeling.

    In 2010, the Federal Emergency Management Administration (FEMA) conducted a study to determine the likelihood and impact of a hurricane hitting New Orleans. FEMA assembled the paramedics, fire department, emergency room doctors, parish officials, and other responders in a hotel in New Orleans for "Hurricane Pam". Their goal was to plan for the worst-case scenario. The group was given the following scenario:



    Wednesday, 02 October 2013 17:21

    5 Ways to Disaster-Proof Your Data Backups

    PC World — The anniversary of Hurricane Sandy reminds us that businesses can fall victim to the forces of nature. Whether it's a blaze that burns through your office, or a flash flood that sends water coursing through your server room, disasters can hit at any time, and the most likely casualty is your data.

    According the U.S. Small Business Administration, 25 percent of businesses never reopen after being hit by a disaster. But you can beat the odds by designing a backup plan that protects against worst-case scenarios. On the data storage front, having a single backup is not sufficient when the survival of your business hangs in the balance, so consider implementing at least two backup strategies.



    Wednesday, 02 October 2013 17:04

    Recalculating the Big Storage Equation

    Following up on my post regarding the need to upgrade data center infrastructure to capitalize on emerging cloud technologies, there is no question that local data systems will continue to play a key role as data environments become more distributed. But that doesn’t mean the enterprise data center will continue to exist in its present form, or that the systems and architectures that have served so well in the past will continue to provide optimal service in the future.

    Storage is a key example. The traditional approach to storage was to invest in massive arrays of either disk or tape drives capable of providing not only adequate coverage for current “hot data” needs but long-term storage and archiving purposes, as well. The cloud has already upended that equation by providing virtually unlimited scale at relatively low cost, and just in time for the oncoming rush of Big Data that would have likely overwhelmed all but the largest local storage systems in the data center.



    Now, I’m not saying press releases are dead. That debate went on several years ago. There’s a time and a place for a press release. But, there’s not much time and place for one in crisis communication. Yet, over and over and over I see plans where everything is focused on getting out a press release. There may be some other things in there, like maybe talking to the community–eventually, maybe even using social media (as long as it doesn’t get ahead of getting out the press release and only if God and everyone below Him/Her approves it).

    If you are responsible for your organization’s crisis plan, look at it right now and answer this question straight out: is this focused on the media and getting out press releases or holding press conferences? If so, stuff it in the 1990s files where it belongs and get it updated.

    Did the Boston Police hold press conferences during the manhunt? Yep, and some media were there and some of the coverage was carried. But, that was hours after the real story came out and that means hours after much of the media and public interest went away. The media needed those press conference so they could get a little fresh video of the faces involved to add to their story if something new came up. But that’s about it.



    An article on the NJ.com site hededcq Boardwalk's unique aspects challenge firefighters reminds that it pays to invite emergency service/public safety personnel – EMTs, fire, police – to participate in risk management planning.

    In some instances, e.g., where HAZMAT is on site, this interface with public safety departments may be mandated by local law. In all cases, it is just (a) good business practice, (b) common sense, or (c), both. Failure to include emergency services is foolish and can be costly.

    Inviting public safety personnel to visit facilities benefits the organization both in the immediate term and in the event of an “incident.”



    Wednesday, 02 October 2013 17:00

    ERP Systems Provide Visibility Into Food Safety

    As food production gets increasingly complicated, food manufacturers often struggle to track products from raw materials to packaged goods – and, in the event of a recall, from packaged goods to raw materials. Even those with automated quality systems often find it hard to integrate supply chain data. That's why some food makers are turning to specialized ERP systems.


    CIO — Love & Quiches Desserts, based in Freeport, N.Y., had different priorities than the typical enterprise resource planning (ERP) customer.

    ERP buyers often look at capabilities such as sales, procurement and financials. Love & Quiches focused on another attribute when it replaced its aging ERP system in 2012: The capability to track its treats in detail through the various stages of manufacturing.

    "We never worried about the [general ledger] platform, but from the standpoint of being able to document full traceability," Love & Quiches CFO Corey Aronin says.



    Did you know that the ‘uncrackable’ 128-bit Advanced Encryption Standard (AES-128) in fact turns out to be crackable? Granted, it would currently take 2 billion years using an enormous number (like a trillion) of computers. But before you heave a sigh of relief on behalf of your organisation’s information, think again. That’s the situation when nobody knows the encryption key you are using. What would the impact be on your business continuity if your key was known by other people who also were prepared to pass that information on to perfect strangers? If you are using services such as encrypted cloud data storage or online password managers, it may be time to find out more.



    Mixed signals about the cloud and security abound. A private cloud is more secure than a public cloud, for instance, but most experts would advise against storing critical data in any type of cloud format. And like anything to do with data security, the cloud will always bring risk—particularly when you have to trust a third party (the cloud host) to protect your data.

    Many of us use cloud services like Dropbox or Google Docs because they make basic file sharing simple and they are free. But when I use these services, I also recognize that security is spotty. However, I also don’t have to worry about a company network, just my own. Many companies have policies in place to protect their networks from security issues that can crop up with use of these free, consumer-driven cloud services. According to a new survey from SafeNet Labs, however, too many people, including top executives, aren’t following their company’s cloud policies.

    Worse is that while employees, including the C-level executives, understand the risk in using cloud services, too many simply don’t care. In fact, executives may be the worst offenders. Some of the key points of the Cloud App Usage vs Data Privacy Survey include:



    Wednesday, 02 October 2013 15:59

    CTOs, Don't Neglect the C-Suite

    Chief technology officers can't be all about technology. Building trust with the rest of the C-suite should be a top goal.


    Computerworld — As a chief technology officer, you're good at technology; the C-suite wouldn't have hired you without that. But you can't be all about technology. It's even more important to understand the dynamics -- and oftentimes the politics -- of the C-suite. It's your No. 1 client.

    Treat your C-suite colleagues as internal ambassadors. While they're all expected to be aligned with the organization's strategic goals, each of them represents a department that has its own vision, responsibilities, strengths and plans for success. The CTO has to be able to hear and understand all of those points of view and develop trusting relationships with everyone else in the C-suite. Why? Because your C-suite colleagues have the power to advocate on your behalf. And how do you build trust? These things all help:



    Wednesday, 02 October 2013 15:57

    4 Ways CIOs Can to Respond to a Service Outage

    Nasdaq and Intermedia are among the latest firms to suffer lengthy – and public – service outages. Eventually, the same thing will happen to you. Here are four key lessons IT leaders can learn from others' mistakes.


    CIO — Clearly, it hasn't been a good few weeks for Nasdaq. First, trading on the exchange halted for more than three hours on Aug. 22. Nasdaq's brief post-mortem statement blames a software bug and a backup system that failed to actually activate when a fault was detected. However, Reuters reports that a person familiar with what happened says connection problems with NYSE Euronext's Arca Exchange triggered the entire event.

    Adding insult to injury, Nasdaq suffered a six-minute outage on Wednesday, Sept. 4. Though it involved the same system that was the culprit of the larger outage, a Nasdaq statement says "hardware memory failure in a back-end server" caused this outage.



    Improving the data center to keep up with advancing technologies has been the chief, perennial responsibility of CIOs over the years. These days, however, the job has taken on a new twist as new questions arise: Is the data center the best platform to boost enterprise productivity? Do we need a data center at all anymore?

    Most large organizations seem to be solidly in the owned-and-operated camp when it comes to the data center, but the farther into the SMB space we go, the certainty starts to waiver. Clearly, the reliance on traditional physical-layer infrastructure is under serious assault across the board. According to MarketsandMarkets, spending on software-defined data center (SDDC) technology will jump from about $400 million today to $5.41 billion by 2018, reflecting the enterprise’s desire to not only improve operational capabilities but to integrate in-house infrastructure with the broader cloud ecosystem.



    LINCROFT, N.J. – When a major disaster strikes, the first steps agencies take are health and safety related – controlling damage, minimizing casualties, finding shelter for displaced victims.

    When the initial burst of activity has subsided, the focus changes to helping affected people and businesses get vital information on recovery plans and financial assistance. Helping people cope with the aftermath of a disaster and teaching them how to prepare for future emergencies also becomes a priority.Senior couple standing at a table talking with two gentlemen from Mitigation who are pointing to a chart

    The Federal Emergency Management Agency collaborated with several other government agencies, public and private organizations and area businesses to educate New Jersey residents after Superstorm Sandy.

    FEMA also supported Church World Service’s Recovery Tools and Training workshops for volunteer groups helping with post-Sandy recovery. More than 400 people attended a January session to obtain background information, resources and national contacts to assist in long-term recovery.

    The Community Education and Outreach section of FEMA’s Mitigation Branch promoted effective hazard mitigation ideas and techniques through community education, outreach, training and coordination with public and private sectors. CEO specialists worked with other branches of FEMA as well as other government agencies and private organizations. Programs based around the mantra of “rebuilding stronger, safer and smarter” made contact with nearly 61,000 people in the months following the storm.

    FEMA representatives from the Private Sector and Hazard Mitigation programs, along with officials from the Office of Homeland Security and Preparedness, attended three Lakewood BlueClaws baseball games in 2013, collecting donated preparedness supplies and distributing informational materials to affected residents.

    Man looking at table filled with mitigation papers and pamphlets. FEMA Mitigation man standing waiting to answer questions. Rebuild to Last poster displayed in foregroundOn July 27, FEMA outreach specialists were present at 13 Home Depot locations in New Jersey, including several in communities severely impacted by Sandy, as part of the
    store’s hurricane preparedness workshops held on the East Coast. They distributed information on the National Flood Insurance Program, disaster preparedness and mitigation.

    FEMA Private Sector specialists took part in the Sam’s Club Emergency Preparedness Expo at the store’s Edison, N.J., location on Aug. 27. The expo hosted government agencies from all levels and private organizations showcasing the assistance they can grant to individuals and small businesses. Representatives from Mitigation were at the
    New Jersey Meadowlands State Fair distributing information.

    FEMA Corps Launches School Programs

    Members of FEMA Corps, a division of AmeriCorps created by FEMA and AmeriCorps’ National Civilian Community Corps, implemented its FEMA for Male FEMA Corps member crouched down talking with eight young children who sit and listen intently while Flat Stanley and Flat Stella stand at the ready.

    Kids program in New Jersey in April 2013. In April and May, FEMA for Kids visited 21 schools and community-based programs in areas affected by Superstorm Sandy, and more than 5,000 elementary and middle school children attended the events. The interactive programs teach children how to prepare for and respond to disasters, as well as allowing them to express their concerns about the effect Superstorm Sandy has had on their lives and families. The website www.ready.gov/kids has FEMA for Kids program information for children, parents and educators. Corps members also created FEMA Connect, a similar program for high school students. It had more than 600 participants in New Jersey. The group recruits people ages 18-24 to assist with disaster response, recovery operations and community outreach.

    Corps members also prepared and edited the New Jersey Resource Guide, which contains nearly 625 profiles of federal programs, private foundations and corporate giving programs.

    “These kind of activities are very good because we get a lot of exposure and people know that we are here for them and that we are in their neighborhood, that we're doing the same things they are doing,” FEMA mitigation specialist Ofelia Garayua said.

    Video-links: Hurricane Preparedness Workshop (Home Depot), FEMA Connect, Rutgers Day Benefits Sandy Relief Fund and Sam’s Club Preparedness Expo for Businesses

    Next, the One Year Later series examines the impact of Superstorm Sandy on New Jersey schools.

    FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

    Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema. Also, follow Administrator Craig Fugate's activities at www.twitter.com/craigatfema.



    NEW YORK, NY TELEHOUSE, the United States' leading provider of dedicated data centers, international Internet exchanges, and managed IT services, announces its strategic partnership with United Fiber & Data (UFD). The partnership aligns two of the telecommunication industry’s thought leaders in a long-term commitment to drive the growth of both companies.


    The partnership will allow TELEHOUSE to meet customer demand for dark fiber by utilizing UFD’s NXT LVL, state-of-the-art fiber optic network. UFD’s network offers best-in-class technology and a diverse route, which is strategically positioned West of the North East Corridor’s traditional route. TELEHOUSE customers will be able to connect to major carrier hotels in New York and New Jersey, as well as to the Teleport facility, TELEHOUSE’s purpose built Disaster Recovery/Business Continuity Data Center located on Staten Island . Delivery of dark fiber solutions to TELEHOUSE customers is expected to begin in October 2013.


    TELEHOUSE is pleased to be working with United Fiber & Data’s customer centric approach to enhance the dark fiber solutions our Customers’ increasing demand requires and our supporting network services depend on,” says Fred Cannone, Director of Sales and Marketing at TELEHOUSE.


    Christopher Lodge, UFD’s President and COO, echoes Fred’s sentiments, “UFD couldn’t be more thrilled to make this announcement.  It’s a true win-win partnership, one from which the telecommunications industry will benefit immensely.”


    The partnership also provides UFD with access to the New York International Internet Exchange (NYIIX), one of the world’s largest International peering exchanges. The seamless switching fabrics of NYIIX will provide UFD with powerful network-to-network connections, enhanced network performance and improved connectivity.

    For more information on Telehouse, visit www.telehouse.com or email This email address is being protected from spambots. You need JavaScript enabled to view it..

    For information on United Fiber & Data, visit www.unitedfd.com or email This email address is being protected from spambots. You need JavaScript enabled to view it..



    About TELEHOUSE America

    A stable and trusted pioneer of carrier-neutral data center services, TELEHOUSE provides secure, power-protected environments, where clients house and operate their telecommunications and network resources. Among the many benefits of colocating with TELEHOUSE is the ability to connect to state-of-the-art peering exchanges in New York (NYIIX) and Los Angeles (LAIIX). Through Manage-E, TELEHOUSE provides a comprehensive suite of solutions – from help desk and hardware support to managed IT infrastructure, security and compliance services – all delivered by expert consulting and operations teams on a global scale and from one point-of-contact.  Additionally, the global  availability of 46 TELEHOUSE-branded data centers in 23 cities throughout Asia, Africa, North America and EMEA, delivers continuous, cost-effective operation of network-dependent, IT infrastructure to businesses around the world. Please visit www.telehouse.com, or contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.. Follow TELEHOUSE on Twitter @TELEHOUSE.


    KANSAS CITY, Mo.—Students and faculty at Kansas State University in Manhattan, Kansas, along with their neighbors, will have a unique chance to learn first-hand about the importance of disaster preparedness with the launch of ReadyCampus, a one-day preparedness campus event slated for September 30, 2013.


    ReadyCampus, a student-centered initiative, is an innovative partnership between Kansas State University (K-State) and the Federal Emergency Management Agency’s (FEMA) Region VII. The event is being hosted by K-State’s School of Leadership Studies’ HandsOn Kansas State (HOKS) as part of their civic learning opportunities. Manhattan Good Neighbors is a program activity, within HandsOn that focuses on campus and community relationship building and service. Timed to coincide with the end of National Preparedness Month 2013, this initiative focuses heavily on existing resources and capabilities accessible to studentsby combining disaster information and social media.


    The three-hour event, from 12 noon to 3pm, will take place in a “preparedness” social media environment where students and faculty will gather at the Campus Creek Amphitheater outside of K-State’s Leadership Studies Building. There they will hear campus and community preparedness presentations, participate in an eChallengepreparedness hunt and meet student and local organization representatives active in disaster readiness and response such as campus Police and Emergency Management. They will also meet with student groups connected with the Capital Area American Red Cross, Riley County Emergency Management, United Way of Riley County, Voluntary Organizations Active in Disasters, and Citizen Corps groups such as the Community Emergency Response Team, County Animal Rescue Team and Medical Reserve Corps.


    “Emergency preparedness remains a high priority not only for Kansas State, but all higher education institutions,” said Lucy Finocchiaro with Manhattan Good Neighbors. “While the administrators of Kansas State have done a phenomenal job of caring for students in emergency situations, many students find themselves unaware of the resources available to them in a disaster. Enhancing student awareness and preparation is the next step for many universities in increasing overall emergency preparedness and we are honored to join with FEMA and our surrounding community partners in pilotingReadyCampus to assist in that mission.


    FEMA Region VII and K-State leaders recognized that preparedness messaging for students runs the risk of becoming old and repetitive, so they created ReadyCampus as a more engaging way to inform and involve students through social media by moving students from preparedness discussions to personal demonstration.

    The highlight event is an e-Challenge preparedness hunt. Similar to a traditional scavenger hunt, the e-Challenge Hunt requires teams to locate and identify emergency preparedness resources from around the campus, the community, as well as their own homes.


    Participating teams will demonstrate their progress bysubmitting their entries electronically through Twitter. Responses will be projected onto a screen visible to the general public.Teams will be recognized for their levels of achievements for participation, identified items/locations, and collaborative interactions with one another. Prizes for participating and recognitions will be presented for all levels of achievement.


    “We are honored to support the leadership and student body of Kansas State University in this unique and innovative effort” said Phil Kirk, Federal Preparedness Coordinator for FEMA Region VII. This partnership represents a whole community effort focused on delivering preparedness solutions in a practical and effective manner, one that schools across the country can hopefully replicate within their own institutions of learning.


    Beth Freeman, FEMA Region VII Administrator also applauded the efforts of K-State and its student body for taking an active and voluntary approach to bridging the gap between the academia and emergency management communities.


    “FEMA Region VII has partnered with universities, schools and educational groups for many years, primarily in the areas of disaster response planning, exercise and training. This event however, signifies the first time such partnership has materialized so noticeably, primarily for the individuals served the most by these institutions – the students” Freeman said.


    Members of the media and the general public are welcome to attend and observe ReadyCampus on September 30. For more information or instructions on accessing the K-State campus on event-day, contact Manhattan Good Neighbors at This email address is being protected from spambots. You need JavaScript enabled to view it. and post questions or information on HandsOn Kansas State’s Twitter @handson_kstate #KStateReady.


    To learn more about ReadyCampus or school and workplace preparedness contact FEMA Region VII’s National Preparedness Division at 816-283-7925 or visit: www.ready.gov/school-and-workplace.



    Follow FEMA online at www.twitter.com/fema, www.facebook.com/fema, and www.youtube.com/fema.  Find regional updates from FEMA Region VII at www.twitter.com/femaregion7. The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.




    Of all the divergent paths that data center architectures could take in the coming years, with the advent of virtualization, the cloud, SDN and all the rest, it is somewhat incongruous that decisions regarding physical layer infrastructure should fall into two primary camps: proprietary vs. commodity.

    These two approaches have been battling for enterprise hearts and minds for some time, but these days the argument isn’t so much over costs and capabilities as it is about how best to lay the foundation for the advanced, dynamic architectures that are coming the way of IT.

    Take Oracle, for example. The company has long championed the tight integration of hardware and software as the best means to provide optimal data performance, so much so that its initial reaction to the cloud was rather dismissive. These days, though, the company is all about the cloud and other advanced architectures, provided they reside on an integrated platform like the M6 cluster or the Exadata Database Machine. With both hardware and software working in conjunction, the argument goes, the enterprise will gain a higher level of productivity than is available through conglomerations of commodity boxes running open source systems.




    LINCROFT, N.J. -- In the immediate aftermath of Superstorm Sandy, tens of thousands of New Jersey survivors suddenly faced a desperate need of a dry, safe place to stay. From the midst of this chaos emerged a massive housing effort involving local, state, federal, voluntary agencies, community and faith-based organizations, county social services and individuals working together.

    “Housing has been one of the biggest challenges response and recovery workers and officials have faced,” FEMA’s Federal Coordinating Officer Gracia Szczech said.

    FEMA launched its housing mission in cooperation with the New Jersey State-led Disaster Housing Task Force. Assistance included temporary housing, rental assistance, transitional lodging in hotels and motels, and grants to repair and replace storm-ravaged primary residences.

    Various FEMA personnel – from Individual Assistance, Community Relations, National Call Centers, Access and Functional Needs personnel and Transitional Sheltering Assistance – personally contacted thousands of applicants about their housing needs. With coordination through the State Office of Emergency Management, New Jersey’s Department of Community Affairs, Department of Human Services and other state organizations became involved in the effort to contact applicants through face-to-face meetings and multiple telephone conversations with survivors.

    Living room of Ft Monmouth residence showing hardwood floor couch table and chairThe outreach included a focus on people with disabilities and/or access and functional needs. Survivors had access to American Sign Language or signed English interpreters, Video Relay Services or Video Remote Interpreters. In addition, assistive listening devices, amplified phones and caption phones were available for survivors who were deaf or hard of hearing. Magnifying devices and printed information in Braille and large
    print were provided for people who were visually impaired.

    FEMA also translated disaster assistance fliers, brochures and pamphlets into 21 different languages. Teams of FEMA Community Relations specialists canvassed communities, going door-to-door
    to deliver valuable recovery information in languages including: English, Spanish, Chinese, Italian, Korean, Polish, Portuguese, Russian, Urdu, and French to encourage residents with damaged property to register for assistance.

    Housing mission personnel worked to provide displaced survivors whose homes were unlivable with immediate housing or funding for minor repairs. Because of the widespread damage, temporary housing was often unavailable in the days following the storm. At the request of the State of New Jersey, the Transitional Shelter Assistance Program was implemented to provide emergency shelter at a critical time until longer-term housing solutions could be found. Accommodations included hotels and motels, with an average stay of 45 days.

    In New Jersey, 16 Hotel Outreach Strike Teams counseled applicants on their housing plans and assisted in the transition to a longer term housing solution. Initially, 5,500 residents were in the TSA program. In all, approximately 435 hotels/motels provided 253,425 room nights at a cost of more than $34 million.

    Survivors whose homes were destroyed or suffered major damage became eligible for Direct Housing such as FEMA-provided apartments or manufactured homes. The U.S. Army Corps of Engineers executed an extensive renovation project at Fort Monmouth to provide 114 furnished apartment units.

    The Department of Housing and Urban Development increased the Fair Market Rent standard to 120 percent, creating more options for families with Section 8 vouchers. In addition, the New Jersey Department of Community Affairs set aside 1,000 “Special Admissions” vouchers from the state-administered Section 8 Housing Choice Voucher program. Vouchers provide subsidies directly to landlords, reducing costs to low-income households.

    Senior housing complexes relaxed their rules to make vacant units available to Sandy survivors under the age of 55 without jeopardizing a community’s qualification for legal exemptions under the Fair Housing Act.

    Treed lot with manufactured housing units set in established park

    Housing assistance is available to survivors for up to 18 months from the date of a disaster declaration. Depending on the need, FEMA Housing Mission staff works with Voluntary Organizations Active in Disaster, such as the Red Cross, to identify additional housing solutions for survivors.

    Superstorm Sandy affected tens of thousands of lives in New Jersey, making housing one of the greatest challenges of the recovery effort. The assistance of thousands of volunteers and the cooperation of local, state and federal agencies, including the FEMA Housing Mission, made those challenges surmountable, helping survivors achieve the milestone of returning home.



    CIO — "Happy families are all alike;" Leo Tolstoy wrote in Anna Karenina, "every unhappy family is unhappy in its own way."

    One might be inclined to think the same is true for outsourcing -- the successful relationships share the same best practices while the failed arrangements are uniquely flawed. But, in fact, the most disappointing deals do share common characteristics.

    Diane Carco, president of IT consultancy Swingtide, has been studying the facets of flawed deals for nearly two decades. Even as the state of IT outsourcing has matured, the same issues come up again and again in failing IT services relationships. "Mistakes are often repeated," says Carco, who had to terminate a $2 billion outsourcing deal when she was CIO of CNA Insurance in 1999. "Awareness of why things failed is not necessarily propagated into the next generation of management and the next deal."



    Monday, 30 September 2013 17:44

    Do 1 Thing: Be Informed

    By: Cate Shockey

    Getting correct information during an emergency is critical to making the right decisions.  There are many ways to stay informed, from staying connected to information from local authorities to knowing how your community alerts residents of dangerous situations. Make sure your family can receive, understand, and act on information in an emergency.

    In my area, severe weather is the biggest threat.  Decatur, Georgia, has a tornado siren that sounds when the National Weather Service issues a tornado warning for the Decatur area.  The sirens, located in each quadrant of the city, sound for 3-5 minutes per warning.  From where I live and work, I can hear the siren test every Wednesday, even from inside.  Decatur also has a CodeRedExternal Web Site Icon system to alert citizens of emergency situations that require immediate action, such as weather warnings, evacuation notices, chemical spills, water contamination, and power outages.  Do you know how your community would alert you in an emergency? 

    It is also imperative to make sure you are connected through TV, radio, internet, and smartphones to help you make informed decisions to keep you and your family safe.  Whether you are at home, work, or school, there are plenty of ways to keep informed. 

    For my parents, overnight storms have rocked the Nashville area in recent years.   Tornadoes at night are particularly dangerous as people are asleep and caught unaware.  To make sure my parents were ready, this spring they bought a NOAA weather radioExternal Web Site Icon to make sure they were receiving warnings around the clock.

    Red Cross Hurricane App

    With evolving technology, there are plenty of options for keeping informed.  CDC, FEMAExternal Web Site Icon, Red CrossExternal Web Site Icon, the Weather ChannelExternal Web Site Icon, and even many local news stations have developed apps and emergency alert systems.  CDC recently signed up to participate in the new Twitter Alerts program.  Intended for crisis and emergency information, you can subscribeExternal Web Site Icon through your Twitter account to get our most critical updates.

    Here are a few things you can do this month to make sure you stay informed:

    • Understand what risks affect your area. Learn about your community’s warning system (e.g., sirens) and find out if your local emergency management uses a website, text messaging, or even Twitter.
    • Make sure everyone in your family knows how to use text messaging.  In an emergency, if phone lines are down, texting may be the best way to communicate.  If someone in your family does not know how text messaging works, sit down with them this month and teach them the basics.
    • For your home, purchase a NOAA emergency alert radio, which turns itself on to warn you when an emergency alert is issued.
    • Develop a family communication plan.  Know how to contact each other, and where to meet if phone lines are jammed.
    • Neighborhood Watch AlertsExternal Web Site Icon provides free email or text message alerts for all people and neighborhoods with or without formal or informal neighborhood watch programs.  Many federal agencies run alerts through this program. 

    Check out Do 1 ThingExternal Web Site Icon for more tips and information, and start putting your plans in place for unexpected events. Are YOU ready?

    How do YOU stay informed in an emergency?  Leave a comment and let us know!


    ANCHORAGE, Alaska — It’s been a race against time to get essential disaster assistance to survivors of Alaska’s devastating spring floods. Now, with temperatures dipping below freezing and snow beginning to fall in the remote Alaskan Bush, the Federal Emergency Management Agency, its State of Alaska partner and several voluntary organizations are working feverishly to get as many families as possible back into their homes.

    Of the eight largely Alaska Native communities most affected by the May and June floods, the small city of Galena took the hardest hit. Submerged under as much as 9 ½ feet of water and rammed by massive boulders of ice that jumped the riverbank, most of Galena came to a standstill.

    With just 470 residents, 97 percent of Galena’s homes were affected by the disaster, as were roads, power and water supplies, a health clinic, an assisted living center for the community’s elders and other facilities. The result is that 201 of the 372 households that registered with FEMA for disaster assistance are in Galena.

    To make matters worse, Galena’s tragedy affected as many as 10 surrounding villages, as it’s a hub for employment, transportation and health care, while its boarding school makes it a significant provider of youth education in the region.

    What’s more, like several of the other flood-soaked communities stretching from the Canadian border to the Bering Sea, Galena has not a single road connecting it to the outside world. Of the other disaster-affected communities — Alakanuk, Circle, Eagle, Emmonak, Fort Yukon, Hughes and Tok — only Circle and Tok have overland routes open year round.

    In the three months since President Obama’s June 25 disaster declaration for Alaska, more than $10 million in state and federal assistance has been approved for survivors and their communities. The total includes more than $3 million in awards to individuals and families for home repairs and for other essential needs, including the replacement of life-sustaining tools, boats, all-terrain vehicles, and hunting and fishing equipment lost in the floods.

    In addition, the U.S. Small Business Administration has approved nearly $3.8 million in low-interest disaster loans for the repair of homes and businesses in the disaster area. Also included in the $10 million total is $3.2 million in obligations to the state and local communities to help pay for debris cleanup, repairs to damaged facilities and infrastructure, and for costs incurred in protecting lives and property during the floods.

    “Ten million is a good start toward recovery, but FEMA understands that assistance dollars to these isolated communities are little more than paper without the means to put the money to work,” said Federal Coordinating Officer (FCO) Dolph Diemont. “For that reason, we’ve worked closely with the State and our voluntary agency partners to offer creative solutions to the challenges people are facing.”

    With five of the communities accessible only by air and boat — and barge the only way to bring in large quantities of building supplies — FEMA is providing assistance with shipping costs of building materials for eligible applicants.

    FEMA so far has received nearly 90 requests from households for assistance with shipment of materials, and has shipped more than 363,000 pounds of building materials, sheltering supplies and donated items. The barges not only deliver critical care packages for those affected by the floods, they provide the material resources survivors need to rebuild their homes and their lives.

    Human resources — the skilled, extra hands to help with the work — are also desperately needed in the damaged communities, where subsistence hunting, fishing and wood-gathering is occupying many residents ahead of winter. Although limited in number by conditions on the ground in rural communities, voluntary and service organizations have provided essential recovery services to survivors in Galena, Alakanuk, Circle, Emmonak, Fort Yukon and Hughes.

    Recognizing the travel distances and the scarcity of housing for volunteers from the lower 48 states, FEMA is covering the travel costs for a variety of volunteer workers, while the State of Alaska has stood up a winterized, 40-bed responder support camp in Galena, ensuring most of the beds go to volunteers.

    AmeriCorps, United Methodist Volunteers in Mission, Disciples of Christ, Mennonite Disaster Services, World Renew and Arizona Southern Baptists have been working steadily with survivors, mucking out and gutting flood-soaked homes or performing repairs and rebuilds. In addition, Galena Baptist Church members and other local volunteers are helping their neighbors. Thanks to these efforts, most survivors will be back home before winter.

    There is still much work to do, however. The extent of the destruction means not everyone’s home will be restored in the few weeks remaining to ship supplies by barge before water levels drop, the rivers freeze up and the building season comes to an end. That doesn’t mean the effort is slowing down.

    “Our goal has always been to get survivors back to their communities and back into their homes to the greatest extent possible before winter,” said State Coordinating Officer Bryan Fisher of the Alaska Division of Homeland Security and Emergency Management. “While some homes will require more work next spring, the coordination taking place now will ensure that every survivor has a safe, dry and warm place to stay, and that their needs are met for winter.”

    State and federal recovery specialists continue to contact flood survivors, going door to door in some cases, to identify any remaining needs that can still be met before winter. In some cases, a home may lack plumbing fixtures, an electrical or water hookup, or another essential service to make it functional — and the goal is to get that work done.

    While sheltering operations have scaled down considerably in Galena, the Mass Care team continues to provide shelter, now mainly in the 12-room Birchwood Hall, to residents who are completing home repairs or who must be in Galena for work or other needs. In Fairbanks, State and FEMA recovery specialists also are helping a small number of remaining evacuees transition from a temporary shelter to more practical winter housing.

    Meanwhile, FEMA is providing rental assistance to eligible survivors, while the State is offering rental assistance outside of Galena to those who are ineligible for or cannot make use of FEMA assistance. The State and FEMA continue to work with survivors whose Galena homes aren’t quite ready, but who wish to stay at home through the winter using wraparound support services such as showers, toilets, and laundry and food services. In addition to many other duties in support of survivors, FEMA Corps members are managing a drop-off laundry service.

    After preparing and serving more than 17,600 meals at a Bureau of Land Management facility — much of the food donated by the Alaska Food Bank and the Alaska Department of Education — the feeding mission has entered its winter phase. Hot meals are now prepared in The Salvation Army’s central kitchen in Anchorage and shipped frozen by air to Galena. Survivors can pick up the meals, heat them in microwaves at the community center and take them home to eat as a family. Self-serve breakfasts are also provided at the community center. Food service will continue in Galena for as long as the need remains.

    For some residents, there still are housing decisions to be made, and caseworkers continue to work with applicants to provide information on programs and policy, and to outline options, especially for Galena’s riverside neighborhood of Old Town, which took the brunt of the spring flooding.

    “We especially wanted to provide options to Old Town residents, since our studies indicate it remains at serious risk of life-threatening flooding,” said FCO Diemont. “While FEMA cannot legally and in good conscience promote permanent occupancy of Old Town with taxpayer dollars, we are working with the State to provide opportunities for residents to move to safety.”

    For example, the State has announced that several million dollars in additional funds to be provided to Alaska under the FEMA-funded Hazard Mitigation Grant Program will be earmarked for property acquisitions in Old Town, as well as for property elevations in the New Town neighborhood farther away from the river. Since participation in the program is voluntary, community leaders are discussing options with homeowners so applications can go forward over the winter.

    State and FEMA Public Assistance and Hazard Mitigation specialists also are exploring strategies and funding opportunities to help Galena and the other disaster-affected communities rebuild stronger and more disaster-resilient. Projects identified to date include elevation of a health clinic in Circle  and construction of a new Louden Tribal Council Community Hall in New Town Galena, to replace the council’s disaster-destroyed Old Town hall.

    While great progress has been made since the floods, there is much work to do before temperatures begin plummeting toward 50 below zero and lower in the coming weeks — and much work remains over the long, dark winter. FEMA and the State pledge to remain focused on this mission until full recovery is assured.

    While barge shipments will soon stop until spring, critical food and supplies will continue to arrive by air, interior construction will continue and all other possible means of driving recovery forward will be delivered.

    In addition, FEMA and State long-term recovery specialists will set to work with the community of Galena to develop a strategy for building a stronger, safer, more energy-efficient city for the future, using the community’s existing development plans as a guide. Meanwhile, coordination will continue through the winter in an effort to ensure that plans, supplies and volunteers are in place to pick up the rebuilding effort at first thaw.



    Just last month the Disaster Recovery Preparedness Council reported some initial findings from our new online Disaster Recovery Preparedness Benchmark (DRPB) Survey.  We created the survey to help give business continuity, disaster recovery, compliance audit and risk management professionals a better measure of their own preparedness in recovering critical IT systems running in virtual environments.

    Some of the preliminary findings from the survey have surprised us.  For example, results indicate that organizations in highly regulated industries such as financial services, healthcare and government, fail to make the grade for disaster recovery preparedness. In spite of strict regulations, these organizations do not appear to be better prepared than others to recover their IT systems in the event of a disaster.

    Here are some results from highly regulated industries that describe their shortcomings:



    Economic damages from the recent flooding in Colorado are expected to surpass $2 billion, according to a recent report from catastrophe risk modeler Eqecat. Most of that financial burden will fall on residents because very little flood risk is insured in the state.

    Between 1,500 and 1,800 homes have been destroyed and thousands of homes have been damaged, leaving more than 10,000 people displaced. The estimated total cost to repair destroyed homes averages $300 million and early reviews of residential flood damage indicate an average of $20,000 to restore each of the 17,500 flooded homes that were not destroyed. But because of exclusions to the basic homeowners insurance policy, most of the losses will not be covered by insurance.

    Historically, a very small portion of homeowners purchase flood insurance on homes outside of the 100-year flood zones outlined by the U.S. National Flood Insurance Program, which provides insurance as part of a mortgage. Of the 17 counties impacted, most of the areas are not within defined flood zones.



    Monday, 30 September 2013 17:39

    Sociocultural Aspects of Software Projects

    The desire to be agile has long impacted human behavior. Consider the elite athlete, the army general, the opera singer, the belly dancer, the professional golfer, the heavyweight boxer, the high seas sailor, the commercial pilot, the top-end banker, and even the federal politician — they all love agility, and so do we. Why? Put simply, agility provides the basis for adaptability and change which, in turn, are integral to our survival and growth. The same agility that enables a springbok to outrun a lion or an ant to carry a load more than 20 times its size allows a small start-up in Southern California to prevail against the might of a large, well-established brick-and-mortar organization (based on my arguments in the preface to my book, The Art of Agile Practice: A Composite Approach for Projects and Organizations). No wonder mainstream business is increasingly fascinated by “Agile.”

    In a special issue of Communications of the ACM commemorating the first 50 years of computing, virtual reality pioneer Jaron Lanier wrote: “The biggest surprise from the first 50 years of computers is that computation turns out to be a cultural object in its own right, with all its warts and semicolons.” This phenomenal importance of “human issues” in IT project management has also found its way in discussions by Cutter Fellows Tom DeMarco and Timothy Lister in their book Peopleware: Productive Projects and Teams; Gerald M. Weinberg’s The Psychology of Computer Programming, and Larry Constantine’s Constantine on Peopleware and Soft Issues and Other Hard Problems in Software Development. Indeed, Constantine claimed: “Good software does not come from CASE tools, visual programming, rapid prototyping, or object technology. Good software comes from people. So does bad software.” I have also discussed the importance of people in software projects and the destructive nature of “game playing” — together with suggested antidotes. These discussions led to an inescapable conclusion: the dire need to address the social and cultural factors in project management. Contemporary Agile emerged out of the exploration of such issues in software development projects. Agile helped the software development community climb out of its cellars of up-front planning, analysis paralysis, and siloed (primarily driven by the waterfall lifecycle) approaches to the users and business.



    Ok, so NASA failed an audit. Don’t we all? I think it is important to understand the government’s cloud computing adoption timeline before passing judgment on NASA for failing to meet its cloud computing requirements. And, as someone who has read NASA’s risk management program (and the 600 pages of supporting documentation), I can say that this wasn’t a failure of risk management policy or procedure effectiveness.  Clearly, this was a failure of third-party risk management’s monitoring and review of cloud services.  

    The Cloud Is Nebulous

    Back in 2009, NASA pioneered cloud technology with a shipping container-based public cloud technology project named Nebula -- after the stellar cloud formation. (I love nerd humor, don’t you?)



    Monday, 30 September 2013 17:31

    Are You In A Decision Trap? You Decide

    Before joining Forrester, I ran my own consulting firm. No matter how ridiculous the problem or how complicated the solution, when a client would ask if I could help, I would say yes. Some people might say I was helpful, but I was in an overconfidence trap. There was always this voice in the back of my mind that would say, “How hard could it be?” Think of the havoc that kind of trap can have on a risk management program. If any part of the risk program is qualitative, and you are an overconfident person, your risk assessments will be skewed. If you are in an overconfidence trap, force yourself to estimate the extremes and imagine the scenarios where those extremes can happen. This will help you understand when you are being overconfident and allow you to find the happy medium.

    Have you ever padded the budget of a project “just to be safe”? I hate to tell you this, but you are in the prudence trap.  By padding the project budget, you are anticipating an unknown. Many other managers in your company may be using the same “strategy.” But the next time you do a project like this, you will pad the budget again, because the inherent uncertainty is still there. The easiest way to keep your risk management program out of the prudence trap is to never adjust your risk assessments to be “on the safe side,”  There is nothing safe about using a psychological trap to predict risk.



    CIO - Data recovery used to be a straightforward matter of running competent data recovery software on a single disk drive. Advances in storage technology now make a number of deployment scenarios possible. Even with the best data backup practices, though, it's unlikely for a small business to have the infrastructure to keep its data perfectly synchronized.

    To help small businesses be prepared should a data disaster event strike, here's a look at how the most common storage options on the market deal with data recovery.

    RAID: You'll Need Software to Complement Hardware

    Network Attached Storage (NAS) appliances rank among the most common storage devices that today's businesses use. They range from simple two-bay devices to 10-bay appliances that offer Storage Area Network (SAN) capabilities. Redundancy is typically implemented using Redundant Array of Independent Disks (RAID), which offers simple mirroring (RAID 1) as well as more advanced methods that strip blocks of data across multiple disks to mitigate against a single drive failure (RAID 5) or even two failed drives (RAID 6).



    Brigham and Women's Hospital

    In the last eight years, Brigham and Women’s Hospital in Boston has conducted 78 large scale emergency drills.  On the afternoon of April 15, immediately following the two bombs set off during the Boston marathon, it was time to put their well-practiced plans into action.

    Brigham and Women’s Hospital had prepared for a variety of events, both natural and man-made.  Casting a wide net and taking an all-hazards approach, they ran drills for oil spills, chemical attacks, active shooters, blizzards, train crashes, hurricanes and building evacuations. The hospital ran exercises and responded to real-life events at a division, departmental, hospital, city-wide and state-wide level.  No doubt, the drills helped to establish routines and relationships across departments and across systems.

    Members of BWH's Hazardous Material Response Team stand at the ready during a simulation in 2012.

    On Monday, April 15, there was a short turnaround between finding out about the event and implementing a plan.  At 2:54 p.m., when  the call came in about two explosions at the race, the already busy 55-bed emergency department had 66 patients. 

    Brigham and Women’s Hospital implemented what they call a Code Amber, activating the hospital disaster response system.  The hospital-wide response plan that they practiced regularly started with building capacity and capability in the emergency department, in the operating rooms, and throughout the hospital.  Where possible, patients were discharged or transitioned to other departments to disperse the crowded area.  Multiple operating rooms were rapidly opened and staffed for potential emergency surgeries.

    The hospital cared for 39 patients from the bombing, 23 in the first 45 minutes. Staff set up a primary triage team to assess immediate need before a secondary triage team identified patients that needed emergent surgery.   Patients requiring surgery went directly to the operating room from the Emergency Department, just as they had drilled in prior exercises.   Patients were rapidly cared for throughout the hospital.

    In the end, the drills and training clearly contributed to the success of the hospital’s response.  The Incident Command System followed protocols and organized logistics and communications to ensure an effective, rapid hospital wide response. Even with all the advanced training, there was still room for improvement.

    Members of the Command and General Staff in the Emergency Operations Center at BWH during a recent drill.

    The first lesson learned was the importance of establishing crowd control in the emergency department.  With plenty of hands jumping in to help it was almost overwhelming.  Brigham knew they needed to establish a labor pool and work on how they assigned roles to doctors, nurses, and volunteers in order to maximize contributions and response. 

    The second lesson was to improve and streamline communication between the various teams in the emergency department and the emergency operations center.  With the available resources in an emergency, Brigham and Women’s Hospital discovered that they could enhance communications more readily assigning available staff in leadership and support roles.

    The third lesson was overall situational awareness regarding communications, patient and staff location.  With multiple events occurring, clear, frequent information flow was critical.

    In the months following the bombing event, Brigham and Women’s Hospital instituted a mandate to focus on July 4 as a milestone date to show improvement.  With a half a million spectators coming to the Boston waterfront to celebrate the holiday, the hospital wanted to be ready in advance.

    BWH trauma surgeon Dr. Robert Riviello looks on as Boston Marathon bombing survivor Jarrod Clowery talks about his experience at an April 30, 2013 press conference.

    They conducted more spontaneous drills to focus on role clarity, reviewed job action sheets with providers and refined their information systems based on the marathon bombings experience.

    “We have to be fluid, flexible, and able to adapt to the scenario,” said Dr. Eric Goralnick, Medical Director of Emergency Preparedness.  “We are a 793 bed academic medical center that is running at capacity a majority of the time. With competing priorities, getting everyone on the same page and operating cohesively in an emergency requires constant vigilance. A commitment to preparation and training is an institutional imperative. ”


    Feature For many SMEs, tape disappeared from their landscape as a data storage choice ten or more years ago. Domestically, it exists, if at all, as a legacy item with perhaps a car stereo chewing its way through a selection of fondly regarded C-90s. Still, this lack of public visibility by no means indicates that tape has come to the end of its spool.

    Hard drive prices have steadily fallen while their capacities escalate unabated, and yet tape storage continues to play a pivotal role in business information management. For the big data boom, it proves cost-effective, energy efficient and easier to handle for remote back-ups and archiving. To find out more about the reliance IT places on this media and how it’s is deployed, I met with two IT professionals who share the same job title, but have very different roles.



    Since the 2004 amendments to the Federal Sentencing Guidelines for Organizations moved risk assessments and program assessments from the realm of best practice to what can be seen as the territory of de facto requirements, there has been a fair bit of confusion regarding the distinctions between these two C&E program components.

    In principle, a C&E risk assessment helps an organization understand not only what its risks are, but how to mitigate them.  A program assessment, of course, tells the company how well the program is functioning.  So, risk assessment can be seen as more design oriented, and a program assessment has more of an operational focus.

    But in practice, the two overlap because one cannot assess risks without understanding how well a C&E program is mitigating them (i.e., the concept of “net risk”) and one cannot measure program efficacy without meaningful reference to an organization’s C&E risks.  Moreover, some program measures will clearly serve both risk and program assessment purposes.  For instance, C&E-related questions on employee surveys (e.g., whether the respondent agrees with the statement, “My manager acts with integrity”) can be useful both for program assessment purposes (that is, assessing how well the program is impacting behavior) and also risk assessment ones (that is, variations in responses among business units and/or geographies can help an organization determine where its risks are, and hence where additional C&E measures – such as training or auditing – are warranted).



    CSO — Before rushing into allowing employees to do their jobs on their personal devices, organizations need to diligently address the unique risks of that practice, cautioned a report by an international cybersecurity information organization.

    When businesses push Bring Your Own Device (BYOD) programs into place too quickly, risk management is often neglected or rushed, leaving organizations with both unknown and unnecessary risks, the Information Security Forum reported on Tuesday.

    For organizations to be successful in the era of mobile devices in the workplace, risk management must be the foundation of any BYOD program, the report added.



    Distributed Denial of Service (DDoS) attacks are becoming a trending and serious issue when it comes to Cyber Security across many industries in particular the banking and financial sectors.

    In a DDoS attack Botnets (usually referred to as a “Zombie army”) bombards a server or a network with thousands of system requests sent from infected computers and internet connections causing network traffic to become overloaded and unavailable. So how do we prevent this from happening? Below are five strategies that can be used to prevent a DDoS.

    One is improving network resilience by implementing connection redundancy and dedicated DDoS mitigation systems to isolate and remediate attacks. Consider deployment of additional DNS and web servers to balance the CPU load from the incoming flood of requests or use load balancing to bring critical services back up quickly.



    Combining operational data from other sources — particularly Big Data sets — is generating a lot of discussion as a “next step” for companies investing in Big Data. So it’s not surprising that Pentaho’s release of its new Business Analytics 5.0 platform is generating some buzz.

    Pentaho calls this release a “complete redesign and overhaul of its data integration and analytics platform,” according to IDG. The reason for the overhaul: Pentaho wants to build a solution from the ground up that could address “data blending” and make it easier for the end user.

    Which begs the question: What, exactly, is “data blending?”



    Wednesday, 18 September 2013 15:07

    Does the Private Cloud Have a Real Future?

    Conventional wisdom holds that enterprises will embrace the public cloud while revamping internal infrastructure with private cloud technology, eventually combining the two into a grand hybrid data environment.

    Sometimes the best laid plans have their detractors, however.

    In this case, that would be Amazon Senior VP Andy Jassy, who took the floor at the recent AWS Enterprise Summit in London to unleash both barrels on the private cloud concept, calling it “archaic” and all but accusing traditional enterprise vendors (a.k.a. the “old guard”) of keeping the enterprise in thrall with a bunch of false promises. At best, he said even large firms will see internal infrastructure reduced to a shadow of its former self as organizations tap into the data service powerhouse that Amazon has become.



    Wednesday, 18 September 2013 15:07

    Story: “When I Close My Eyes, I Hear Water”

    Story by American Red Cross Volunteer, Catherine Barde

    Eldin and Audrey Myer, married 53 years and lifelong Colorado residents, lost their home in the devastating flood waters in Evans, Colorado. They found themselves in one of many shelters opened across Colorado as safe place for people to stay along with blankets, cots, food, comfort and emotional support.

    “We got taken out on a boat – the water was over our fence,” Eldin recalled. They watched their home surrounded by a wall of water as they left.  Trees, barrels and tires filled the turbulent water as the boat carried them to safety.  John Betz, their nephew, lost his home next door and shared his photo of their rescue.

    Eldin and Audrey were escorted to the local hospital and then found shelter at the Greeley Recreation Center.  Red Cross Health Services has continued to monitor their medication needs and blood pressure.

    “We have lost everything including our pets, we just had no time to get anything except Eldin’s cane and my purse,” Audrey said.

    “When I close my eyes, I see water, I hear water”,  Audrey Myer said, as tears welled up in her eyes. “When you have lost everything, it is so great to come to the Red Cross shelter. There is a nurse, personal items, shampoo and toiletries. We are so grateful.”


    VOLUNTEERING: At this time, the American Red Cross of Colorado is fortunate to have volunteers who are trained, ready and willing to support our response to the flooding in our communities. We thank individuals and community groups who are willing to support this effort and encourage them to register to become new volunteers to help with future disaster responses. They can find all relevant information at http://www.redcross.org/co/denver/volunteer.

    Should the situation change or worsen, we will update information on our website and in press releases to indicate whether we are accepting volunteers to help with this response.

    In Kind Donations: The Red Cross does not accept donated items at their shelters. People with items to donate are urged to go to www.helpcoloradonow.org to find out where supplies are needed.

    DONATE: The Red Cross is able to respond to a widespread disaster affecting numerous communities because of the generosity of donors. If you would like to support our work responding to these and other disasters, donate online at www.redcross.org/donate or by calling 1-800-REDCROSS.

    PREPARE YOURSELF AND YOUR COMMUNITY: One of the best ways to take action right now if you are not personally affected by the flooding is to prepare yourself, your loved ones and/or your workplace. When you are prepared, you contribute to your community’s ability to withstand and recover from disasters. Find out more and start making your emergency Game Plan by visiting our National Preparedness Month information page: http://www.redcross.org/news/event/National-Preparedness-Month—Colorado.

    KEEP IN TOUCH: If you live in an affected community, please notify your loved ones of your status via text, phone, e-mail or social media. In addition, list your status on www.safeandwell.org. You may also search for people on the site.



    One southern California town has officially been warned that their insurance will be cut off if city officials do not adopt risk management policies.

    Irwindale’s insurer, the California Joint Powers Insurance Authority, issued a performance improvement plan on August 28 and said city liability and workers compensation insurance will be terminated if it does not adopt the measures. Allegations of corruption have cast a pall over the police department and local government, and the city has been forced into almost $2 million in settlement payouts over the past five years, according to the Pasadena Star News.

    “They’re on notice that they need to improve their risk management practices within the city’s operations, specifically in the police department, to maintain their insurance coverage with our agency,” JPIA’s risk management program manager Bob May told the paper.



    Wednesday, 18 September 2013 15:05

    Skinning The Innovation Cat

    There are many ways to skin a cat. The same can be said of innovation. When I mention innovation in conversation, people generally think about a process of making a product bigger, faster, better, or stronger. However, product improvement is just one type of innovation. Innovation can target the process around creating a product, resulting in lower costs such as the "lean manufacturing" innovations from the automobile company Toyota. Innovation can target improvements in the design of marketing materials, creating a more emotionally appealing advertising campaign and resulting in higher revenue. Marketing innovation has been used by numerous firms over the years to reinvigorate their concepts and company. Samsung designed their Bordeaux television line after being inspired by a wine glass. They have been on the top of the television market ever since. Innovation can even mean cultural innovation in which the culture of the company changes and innovates to come in line with a newly updated corporate vision increasing employee loyalty, retention, and overall happiness. Innovation has many faces.
    My friend and Forrester colleague Rick Holland recently introduced me to a very interesting and innovative company that is currently in the process of disrupting a very old and stale, and nearly monopolistic, market. In 2010, the Internet glasses company Warby Parker realized that they could significantly improve the process of buying glasses. Warby was founded by David Gilboa and Neil Blumenthal on the premise of creating an online eyewear retailer that sold high-end specs for sub-$100 prices.

    CIO — As if IT departments didn't have enough to worry about these days. They also have to ensure that the organization is in compliance with various industry and federal regulations (PCI, Sarbanes-Oxley, HIPAA) designed to keep sensitive customer data safe. An increasingly difficult task in today's decentralized, mobile, app-filled world. It's enough to give a CIO or CTO a headache.

    "Compliance is a hot issue in IT, and for good reason," says Andrew Hodes, director of Technology at INetU, a cloud and managed hosting provider. "Failure to meet rules and guidelines set by compliance standards could mean fines, penalties and loss of trust."

    The Biggest IT Compliance Challenges

    But keeping the organization in compliance with industry and federal rules can be difficult, especially with more companies allowing workers to bring their own devices (BYOD). So what are some of the biggest challenges to keeping compliant? Dozens of technology pros and compliance experts share their top seven answers.



    Richard Chambers, CIA, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession.

    No relationship for a Chief Audit Executive (CAE) has been transformed more over the past decade than that with the audit committee. According to The IIA’s Audit Executive Center, more than 75 percent of internal audit departments in North America report functionally to the audit committee. And in many companies, the audit committee holds a discussion session with the CAE at every meeting.

    The audit committee’s success is tied to the effectiveness of the internal audit department. Accordingly, audit committee members must have complete confidence in the internal audit function and its CAE. This confidence can only be achieved with a strong, continuous and open dialogue between the CAE and the audit committee. Of course, dialogue is a two-way street; it’s as much the responsibility of the CAE as the committee members themselves. But the committee must be willing to drive that dialogue in a way that provides evidence of the internal audit’s professionalism, business knowledge and risk acumen.



    A few years ago, social media were the bane of many businesses. Seen as a dangerous distraction for employees, some even instructed their IT teams to block access to social networking sites in an effort to recover employee time and productivity. Nowadays however, the tide seems to have turned. Companies look towards social media as a source of contact between their teams, with their markets, potential customers and of competitive information. But does that mean that the concerns about workers wasting time and possibly compromising a firm’s confidential data have been eliminated? Or is social media peril still lurking underneath the surface?



    As the number of ShareFile Enterprise customers continues to grow, we are seeing a number of trends that are shaping the Enterprise File Sync and Sharing Market.  In reality, it is not really just about File Sync and Sharing, it is about servicing an increasingly mobile workforce.

    Many of our customers are out of the office one week a month or more. It isn’t just about travel anymore. Global teams keep global calendars. We must enable employees to work from home for a variety of reasons such as family commitments, global virtual team meetings and more.

    Below are some common themes that impact the overall File Sync and Sharing Market. Enterprises want:



    I have experience with quality management and Six Sigma.  Change, designed to gain efficiencies and better product/service quality has become a way of life in many industries.  Many of the organizations that I have worked for have benefitted from the questions “Why?” and “Is there a better way?”  ISO not only promotes standards and best practices, but also stresses continuous improvement.

    Many companies measure their Business Continuity Management program against ISO22301, or some other standard.  We may measure the result of our work against the standard; but do we do an adequate job of measuring the methods we use?  Do we look for process improvements?  Do we ask why we do things the way we do?  Do we ask if there is a better way?



    Tuesday, 17 September 2013 17:14

    PaaS: The Next Frontier in the Cloud

    A cloud of many faces is taking shape before our eyes.

    It is common knowledge by now that the cloud is not merely an extension of the data center but an entirely new data ecosystem that can grow, change, and yes, evolve into a wide range of configurations, just as any organic creature is able to adapt to changing environments. In many ways, this change can be anticipated and planned for, but as the market matures, you can bet there will be a fair number of unexpected developments as well.

    But to get the kind of flexibility to handle both the expected and the unexpected, enterprises will have to shed much of the thinking that has governed cloud deployments so far. This is not merely an extension of current data infrastructure but an entirely new way to doing things. Much of the attention in the cloud is turning away from simple applications and infrastructure to fully cloud-based development platforms because of this new way of thinking.



    Dealing with IT outsourcers can be difficult under the best of circumstances, like when the scope of the project is relatively small, and only one or two key suppliers are involved. But when you’re thrust into a multisourcing situation where multiple suppliers are contracted to handle various parts of a large-scale project, it can be a nightmare of “not my job” buck-passing and finger-pointing when something goes wrong. Multisourcing can be a mega-headache.

    The pain is likely to get worse before it gets better. According to Information Services Group (ISG), a Stamford, Conn.-based technology services consulting firm, the multisourcing model is becoming increasingly common, and we’re on the cusp of seeing a surge of these contracts being negotiated. A record 901 outsourcing contracts valued at $25 billion expired in 2012, ISG says, and another 886 contracts valued at $21.2 billion will expire this year.

    I discussed all of this in a recent interview with Lois Coatney, an ISG director who has been in the trenches and has seen the challenges inherent in the multisourcing model. She has said that one of the biggest challenges lies in the fact that “providers are financially motivated to get the highest possible fee for the least amount of work,” and that “you often see individual providers conclude that it's in their best interest to protect their turf and to find ways to show that fixing whatever problem arises is the responsibility of another team.” Before joining ISG, Coatney worked at HP Enterprise Services, so I asked her if she could share any tips based on HP’s strategy in a multisourcing environment that would have been very helpful for the customers if only they’d known. She responded that she couldn’t speak on HP’s strategy, but she could speak from a supplier’s perspective:



    Monday, 16 September 2013 19:34

    Are you ready for the next disaster?

    If the Old Farmers Almanac is to be believed, we're heading for a seriously cold and snowy winter. In addition, the National Oceanic and Atmospheric Administration has forecast an active hurricane season.

    You can't do much about the weather except be ready for it. That's why the American Red Cross designates September as National Preparedness Month.

    Not that preparedness is just about weather: The Red Cross urges being ready for floods, fire, earthquake and other dangerous situations.

    How prepared are you? If you lost power and/or water for three days, would you be able to stay warm, fed, hydrated and reasonably clean?

    The good news is that preparedness doesn't have to cost a fortune. The bad news? Plenty of us don't seem to bother, at least when it comes to natural disasters. Experts say that people view those differently than they do dangers created by humans (e.g., radiation or terrorist attacks).



    Reacting to Friday's elementary school shootings in Connecticut, Gov. Rick Perry wrote Texas Education Commissioner Michael Williams, “asking that you direct all school districts to review their emergency operation plans.”

    Every Texas district has such a plan, and educators in San Antonio said they take as many precautions as feasible.

    But they can't prevent all violent incidents, they said.

    “It's a harsh reality of working in a public school you face every day, that something like this could happen,” said Herlinda Longoria, principal at Harlandale Independent School District's Gilbert Elementary.

    Recalling an attack by one parent against another outside San Antonio Independent School District's Bonham Academy in August, she said schools, especially urban schools, must be ready to respond.

    “We live in an area where crime happens and several students have witnessed violence in their homes and neighborhoods; so it crosses our mind often that we have to be alert and protect our students,” Longoria said.



    This article was reprinted with permission from Michael Volkov’s Corruption Crime & Compliance.

    When you get older, you realize that the so-called “mysteries of life” or institutions which you viewed with admiration from afar are really not as complex as you think.  I would never call this cynicism.  With age, you recognize that a lot of things that occur in life are the result of nothing more than just good old-fashioned people skills.

    How does this apply to the Chief Compliance Officer’s work and position?  In most forward-thinking organizations, the CCO reports to the CEO on day-to-day issues and the Board on a quarterly basis and, as needed, if an emergency occurs.



    Monday, 16 September 2013 19:28

    Test Your CRM Management and Administration IQ

    CIO — The story's as old as system administration: Some parts of the job are straightforward and risk-free, but other tasks are fraught with high error rates and nasty consequences.

    Think back to the infamous rm —rf * command that erased most of Toy Story 2 before it ever made it out of Pixar. Or go further in time to the Bell Labs study of UNIX users' made mistakes with shell scripts. The vast majority of the mistakes involved the IF statement.

    Think things have changed that much with today's all-GUI, all-the-time model of system management?



    President Obama Makes Federal Assistance Available to Individuals Residents Urged to Follow Instructions from Local Officials

    WASHINGTON – The Federal Emergency Management Agency (FEMA) continues to support state and local response efforts to the flooding in Colorado through its National Response Coordination Center in Washington and its Regional Response Coordination Response Center in Denver, Colo.

    On Saturday, President Barack Obama declared a major disaster declaration for Boulder County, Colorado.  The President’s declaration makes federal assistance available to individuals for temporary housing and home repairs, low-cost loans to cover uninsured property losses, and other programs to help individuals and business owners in their recovery.

    "As response efforts continue, FEMA encourages residents in affected areas to stay informed about changing flood conditions and follow the direction of local officials," said FEMA Administrator Craig Fugate. "Let your friends and family know that you’re safe. Impacted residents in Boulder County can start registering for federal assistance today."

    Individuals and business owners who sustained losses in Boulder County, Colo. can apply for assistance by calling 1-800-621-FEMA (3362).  Disaster survivors who have a speech disability or hearing loss and use TTY should call 1-800-462-7585 directly; for those who use 711 or Video Relay Service (VRS), call 1-800-621-3362.  Those in the affected area with access to the internet may register by Web-enabled mobile device at m.fema.gov, or online at www.disasterassistance.gov.

    The President’s major disaster declaration also makes federal funding available to state and eligible local governments and certain non-profit organizations to support emergency work in Boulder County to save lives, protect property and remove debris.

    When natural disasters such as flooding occurs, the first responders are state and local emergency and public works personnel, volunteers, humanitarian organizations, and numerous private interest groups who provide emergency assistance required to protect the public's health and safety and to meet immediate human needs.

    FEMA's priority is to support local efforts to keep residents and communities safe. FEMA has two Incident Management Assistance Teams (IMATs) and a liaison officer on site at the Colorado emergency operations center to coordinate with state and local officials to identify needs and shortfalls impacting disaster response.  Three federal urban search and rescue teams, Colorado Task Force 1, activated by the state, Utah Task Force 1 and Nebraska Task Force 1, are on the ground to support search and rescue operations in hard hit areas.  Two additional federal urban search and rescue teams, Nevada Task Force 1 and Missouri Task Force 1, are en route to Colorado.

    FEMA proactively staged commodities closer to the hardest hit areas and areas potentially affected by the severe weather and flooding.  More than 65,000 liters of water, 50,000 meals and other supplies have been delivered to Incident Support Bases established by FEMA. These resources are being provided to the state as needed and requested. A FEMA Incident Response Vehicle is in Colorado providing communications support to the emergency operations center for the town of Lyons.  FEMA has identified additional teams and personnel to support the state should they be needed and requested.

    On Thursday, September 12, President Barack Obama declared an emergency for three counties in Colorado, and ordered federal aid to supplement state and local response efforts.  The declaration made direct federal assistance support immediately available to save lives and to protect property and public health and safety in areas of Colorado, including Boulder, El Paso and Larimer counties, affected by the severe storms, flooding, landslides and mudslides.

    We urge residents to continue to monitor weather conditions, and those in impacted areas to listen carefully to instructions from their local officials and take recommended protective measures to safeguard life and property while response efforts continue.  According to the National Weather Service, the official source for severe weather watches and warnings, flooding advisories remain in effect for several areas in Colorado, and severe weather remains in the forecast through the weekend in some areas. 

    Here are a few safety tips to help keep you safe during flooding:

    • Turn Around, Don't Drown. Avoid flooded areas.
    • Give first responders space to do their work by following local public safety instructions.
    • Return home only when authorities indicate it is safe.
    • Roads may still be closed because they have been damaged or covered by water. Barricades have been placed for your protection. If you come upon a barricade or flooded road, turn around, don’t drown. Go another way.

    Those in areas with the potential to be affected by flooding should familiarize themselves with the terms that are used to identify a flood hazard and discuss what to do if a flood watch or warning is issued:         

    • Flood Watch: Flooding is possible. Tune in to NOAA Weather Radio, commercial radio, or television for information.
    • Flood Warning: Flooding is occurring or will occur soon; if local officials give notice to evacuate, do so immediately.
    • Flash Flood Watch: Flash flooding is possible. Be prepared to move to higher ground; monitor NOAA Weather Radio, commercial radio, or television for information.
    • Flash Flood Warning: A flash flood is occurring; seek higher ground on foot immediately.

    Wireless Emergency Alerts (WEAs) are now being sent directly to many cell phones on participating wireless carriers' networks. WEAs sent by public safety officials such as the National Weather Service are designed to get your attention and to provide brief, critical instructions to warn about imminent threats like severe weather.  Take the alert seriously and follow instructions. More information is available on WEA at www.ready.gov/alerts.

    For more information and flood preparedness tips, please visit: www.ready.gov or www.listo.gov to find out how you can prepare your family for flooding and other disasters.


    Monday, 16 September 2013 19:26

    Get Tech Ready

    PHILADELPHIA – When most people prepare for an emergency, they assume they won’t be able to use technology as a resource; the power will probably be out, so technology won’t be able to help.  With effective planning, it’s possible to take advantage of technology before, during and after a crisis to communicate with loved ones, manage your financial affairs, and get important information.

    “Information and communication are two of the most important aspects of successfully getting through an emergency,” said Regional Administrator MaryAnn Tierney, “they can get you in touch with loved ones, alert you to where resources are, and let you know when it’s safe to be outside. By using technology as a resource, you can improve your ability to communicate and receive information.”

    Getting tech ready means not only preparing your devices to be easy access resources for you and your family, but also planning for ways to keep your devices powered.  Get a solar-powered or hand crank charger and a car charger for your phone to keep it powered throughout the emergency.

    Follow important officials and organizations on social media channels, doing so will help you receive important information if you can’t access television or radio.  By identifying these accounts now, you won’t have to search for them in the middle of an emergency or drain your battery during the search.  Key accounts include emergency management agencies, Governors, local officials, and local media.  Another good way to keep in touch with officials is to see if they offer text message updates; FEMA has a text message program which includes preparedness tips and other resources, get more information by texting INFO to 43362 (4FEMA) or visiting fema.gov/text-messages.

    Synchronize your contacts across all your devices and all your channels so that way you have many ways to get ahold of people.  By having access phone numbers, social media accounts, and email addresses, you can get in touch with your loved ones even if one system or channel is down.  Often when phone calls are difficult to make, you can send text messages, social media messages, or emails to pass along important information.

    Make sure you program "In Case of Emergency" (ICE) contacts into your cell phone so emergency personnel can contact those people for you if you’re unable to use your phone.  Let your ICE contacts know that they’re programmed into your phone and inform them of any medical issues or other special needs you may have.  If something should happen to you, that action will help you receive the care you need and let your loved ones know where you are.

    Download resource apps for your smartphone, they often have important information like phone numbers, first aid tips, and other resources.  The FEMA App contains disaster safety tips, an interactive emergency kit list, emergency meeting location information, and a map with open shelters and open FEMA Disaster Recovery Centers (DRCs).  There may be other apps available from your state or local emergency management agency, ask them to see what resources you can access.

    While these are just a few examples of how you can turn technology into a valuable resource during an emergency, visit ready.gov/get-tech-ready to get more tips.

    FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, the District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts are available at fema.gov/medialibrary and youtube.com/fema. Follow us on Twitter at twitter.com/femaregion3.


    The enterprise is under the gun to quickly ramp up its efforts to implement a working cloud infrastructure, if only to bring some semblance of control over what has been so far a user-driven phenomenon.

    But while efforts to convert legacy infrastructure into cloud architectures are ongoing, the need to tap into public cloud resources is growing. And this leads to a problem, because not all cloud services are the same and the drive to develop adequate standards, benchmarks and other means of comparing cloud is still nascent.

    Fortunately, the federal government is on the case, or at least it thinks it should be. At a recent Amazon Web Services conference in Washington, top Health and human services IT honcho Frank Baitman, while praising the work the Amazon has done for the agency, expressed a need for common standards among cloud providers so the government can properly assess the services of each before buying. Such a scheme would do wonders to allow the government to support multiple vendors as it strives to offload as much data and infrastructure as possible onto the cloud.



    Since 2011 the Continuity Forum has been working with Skills CFA to develop Business Continuity skills and qualifications for use in the workplace. 
    We are now conducting a review of the Business Continuity Management (BCM) suite of National Occupational Standards (NOS).
    National Ocupation Standards  describe what individuals need to do, know, and understand in order to carry out a particular job role or function. The BCM NOS suite must suitably outline the competence and knowledge required to work within the BCM profession or manage their specific responsibilities with the planning developed within the organisation.
    We are reviewing the BCM NOS to ensure that they are up-to-date, fit-for-purpose and reflect current practice.
    As part of the review we would like your feedback on the draft NOS. This short survey presents each of the NOS in detail and asks your opinion as to their suitability.
    To have your say in our survey please follow this link.
    The survey is expected to take approximately 20 minutes to complete, with your anonymous responses being used to shape the next stage of the project. We appreciate your input and ask that you complete this survey by Monday 30 September.
    The review is being run by Skills CFA and your feedback will remain confidential and will inform the future of the Business Continuity Management NOS. If you would like to know more about this programme please do get in touch with us directly.
    Please feel free to circulate this survey link to any parties who would like to participate in this consultation.

    The other day I attended a meeting of a local business continuity forum. It was a very well run, very interesting meeting – the latter despite the fact that one of the topics was business interruption insurance, living proof that any subject can be made interesting by an engaging speaker. There was, however, one small glitch in proceedings that I thought was worthy of note. Or that at least gave me an excuse to write a blog.

    The second item on the agenda involved a live link-up, via Skype, to a presenter in some far flung, desolate location – Reading, I think. At the appropriate time, the chairman initiated the call. And then… nothing happened, apart from a deafening silence. The technology didn’t work. Now, before you say anything, yes, of course it had been tested beforehand. This was, after all, a group of consummate business continuity professionals. It had, however, been tested on the previous Friday afternoon, whereas the live event was on a Monday morning, when the volume of traffic on the network is, apparently, much greater. To the extent that there wasn’t enough room left in the pipe for a teeny weeny little Skype call.



    Iron Mountain finds that the majority of employers are not providing adequate IT infrastructure for people working from home.


    With the rapid growth in home working, paper documents and digital data are moving in and out of the workplace at an ever-increasing speed, generating some significant information security challenges.

    New research from storage and information management company, Iron Mountain, suggests that many employers are failing to provide the support and guidance required to protect their information when employees work from home.

    The research reveals that close to two thirds of employees in Europe now work from home for all or part of their time. However, just 18% of firms provide employees guidance on what paper records and electronic data can or cannot be taken out of the office, and only 17% have a formal policy to govern home working.



    Network World — Through advancements to back-end systems, providers of cloud-based disaster recovery as a service (DRaaS) are becoming more efficient at storing customer data and getting faster at restoring sites.

    The latest company to roll out upgrades is Axcient, a relatively new player in the DRaaS market. The company says by switching to a software-based approach to managing commodity hardware, instead of expensive proprietary hardware options, it has reduced the amount of power used to back up entire business operations by 66% and has cut the capacity required to store the data by half.

    Advances like these are just some of the characteristics customers should look for when evaluating a cloud-based DR provider, analysts say.



    BOULDER, Colo. — Walls of water cascading down hillsides caused flash floods across Colorado on Thursday, killing at least three people. The flooding cut off major highways, isolated mountain towns and closed the main campus of the University of Colorado, the authorities said.

    “This is not your ordinary disaster,” said Joe Pelle, the sheriff of Boulder County, where two of the deaths were reported, when he was asked about rescue efforts. “All the preparation in the world, all the want-to in the world, can’t put people up those canyons while debris and walls of water are coming down.”

    As heavy rain continued falling late Thursday, homes, bridges and small dams built along the mountains that bisect the state collapsed, succumbing to rushing floodwaters and record levels of rainfall. Mudslides swept down hillsides left treeless by recent wildfires. Firefighters made dozens of rescues as cars were overtaken by rain-swollen creeks and roads suddenly gave way.



    Here’s a question: Why is data science such a big deal these days?

    Big Data, obviously, but it’s not just that, contends veteran IT analyst Robin Bloor.

    In a follow up to his rant about the term “data scientist,” Bloor actually promotes the importance of data science as a practice, if not the terminology.

    - See more at: http://www.itbusinessedge.com/blogs/integration/data-science-is-growing-but-why-now.html#sthash.mC3xovXP.dpuf

    Here’s a question: Why is data science such a big deal these days?

    Big Data, obviously, but it’s not just that, contends veteran IT analyst Robin Bloor.

    In a follow up to his rant about the term “data scientist,” Bloor actually promotes the importance of data science as a practice, if not the terminology.

    Bridging the Last Mile of Business Automation

    He sees 10 reasons data science is gathering so much momentum. While all relate back to Big Data, it’s important to realize that Big Data didn’t just spring from the CIO’s head, fully clothed, like some sort of silicon Athena.

    Slide Show

    Four Steps to a Big Data Strategy

    No, there are significant technology trends that support the growth of Big Data, including:

    - See more at: http://www.itbusinessedge.com/blogs/integration/data-science-is-growing-but-why-now.html#sthash.mC3xovXP.dpuf

    Friday, 13 September 2013 16:50

    Towers Watson on Commercial Insurance Prices

    Commercial insurance prices rose by 6 percent in aggregate during the second quarter of 2013, marking the 10th consecutive quarter of price increases, according to Towers Watson’s latest Commercial Lines Insurance Pricing Survey (CLIPS).

    The chart below compares the change in price level reported by carriers on policies underwritten during the second quarter of 2013 to those charged for the same coverage during the second quarter of 2012.

    Commercial Lines Insurance Pricing Survey



    Fewer boards of directors are seen as their company’s top ERM program drivers, dropping to 26% in 2013 from 34% in 2011, according to the 2013 RIMS Enterprise Risk Management Survey, released today. This year risk managers came in as the second driver at 17%. By comparison, the second highest category in the 2011 report, which did not include risk management as an option, was “other” at 19%. Commenting on the 2011 report, Carol Fox, RIMS director of strategic & enterprise risk practice confirmed that many respondents wrote in their comments, that “other” was a risk management department initiative. “While I can’t do a direct comparison to this year’s 17%, I’d say it may be a shift as risk professionals take more of a leadership role in instituting ERM programs,” she said.



    Friday, 13 September 2013 16:48


    Ever been asked to answer a “few simple question” for a poll?

    Back in the day, when Hector was a pup and I was a “print journalist,” I had a once-a-week assignment to go out onto the sidewalks of beautiful downtown Harrisburg PA to ask random people The Question of the Week; always something topical that my boss (“Slim” Milliron) or I contrived.

    Never mind if the “feels like” temperature was 0F or that snow was blowing at 30 mph; if it was Thursday afternoon, I had to hit the bricks to find three people willing to (a) answer The Question and (b) allow my tag-along (and equally suffering) photographer to shoot a mug shot of those willing to answer The Question.

    The thing that prompts this exercise is a snippet on the Advisen FPN email I receive 5 days-a-week than reads:



    Thursday, 12 September 2013 16:41

    Nasdaq 'shocking' outage unacceptable, says Pitt

    The Securities and Exchange Commission cannot let stand the Nasdaq OMX Group's bungled handling of its late-August trading outage, former SEC Chairman Harvey Pitt told CNBC. He spoke before Thursday's meeting between federal regulators and the chief executives of the major stock exchanges.

    "What was shocking about the recent Nasdaq outage was the fact that it was the second such incident in very short period of time for Nasdaq," Pitt said in a "Squawk Box" interview. "It seemed as if there was no crisis management plan in action, and there had been not effective planning for that event."

    Mary Jo White, the SEC chairwoman, scheduled the Thursday forum two weeks ago to address the Aug. 22 computer trading glitch that effectively shut down the Nasdaq stock market for more than three hours. The problem was in the public data network that carries the quotes and trades for Nasdaq, known as the Securities Information Processor (SIP).



    The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) has issued a Risk Alert on business continuity and disaster recovery planning for investment advisers. The alert was prompted by a review of responses to Hurricane Sandy, which caused widespread damage to Northeastern states and closed US equity and options markets for two days in October 2012.

    “Our staff examined approximately 40 advisers in the aftermath of Hurricane Sandy to assess their preparedness for and reaction to the storm,” said OCIE Director Andrew Bowden. “We hope our observations in this Risk Alert and those in the earlier joint advisory will help industry participants better prepare for future events that threaten to disrupt market operations.”

    The examination highlighted lack of planning for widespread events as a consistent weakness in some firms’ business continuity plans.

    In addition, the Risk Alert makes observations in the following areas:

    • Planning for alternative locations
    • Preparedness of key vendors
    • Telecommunications services and technology
    • Communication plans
    • Reviewing and testing.

    Read the Risk Alert (PDF).

    If you’ve never dinged your car (other than brushing bumpers while you’re parking), you may not appreciate how good it can be to have adequate car insurance. Likewise, if you have been spared the pain of a PC that slows down or dies because of a virus, software for protection against viruses may seem more of a luxury than a necessity. Yet in terms of the financial outlay to have virus protection compared to potential productivity loss if you don’t, good virus protection software can be astonishingly inexpensive. In addition, the chance of infection somewhere in an organisation without virus protection can rapidly converge on 100% as the total number of employees rises.



    There's a big misconception about big data, renowned statistician and blogger Nate Silver says. It's not enough to just have access to massive amounts of data: You need to know how to use it and what to do with it.

    It may seem obvious, but it's a problem many organizations struggle with, Silver said during an interview with Silicon Angle's "The Cube" after his keynote speech at data management company Tableau's user conference.

    "None of this big data stuff is going to be a solution for companies who have poor corporate cultures where you have trouble communicating ideas, where you don't have everyone on the same page," he says. "You need buy-in from all levels of the organization, you need C-lever people who understand the value of analytics, you need analysts who understand what business problems are trying to be solved and what the organizational goals are."



    CIO — "When it comes to storing data, there is no 'one-size-fits-all' solution," says Orlando Scott-Cowley, Messaging, Security and Storage Evangelist at Mimecast, a cloud and mobile data storage and security provider.

    Before you decide where or how you will store your structured and unstructured data, "companies first need to understand the amount and type of data they have along with the motivation behind storing the information," Cowley says. "Having this background will help determine what route to take, whether building on-premise solutions or moving to the cloud," or some combination of the two.

    data storage, storage management

    So how do you formulate that sound data storage management strategy? CIO.com asked dozens of storage and data management experts, which resulted in these top 14 suggestions regarding what steps you need to take to choose the right data storage solution(s) for your organization -- and how you can better ensure your data is properly protected and retrievable.



    Thursday, 12 September 2013 14:29

    Helping Children Cope With a Disaster

    David J Schonfeld, MD, FAAP

    Children often become distressed after a disaster, especially if it has directly impacted them or someone they care about.  They may also feel sad or sorry for others and want very much to help them.  Worries that something similar will happen to them or their family may lead them to ask a lot of questions so that they can better understand what has happened and therefore what they can do to protect themselves and their family.  Parents and other adults who care for children can do a lot to help them understand and cope.


    Inform children and start the conversation.  It is difficult to deal with something that you don’t understand.  Even very young children will sense when something is wrong or upsetting the adults in their lives, even if they have been told nothing.  Children should be notified about a disaster as soon as possible after it occurs, otherwise they will likely find out by overhearing others or through the media (including social media).  Start by asking them what they may have already heard about the event; correct any misinformation or misunderstanding they may have.  Provide information to them in simple and direct terms, without unnecessary detail.  Television, radio, and social media often provide graphic information that may cause more distress, so limit the amount of viewing of television and other media sources immediately after the event (this is true for both children and adults).  Ask children about what questions or concerns they might have and provide honest answers.  When adults don’t talk with children about disasters, it suggests to them that adults either are not capable of dealing with difficult situations or don’t feel that the children are able to cope.  Neither message is helpful.

    After a disaster, children may show a change in their mood or behavior.  They may become sad, anxious, or scared.  They may be more resistant to separating from their caregivers to go to child care programs or school, or even to go to bed or play in another room. Sleep problems, headaches and stomachaches are common.  After a disaster, children often find it difficult to concentrate on their school work.  They may, for a period of time, become more self-centered or immature and appear more clingy, less cooperative, more demanding, and irritable.  Older children and adolescents may turn to smoking, alcohol, or other drugs to deal with their feelings.

    Children often show no obvious signs of distress.  After a disaster, children may hide their emotions because they are ashamed of their reactions or because they want to protect their parents who are also visibly upset.  They may try to take care of their parents, not because they are coping well themselves, but rather because they worry that their parents are having trouble adjusting.

    Children may show post-traumatic reactions – but that’s not all.  If a death has occurred as a result of the disaster, children’s reactions may be due to grief.  Children need to cope not only with the disaster – but everything that follows.  Disasters lead to a number of losses and changes, such as the need to relocate, change schools, or deal with reduced family income.  These other stressors may be what bothers children the most after a disaster.

    Help children cope with their distress.  Adults don’t like to see children feeling upset and often try to reassure them there is no reason to be worried or sad.  But let children own their feelings – if they feel sad or worried, then they are sad or worried.  Instead of trying to tell children that they shouldn’t feel that way after a disaster, help them learn how to cope with troubling feelings.  Share with them some of your reactions and feelings and how you coped with them (such as talking with others, writing about your feelings, or doing something positive to help others).  We can’t expect children to learn how to cope if we don’t share with them that we also have felt distress and then model how to cope effectively.

    Teaching children how to cope with distress every day is a good way to prepare for disasters.  Just as you should prepare to respond to a disaster, you should prepare children to be able to cope with disasters.  Helping them learn coping skills to deal with daily stressors or other challenging events in their lives and establishing yourself as someone that is there that can understand them and help them adjust makes it more likely they will cope effectively after a disaster. Let children know that their family, school and community have plans in place to deal with many kinds of emergencies, and that there are people specially trained to help with these situations.

    There is help.  Visit the American Academy of PediatricsExternal Web Site Icon for resources and advice on how to support children after a disaster, and download the Pediatric Preparedness Resource KitExternal Web Site Icon.  Your child’s pediatrician can also provide specific advice for your children and/or recommend someone else that you can talk to you about your concerns.

    David J. Schonfeld, MD, FAAP, is member of the American Academy of Pediatrics Disaster Preparedness Advisory Council and the Pediatrician-in-Chief at St. Christopher’s Hospital for Children in Philadelphia, PA.  Dr. Schonfeld is also the Chair for the Department of Pediatrics at Drexel University College of Medicine and the Director for the National Center for School Crisis and Bereavement.


    The third step in the Risk Management and Own Risk and Solvency Assessment Model Act (RMORSA) is the implementation of a risk appetite and tolerance statement. This step is meant to sets boundaries on how much risk your organization is prepared to accept in the pursuit of its strategic objectives.

    An organization-wide risk appetite statement provides direction for your organization and is a mandatory part of your assessment. As defined by COSO (one of the risk management standards measured in the RIMS Risk Maturity Model umbrella framework), the risk appetite statement allows organizations to “introduce operational policies that assure the board and themselves that they are pursuing objectives within reasonable risk limits.” A risk appetite statement should be reflective of your organization’s strategic objectives and serve as a starting point for risk policies and procedures.



    CYA with advertised, enforced P&P

    Two New Jersey teens were texting while one was driving.

    The vehicle driven by the teen on the road struck and injured two people.

    The injured parties sued both the teenage driver and his texting partner, the latter on the grounds “that (the partner) had was contributorily negligent in that she ‘aided and abetted’ (the driver’s) unlawful texting while driving and second, that (the partner) had an independent duty to avoid texting a person whom she knew was driving.”

    The case made its way to an appellate court that ruled that “We hold that the sender of a text message can potentially be liable if an accident is caused by texting, but only if the sender knew or had a special reason to know that the recipient would view the text while driving and thus be distracted.”



    Wednesday, 11 September 2013 20:13

    Updating data compliance for the cloud era

    By Ron Miller, principal consultant at SunGard Availability Services (UK) Limited.

    It might have been a buzzword within the IT industry for some years now but more recently we’ve seen the mainstream appetite for, and adoption of, cloud computing rise significantly. Whether it’s public, private or hybrid services, the promise of greater flexibility, scalability and cost-effective pricing models has been too enticing for many businesses to ignore.

    The flipside, however, is that as a result of the cloud, we’re also seeing a number of companies coming under scrutiny for their data protection and compliance policies. It’s the CIOs that are leading the charge here, as they become increasingly concerned over the security of their mission critical data. There is the perception that many ‘cloud’ vendors (and that’s including those companies that have simply rebranded an existing solution to jump on the bandwagon) are failing to provide a comprehensive view on where data is being stored and the information security management framework that’s in place.

    Information, both data and intellectual property, is a greater source of competitive advantage for businesses now than it ever has been. In many sectors, this is driven by consumer expectations, where there is an assumption that systems will be able to perform at optimum levels 24/7. The rise of the ‘I want it now’ culture and increased customer promiscuity (when it comes to where they take their custom), is forcing companies to ensure that every aspect of their organization and those of key partners perform with near perfect levels of availability.



    For years, PBMs and insurance payers have been recognizing the risks and often exorbitant pricing associated with topical custom compound drugs, a mixture of prescription and non-prescription ingredients prepared in compounding pharmacies. Some payers and PBMs have put controls in place to reduce the costs and authorizations of these unproven formulations.


    Add to FacebookAdd to TwitterAdd to LinkedInWrite to the EditorReprints

    As is often the case in workers' compensation, various stakeholders in the drug delivery process exploit loopholes or create new variations of drugs to bypass existing controls. This has proven true with topical custom compound drugs. After Healthesystems, a Tampa-Fla.-based PBM and ABM, affected a decrease in the volume of topical custom compounds, it wasn't surprised to see a corresponding rise in the number of prescriptions for two other kinds of topical products. As a result, the company deployed program adjustments to curb the growing trend.



    CIO — Customer relationship management systems have functionality to burn — there are features for so many different use cases — but those features don't make a difference to your company unless users are happy enough to fill the system with data. It falls on IT to bridge the gap between user habits and system feature sets. That's the "last mile" problem for CRM.

    The first order of business is avoiding user overload. One of the first tasks in CRM optimization is de-cluttering the pages:

    • Get rid of fields that are used less than 5 percent of the time.
    • Get rid of pages and buttons that are irrelevant to users.
    • Create page layouts optimized for each major role or use case of the system.
    • Use reports, views, and related lists to highlight summary information and hide less important details.



    A young mechanic injures his back while tripping over a hydraulic lift at his employer's auto body shop. On the surface, the claim appears to be a typical back injury claim. However, lurking in the background is a confluence of complicating factors involving the injured worker's personal characteristics, prescription regimen and treatment pattern, which could create a volatile claim. Through the use of sophisticated analytics tools, the employer's insurer identifies this claim's potential for volatility and quickly assigns the claim to an elite team of medical professionals.

    The worker is directed to a top-tier treatment facility, where he receives an appropriate surgical intervention, the right level of care and prescription medications. As a result, the worker is able to recover from a potentially disabling injury and return to his full duty role as a mechanic. Add to FacebookAdd to TwitterAdd to LinkedInWrite to the EditorReprints


    The use of predictive analytics to identify the non-obvious factors that can improve claim outcomes is an increasing area of focus for leading insurers such as The Hartford.

    Predictive analytics can be defined as the use of statistical modeling to look at the various characteristics of a claim -- the policy, claimant, loss and treatment plan, among others, as well as environmental factors and time periods -- and assigning a "score" to each claim.



    Insurers have historically used FEMA’s Specific Rating Guidelines to calculate premiums for properties at high risk of flooding, particularly those built with the lowest floor elevation below the Base Flood Elevation (BFE). Prior to the National Flood Insurance Program’s extension in 2012 owners of these properties received subsidized rates well below the true flood risk. Many of these properties will now be rated using the Specific Rating Guidelines which FEMA released to the public last Wednesday.



    Given the rapid expansion of social and mobile technologies, organizations have increasing opportunities to connect with customers. The IT organization will play a key role not only in capturing and analyzing customer data and increasing the number and value of online customer interactions, but also in terms of creating the means for internal departments to collaborate and better serve the needs of customers.

    Some organizations mistakenly believe that customers want an online relationship with their company and bombard customers with surveys, questionnaires, and offers, whereas the reality is that what most customers really want is information and discounts. Organizations that examine and continuously improve their customers’ experience in their ease-of-search, ease-of-purchase, and ease-of-tracking delivery progress will likely gain advantage. Measuring what matters to customers in terms of factors such as perfect-order delivery performance and first-time-right responses to customer inquiries and complaints helps round out the picture of the customer experience.



    Tuesday, 10 September 2013 17:33

    Humberto and Late Season Hurricanes

    Tropical Storm Humberto, the eighth named storm of the 2013 Atlantic hurricane season, is generating a lot of news headlines, as the most recent forecasts tip it to become the first hurricane of the season by Wednesday.

    The question on everyone’s minds is whether or not the record for the latest formation date of the Atlantic’s first hurricane will be broken. The bottom line: if Humberto reaches hurricane status before 8am EDT on Wednesday, the record will stand.

    Gustav, which was upgraded from a tropical storm to a minimal hurricane on September 11, 2002, shortly after 8am EDT, currently holds the title as the latest-forming Atlantic season hurricane.

    According to the Weather Channel, in addition to 2002’s Gustav there are two other hurricane seasons since 1960 in which the first hurricane did not form until after September 7: 2001 – September 8 (Erin) and 1984 – September 10 (Diana).



    Tuesday, 10 September 2013 17:32

    Workday Rolls Out Big Data Analytics Module

    BOSTON — Workday has unveiled a new software module for its cloud-based HCM (human capital management) application that allows customers to analyze data from both Workday and third-party sources.

    Dubbed Big Data Analytics, the product is now generally available after being announced at last year's Workday Rising conference. It incorporates technology from Datameer, which places a business-user-friendly interface on top of the Hadoop framework for large-scale data processing, as well as homegrown tooling for data integration and other areas, said Dan Beck, vice president of technology product management for Workday.

    While the Workday application has already provided built-in analytics, with the new product "what we're really doing is opening up our cloud to non-Workday data sets," Beck said. "People can bring in whatever data they want and join it with Workday to answer their business questions."



    Tuesday, 10 September 2013 17:31

    Cyber Security Risks for Financial Systems

    The financial sector and the banking industry in particular are unique in the IT world: no other businesses have the same combination of constant drive for innovation, regulatory pressure and customer-facing IT applications. That also means increased exposure to cyber security risks via the interfaces to the public, whether these risks are linked to criminal intent, breach of confidentiality or other. Software testing engineers work to expose any technical security problems before systems are put into production mode, but they can’t handle all aspects of cyber security. A holistic view by a business continuity manager can add value to the overall process of making financial systems secure in the cyberspace.



    Nearly 55 percent of Big Data projects aren’t completed, according to a survey of IT professionals conducted by Big Data solution provider InfoChimps.

    By comparison, “only” 25 percent of IT projects aren’t completed overall, InfoChimps found.

    So what’s going on with Big Data that more than half of all projects aren’t completed? It’s inaccurate scope, InfoChimps states in a recent project template, “How to Do a Big Data Project.”

    The template is designed to help you beat the odds and succeed. It’s written around four steps that should be basic to all projects:



    CIO — Are you dropping the ball when it comes to enterprise mobility?

    A new report suggests IT might be delivering poor mobile support to BYOD employees even though IT pros think they're doing a good job. In other words, mobility is becoming a major point of contention in the rocky IT-business relationship -- and tech leaders aren't even aware there's an issue.


    A Failure to Communicate

    Technology services and product provider CDW surveyed 1,200 mobile users and 1,200 IT professionals, and found a significant disconnect: 64 percent of IT professionals graded themselves with an A or B for providing personal mobile support (including BYOD policies and technical support), while 56 percent of users gave IT a grade of C or worse.



    Tuesday, 10 September 2013 17:28


    Two years ago this month,  I focused on the 9/11 Commission recommendations that had not yet been implemented, four of them in particular. How do things look today? It entirely depends upon your perspective as a citizen and/or as an expert in the field.

    Not so bad, some might say. We have foiled all domestic attacks except for the Boston bombings.  Our security and surveillance tools have never been more sophisticated. We devote billions to intelligence gathering and to examining data to analyze it into useful information.  In our rush to be proactive, and it’s pretty clear that we’ve skirted or broken some laws to stay at the top of the type of intelligence gathering that advances in technology make possible.



    MAHWAH, N.J. – There are several dates throughout the year that are notorious for wreaking havoc on businesses via denial-of-service (DoS) attacks, data breaches and even malware or botnet assaults. As September 11th nears, rumors about coordinated cyber attacks on American websites continue to increase. Because of these potential risks, it's imperative that businesses tighten their network security measures now in order to protect themselves from potential intrusion or disruption, which can result in profit-loss and tarnished user confidence.

    According to Radware(R), (RDWR) a leading provider of application delivery and application security solutions for virtual and cloud data centers, there are two types of dates that hackers target: ideological and business-relevant dates. Ideological dates refer to holidays and anniversaries that have a cultural, religious or secular tie to the adversary. High-risks times for the United States in addition to September 11th include Memorial Day, Election Day and Independence Day. Business-relevant dates involve a period of time that companies are particularly vulnerable to attacks, such as Black Friday, Cyber Monday, or even regular business hours.



    In the not-so-distant past, company information, files and data were confined to the four walls of the organisation. After 5 pm, and on weekends and holidays, this information was largely inaccessible to the average employee. Now, the availability of company data is seen in an entirely different light, with employees accessing files from three or four different devices any day of the week.

    To address this data protection nightmare brought on by the bring-your-own-device (BYOD) movement, many forward-thinking companies have already implemented mobile device management (MDM) and mobile file management (MFM) tools and procedures. But, as devices continue to become ingrained in the workplace, making it increasingly mobile-centric, it's important to ask: what's next?

    - See more at: http://www.computerworld.com.sg/tech/mobile-and-wireless/blog-beyond-mdm-and-mfm-whats-next-for-byod/#sthash.d8AZz2Do.dpuf

    In the not-so-distant past, company information, files and data were confined to the four walls of the organisation. After 5 pm, and on weekends and holidays, this information was largely inaccessible to the average employee. Now, the availability of company data is seen in an entirely different light, with employees accessing files from three or four different devices any day of the week.

    To address this data protection nightmare brought on by the bring-your-own-device (BYOD) movement, many forward-thinking companies have already implemented mobile device management (MDM) and mobile file management (MFM) tools and procedures. But, as devices continue to become ingrained in the workplace, making it increasingly mobile-centric, it's important to ask: what's next?

    - See more at: http://www.computerworld.com.sg/tech/mobile-and-wireless/blog-beyond-mdm-and-mfm-whats-next-for-byod/#sthash.d8AZz2Do.dpuf

    The Louisiana Workers' Compensation Commission is encouraging employers to look beyond some of the obvious items included in their storm prep materials.

    Add to FacebookAdd to TwitterAdd to LinkedInWrite to the EditorReprints

    The 2013 hurricane season is under way and continues through November. While stocking up on first aid kits, batteries, bottled water, and other supplies is important, the LWCC says employers would also be wise to include safety precautions as well.

    The most common nonfatal workplace injuries -- soft tissue sprains and strains as well as slips and falls -- are also high-risk factors for workers preparing for or cleaning up after a major storm. The LWCC suggests employers:



    Monday, 09 September 2013 17:17

    Lloyds website continuity hit as TSB launches

    Lloyds Banking Group websites, including the new standalone TSB site, have been hit by problems on TSB launch day.  

    In what could be a classic case of poor or failed business continuity planning, the banking group experienced intermittent website problems across almost all of its brands.

    The problems coincide with the transfer of five million customer accounts from Lloyds to TSB, despite promises by Lloyds chief executive Antonio Horta-Osorio of a "seamless" transition.

    According to the banking group, it experienced a “temporary issue” with its internet banking service, which affected the ability of some customers to log on.

    “The issue is now completely resolved and we apologise to customers for the inconvenience this will have caused. Our branches, telephone banking and cashpoints were not affected in any way,” the group said in a statement.

    A spokesman declined to comment further or respond to questions about whether the website outages were related to the TSB launch or not.



    Monday, 09 September 2013 17:16

    You Can Be a Local Hero

    PHILADELPHIA, Pa. – Preparing a community for an emergency or disaster can be a daunting task; there are so many people, each with unique needs, and so many aspects that need to be addressed.  If such a monumental task is left to just one group of people such as local officials, it’s sure to remain just that, monumental.  When the Whole Community comes together to provide input, complete tasks, and take responsibility though, it becomes a very manageable undertaking.  Pitching in to help your community prepare for the next disaster has a very large impact, the kind that can make you a local hero.

    “Too often we rely upon local officials and first responders to prepare for and respond to a disaster;” said Regional Administrator MaryAnn Tierney, “there are so many ways that everyone can come together and make their community more resilient.”

    Citizen Corps brings together the power of individuals through education, training, and volunteer service to make communities safer, stronger, and better prepared to respond to the threats of terrorism, crime, public health issues, and disasters of all kinds.  Citizen Corps has many councils throughout the country at the state and local level, and you can find your nearest council for more information or to sign up at ready.gov/citizen-corps/find-your-nearest-council.

    Citizen Corps has many affiliates that offer communities resources for public education, outreach, and training; represent volunteers interested in helping to make their community safer; or offer volunteer service opportunities to support first responders, disaster relief activities, and community safety efforts. Visit ready.gov/citizen-corps-affiliate-programs for more information on Citizen Corps’ affiliates.

    In addition to their affiliates, Citizen Corps also has partner programs which give citizens the opportunity get involved. Citizen Corps' federally sponsored partner programs help build capacity for first responders through the use of volunteers.  These programs can be very specific in what they support, such as the Fire Corps which supports fire departments, the Medical Reserve Corps which supports medical needs, and the Volunteers in Police Service which supports law enforcement; or they are more broad in their service, such as the Community Emergency Response Teams or the Corporation for National and Community Service. More information on Citizen Corps’ partners is available at ready.gov/citizen-corps-partner-programs.

    There are many community and faith-based organizations that support communities before, during, and after a disaster.  Whatever your level of interest, your skill set, or your time, there is a program out there that you can join to support your community.  Reach out to organizations that you are already involved in and see what they’re doing or talk to your local officials for ideas.

    However you choose to get involved with your community and prepare for the next disaster, know that your work makes a difference to everyone, but for you it can be the difference between being a resident and being a local hero.

    FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. FEMA Region III’s jurisdiction includes Delaware, District of Columbia, Maryland, Pennsylvania, Virginia and West Virginia.  Stay informed of FEMA’s activities online: videos and podcasts available at fema.gov/medialibrary and youtube.com/fema.   Follow us on Twitter at twitter.com/femaregion3.


    Flood events continue to dominate natural catastrophe losses in 2013, according to the latest Global Catastrophe Recap report from Aon Benfield.

    The report reveals that billion-dollar flood losses were recorded in China, Russia, Philippines, and Pakistan during August 2013, causing an initial combined estimate of $10 billion in economic losses.

    Additional flood events were recorded in Afghanistan, Niger, Sudan, Mali, Laos, Cambodia, India, and the United States.

    In a press release Steve Jakubowski, president of Impact Forecasting, says:



    Editor's Note: This was originally posted on the White House blog, September 3, 2013, by Todd Park and Rich Serino. Todd Park is Assistant to the President and US Chief Technology Officer. Rich Serino is the Deputy Administrator of FEMA. 
    Last week, the White House Office of Science and Technology Policy (OSTP) and the Federal Emergency Management Agency (FEMA) jointly challenged a group of over 80 top innovators from around the country to come up with ways to improve disaster response and recovery efforts.  This diverse group of stakeholders, consisting of representatives from Zappos, Airbnb, Marriott International, the Parsons School of Design, AOL/Huffington Post’s Social Impact, The Weather Channel, Twitter, Topix.com, Twilio, New York City, Google and the Red Cross, to name a few, spent an entire day at the White House collaborating on ideas for tools, products, services, programs, and apps that can assist disaster survivors and communities.

    This collaboration is a great example of this Administration’s commitment to convening private-sector talent and innovators to work with public servants in order to deliver better results for the American people. The event mobilized innovators from the private sector, nonprofits, artistic organizations, and Federal as well as local government agencies to develop solutions that support and integrate both public and private efforts for disaster relief.  It also comes as our Nation prepares for what is usually the peak of Hurricane Season.  In fact, the two-year anniversary of Hurricane Irene fell last week, and the one-year anniversary of Hurricane Sandy is approaching.

    During the “Data Jam/Think Tank,” we discussed response and recovery challenges with the participants and other Federal leaders, including Patricia Hoffman, Assistant Secretary at the Department of Energy and Dr. Nicole Lurie, Assistant Secretary at the Department of Health and Human Services.  The participants then broke into subgroups to brainstorm innovative ideas for addressing those challenges, vote on the best ideas, and commit to implementing them.
    Below are some of the ideas that were developed throughout the day. In the case of the first two ideas, participants wrote code and created actual working prototypes.

    • A real-time communications platform that allows survivors dependent on electricity-powered medical devices to text or call in their needs—such as batteries, medication, or a power generator—and connect those needs with a collaborative transportation network to make real-time deliveries. 
    • A technical schema that tags all disaster-related information from social media and news sites – enabling municipalities and first responders to better understand all of the invaluable information generated during a disaster and help identify where they can help.
    • A Disaster Relief Innovation Vendor Engine (DRIVE) which aggregates pre-approved vendors for disaster-related needs, including transportation, power, housing, and medical supplies, to make it as easy as possible to find scarce local resources.
    • A crowdfunding platform for small businesses and others to receive access to capital to help rebuild after a disaster, including a rating system that encourages rebuilding efforts that improve the community.
    • Promoting preparedness through talk shows, working closely with celebrities, musicians, and children to raise awareness.
    • A “community power-go-round” that, like a merry-go-round, can be pushed to generate electricity and additional power for battery-charged devices including cell phones or a Wi-Fi network to provide community internet access.
    • Aggregating crowdsourced imagery taken and shared through social media sites to help identify where trees have fallen, electrical lines have been toppled, and streets have been obstructed.
    • A kid-run local radio station used to educate youth about preparedness for a disaster and activated to support relief efforts during a disaster that allows youth to share their experiences.
    Before ending the brainstorm, participants committed to taking responsibility for turning these ideas into tangible actions. We will be excited to see how these materialize into impactful projects that will support disaster response and recovery efforts. Our sincere thanks to all of the participants!


    You may be asking how anyone can make such a bold statement without knowing the details of your specific risk program.   Actually, I know more about your risk program than you realize, and that’s why I know it’s failing.  I also know that as much as 55 percent of the cost of all risk programs is wasted!  And more importantly, I can prove it.

    Let me demonstrate:  Your risk program (audit, risk management, compliance, ethics, IT and governance) is risk-based.  You have assessed your risks and mapped your controls accordingly.  You have policies and procedures tied to risks and associated internal controls and you monitor the effectiveness of controls on a periodic basis and provide some form of risk reporting using key risk indicators and metrics.  You can effectively articulate the three lines of defense of your risk program.