Creative Image Slider: There is nothing to show! Industry Hot News - Disaster Recovery Journal

Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (7051)

The size and makeup of an organization’s Business Continuity Management (BCM) team depends on how you plan to roll out the project. It is best to start out small in the beginning and then progress in size. The initial team will lay the groundwork for the project by setting up oversight, coordinating training, building disaster plans, and helping to sharpen the focus of what each plan should contain. This core team should consist of the following:


Louisiana has been utterly wrecked once again, and all anybody can talk about is how nobody is talking about it.

In the aftermath of flooding in and around Baton Rouge that began two weeks ago, 13 people have lost their lives. The deluge has destroyed or seriously damaged more than 60,000 homes, and so far more than 100,000 residents have registered for federal assistance. That last statistic certainly factored into one recent estimate that put flood-related losses at upwards of $20 billion. Nearly one-third of Louisiana has been declared a disaster area. (President Obama visited the state on Tuesday.)

It’s being called the worst natural disaster the country has seen since Hurricane Sandy. And yet—as many have already noted—one of the most remarkable aspects of the calamity is how scant the coverage has been relative to other “major” stories dominating the news cycle over the past two weeks. While flood victims need much, much more than publicity at the moment, their indignation isn’t misplaced. If you were forced to wallow through waist-deep water, all the while trying to avoid snakes and alligators and floating coffins, you, too, might wonder why reports of Donald Trump’s campaign staff shakeups or Ryan Lochte’s drunken exploits were knocking your story off the front page or the evening news.


Best Practices for Tracking Exam & Audit Findings

An emergency room (ER) is a place where chaos is organized. Patients are triaged by need. Staff uses electronic records to keep medical histories. Interactions, tests and prescriptions are carefully tracked.

They’re designed this way because the stakes are high—no patient can be overlooked.

But what happens when a bank’s compliance program has an emergency? Too often, it doesn’t get the attention it needs, and the consequences can be dire.


2016 Individual and Community Preparedness Award Winners Announced

WASHINGTON – The Federal Emergency Management Agency (FEMA) announced today the winners of the 2016 FEMA Individual and Community Preparedness Awards, recognizing the outstanding efforts of individuals, programs, and organizations throughout the country working to prepare their communities for emergencies.

“We are more prepared for disasters when everyone in the community works together,” said FEMA Administrator Craig Fugate. “FEMA is proud to honor individuals and organizations who are building communities that are more prepared for emergencies through creativity, innovation and collaboration.”

This year’s award recipients developed innovative practices and programs that contributed to making communities safer, better prepared, and more resilient.

The 11 FEMA Individual and Community Preparedness Award recipients will be recognized on September 13, 2016 in Washington, D.C. During the recognition ceremony, recipients will share their experiences, success stories, and lessons learned with fellow emergency management leaders.

This year’s winners of FEMA’s Individual and Community Preparedness Awards are:

  • Outstanding Inclusive Initiatives in Emergency Management:Notify NYC (New York)
  • America’s PrepareAthon! in Action: Serenity Hospice (Texas)
  • Outstanding Citizen Corps Council Award: Delaware State Citizen Corps Council
  • Community Preparedness Champions Award: Jamie D. Aten, Ph.D.
  • Awareness to Action Award: The HALTER Project (California) and Jenny Novak of California State University, Northridge Emergency Management
  • Technological Innovation Award: SUNRNR of Virginia, Inc.
  • Outstanding Achievement in Youth Preparedness Award: Mart High School Teen CERT (Texas)
  • Sixth Annual Recipient of the John D. Solomon Whole Community Preparedness Award: San Francisco Neighborhood Emergency Response Team (California)
  • Outstanding Community Emergency Response Team Initiatives Award: CaliforniaVolunteers
  • Outstanding Citizen Corps Partner Program Award: Burleigh County Snowmobile Community Emergency Response Team (CERT) (North Dakota)

Visit for more information on this year’s award recipients and to see the honorable mentions.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at,, and  Also, follow Administrator Craig Fugate's activities at

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

It will take a full year for areas of Louisiana to come back from the past week's devastating floods, an LSU economist said Monday (Aug. 22) in a forecast that drew quick skepticism from one of the figureheads of the Hurricane Katrina recovery.

James Richardson made his projections after more than 60,000 homes were damaged in what some are calling the worst natural disaster in the U.S. since Hurricane Sandy in 2012. Nearly 3 feet of rain fell in two days, leading to 20 Louisiana parishes being declared federal disaster areas. That does not including subsequent rainfall that exacerbated high water conditions in areas that historically have not flooded.

So far, 120,000 Louisiana residents have applied for federal disaster recovery. Retired Lt. Gen. Russell Honoré, who coordinated military response in New Orleans after Katrina, anticipates they will be waiting some time for assistance judging by FEMA's track record. Full recovery could take eight to 10 years he said, pointing to New Orleans where storm scars remain nearly 11 years later.


With the outsourcing of microchip design and fabrication worldwide, cyber criminals along the supply chain have many opportunities to install malicious circuitry in chips. These ‘Trojan horses’ look harmless but can allow attackers to launch future cyber attacks. To address the issue, Siddharth Garg, an assistant professor of electrical and computer engineering at the NYU Tandon School of Engineering, and fellow researchers are developing a unique solution: a chip with both an embedded module that proves that its calculations are correct and an external module that validates the first module's proofs.

While software viruses are easy to spot and fix with downloadable patches, deliberately inserted hardware defects are invisible and act surreptitiously. For example, a secretly inserted ‘back door’ function could allow attackers to alter or take over a device or system at a specific time. Garg's configuration, an example of an approach called ‘verifiable computing’ (VC), keeps tabs on a chip's performance and can spot telltale signs of Trojans.

The ability to verify has become vital in an electronics age without trust: gone are the days when a company could design, prototype, and manufacture its own chips. Manufacturing costs are now so high that designs are sent to offshore foundries, where security cannot always be assured.


Today we’re pleased to publish an interview between Maurice Gilbert, Corporate Compliance Insights’ Founder and CEO, and Manuel Martinez-Herrera, VP of Legal and Compliance at Namely.  Namely is the leading HR platform for midsize companies and an all-inclusive solution for HR administration and compliance.  Manuel offers insight into some of the greatest threats facing corporations today and explains how the Namely platform helps to mitigate those risks. 

Maurice Gilbert: How did you get started on a career in law and compliance?

Manuel Martinez-Herrera: It all happened in a very serendipitous way. I’m originally from Madrid, Spain. When I was 17, I spent a summer in Nantes, France, learning French. While there, I met an older friend who was going to law school. I should point out at this point that law in Spain, as in many other countries, is an undergraduate degree. At the time, I was undecided on what to study in college. This friend convinced me that law school was the way to go. As my parents can attest, even before entering kindergarten, I already had a special talent at arguing any case, especially my own. Thus, law school seem like a good fit.

Now, almost 20 years after, I can proudly say that that decision allowed me to embark on an international journey, thanks to which I have studied or worked as a lawyer on three different continents and in six cities (in chronological order: Madrid, Dijon, Barcelona, Buenos Aires, Boston and New York).


It’s no secret that bigger data centers benefit from economies of scale. It costs less to provide X amount of data center capacity in a massive warehouse-scale facility than it does in a small data center.

The number of factors influencing total data center cost is almost countless, but that economies of scale are real is generally accepted as a fact. However, little data has been available publicly on exactly how much of a difference those economies of scale can make. A recent study by the Ponemon Institute, funded by Emerson Network Power, aims to quantify this difference.

And, as it turns out, the difference is huge. Even if you compare a data center that is 500 to 5,000 square feet in size to one that is between 5,001 and 10,000 square feet, it costs as much as 64 percent less on average to provide 1kW of IT capacity in the larger facility, the researchers found.


CHARLESTON, W.Va.If you registered for help from FEMA and got a letter (often called a “determination letter”), you may want to appeal the decision made regarding your application for federal assistance. Here are some tips to help you:

  • Every disaster survivor has a right to appeal. Read your letter carefully all the way through to understand FEMA’s reason for its decision. This will allow you to know exactly why to appeal. Appeals must be made in writing and sent by mail or fax to FEMA within 60 days of receiving the letter.

  • It’s important to submit insurance information. If your coverage is not enough to make essential home repairs, provide a place to stay, or replace certain contents, FEMA can review your application. But you must provide documents from your insurance company that detail your settlement. Remember also that FEMA cannot duplicate homeowners’ or renters’ insurance benefits.

    • Contact your insurance company if you need settlement documents.

  • Prove occupancy. If you’re a homeowner or renter, FEMA can reconsider you for grants if you provide documents that prove the damaged structure was your main residence. You can prove this was your main home with utility bills, a driver’s license or a copy of your lease. You cannot receive federal disaster assistance for secondary or vacation homes.

  • Prove ownership. If you can prove you own the home, FEMA can reconsider you for grants to make a structure safe, sanitary and functional. Documents you can submit to prove ownership may include mortgage or insurance documents, tax receipts or a deed. If you don’t have a deed handy, speak to your local or county officials about obtaining a copy.

  • There are many other reasons you may disagree with a decision. If you registered you should have received a booklet called “Help after a Disaster” that details how FEMA determines who’s eligible for assistance. You can also access the booklet online at The booklet lists what information you need to include when appealing.

Mail or fax appeal documents within 60 days of receiving your FEMA determination letter to the address below:

  • FEMA National Processing Service Center
        P.O. Box 10055
        Hyattsville, MD 20782-7055
  • Fax documents to 800-827-8112.

If you have any questions about your determination letter or any other disaster recovery issues you may always call the FEMA helpline at 800-621-3362 (voice, 711 or video relay services) or 800-462-7585 (TTY). Lines are open 7 a.m. to 10 p.m. EDT seven days a week until further notice. Or you may:

West Virginia disaster survivors are reminded that the deadline to register for FEMA assistance is Wednesday, Sept 7.

Additional information on West Virginia’s disaster recovery can be found by calling the FEMA Helpline 800-621-3362 or visiting:; the flood pages at;;; and

(TNS) - Obama administration emergency managers are proposing to toughen the requirements for federally funded construction projects to try to make flood-prone communities more resilient to the increased risks of flooding expected to be caused by global warming.

The Federal Emergency Management on Monday proposed the rules, which would require federally funded construction to take place on higher ground, farther from floodplain areas.

“Flooding is the most common and costly type of natural disaster in the United States, and floods are expected to be more frequent and more severe over the next century due in part to the projected effects of climate change,” the agency said in its proposal, published in the Federal Register. “This proposed rule would ensure that FEMA Federally Funded Projects are designed to be resilient to both current and future flood risks.”


Wednesday, 24 August 2016 00:00

7 Database Security Best Practices

Databases - by definition - contain data, and data such as credit card information is valuable to criminals. That means databases are an attractive target to hackers, and it's why database security is vitally important.

Here are seven useful database security best practices that can help keep your databases safe from attackers.

Ensure Physical Database Security

In the traditional sense this means keeping your database server in a secure, locked environment with access controls in place to keep unauthorized people out. But it also means keeping the database on a separate physical machine, removed from the machines running application or web servers.


Wednesday, 24 August 2016 00:00

FEMA: Begin Flood Cleanup as Soon as Possible

It’s not too early to begin cleaning up from Louisiana’s severe storms and floods that began Aug. 11.

Flood-damaged items like carpeting, bedding, furniture and other household items can be serious health hazards as well as eyesores. Here are some tips to dispose of these items safely and jumpstart your recovery:

File an Insurance Claim then Register with FEMA

  • Contact your insurance company and file a claim. Get your company’s contact information online at the Louisiana Department of Insurance:                                     

  • If you have flood insurance questions call 800-621-3362 Monday through Friday from 8 a.m. to 6 p.m. and select option 2. Call center staff are available to assist with information regarding your policy, offer technical flood guidance to aid in recovery and answer other flood insurance questions. You can be transferred to your insurance carrier for additional assistance if you have further questions.

  • Register for federal disaster assistance. If you had severe storm or flood damage in Acadia, Ascension, Avoyelles, East Baton Rouge, East Feliciana, Evangeline, Iberia, Iberville, Jefferson Davis, Lafayette, Livingston, Point Coupee, St. Helena, St. Landry, St. Martin, St. Tammany, Tangipahoa, Vermilion, Washington and West Feliciana parishes you may apply for FEMA help online at or by calling 800-621-3362. Lines are open every day from 6 a.m. to 10 p.m. Survivors who use TTY may call 800-462-7585.

Start Cleaning Up Now

  • Mold may be a serious health risk so don’t wait for a visit from FEMA or your insurance company before you start cleaning up. FEMA inspectors and insurance claims adjusters will still be able to verify flood damage.

  • Because mold may be a serious health risk, it’s important to remove flood-damaged valuables from your home. Take lots of pictures before your insurance adjuster visits.

  • Be sure to consult with your local officials for instructions before setting out debris. If you don’t have local emergency management contact information, it can be found online at

  • Place debris curbside. Debris cannot be collected on private property.

  • Do not prop up debris against trees and utility poles or place in the vicinity of fire hydrants and utility boxes. That makes it more difficult for cleanup crews to collect.

  • Debris should be separated into the following six categories:       

    • Household garbage such as discarded food, packaging and papers.

    • Construction debris such as building materials, carpeting, furniture and mattresses.

    • Vegetation debris such as tree branches and leaves.

    • Household hazardous waste such as batteries, paints and cleaning supplies.

    • White goods such as refrigerators, washers/dryers, water heaters and air conditioners.

    • Electronics such as televisions, stereo equipment and computers.

  • Go online to this link to see a graphic that explains how to sort debris:

  • Other tips to speed up debris collection include:

    • Try to combine debris piles with your neighbors.

    • Secure refrigerator and freezer doors with duct tape.

    • Limit curbside household garbage to two 32-gallon containers or eight trash bags.

    • Get more and tips on flood clean up, repairing, and rebuilding at

Wednesday, 24 August 2016 00:00

Zika and Business Interruption Insurance

As the Zika virus continues its rapid spread and amid travel warnings, including one advising pregnant women not to travel to popular tourist destination Miami Beach as well as advice to postpone non-essential travel to Florida’s Miami-Dade County, questions on business interruption insurance are bound to arise.

So this is perhaps a good time to review what a business interruption insurance policy covers.

The Insurance Information Institute (I.I.I.) reminds us that business interruption coverage, sometimes known as business income insurance, covers financial losses resulting from a business’s inability to operate because of property damage due to an insured event.


BATON ROUGE, La. –You may find yourself frequently moving if you’re a survivor of Louisiana’s recent severe storms and floods.

If you’ve had any changes to your contact information it’s important to let FEMA know so the disaster assistance process stays on track.

FEMA may need to contact you to schedule an inspection or to get additional information to help process your application. That’s why it’s important to let them know as soon as possible if you’ve moved or have a new phone number.

You may update contact information two ways:

  • Online at

  • By calling 800-621-3362

    • People who use TTY may call 800-462-7585

    • Those who use 711 or Video Relay Service (VRS) may call 800-621-3362.

If you had storm or flood damage in Louisiana you may also use those resources to apply for FEMA help if you haven’t done so already. Survivors in Acadia, Ascension, Avoyelles, East Baton Rouge, East Feliciana, Evangeline, Iberia, Iberville, Jefferson Davis, Lafayette, Livingston, Point Coupee, St. Helena, St. Landry, St. Martin, St. Tammany, Tangipahoa, Vermilion, Washington and West Feliciana parishes may be eligible.

It’s important to note that FEMA disaster assistance checks cannot be forwarded. If you cannot access your home address, you can request the postal service to hold your mail. You can also have the funds sent via direct deposit to your financial institution.

Residents are urged to contact their insurance company to file their flood insurance claims. For flood insurance policyholders who may have questions, FEMA has streamlined its process to better service claims and answer questions. Policyholders may call 800-621-3362 Monday through Friday from 8 a.m. to 6 p.m. and select Option 2. Call center staff are available to assist policyholders with information regarding their policy, offer technical flood guidance to aid in recovery, and respond to general as well as complicated questions about the NFIP. Policyholders with questions specifically about an insurance claim can be transferred to their insurance carrier for additional assistance.

Low-interest disaster loans from the U.S. Small Business Administration (SBA) also may be available to help individuals and business owners recover from the effects of the disaster. SBA helps businesses of all sizes, private nonprofit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. The loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations.


We urge everyone to continue to use caution in areas where floodwaters remain. Monitor DOTD’s website for updated road closure information. Look for advisories from your local authorities and emergency managers. You can find the latest information on the state’s response at GOHSEP also provides information on Facebook and Twitter. You can receive emergency alerts on most smartphones and tablets by downloading the new Alert FM App. It is free for basic service. You can also download the Louisiana Emergency Preparedness Guide and find other information at

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status.  If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.  Follow us on Twitter at and the FEMA Blog at

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps businesses of all sizes, private non-profit organizations, homeowners and renters fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s website at Deaf and hard-of-hearing individuals may call (800) 877-8339.

Wednesday, 24 August 2016 00:00

Creating Business Continuity Plans

While globally, the level of maturity of business continuity programs continues to rise, there are still many organizations that do not feel fully prepared. And, there is confusion when it comes to creating business continuity plans. On average, respondents to MissionMode’s Readiness survey rate themselves at 58/100 in overall preparedness, and a recent disaster preparedness benchmark survey found that 75% of companies worldwide are failing in terms of IT disaster readiness. According to our Readiness Survey, 60% of organizations have underdeveloped plans as follows:

  • 6.9% currently have no business continuity plans in place
  • 21.6% have preliminary plans created but not trained
  • 31.9% have plans created and trained for some event types
  • 39.7% have plans created and trained for all event types


If you’ve archived backups of data for contractual or regulatory reasons, do you also need to back that data up?

Or if you make backups of your current data, should those backups be archived?

When it comes to data retention, it’s essential to be clear about requirements. Take data archiving for example.

Company projects executed with contractual guarantees to the customer may mean that project data must be retained for years afterwards, in order to determine liability in case of a defect coming to light (think of large construction or engineering projects).


Wednesday, 24 August 2016 00:00

What will big data mean for your data centre?

In the next few years, every business in the UK will need to make some big decisions about how they approach their data. With the amount of information gathered and processed by businesses growing all the time, legacy data centres may struggle to cope under the strain.

The era of big data will therefore demand a new approach for the data centre, which will need to be faster and more flexible than in the past in order to handle the ever-growing volume and variety of information.

So what are the key issues IT managers will have to contend with when it comes to modernising their infrastructure and ensuring that it works as efficiently as possible?


Wednesday, 24 August 2016 00:00

Employees Continue to Fall for Phishing Bait

What would you do if nearly a third of your employees were making mistakes that could cause serious harm to the company?

According to findings by Duo Security, that’s exactly what is happening with employees and phishing attacks. About 31 percent of employees were clicking on phishing links, opening up the company to potential malicious activities. Another 17 percent willingly gave up their username and password combination when asked. As Jordan Wright, R&D engineer at Duo Security, told eWEEK:

The main thing to take away from this is that even if only 17 percent provided their username and password, 31 percent clicked the link, which in itself can lead to a breach through an outdated endpoint.


The enterprise is very eager to move applications to the cloud, implement Big Data and the IoT and, in general, engage in all of the other advanced technologies that are driving digital transformation.

At the same time, however, the enterprise has quite a bit of legacy data infrastructure to support, and it would be a waste to simply scrap this investment just because something new has come along.

This is why conversion of existing facilities has become such a hot topic of late. On the one hand, today’s applications running on today’s infrastructure will still support a good portion of the enterprise workload going forward, and on the other, there are myriad ways in which these resources can be made more efficient and more effective within the broader scope of cloud and converged infrastructure development.


Wednesday, 24 August 2016 00:00

BCI: Death of the Business Impact Analysis?

The Business Continuity Institute - Aug 24, 2016 16:01 BST

What’s in a name? Acronyms, common parlance, methodologies, business name... all very useful things as they enable us to identify objects, process and aid communication.

The downside of these particular benefits in communication and identification are that they also provide boundaries which may in themselves be restrictive. And once this becomes ingrained in the business psyche, it is very difficult to disentangle.

Let’s take the humble Business Impact Analysis. Acknowledged by professionals as a key element in the end to end process of building a robust business continuity structure, it is a process; a step that has evolved over time from best practice and for very good reason. As such is it is now viewed as a distinct object, something that forms part of a wider process, is undertaken at a given point in that process, connects with other elements and is readily identifiable as such.

But some of our clients are starting to look at this particular element from another perspective. Question - if it is but one part of a BC work-flow process, why should it be undertaken often in glorious isolation? Isn’t the BC structure simply a process of gathering data, making value judgements to corporate methodologies based on the information revealed and then create an output in a form and format that can be used by individuals at time of need?

So, this data capture process can start at risk assessment, follow with impact analysis and then move on to the plan development and testing. Why should this not be done in one fluid workflow process as a single ‘entity’ rather than discrete sections? Why do we have this specific entity called a plan which may contain such a huge amount of information that it only confuses at time of need? Why does the BIA often form an entirely separate and disconnected entity, often languishing and forgotten, even though all parts of the structure are supported by the same data – indeed, clarity and accuracy of data is an absolute pre-requisite to an effective continuity programme. Why can’t we create our own break-points in the work-flow process and define access permissions/user controls to our own corporate methodologies, to suit our own internal best practices whilst maintaining consistency with external standards and best practice?

The answer is that yes, you can. For some this leap of faith makes sense and is embraced. For others, it is a bridge too far, at this point in time at least. ClearView enables clients to have single-entity management of process and some of our largest clients have recognised that this makes absolute sense. This is particularly appropriate for large, complex organizations where there are a large number of stakeholders, each with individual touch-points and requirements. So, for these organizations, there is no concept of a separate BIA per se. There is a single information capture process, the output of which is a simple, clear list of actions and key reference data/communication items that can be tested rigorously and which supports effective incident and crisis management through a range of devices.

In this new world, I see the information that I need to see and want to see. I am involved in the parts of the end to end process where I add value or need to make decisions. With a flexible role-based permissions structure I can create reports, undertake gap analysis, monitor compliance, view dependencies, manage and manipulate data in all parts of the BCM progamme. I see simple, clear outputs that help me at the real time of need during an incident.

And the counter side of this is that I don’t have to wade through information that I don’t need or want to see just because it is bound up in a huge unwieldy document or in different reference documents in disparate locations. Indeed, I don’t have the fear that information is inaccurate because it is drawn from multiple sources and then replicated in isolation, rather than originating from golden sources and being managed centrally. And I know that all of this information in a single entity means that it is actively managed in its entirety i.e. the BIA is not left, unloved, in isolation waiting for the next overdue review. And, of course, I don’t have to be either sitting in front of my desk or laptop or happen to be carrying a printed paper version of a plan when there is an incident because this is the way that it has always been done.

So, is this the death of the BIA? Well, let’s say a technological reincarnation …..

ClearView Continuity, provider of an award-winning Business Continuity Management software platform, are Platinum Sponsors of the BCI World Conference where you can visit them on Stand 43 to find out more of the software and arrange a demonstration. The BCI World Conference and Exhibition takes place on the 8th and 9th November at the Novotel London West Hotel. The largest business continuity conference and exhibition in the UK, BCI World has a packed programme as well as an exhibition hall promoting all the BC products and services you need. Don't miss out, book your place today.

The Business Continuity Institute - Aug 22, 2016 16:46 BST

Recently SunGard Availability Solutions released their availability trends report. One of the more significant stats shows a marked decline in the number of invocations - during 2015 there were just seven across in the UK (that's at Sungard sites, of course). In fact, over a 10 year period the number of invocations has gone down by 90%. But like most statistics, it raises more questions than answers, such as:

Question 1: is business continuity overhyped? Bear in mind this is taken from an overall population of several hundred if not thousands of customers in the UK, so seven is a tiny proportion. So do we have to ask ourselves is all this fuss about business continuity 'over the top'?

Question 2: is it because we are getting better at business continuity? Another explanation of the downward trend in invocations could be is that we are getting better at business continuity - that's why we are having less failures. Remember Year 2000? When it went off with hardly an incident there was a general outcry that it was all a damp squib and that the risk had been completely exaggerated. But maybe all the testing and systems upgrades that had gone on before mitigated the risks. So, in this context, we are invoking less because we are doing better at business continuity. (Unfortunately surveys on the state of organizations' business continuity plans don't reflect this - there is still significant inertia in this area).

So, as regards the statistics in the Sungard report, is there a signal in the noise or is the signal just noise?

IMHO, here's what I think is happening:

We are becoming more resilient without knowing it. Cloud, virtualization and remote working technologies, investments in national infrastructure and a trend towards 'stuff as a service' are creating a level of resilience that was not there before. In other words, industry development and strategic choices in the way we run IT and communications on a business as usual basis are making individual organisations more resilient as a result.

So where does this leave business continuity people - should they be looking for new pastures? Will the BCM function become irrelevant? I think the answer is 'no' although adaptation is inevitable because the landscape is changing. I believe we will shift our focus from following the traditional process based approach of creating BIAs, Dependencies, Departmental 'plans' to an approach of developing and assuring overarching strategies for maintaining operational resilience and protecting the 'customer experience'.

The real message coming out of SunGard's report is that things are changing and we need to respond to that.

Steve Dance is the managing partner of RiskCentric, which specialises in the automation and rapid deployment of compliance and standards management systems.

While secondary data center markets don’t often garner headlines, they certainly must be profitable.

Since 2000, Charlotte-based Peak 10 has evolved with its customers to provide infrastructure, cloud, and managed services. The company has national partner alliances and continues to expand service and support offices. However, Peak 10 remains focused on serving small and medium-sized enterprise with 27 data centers located in 10 secondary markets.

In 2014, the company was sold to GI Partners, a private equity firm that specializes in companies that lead in “fragmented or overlooked markets” and can grow via acquisition. In other words, strong consolidators in secondary markets.


Monday, 22 August 2016 00:00

Playing the Long Game with Short-Timers

Though rebounding job numbers are no doubt a positive development for the nation and economy, they actually pose a mixed blessing for corporations and business enterprises.

Why? When employees succeed in finding a new job someplace else, their job performance and commitment often lag after they’ve given notice. In a sense, it’s human nature to take your foot off the gas and your eyes off the road when you’ve a new destination in mind. Furthermore, it’s likely that the professional leaving no longer considers the brand and reputation of the organization his/her priority. And, like a distracted or disinterested driver, that lack of attention and care may result in some serious damage — to their duties and to the reputation and brand of their employer.

That’s why I believe focusing on “conduct risk,” or “culture risk,” should be placed near the top of a business’ priority list. In my experience leading a division focused on corporate risk-sensing and reputation management, I’ve observed a “90/10” rule: that 90 percent of the hazardous workplace and professional behaviors arise or are magnified when an employee has set their sights on a new job and their focus dips.


Forgive me for overusing the term “convergence” but when the shoe fits, I say “wear it.”   If you are managing corporate risks and responsible for securing export licenses, ensuring that you are complying with OFAC sanctions requirements, interacting with customs and immigration officials around the globe, and conducting third party due diligence to onboard a new agent or distributor, , there is no question that there should be “convergence” among the various functions responsible for managing these risks.

Unfortunately, companies do not necessarily organize around efficiencies when creating procedures, and very often you will see a department responsible for export and sanctions compliance functions separate from the anti-corruption function. By ignoring some practical benefits, companies may be losing administrative efficiencies.

I am not suggesting that there is a substantive overlap but it appears to me that some of the information collection and analysis for compliance in these areas does overlap.


(TNS) - At first, it seemed like nothing more than a good late-summer rain.

But hard rain kept falling late Friday night, and soon the calls started coming in to Butler County, Kan.,  Emergency Management.

“They were saying, ‘Hey, we’ve got water over here and water over here,’ and I was, like, ‘We’ve never had water there before,’ ” said Jim Schmidt, Butler County Emergency Management director.

Rain gauges near Rose Hill indicated more than 9 inches of rain fell in the area over the span of a couple of hours, spawning flash flooding that swept vehicles off rural roads in the black of night.


Cyberattacks have become so common that they tend to fade from view. But for head-in-the-sand executives who believe they have better ways of spending their time and money, here’s a wake-up call.

The attacks keep coming. They’re getting more sophisticated. And in spite of all the advancements the cybersecurity technology community is making, the bad guys continue to have the edge.

Here are just a few of the more notable cybersecurity dangers to hit the news in just the last week. Ignore them – and all the others – at your peril.


(TNS) - At least five people, including two local residents and three tourists, have contracted Zika virus from mosquitoes in Miami Beach, Florida Gov. Rick Scott announced Friday as he identified a 1.5-square-mile zone of active transmission in the heart of the region’s tourism engine.

The Centers for Disease Control and Prevention quickly followed up with a new travel advisory for pregnant women, telling them to consider avoiding “all non-essential travel” to all of Miami-Dade County due to evidence of widespread transmission of Zika, which can cause birth defects.

“If you’re concerned about Zika,” CDC Director Tom Frieden said, “you may consider postponing all non-essential travel to all parts of Miami-Dade County.”


Monday, 22 August 2016 00:00

Big Data's Impact On Cybersecurity

With more of our daily tasks, purchases, and social interactions being pushed onto connected devices, it only makes sense that copious amounts of data is being produced by these interpersonal transactions. According to recent statistics from IBM, upwards of 2.5 quintillion bytes of data is produced from internet users in a 24-hour period alone. Not only is this a staggering amount of raw data that needs to be processed, it creates an 'elephant in the room' in terms of cyber security and how we protect ourselves from individuals with malicious intent.

Although these statistics may seem somewhat intimidating, data science experts and big data enthusiasts are excited and prepared for a future that's becoming increasingly connected to the web. Some techniques used to harness this raw information, such as data mining, help give us an insight into the future of cyber security and what areas may pique interest moving forward.


Turn off Water Valves to Prevent Damage in Commercial Buildings

When plumbing leaks occur in a multi-story building such as office buildings or hotels, turning off the water supply at the main valve is vital to avoid additional damage. Identify where the broken pipe is located to determine if a water valve is near the source rather than on a lower floor or utility closet. Turning off water valves as quickly as possible prevents primary damage to surfaces in addition to secondary damage from mold and mildew. Business owners can prevent slow leaks in buildings by tracking water bills each month and maintaining safety protocols in boiler and water heater rooms.


A fire can cause real damage, but whether or not your business survives the disaster is often determined by the actions that you take after the flames are out. Following these 10 tips can help your business recover from the devastation of a fire.

1. Document Everything

Disaster scenes are chaotic places. Avoid costly mistakes by documenting everything. Maintain a log of all contacts and phone calls so that you can keep track of everyone you had spoken with when you talked with them, and why you were in touch with them. Begin collecting receipts to document any expense that you incur during your business’s recovery period.


Another round of federal officials visited the sites of the Louisiana Flood of 2016 on Thursday.

Homeland Security Secretary Jeh Johnson was taken to the Lamar Dixon Expo Center and some of the flooded areas in Ascension Parish. FEMA Administrator Craig Fugate came to Louisiana earlier this week.

Here's what you need to know about the disaster:


Monday, 22 August 2016 00:00

Flooding Support: Real Time Updates

Esri is supporting organizations that are responding to flooding disasters with software, data, imagery, project services, and technical support. If you are in need of software or support, complete the Request Assistance form. All requests should be justified in the message section of the form and are subject to approval.

Public Information Map

Continuously updated US flooding information from the National Weather Service shows observed flooding locations and statistics, flood warning areas, as well as current precipitation. See the real-time effects of the flooding via social media posts. To change the search terms, go to the Media Layers menu, click the settings icon, and update the keyword.


The digital business of banks and insurance companies are at a crossroads today.

For years, business focus has been on consumer self-service using the web and, now, mobile channels. However, contrary to some predictions, these digital channels have not replaced the traditional channels such as branch offices and call centers.

Given the confluence of technology and culture shifts, consumers are expecting even more personalized and timely experience from both the digital and traditional channels that cannot be solved by simply arming service employees with mobile devices.


Friday, 19 August 2016 00:00

Can Space Weather Kill the Cloud?

Last year, when he learned about the potential of a strong electromagnetic pulse from the sky doing real damage to electrical infrastructure, Rich Banta stopped what was then an early-stage data center project his company was doing. The design was complete, and construction was about to commence.

But Banta now wanted to redesign the facility to protect it from an EMP (in the jargon of the electromagnetic pulse community), caused by space weather or human wrongdoers. The new design added about 60 percent to the project’s cost and extended its timeline by about 12 months. “Not a game,” he says.


When you think about your security strategy, firewalls, endpoint protection, insider threats, external attackers, malware and vulnerabilities all come to mind. It’s rare that your backup and disaster recovery (BDR) comes into the conversation. It’s probably that your organization, like most, thinks of BDR as being a business continuity thing and not a security thing.

But nothing could be further from the truth.

Your security strategy, no doubt, is a defense-in-depth model, where you have multiple solutions, initiatives, processes and policies in place--each one providing another tier of protection around your organization’s most precious data, applications and systems. But, with attack vectors like the ever-growing threat of ransomware--that if given the opportunity will turn the tables and keep you out of your own data--it becomes evident that you also need to know: “Can we recover if all this security stuff fails?”


With car purchases there is often a warranty that offers buyers the assurance that if something doesn't work, they can get it fixed. The same is true throughout much of modern consumer society, with products and services backed by warranties that simply affirm to users that products should work as they should. A glaring example where warranties are not common is in software, specifically security software.

Jeremiah Grossman is on a mission to help change that.

Grossman first introduced the concept of guaranteeing security in 2015, with former employer WhiteHat Security. The basic premise with WhiteHat's guarantee is that if the software and service provided by the company don't help prevent a breach, WhiteHat would pay for breach-related costs. Grossman changed jobs this year, joining security firm SentinelOne, and launching a $1 million ransomware guarantee program with that company.


CHARLESTON, W.Va. – If you were affected by the severe storms, landslides and mudslides that occurred June 22-29 and haven’t registered for help from the Federal Emergency Management Agency (FEMA), why wait? Do it now!

Take the first step toward getting federal assistance. Don’t miss out! Once you register with FEMA, you may be eligible for a federal grant to help you with your recovery. You may also qualify for a low-interest disaster loan from the U.S. Small Business Administration (SBA).

If you haven’t registered yet and are a homeowner or renter with disaster-related damage in the designated counties, do it now before it’s too late.

Did you not register because:

  • You simply didn’t know that FEMA offers help to homeowners and renters whose homes were damaged?

    • Once you register with FEMA you will learn about the help that may be available to you.

  • You kept putting off registering because you were too busy and didn’t remember to register until the evening, and thought everything would be closed?

    • Registering is a very important first step to getting help. The FEMA helpline is open from 7 a.m. to 10 p.m. EDT every day of the week.

    • Or go online anytime to

  • You are confused about the process of registering with FEMA?

    • FEMA is there to help you. Make the phone call (800-621-3362) or go online to the website ( Ask questions and you will get answers.

  • You thought talking with your county officials or the American Red Cross, or calling2-1-1 would automatically make you eligible for FEMA aid?

    • The only way for you to be eligible for federal help is for you, the homeowner, renter or as the business owner, to register with FEMA.

  • You thought the damage to your property would not be eligible for federal help?

    • Let FEMA make the decision to determine if you qualify for federal assistance.

  • You thought that since you already cleaned up and made repairs you couldn’t apply for assistance?

    • You can register with FEMA even after you make repairs. It is helpful to have photographs of the damage. It also helps if you keep all repair receipts.

  • You thought others needed the federal aid more than you?

    • No one is denied aid because of someone else’s need. If you are eligible for assistance, FEMA will provide funds to help you start the recovery process.

  • You thought you’d have to repay a FEMA grant?

    • FEMA assistance is a grant, not a loan. It does not have to be repaid. It is not subject to income tax.

  • You thought that getting disaster assistance from FEMA would affect your government benefits, such as Social Security, Medicaid or SNAP (Supplemental Nutrition Assistance Program)?

    • You will not have to pay additional income taxes or see any reduction in your Social Security checks or any other federal benefits.

  • You didn’t think you were eligible for FEMA help because you are not a U.S. citizen?

    • If you are in the United States legally or are the parent of a U.S. citizen in your household, you need not worry about applying for federal disaster assistance.

None of these reasons will prevent you from getting help from FEMA. Here’s what to do to get the correct information:

  • Call the FEMA helpline (voice, 711 or relay service) at 800-621-3362; (TTY users should call 800-462-7585). The toll-free lines are open 7 a.m. to 10 p.m. EDT seven days a week. Multilingual operators are available.

  • Go online at

  • Visit a Disaster Recovery Center near you. To find the closest one, go to

If you have questions about how you may qualify for a low-interest SBA disaster loan for homeowners, renters and businesses of all sizes:

Additional information on West Virginia’s disaster recovery can be found by calling the FEMA Helpline 800-621-3362 or visiting:; the flood pages at;;; and

I’m often asked to provide an example of an insider threat. I think it is because no one likes to believe that someone inside would be so cruel as to purposely do harm to a business, to customers and to fellow employees. Mistakes made by an insider that result in compromised data are certainly bad, but rarely malicious.

But we know that malicious insiders are there, and an incident this week shows how much damage they can cause. It happened to a UK accounting software firm called Sage when an insider logged into an account for which he did not have authorized access. As Reuters reported:

The personal details of the employees of about 280 British companies were potentially exposed in the breach, a company source said. It was working to ascertain whether any data had been stolen, the source added.

As of this writing, I haven’t seen anything that clarified what the insider intended to do, if she was just curious and looking or if there was a more nefarious intent, as it appears that the company has not yet released any of that information. The insider was arrested, incidentally, at Heathrow Airport, giving the story a movie-style plot twist.


If the average food safety crisis or product recall forces companies to weather a storm, Chipotle has spent the past year trying to weather a category 4 hurricane. Now months into their recovery effort, it seems they are still seeing significant storm surges.
Last week, a group of Chipotle shareholders filed a federal lawsuit accusing executives of “failing to establish quality-control and emergency-response measures to prevent and then stop food-borne illnesses that sickened customers across the country and proved costly to the company,” the Denver Post reported. The suit accuses executives, the board of directors, and managers of unjust enrichment and seeks compensation from Chipotle’s co-CEOs, while also asking for corporate-governance reforms and changes to internal procedures to comply with laws and protect shareholders.

Sales remain significantly impacted by the series of six foodborne illness outbreaks last year. The company reported in July that same-store sales fell another 23.6% in Q2, marking the third straight quarter of declines for performance even lower than analysts had predicted. The company’s stock remains drastically impacted, currently trading at about $394 compared to a high of $749 before the outbreaks came to light a year ago.


Friday, 19 August 2016 00:00

What It Means To Be A Data Scientist

Good data scientists have been called "unicorns" because it is so rare to find professionals who possess all the required skill sets. When a company seeks to hire a data scientist, it's typically seeking someone with skills in advanced programming and statistical analysis, along with expertise in a particular industry segment, such as healthcare, finance, or marketing.

The proliferation of data, and the potential for organizations to turn data into something valuable that didn't exist before -- think Uber and Netflix -- has increased demand for such professionals.

Linda Burtch, an executive recruiter who has specialized in quantitative professionals for 30 years, told InformationWeek the demand for data scientists is at the highest level she has ever seen.


Friday, 19 August 2016 00:00

South Bend Floodwaters Pose Health Risks

(TNS) - Local health officials warn residents to be wary of floodwaters — in their basement, in the street and even in the rivers — for possible contamination with bacteria and water-borne illnesses.

This is especially true for people with sensitive immune systems and the elderly.

Case in point: Diane DeCleene, who couldn’t afford to get sick — again — from floodwaters. There must have been something in the black, silty wastewater that backed up into her basement during a storm in June that had triggered vomiting and diarrhea. Even her dog got sick. Maybe they mucked around in it too much.


(TNS) - The deadly flood that has swamped south Louisiana this week will likely mean more mosquitoes this summer as the floodwaters start to recede.

State health leaders say that also could mean an increase in West Nile cases and even potentially a bigger threat of Zika virus.

"We're going to have standing water all over south Louisiana," Gov. John Bel Edwards said this week, warning about the additional pitfalls that lie ahead as the flood-affected areas transition to recovery mode. "We're going to have more than our share of mosquitoes."

The historic flooding, which is the result of what experts are calling a one-in-1,000-year rain, has prompted federal disaster declarations in 20 parishes. Edwards has said he expects that declaration will grow to cover even more as the flood waters shift southward and local officials tally up the damage their areas have sustained.


Friday, 19 August 2016 00:00

Cyber Security's New World Order

Researchers this week revealed the discovery of computer malware so sophisticated that it managed to hide undetected within enterprise and government computers for five years.

Named after an omnipotent Lord of the Rings character, Project Sauron is an unusually well crafted piece of software. Once installed, it lives entirely in computer memory, leaving no predictable trail of server domain names or IP addresses. It can even infect “air gapped” computers not granted access to the network. Then it simply lies dormant, a sleeper cell of sorts, awaiting further instruction.

Sauron has been siphoning information from some of the world’s most fortified networks in Russia, China, Belgium, Iran and Sweden since 2011. And that makes researchers very nervous they can’t keep any digital data safe from determined actors.


Although workplace health and safety is already a focus at many organizations, there is always plenty of room for improvement. Consider the number of workplace injuries that occur every year: In 2014, there were nearly 3 million nonfatal injuries and an additional 4,679 fatal injuries in workplaces, according to the U.S. Bureau of Labor Statistics.

These numbers are staggering. However, they do not necessarily mean that workplace injuries are inevitable. In fact, there are several important steps that your own organization can take to mitigate its workplace health and safety risks:


Willie Sutton, an infamous bank robber from the 1920s through the 1950s, denied ever saying that he robbed banks "because that's where the money is." Nonetheless, this apocryphal declaration of the obvious could equally well apply to hackers and data centers.

After providing computing infrastructure and the power to run it, data centers have to prioritize security. Without security, a data center is a data breach, and that's not an enduring enterprise.

Information technology professionals know this well. Anyone who has visited data center of any size can attest to the evident security measures. These are not places you can just walk into for a tour of the server racks.

But not all data centers handle their responsibilities to clients with equal diligence.


(TNS) - The federal government on Wednesday warned the nation's railroads, including Chicago's Metra, not to wait until the last minute to install a new high-tech safety system that can prevent crashes and save lives.

The Federal Railroad Administration also urged Congress to provide more funding to help commuter railroads implement the program, known as Positive Train Control. The technology uses GPS, radios, computers and antennas to slow or stop speeding trains, prevent collisions and override human errors.

"Positive Train Control should be installed as quickly as possible," said U.S. Transportation Secretary Anthony Foxx, in a statement provided by the FRA. "This is lifesaving technology available now, and railroads should continue to aggressively work to beat the deadlines Congress has put in place."

Can you imagine living in a property that has flooded 10 times? How about 20 times? It’s hard to fathom enduring that kind of situation, yet owners of 2,109 properties across the United States experience just that. Not only has each of these properties flooded more than 10 times, but the National Flood Insurance Program has paid to rebuild them after each flood. One home in Batchelor, Louisiana flooded 40 times and received a total of $428,379 in flood insurance payments. 

These properties—and more than 30,000 others that have flooded multiple times—illustrate the current problems of the National Flood Insurance Program and also provide some insights into how challenging it will be to cope with sea level rise, flooding due to extreme weather, as well as other impacts of climate change. It is anticipated that between 4 and 13 million people’s homes could be inundated due to sea level rise by 2100.

How many of these homes will be in the same situation, repeatedly damaged by floods, and the main assistance provided is to repeatedly rebuild? How the nation—and the National Flood Insurance Program—face this dilemma is a key question we need to answer if we are going to prepare for and adapt to the impacts of climate change. That’s why NRDC decided to take a close look at how we’re already addressing properties that have been repeatedly flooded.


Thursday, 18 August 2016 00:00

Understanding Due Diligence Data and Insight

Since the United States Department of Justice and Securities and Exchange Commission required companies to conduct adequate due diligence on third parties in order to meet their compliance obligations under the Foreign Corrupt Practices Act and other similar legislation, there has been an explosion of due diligence providers entering the market.

These providers have come from all walks of life – from ex-police officers and military intelligence to magazine and newspaper publishers – who have vast amounts of data that they have repackaged as “due diligence.” It is very tough for a company to really understand what they are buying and how to sort out the best fit for their company.

In most large companies, the legal and compliance departments will ask the procurement department to help select a new provider for this due diligence. While involving procurement can be beneficial from certain perspectives, it does create some challenges, as typically the department doesn’t really understand the depth of advice that they are purchasing or how to differentiate between various providers.


Thursday, 18 August 2016 00:00

Why Model Risk Matters

Model risk management gained traction in the risk landscape with the issuance of the Joint Supervisory Guidance on Model Risk Management in 2011: SR 11-7/OCC 2011-12.  This guidance differed from the initial OCC Circular 2000-16 in that it mandated that financial institutions begin to think of model risk management as a risk similar to existing major risk areas: credit, market and operational risks.  Eventually this led to the creation of a new risk function, the Chief Model Risk Officer (CMRO); a new risk policy, the Model Risk Management Policy; and a new department, Model Governance, separate from individual model validations.  A virtual lexicon of risk terms came into use: model definition, model risk management policy, model inventory, model life cycle, access controls, model change controls, etc.

Model Risk Fundamentals

The definition of a model was articulated as “consisting of three components: an information input component, which delivers assumptions and data to the model; a processing component, which transforms inputs into estimates; and a reporting component, which translates the estimates into useful business information.”[1] Therefore, at its core, a model is a computational process with three components.

Model risk arises through errors in the individual components, through the way they are put together or in the way they are used.  Thus, data input errors can result in errors in model outputs.  Errors in model specification, either due to inappropriate conceptual design, methodology or inaccurate implementation, can also result in inaccurate model outputs.  Finally, even if data quality is both reliable and sufficient, and the algorithms are accurate and properly implemented, model risk can still arise through misuse of model outputs.


You’re probably familiar with phishing, in which hackers try to trick users into unsafe practices by sending phony emails. Popular lore suggests that “phishing” is derived from “fishing” and the idea that hackers, for some reason, like to replace the letter “f” with the letters “ph”.

A more recent addition to the hackers’ arsenal is whaling. In this case, hackers try to imitate the email style of a high ranking member of a company, like a CEO, and trick another employee into transferring company funds (or is that “phunds”) to a bogus account. What then is the best way to fight such tactics?

Whaling emails usually contain few or no indicators that conventional anti-virus software can pick up.


Emily Wilson, CEO of decade old Computer Troubleshooters of Greensboro, NC, shares three suggestions she'd apply if she were launching an MSP from scratch right now.

1. Carefully choose products and vendors - It’s really important to figure out what products and solutions you want to offer by evaluating what is most important to your target market. Backup and security are probably the most important things that your client will be looking for. They must have a way to protect and recover their information. Once you decide what solutions you want to offer your clients, selecting appropriate vendors to partner with is critical. You want to find a reliable vendor that offers a quality product and is "channel-friendly." They should not sell directly to your client, but should understand the importance of your role.


It’s no secret that many businesses have high hopes for using big data. With few exceptions, big data analytics has been subject to some massive hype. The promises have been many, from greater capabilities, more efficient operations, better understanding of customers, new product ideas, and so much more. Big data can certainly deliver on all that, but recent surveys and studies have found that living up to that hype has proved challenging. It’s mainly a case of organizations not seeing the type of returns they hoped for. In other words, the payoffs aren’t showing up as expected. For obvious reasons, this has been the cause for concern among businesses as the amount of investment being spent on big data analytics continues to grow. Getting to the root of why they’re not seeing those payoffs then becomes a priority.

In one report from Mu Sigma, it was shown that many executives have become dissatisfied with the results they’re having in the analytics realm. They’ve put a lot of resources and effort into making big data analytics lead to a substantial return on investment, only to see the payoffs come up lacking. There’s no single reason for this failure, but a number of factors have appeared to offer good explanations for payoff woes. Part of the problem stems from placing so much emphasis on the technology being used for analytics rather than the role that decision-making plays in the process. The technology plays a pivotal role, no doubt, but a failure to understand how to properly use it to achieve business goals means much of that technology is going to waste.

Some businesses were quick to embrace big data in the early days when many organizations were still skeptical. Investors at the time had high expectations, but it’s possible that those expectations missed the mark. It wasn’t that they were wrong to have certain milestones and goals in mind, it was more a problem of underestimating the challenges businesses would face. They may have even completely overlooked some possible issues altogether. It all comes down to analytics performance. They may have all the right technology on hand, but it analytics is performed in the wrong way, the results will reflect that.


Developing a high-performance business continuity program is hard work and requires significant resource commitments and upper-management support. Respondents to the MissionMode Readiness Survey report varying levels of readiness with under 40% claiming to have business continuity management (BCM) plans in place across a wide number of potentially disruptive event types:

  • 38% – Comprehensive BCM plans developed and trained across a wide variety of event types
  • 37% – Plans developed and trained across a limited number of event types
  • 25% – No plans or preliminary plans drafted but not trained

These respondents were most likely to be prepared for weather, power and IT-related incidents and least prepared to manage physical security threats, theft and product safety-related events. Developing and training a wide variety of BCM plans can seem like an insurmountable challenge, but MissionMode can help you both prioritize and prepare your plans.


The ongoing flooding in Louisiana is being described as the worst natural disaster to strike the United States since Superstorm Sandy of 2012.

Latest reports indicate that at least 11 are confirmed dead and more than 30,000 have been rescued. An estimated 40,000 homes have sustained flood damage statewide, but local reports put that figure higher.

Some 20 Louisiana parishes have now received a federal disaster declaration.

Flood damage is excluded under standard homeowners and renters insurance policies, but available as a separate policy both from the National Flood Insurance Program (NFIP) and some private insurers.


Depending on your organization’s resources and size, using risk transference to mitigate your risk may be a good option.  

In a recent blog we discussed the acceptance of risk. When accepting risk is not appropriate, the strategies for risk mitigation include: developing and implementing strategies in house; using third parties to develop and implement the solutions, with in-house maintenance; or turning the entire solution over to a third party. For most organizations, some use of risk transference is appropriate.

Risk Transference: Risk transference is handing risk off to a willing third party.

The most frequently used and easiest method of risk transference is insurance. Insurance is the financial transfer of risk. When using insurance for risk mitigation, it is important to remember:


Thursday, 18 August 2016 00:00

FEMA Offers Tips for Hiring Contractors

(TNS) — As survivors begin the repair phase of flood recovery, FEMA and the West Virginia Attorney General’s Office are warning about unscrupulous contractors who often prey on those down and out.

FEMA said incompetent and even criminal contractors will cause more challenges to victims, so officials offered a number of tips to help avoid such a situation.

“Disasters bring out the best in many people who unselfishly help others. Unfortunately, they also attract scam artists who seek to take advantage of disaster survivors,” FEMA officials said recently.

Attorney General Patrick Morrisey said unlicensed contractors often will canvass neighborhoods offering to repair damaged property with deals that seem too good to be true. All too often, he said, they are. Work is never completed despite payment made.


Just how important is cyber security awareness in today’s digital age? An entire, month-long observation has been dedicated to shining the spotlight on this hot button issue. But raising awareness about cyber security can be easier said than done—especially when many people mistakenly assume the onus lies entirely with IT. As we approach October’s National Cyber Security Awareness Month (NCSAM), the following three tips can help you overcome the obstacles, increase awareness, and ultimately fortify both your cyber security strategies and your organization at large.


The quickest way to stick a dagger in the heart of a succession planning strategy is for the CEO to delegate it to human resources. Doing so delivers a flashing message to the organization that leadership development is a low priority that doesn’t warrant serious attention.

That was my key takeaway from an interview last week with Michael Timms, a leadership development consultant and author of “Succession Planning That Works: The Critical Path of Leadership Development.” Timms shared some great information during the interview, which began with my asking him what letter grade he would give corporate America on succession planning. Without hesitation, he said it would have to be an F:

There’s actually a percentage on that. About a year ago, Deloitte did a global survey that asked executives in organizations big and small if they feel succession planning, or leadership development, is a top strategic priority. Eighty-six percent said succession planning is a top priority, so clearly, everybody knows it’s a big deal. And then the next question asked how many them feel they actually have a succession plan that works, and only 10 percent said they felt they did. So they’ve graded themselves, and given themselves a letter grade of F.


Storage technology is evolving extremely rapidly but our file systems are not. Is it time to re-think files systems so we can take advantage of this new technology?

Enterprise SSD - And Much More

Perhaps it's because I'm getting older but it seems like things are changing faster every year (my wife tells me it's because I'm getting older).

Regardless of the cause, things are changing quickly, particularly in storage world. SSD's are becoming very popular, pushing out spinning drives. We even have SSD's coming with 60TB's of capacity (link). Enterprise SSD's are quickly impacting enterprise storage designs. Spinning drives are now coming in massive capacities courtesy of Shingled Memory Recording (SMR) technology that come in 10TB and 12TB capacities. Non-Volatile memory is on the horizon. Yet, some aspects of storage are not changing or not changing much at all to adapt to these new technologies.


Wednesday, 17 August 2016 00:00

Creating a Value-Oriented Sustainable Business

As the world becomes more and more globalized by the day, the importance of maintaining it in mint condition has gained awareness from all actors in society. A responsibility to conduct business in a sustainable and value-oriented manner has been vested on businesses by international actors – one of the leading actors being the United Nations Global Compact Initiative (UNGC). The UNGC has focused on four main areas in which businesses are to fulfill fundamental responsibilities for maintaining sustainable operations: human rights, labor, environment and anti-corruption[1].

However, guidelines, principles and other international standards or documents are not per se binding on businesses. In other words, “binding” sanctions cannot be enforced on businesses directly by the relevant international organization in case of violations. Therefore, these guidelines, principles, standards or documents are referred to as “soft laws.” Within this context, some “soft laws” have become enforceable “hard laws” in instances when national regulators have adopted national laws governing the areas of the said documents. In this sense, the fundamental aspects of the principles foreseen by UNGC have been regulated to a certain extent by a majority of national regulators, whereby the underlying principles are also emerging worldwide. Nevertheless, national laws and “standalone” sanctions foreseen thereunder are not enough to provide for sustainability in the operation of businesses; in order to create a long-term sustainable corporate culture, businesses also need to take a stand and adopt internal procedures through corporate compliance programs. For example, in the area of human rights and labor standards, regulators have provided for protection regarding present violations. However, in order to create a long-term “sustainable” business, these principles should be institutionalized by businesses and values should be incorporated into corporate compliance programs.


A number of high-profile terrorism attacks worldwide have raised people’s fears this year, but the reality is that the number of attacks and deaths from such attacks actually decreased in 2015, according to Marsh’s 2016 Terrorism Risk Insurance Report.

The report summarizes terrorism risk insurance trends, benchmarks terrorism insurance take-up rates and pricing, and offers risk management solutions for terrorism exposures.

The more current attacks, often perpetrated by a single individual or small group, are different from those carried out in the 1990s and 2000s when high profile locations were targeted. Individuals carrying out the more recent attacks may have no direct contact with a known terrorist organization, but could be drawn to them through writings and video, particularly on the internet, Marsh said.


Wednesday, 17 August 2016 00:00

In the Cloud, You Really Can Have It Your Way

To go private or not to go private; is that really the question?

A few weeks ago, I posted some thoughts on the public vs. private vs. hybrid debate, concluding that it won’t really make much difference in the long run because both public and private infrastructure is becoming less costly and more easily manageable, and the rise of software-defined architectures will shift the focus to the services that are provided, not the infrastructure they sit upon.

Since then, the news for the private cloud seems to only have gotten worse. As ActiveState Software’s VP Bernard Golden pointed out to this week, Amazon and Microsoft are eating the IT world while OpenStack struggles to find itself, and all the while Google is forging ahead with advanced machine learning and streamlined frameworks to makes its cloud easier and more capable of meeting emerging enterprise needs than anything they can hope to do on their own. In Golden’s view, this will lead to a long, slow but inevitable death for the private cloud.


Wednesday, 17 August 2016 00:00

BCI: Raising awareness of cyber resilience

The Business Continuity Institute - Aug 17, 2016 09:24 BST

Chosen by those working in the industry, the theme for Business Continuity Awareness Week 2017 will be cyber resilience, and the event itself will be held between the 15th and 19th May 2017.

As the world becomes more and more digital, so do the threats that it faces. Just as we need to protect our organizations from the disruptions that occur in the physical world, we also have plans in place to deal with disruptions in the virtual world.

We have witnessed large organizations like eBay, Target and Sony all suffer the consequence of a data breach. We have seen an increase in the magnitude of DDoS attacks like the one that brought down the BBC's website over the new year. We are experiencing an increase in the occurrence of ransomware attacks on all sizes of organizations including hospitals and local authorities. No longer can we think "it will never happen to me".

As the Business Continuity Institute's latest Cyber Resilience Report showed, two-thirds of organizations had experienced at least one cyber security incident during the previous twelve months, and 15% had experienced at least ten. Given the prevalence of the threat, it perhaps no surprise that the BCI's Horizon Scan Report noted that, of all the possible causes of disruption, cyber attacks and data breaches were the top two concerns for business continuity professionals. It is therefore extremely fitting that this will be the theme for BCAW next year.

The BCI will soon start to publish some helpful resources for you to use, but in the meantime, make sure you save the date. Also think about how you could get involved, and how you will help to raise awareness of the need for business continuity and the importance of cyber resilience.

The theme was chosen following the results of a feedback survey published after BCAW 2016. Of all the suggestions made for a theme for BCAW 2017, one-third related to cyber resilience, making it the clear favourite. The survey also asked whether people preferred BCAW being held in May, whether it was better when it was held in March, or whether another month should be chosen. An overwhelming four-fifths preferred the May date.

From where IT professionals sit, these are early days for industrial IoT. Still, the software, hardware, and network ecosystem required for delivering on the promise of IoT will eventually transform the way enterprises think about running everything. Here are four cloud-based industrial IoT startups worth knowing.

Who are the most promising internet of things (IoT) startups? Venture capitalists, sensing the opportunity, are looking for companies to invest in. Millions of dollars are available for technologies with a track record and a good idea. One particular area of interest for us here at InformationWeek is the activity around cloud-based industrial IoT platforms.

From where IT professionals sit, these are early days for industrial IoT. Still, the software, hardware, and network ecosystem required for delivering on the promise of IoT will eventually transform the way enterprises think about running everything.

Industrial operations, supply chain, commerce, and customer service are some of the enterprise environments expected to be dramatically transformed by IoT.


With our recent successes demonstrating NetScaler CPX to developer audiences at DockerCon in Seattle and StackWorld in San Francisco, Citrix is getting ready for LinuxCon in Toronto on August 22.

Stop by the Citrix booth for demos of NetScaler CPX and NetScaler MAS and more. And be sure to catch the keynote on “New Requirements for Application Delivery in a Microservices Application World” from Abhishek Chauhan, Delivery Networks VP and CTO.

The number of attendees and the level of excitement at these shows demonstrate that one of the biggest disruptions in the IT world is happening now. This is the shift to microservices application architectures and the transformation of the server architecture to Linux containers.

Microservices applications are made up of many independent processes that are loosely linked together. New features can be added to an application by installing a new microservice and making it a part of the application infrastructure.


Six in 10 organizations say they must demonstrate compliance and auditing of privileged accounts indicating that privileged account management (PAM) security is now a firm requirement to comply with government and industry regulations.  This is just one of the many findings from a Benchmark Global Survey with responses from more than 500 IT security professionals from organizations around the world.  The findings indicate that privileged account management is not just a security issue, but also a regulatory compliance issue within their organization or industry.

The Survey is part of a new Report, 2016 State of Privileged Account Management that exposes several, significant security gaps in how organizations manage and secure their privileged account passwords and access and shows the extent to which privileged account management security is rising in priority and required for regulatory compliance.

The main reason privileged accounts are so critical to both industry and regulatory compliance is that privileged accounts contain what are known as the “keys to the kingdom.” These accounts have full permissions to computer systems and environments that typically have access to the locations where sensitive data like financial records, classified data or personal identifiable data like email addresses and credit card and social security numbers are stored.  It is ultimately crucial that organizations monitor and track any unauthorized modifications, theft, sabotage and privacy breaches of privileged accounts.  The U.S. Computer Emergency Readiness Team (CERT) has published several recommendations on how to reduce the risk of insider abuse of accounts. To ensure security controls of privileged accounts are much more secure than regular accounts, they recommend applying a “Least Privilege” approach and implementing security policies and controls with strict password creation and management.  Audit and Track Changes and Continuously Discover and Update Accounts are amongst other security recommendations from CERT.


Storage systems have become their own unique and complex computer field and can mean different things to different people. So how can we define these systems? Storage systems are the hardware that store data.

For example, this may be a small business server supporting an office of ten users or less – the storage system would be the hard drives that are inside of that server where user information is located. In large business environments, the storage systems can be the large SAN cabinet that is full of hard drives and the space has been sliced-and-diced in different ways to provide redundancy and performance.


Geary W. Sikich and Joop Remmé pose three questions which aim to enable organizations to explore the relationship between corporate social responsibility and governance risk and compliance activities/obligations.


In this article we posit three questions.  The first question is: “Is it a social responsibility of companies that they undertake a comprehensive risk assessment?”  The second question: “Does the notion of conscience and its application to the generation and use of risk information and information in general, create an obligation for the organization to disclose the results of the comprehensive risk assessment?”  The third question: “How do the people in the organization communicate the information from the comprehensive risk assessment to stakeholders and yet preserve security and protect the organization?”

The three questions may, at first, appear simple and straightforward.  However, as we dissect each, we find that there is significant complexity intertwined in these questions.  While this article does not attempt to provide a rigid framework or hard and fast answers to the above questions, it is our intent to set in motion a dialogue regarding corporate social responsibility (CSR) and its relationship with governance risk and compliance (GRC) activities/obligations that form a social contract between the organization and its stakeholders.


I’ve been working with Citrix products for 13 years and a part of Citrix Consulting for almost 5 years. In that time, I’ve realized that the technical challenges have changed from time to time, but the organizational and administrative challenges remain unchanged.

Topics like infrastructure layout, application delivery methods, project, change and release management are often not defined all that well. These circumstances lead to issues like quality constraints and human resources bottlenecks, which have impacts that are often bigger than the technical problems.

As such, I decided to write a blog series about the importance of business processes as they relate to Citrix virtualization products. Given that such processes are specific to every company, please don’t expect to receive a full set of definitions that you can copy and paste into your environment. The intention of this series is to give you a direction and an idea of what such processes might look like.


How do you think your company fares in cybersecurity readiness?

This question came to my mind today after reading two articles. The first was a Tech Target article that discussed what every company should know about cybersecurity readiness. One of the points in this piece covered identity management:

This is made up of various plans, policies, procedures and technology aimed at providing appropriate access to information resources and an understanding of how those resources are used and by whom.

Identity management includes areas such as authentication, authorization and access control. And that leads to the second article I read. eSecurity Planet reported on a recent Ponemon Institute and Varonis Systems study found that more than 60 percent of end users are accessing data that they shouldn’t be, but at the same time, less than a third of IT departments are ensuring that only authorized people have access on a need-to-know basis.

(TNS) — The greatest danger to Pennsylvanians is less likely to come from terrorists plotting attacks halfway around the world than a homegrown extremist in their own backyard, the state's homeland security chief said Monday.

"The 'lone wolf' doesn't need ISIS," Homeland Security Director Marcus Brown said at a terrorism awareness and response symposium in King of Prussia. "They're much less pushing the organized attack from ISIS to the United States, they're saying, go do something, don't wait for us to tell you."

Brown was among the more than 600 law enforcement personnel gathering at the Valley Forge Sheraton for the daylong conference put on by the state. The speakers included a London-based detective trained in bomb scene management, the director of facility security for the Philadelphia Eagles and the inspector of counterterrorism for the New York City police department.


(TNS) — Chances for a quiet hurricane season just went down, federal forecasters reported Thursday.

“Forecasters now expect a 70-percent chance of 12 to 17 named storms, of which five to eight are expected to become hurricanes — including two to four major hurricanes,” the National Oceanic and Atmospheric Administration said in a season update.

It may be the most active season since 2012, the agency says. “NOAA now calls for a higher likelihood of a near-normal or above-normal season.” Hurricane season runs from June 1 to Nov. 30.

The federal report “shows the environment is conducive for more storms and there is a slight elevation of risk,” said Marty Senterfitt, an emergency-management veteran now heading Monroe County Emergency Management.


Tuesday, 16 August 2016 00:00

Make Way for the Edge Data Center

Cloud computing is leading to a massive centralization of IT resources. If current trends progress, the vast majority of data infrastructure will be housed in giant regional cloud facilities, with only highly converged systems remaining in corporate settings around the world.

This will undoubtedly be more efficient and less costly, but it presents a problem: Centralized resources are not great for time-sensitive applications, since the data center is now some miles away from the user. This is why future data architectures will rely on massive centralization and legions of automated mini data centers on the edge.

These facilities will be crucial for both the content-streaming services that populate the web and emerging Big Data/IoT workloads that need to gather data and produce analytical results in a moment’s notice in order to capitalize on fast-moving market opportunities. As IHS Markit analyst Lucas Beran noted in a recent series of blogs on Data Center Journal, the typical edge facility will process loads drawing between 10 and 100 kW and will provide services like data aggregation and content-caching to reduce latency and network congestion across wide-area infrastructure. At the same time, organizations can use these facilities to provide targeted, regional services to give a more local feel to national and even international product offerings.


Tuesday, 16 August 2016 00:00

How to Mitigate Fourth-Party Security Risks

While security threats resulting from exposure to third-party partners are serious, security pros face an even tougher challenge from fourth-party security risks.

What do we mean by fourth-party risks? Think of fourth parties as the "vendors of your vendors." Everyone from Amazonian giants to small businesses uses subcontractors.

According to a recent BitSight report of over 35,000 companies, one in four technology companies link to Amazon Web Services (AWS). One disruption on that service could impact multiple vendors.

"Service providers can experience an outage and they can also experience cyberattacks," said Stephen Boyer, CTO and co-founder of BitSight. "When they do, it brings down many organizations and can also severely impact an organization's vendors."


Tuesday, 16 August 2016 00:00

BCI: Securing IT equipment in the workplace

The Business Continuity Institute - Aug 16, 2016 12:12 BST

Most people (clearly not all given the results of this study) are often very protective of their laptops, tablets and smartphones when they're out and about, and that's no surprise given that most thefts of these devices occur when they are so. According to a new study by Kensington, a quarter of thefts take place in cars or other transportation, 15% in airports and hotels, and 12% in restaurants.

What is perhaps surprising however, is that the IT Security and Laptop Theft Survey also revealed that the second most common location for thefts is our own offices, with 23% occurring there. These findings are significant as people can be lulled into a false sense of security that IT equipment is safe on the premises when users are working in the office.

The study showed that IT professionals across industries are not taking the necessary steps to ensure the security of their enterprise environment. According to the survey, more than a third (34%) of IT personnel do not have a physical security policy in place to protect their companies’ laptops, mobile devices, and other electronic assets. More than half (54%) of survey participants do not currently utilize physical locks for IT equipment.

When we think of data breaches, the number two concern for business continuity professionals according the Business Continuity Institute’s latest Horizon Scan Report, we often think of hackers getting into our networks from a remote location and stealing data, but data can be stolen using far less sophisticated methods than that. Of course it is not just an information security issue for business continuity professionals, as they will also need to consider how employees can continue working when their equivalent is unavailable.

With research showing that a surprisingly high percentage of IT theft occurs in-house, IT directors and purchasers need to implement a formal physical security policy and take steps to secure their devices and the sensitive data they contain,” said Rob Humphrey, Director of Global Product Management, Security, Kensington. “Since studies confirm that well implemented security can significantly decrease laptop theft by as much as 85%, it’s important for IT personnel to consistently utilize physical locks for computing and mobile equipment to provide resistance to tampering and theft.

stream restoration 

The purpose of these job aids are to help communities applying for CRMA activities under Hazard Mitigation Assistance (HMA) grants comply with the technical feasibility and effectiveness, and environmental and historic preservation requirements of the application. The job aids provide a checklist of information required by FEMA to determine grant eligibility and to complete a thorough review of the application.  The available job aids include:

Aquifer Storage & Recovery

Floodplain & Stream Restoration

Flood Diversion & Storage

If you have any questions or comments on the CRMA Job Aids, please contact the HMA Grants Policy staff at This email address is being protected from spambots. You need JavaScript enabled to view it.

The Climate Resilient Mitigation Activities are available for HMPG funding resulting from a major disaster declared on or after September 30, 2015, and for competitive PDM and FMA funding for which the application period opened on or after September 30, 2015.

  • HMA Home Page: 
  • FEMA Regional Offices:
  • FEMA State Hazard Mitigation Officers:
  • HMA Helpline: 1-866-222-3580 or email: This email address is being protected from spambots. You need JavaScript enabled to view it. 
  • MT eGrants Helpdesk: 1-855-228-3362 or email: This email address is being protected from spambots. You need JavaScript enabled to view it. 

FIMA Releases Climate Resilient Mitigation Activities Job Aids

stream restoration 

The purpose of these job aids are to help communities applying for CRMA activities under Hazard Mitigation Assistance (HMA) grants comply with the technical feasibility and effectiveness, and environmental and historic preservation requirements of the application. The job aids provide a checklist of information required by FEMA to determine grant eligibility and to complete a thorough review of the application.  The available job aids include:

Aquifer Storage & Recovery

Floodplain & Stream Restoration

Flood Diversion & Storage

If you have any questions or comments on the CRMA Job Aids, please contact the HMA Grants Policy staff at This email address is being protected from spambots. You need JavaScript enabled to view it.

The Climate Resilient Mitigation Activities are available for HMPG funding resulting from a major disaster declared on or after September 30, 2015, and for competitive PDM and FMA funding for which the application period opened on or after September 30, 2015.

  • HMA Home Page: 
  • FEMA Regional Offices:
  • FEMA State Hazard Mitigation Officers:
  • HMA Helpline: 1-866-222-3580 or email: This email address is being protected from spambots. You need JavaScript enabled to view it. 
  • MT eGrants Helpdesk: 1-855-228-3362 or email: This email address is being protected from spambots. You need JavaScript enabled to view it. 

In part 1 of this series, I introduced the reasoning for developing a bridge from existing IT and risk frameworks to the next generation of risk management based on cognitive.  These concepts are no longer theoretical and, in fact, are evolving faster than most IT security and risk professionals appreciate. In part 2, I introduce the pillars of a cognitive risk framework for cybersecurity that make this program operational.  The pillars represent existing technology and concepts that are increasingly being adopted by technology firms, government agencies, computer scientists and industries as diverse as health care, biotechnology, financial services and many others.

The following is an abbreviated version of the cognitive risk framework for cybersecurity (CRFC) that will be published later this year.

A cognitive risk framework is fundamental to the integration of existing internal controls, risk management practice, cognitive security technology and the people who are responsible for executing on the program components that make up enterprise risk management. Cognitive risk fills the missing gap in today’s cybersecurity program that fails to fully incorporate how to address the “softest target,” the human mind.


This is part two in a series of posts on Machine Creation Services Storage Optimization (MCSIO).  For those not familiar with MCSIO, please read the first blog in the series, Introducing MCSIO Storage Optimization, to get an overview of the technology and architecture of MCSIO.

To help answer the question of how MCSIO can reduce shared storage IOPs, a series of tests were conducted on MCSIO configured with temporary memory and temporary disk caching. Although the blog focuses on this configuration, the results also give a useful insight for those looking at using other MCSIO configurations. Through a series of tests, we examine the impact of using this feature with RDS and VDI desktops and in turn demonstrate how it can help reduce shared storage IO.


Monday, 15 August 2016 00:00

Why We Should Score Data Breaches

Disclosure: Our family is one of the “tens of millions” of Americans that may be affected by the Anthem data breach announced last year.

The annual cybersecurity event known as Black Hat officially ended just over a week ago, but of course the security issues and headlines continue unabated.

Big vulnerabilities aren’t actual data breaches, of course, and they’ll keep cropping up, but they’re often expensive to fix–especially at scale. Chrysler was forced to recall 1.4 million Jeeps and hospitals have literally been forced to revert to pen and paper. Earlier this year Hollywood Presbyterian Medical Center in Los Angeles paid a $17,000 ransom to restore their network after a successful attack locked users out of their computers for several days. Other healthcare facilities have also been targeted with ransomware and hactivism.


Monday, 15 August 2016 00:00

Vendor Risks: Preventing Recalls with ERM

In 2016 alone, there have been dozens of recalls, by food companies, car manufacturers, and vitamin producers, among others. Not only do these recalls greatly impact a company’s bottom line, they can also affect the health and safety of consumers. With this in mind, what can organizations—both within the food industry and otherwise—do to improve their chances of uncovering suppliers operating in subpar conditions? How can they mitigate the risk of recalls?

Customers of CRF Frozen Foods, for example, a full-line, individually quick frozen processing plant that packages fruits and vegetables for a variety of customers, recently had big problems when it was linked to a widespread listeria outbreak. Contaminated foods affected big-name distributors like Trader Joe’s, Costco and Safeway, and some customers fell ill as a result.

Even though a series of sanitation concerns and other facility issues at CRF had been exposed by regulators as early as 2014, the factory was allowed to continue operating and its customers weren’t notified.


Monday, 15 August 2016 00:00

Why Redundancy Is A Good Good Thing

Transportation companies plagued by system failures ultimately suffer from cascading losses due to outages; including revenue loss, brand integrity and customer dissatisfaction.

Partnering with a colocation provider, however, can help deliver a business continuity plan that ensures redundancy to make services much more reliable and resilient.

The importance of redundancy is driving IT leaders to back up their data in colocation facilities or make a complete data center move to leverage expert third-party resources. They understand that a well-interconnected data center can be the first step toward eliminating downtime and disaster recovery risks.


In today’s regulatory climate, the Chief Compliance Officer faces increased personal liability for corporate wrongdoing. There are ways CCO’s can minimize personal risk on the job — but the process begins before accepting a CCO job offer in the first place.

Just as CCOs perform due diligence with third parties on behalf of their employers, they must perform their own due diligence on any potential employer during a job interview.

As a compliance-focused executive recruiter, I know the Yates Memo isn’t simply changing the way CCO’s do their jobs; it’s changing the way they look for jobs – so I asked compliance professionals around the world this month to share their best due diligence questions.


According to the results of a recent survey of 3,027 employees in the U.S., U.K., France and Germany (1,371 end users and 1,656 IT professionals), fully 62 percent of end users acknowledged that they have access to company data they probably shouldn't be able to see.

The study, conducted by the Ponemon Institute and sponsored by Varonis Systems, also found that 76 percent of IT pros said their organization had experienced the loss or theft of company data over the past two years, a significant increase from 67 percent who gave the same response in a 2014 study.

Eighty-eight percent of end users said their jobs require them to access and use proprietary information such as customer data, contact lists, employee records, confidential business documents, or other sensitive data. Just 29 percent of IT professionals said their organizations enforce a least-privilege model to ensure that insiders only have access to company data on a need-to-know basis.


Finding an effective way to store vast amounts of energy is one of the most important and toughest pieces of the renewable-energy puzzle. Until it’s solved, users that need power around the clock will have to rely on regular grid power to pick up the slack when sun isn’t shining or wind isn’t blowing.

It is this piece of the puzzle that Microsoft is going after with its latest investment in research of alternative energy sources for its data centers. The company has partnered with    two companies and a university on a pilot program to research and test a new battery technology to see if it could provide a viable way to provide effective energy storage for its enormous global data center fleet.


Friday, 12 August 2016 00:00

How does the Brexit affect your business?

The world is constantly changing and as Business Continuity professionals it is our job to adapt and grow with it. About a month ago, the United Kingdom decided to leave the European Union. This event was known as the “Brexit”. The Brexit has sparked massive change and political uproar, quickly becoming an event to consider when creating and updating plans. But what does the Brexit mean for your company?

The Brexit not only affects Europe, but the entire corporate world. Leaving the EU umbrella provokes change to the UK’s laws that may directly impact your business. Some examples include trading agreements, laws concerning the way EU business is conducted in the UK, labor laws and immigration laws. These impending changes could negatively impact your business and prevent it from running the way it has been.


Friday, 12 August 2016 00:00

The Rise of Business-Driven IoT

Here are some common assumptions about the Internet of Things. Everybody wants in on it and, in the negative column, security and privacy are a nightmare.

There are problems with those conclusions, according to Jerry Chase, CEO and Kevin Walsh, ‎Vice President Marketing at Bsquare. Sure, the IoT field is trendy, but that isn’t enough to entice most industrial companies to invest in it. “Our view is that nobody is buying IoT,” Chase says—or at least not the operations departments, P&L centers, and business unit managers at industrial firms that the company is targeting. He continues: “Instead they’re buying better business outcomes.”

Furthermore, while security and privacy are hurdles, most of Bsquare’s industrial clients view those items like a box to check off rather than huge concerns. “I don’t think too many of [our customers] are all that concerned about security. It’s an interest for IT teams, but they already use standard protocols,” Walsh says. “It is a pretty tightly controlled secure environment. I think a lot of the alarmism is in the consumer space.”


More than half (51 percent) of IT managers polled recently said that data security is better in public cloud infrastructures than in their own corporate data centers, according to a new report released today.

The SADA Systems, Inc. survey of more than 200 enterprise IT professionals also found that 43 percent of respondents use third-party consultants to manage public cloud infrastructure.


Friday, 12 August 2016 00:00

When Disaster-Response Apps Fail

When a terrorist struck Nice, France, on July 14, a new French government app designed to alert people failed. Three hours passed before SAIP, as the app is called, warned people in and around Nice to the danger on the city’s waterfront during Bastille Day festivities.

This aspect of the tragedy highlights an emerging element of disaster preparation and response: the potential for smartphone apps, social media sites and information technology more broadly to assist both emergency responders and the public at large in figuring out what is happening and what to do about it.

A group I am in, with researchers from varied disaster-response backgrounds (including military, urban, wilderness and hospital service), has surveyed what’s already available on the market and found smartphone apps that can help providers and the public alike. Some help medical professionals deal with ordinary day-to-day work, viewing guidelines and medication databases, performing calculations, remotely monitoring patients’ vital signs and displaying radiology images. Others can help responders deal with chemical, biological, radioactive, nuclear and explosive disasters, which is useful for members of FEMA teams like the one I’m on. Apps for the public help them prepare for disasters, notify them of imminent problems, reconnect them with family members, and even help keep track of pets during emergencies.


(TNS) - Richwood, W. Va., residents still digging out from a late June flood are finding more problems to deal with.

Mayor Bob Henry Baber said one of the newest problems are dirt, mud, sand and large rocks that are clogging the town's storm drains.

“The Jet Truck can’t break up what’s inside those drains,” Bob Henry Baber said. “The drain that’s on Oakford Avenue has a creek coming out. That caused two more houses to receive flooded basements.”

While that’s causing a headache, an even bigger problem is bubbling under the river.


(TNS) - Weather forecasters have predicted the Atlantic Ocean could be in for more hurricanes this season, but local emergency officials say it only takes one storm to cause devastation and to test the strength of a community’s preparedness.

Horry County, S.C., Emergency Management Director Randy Webster urged a crowd gathered for hurricane preparedness tips at the Base Recreation Center Wednesday night to leave before disaster strikes.

On July 1, The Weather Channel reported that a forecast from Colorado State University predicted a total of 15 named storms for the Atlantic this season with six hurricanes, two of them considered major as a Category 3 or higher.


Friday, 12 August 2016 00:00

Staying Ahead of Storm Surge

While strong winds and heavy rain are two of the dangers that first come to mind when thoughts turn to the imminent hurricane season, a byproduct of the two can lead to an equally if not more destructive weather phenomenon: storm surge. Let’s take a closer look at this significant hazard to life and property, along with highlighting a new interactive tool from the National Hurricane Center (NHC) aimed at predicting storm surge and fostering critical preparedness.

The 411 on Storm Surge

The National Oceanic and Atmospheric Administration (NOAA) defines storm surge as “an abnormal rise of water generated by a storm, over and above the predicted astronomical tide.” In some cases, storm surge can span hundreds and miles of coastline and reach heights of more than 20 feet!

Storm surge, along with the battering waves which accompany it, can result in catastrophic damage to buildings, roads, bridges, and the environment, as well as loss of life. In fact, storm surge directly causes approximately half of all deaths associated with large storms, according to the National Hurricane Center (NHC).


Whether you’re just starting your company or you’ve established yourself in an industry, a cybersecurity mistake can wipe out all your progress and growth.

“Businesses do not realize the level of sophistication that hackrs bring to the table,” said Matt Johnson, chief executive officer at Phalanx Secure Solutions. “When you are attempting to secure your business, you have to be right 100 percent of the time. The hacker only has to be right once. Companies who get hacked often wind up going out of business, being unable to shoulder the burden of cleaning up.”

And threats and breaches are becoming epidemic.


Governments have used maps for everything from local economic development to snow plow tracking — now they’re also using it to fight the spread of the Zika virus.

Rather, U.S. government entities have been using the concept of geographic information systems (GIS) to help manage disease outbreaks and public health crises for a long time. But the open data movement and improved GIS platforms have helped make those maps a lot more useful.

Today, the Department of Health and Human Services’ Office of the Assistant Secretary for Preparedness and Response (ASPR) is using GIS to both track the spread of Zika in the U.S. and predict where it might cause the most damage in the future. The virus, carried by a couple species of mosquito, has raised fears as it comes to the U.S. after medical professionals linked it to birth defects in other countries.


A recent Market and Markets research report says that the global cybersecurity market will reach $170 billion by 2020, spending $1 trillion during the five-year period from 2017 to 2021. According to the Wall Street Journal, venture capital funding in cybersecurity increased by 76% in 2015 to reach $3.34 billion. However, the cybersecurity market is far from being an El Dorado of the 21st century.

Meanwhile, cybercrime surpassed traditional crime in the U.K. in 2015, rising to 53% of all kinds of committed crimes. In comparison to 2015, ransomware attacks have increased by 500% in 2016, forcing hospitals and even U.S. police to pay ransoms in order to get their data back. From 2013 to 2015, the costs of cybercrime on businesses quadrupled, and may do so again from 2015 to 2019. Numbers coming from Juniper Research confirm the industry’s fears, projecting cybercrime costs to reach $2 trillion by 2019. In other words, companies are spending more on corporate cybersecurity, but still falling victim to cyber-attacks.

These days, I’ve even heard some cybersecurity companies say that it’s not a question of if you will be hacked, but when. Can you imagine your investment banker saying that it’s not a question of if the bank will lose your money, but when?


The big recent renewable energy push in the US by some of the largest data center providers can be attributed in no small part to rising interest in the market in colocation services powered by clean energy. While good publicity and the promise of energy cost savings sometime down the line are good enough reasons for a company like Google to commit tens of millions of dollars to renewable energy purchase contracts for its data centers, companies that provide various data center services to many users are working with a very different set of considerations. It just has to make business sense for them.

The good news is that renewable energy for data center services does make more business sense today than it ever has, and that’s for two reasons.

The first reason is that more and more of their customers have sustainability goals of their own, and customers that recognize data centers as a substantial part of their operation will look more favorably at a data center outsourcer that can offer them a renewable option.


While software may be “eating the world” as Marc Andreessen famously put it, what’s ultimately resulted is an application economy, an environment defined by disruption and innovation. In every industry, it is application innovators that are doing the eating, feasting on the market share previously held by market incumbents.

Emerging players and large tech firms are bringing disruption to every industry, leaving established organizations with a choice: Embark on a digital business transformation and become a market disruptor, or wait to become a victim of disruption. 

Service providers also face a similar choice. They can play a role in their customers’ digital business transformation, and position themselves for increasing market share and margins. Or they can stick with the status quo and start losing mindshare and market share to the vendors that do offer digital business transformation services.


The term “due diligence” is an overused expression in the compliance world. It has become a term to mean heightened concern or investigation. No one can really define what it means except to say it has different meanings in different contexts. Some would say it is a term of art in the legal and compliance world. It is misleading to add the term “investigation” to due diligence, suggesting that a due diligence investigation is something different than conducting due diligence alone.

When it comes to third party corruption risk, it is time to retire the term “due diligence.” Besides the definitional concerns, there is a substantive reason for a new approach.

In the anti-corruption space, third party due diligence often is used to describe the process for onboarding a new third party intermediary. In practice, however, we all know that onboarding a new third party is just the beginning of a more important process – third party risk management.


For the third consecutive year, Strategic BCP has been recognized as a Leader in the 2016 Gartner Magic Quadrant for Business Continuity Management Planning (BCMP) Software, Worldwide. Strategic BCP’s BCMP software evaluated for this Magic Quadrant was ResilienceONE—one of thirteen vendor offerings evaluated.

ResilienceONE: The most direct path to ROI

Experts at Strategic BCP have mapped, streamlined, and automated over 40 compliant BCMP job activities—including program management, data gathering, analysis and reporting, testing, and maintenance.

Customers report gains of over 94% in efficiency using ResilienceONE over current methods and other tools and are up and running in weeks with no implementation or configuration fees. Compare that to Gartner’s reported average of over six months to implement and 23% additional configuration costs for other vendors.


Thursday, 11 August 2016 00:00

Delta Limping Back to Normalcy

After two days of cancellations due to a system-wide outage, leaving thousands of customers stranded, Delta today announced it will return to normal operation by mid-to-late afternoon. It added a caveat, however, that “a chance of scattered thunderstorms expected in the eastern U.S. may have the potential to slow the recovery.”

Delta said that by late morning on Wednesday it had canceled 255 flights while 1,500 departed. About 800 flights were canceled on Tuesday and there were around 1,000 cancellations on Monday. It also extended its travel waiver and continued to provide hotel vouchers, of which more than 2,300 were issued Tuesday night in Atlanta alone.

“The technology systems that allow airport customer service agents to process check-ins, conduct boarding and dispatch aircraft are functioning normally with the bulk of delays and cancellations coming as a result of flight crews displaced or running up against their maximum allowed duty period following the outage,” Delta said.


Believe it or not, mold can occasionally be a good thing. After all, some species of mold are used in the production of antibiotics, foods, and beverages. Unfortunately, the kinds of mold that commonly flourish in homes and businesses are not helpful. These molds range from annoying irritants to dangerous health hazards. Difficult to eradicate and capable of causing real damage, these molds require careful remediation. The proper technique and equipment are vital, so it is a job best left to professionals like the experts at SERVPRO of Bryan, Effingham, McIntosh & East Liberty Counties.

What Is Mold?
Molds are microscopic fungi that spread through spores. Mold spores are everywhere, and they are quick to latch onto any organic material in humid environments. They do not need sunlight to survive, but moisture is vital. If the conditions are right, mold can grow quickly, forming large colonies. It can inhabit nearly any organic material, including food, paper or wood products. Mold might resemble moss in appearance, but it is not a form of plant life, and it does not use photosynthesis to feed itself. Instead, it releases enzymes that break down the organic material hosting it, damaging the material so that it can get the nutrients it needs by absorbing the degraded remains. Many homeowners discover mold when they smell its musty, earthy odor.


When I worked in the IT department at a large retail company, we would strive to get the requirements exact and ensure our designs were perfect – no issues or gaps. This often caused some frustration with our business partners. They wanted it done faster, and we wanted it done right the first time to prevent rework. This is when I first heard two things that changed my perception:

  • Perfect is the enemy of good
  • 80% is good enough

When I asked, are you sure, the response was, “Yes – we are going to want it changed in 3 – 6 months anyway because we will learn something new or need to adjust based on the market.” This response can be especially true for our recovery strategies.


The data center is fundamentally changing.

Yet today, as before, every company in the world is building their own data center. That makes about as much sense as every company building their own furniture or generating their own power. It’s inefficient, and it’s a big diversion of limited corporate resources.

It’s also no longer necessary, with the rise of the cloud. The cloud promises the ability to just “plug in” to data center computing. The principle advantage of the cloud is that it frees resources to focus on creating new applications, and it provides the agility needed for companies to innovate rapidly and respond to changing business conditions.



Emergencies don’t wait for you to be ready.

In 2015, the country of Georgia invited CDC to conduct a training on the principles of Crisis and Emergency Risk Communication (CERC). But before we could get there, the capital city of Tblisi was struck by a major flood.

The flash flood and ensuing mudslide killed 20 people and covered much of the city in water and mud. There were news reports about the massive damage, human casualties, and even escaped zoo animals.  Ready or not, responders had to jump in and communicate clearly about the emergency.

This is exactly the type of situation CERC training is intended to prepare for. When a crisis hits, people need understandable, trustworthy, and accurate information they can act on. And they need it fast.  CERC helps communicators ensure that the right messenger is delivering the right message at the right time.

CERC saves lives

When we arrived in Georgia, my co-worker Kellee Waters and I discovered that the news reports hadn’t captured the intensity of the flood the way firsthand accounts could. We heard sobering stories from our colleagues about the impact of the disaster: a stream that turned into a raging river; a landslide that caught everyone off guard.

In the aftermath of the flood, many of our Georgian colleagues found themselves needing to use CERC principles — with or without training. They had to quickly and clearly inform people about threats in different parts of the city and communicate what actions the government was taking to rescue people and animals.

Lessons from the flood

When we began our training, we found that participants’ experiences from the flood gave them valuable insight. Those who had been involved in communicating about the flood stressed the importance of consistent messaging. They recalled that messages about safety had been quickly reported and repeated in the news and on social media; making information readily available to reporters allowed important safety messages to be disseminated faster and wider and increased their credibility. The government had helped by being the first to report accurate, credible messages that offered action steps for citizens to stay safe – before, during and after the crisis.

Class participants also talked about identifying and connecting with groups of people who did not speak Georgian as their first language. This was crucial so all Georgians could return to a more familiar and normal life as quickly as possible after the flood.

While not everyone in our class had a role in communicating during the flood, they all recognized the value of effective communication in an emergency response. They also noted that good communication takes experience, knowledge, and expertise.

None of the participants would have wished this tragedy on their country, but they all had a strong resolve to use the experience to prepare for future events.

Shaking things up!

Participants with trainers after receiving their CERC certificates.

Participants with trainers after receiving their CERC certificates.

During class, participants learned about the different agencies where they worked and considered how each agency might play a role in future responses. They practiced developing messages and explored strategies for making sure those messages reached the right people.

As part of the training, we used an earthquake scenario to identify the types of information different audiences need in a response, and we looked at how those needs evolved over time.

For example, class participants recognized that a large earthquake would likely receive global news coverage, but that the first priority would be getting safety information to the affected people. They had to make decisions about how to get life-saving information to first responders and those affected while providing enough information for all audiences so that rumors and misinformation would not spread.

Armed with new knowledge, our colleagues in Georgia are now prepared to act more swiftly and effectively to make sure everyone receives the information they need, no matter when or where disaster might strike.

Posted on August 10, 2016 by Lisa Briseño, Health Communications Specialist, Emergency Risk Communication Branch

A new Ponemon Institute survey has found that 76% of IT practitioners in the U.S. and Europe say their organizations have suffered the loss or theft of important data over the past two years. This is a significant increase from the 67% reporting data loss or theft in the same survey two years ago.

Here are the other key findings of the survey of 3,027 employees and IT practitioners in the U.S. and Europe, conducted in April and May, 2016, and sponsored by Varonis Systems:


Thursday, 11 August 2016 00:00

The Tale of Two Incidents

In the early hours of Feb. 2, 2007, a squall line in central Florida spawned strong tornadoes in Lake County.

“It was a very localized tornado outbreak, but it was pretty hardcore as far as the damage that it did,” said Jason Matthews, a corporal with the Lake County Sheriff’s Office who is assigned to the 911 communications section.

The aftermath of the tornado would teach Lake County’s emergency responders valuable lessons about communications and training — lessons that would be put to good use in a different type of disaster six years later.


Blockchain is currently one of the hottest topics in financial services and capital markets. The technology has the potential to transform many business processes, making the data used in those processes more available, transparent, immediate and secure.  It could also strip out large amounts of cost, delay and error handling/rework.  Possible use cases include trade reporting; clearing, confirmation, validation and settlement; recordkeeping; monitoring and surveillance; risk management; audit; management and financial accounting; and regulatory compliance (including – but by no means limited to – financial crime prevention). The immutability, immediacy and transparency of information captured within a blockchain means that all necessary data can be recorded in shared ledgers and made available in near real time.  In such a world, stakeholders will no longer be simple recipients of post-hoc reports; instead they can be part of the real-time process.

Blockchain first emerged as the technology that powers the cryptocurrency bitcoin.  However, since its first appearance in 2009, blockchain’s potential uses have far exceed cryptocurrency applications.  By necessity, blockchain technology is complicated in its implementation, but the underlying idea is simple: it is a distributed ledger or database running simultaneously on many (possibly millions) of nodes that can be distributed geographically and across many organizations or individuals. What makes blockchain unique is its cryptographically assured immutability, or irreversibility.  For example, when transactions on the ledger are grouped into blocks and written to the database, they are accompanied by cryptographic verification, making it nearly impossible to alter fraudulently the state of the ledger. Another way to think about blockchain is as trust/consensus technology: the changes in the data are recorded into the blockchain when network participants agree that a transaction is legitimate in accordance with shared protocols and rules.

Interest in blockchain in financial services and capital markets continues to grow – and will accelerate as live solutions make their way to market.  Many organizations – including banks, exchanges and fintech firms – have announced initiatives in 2016, while the list of possible use cases being proposed in articles and forums is lengthening.


ATLANTA, Ga – Take steps now to prepare your family for disasters by downloading the FEMA smartphone app

Much of the region has been under heat advisories from the National Weather Service over the past few weeks. While it has cooled down in recent days, summer continues for several more weeks. The FEMA app lets you receive weather alerts from the National Weather Service for up to five locations across the nation, making it easy to follow severe weather that may be threatening your family and friends.

To help you stay safe during extreme heat, take the following actions when your area is under a heat advisory:   

  • Postpone outdoor games and activities and limit exposure to the sun.
  • Drink plenty of water and avoid caffeine; limit alcoholic beverage intake.
  • Dress in loose-fitting, lightweight and light-colored clothing.
  • Spend the warmest part of the day in temperature-controlled buildings such as libraries, schools, movie theaters, shopping malls, or community facilities.
  • Check on family, friends, and neighbors who do not have air conditioning and who spend much of their time alone.

Download and use the free FEMA app, which provides valuable safety tips to help you prepare for and recover from more than 20 natural and man-made hazards. The app also provides family communication plans, a customizable checklist of emergency supplies, and maps of open shelters and disaster recovery centers. The app is available on the Apple App Store and on Google Play.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Formerly better known as the headquarters of Qualcomm and the US Navy that respectively employ 10,000 and 20,000 people in the city, San Diego is becoming an innovator in the creation of Smart Cities and is fostering a growing cluster of companies engaged in cybersecurity.

Decision-makers in the city such as Dr Sandra Brown, Vice Chancellor for Research at San Diego’s University of California and David Graham, the city’s Deputy COO for Neighbouring Services are attempting to bring together all elements of local academia, talent and entrepreneurship to create a ‘world-leader’ in Smart Cities.

This has already produced programs such as the university-sponsored MetroLab, the city’s Smart Cities initiative. This city-university collaboration between Brown and Graham’s departments means the city uses the university as an R&D facility on challenges facing the city such as income inequality, infrastructure weakness, security, environmental sustainability and transportation.


Wednesday, 10 August 2016 00:00

Time to Exercise More Care in Cloud Storage

Storage remains the most popular cloud service in the enterprise these days, but it seems that low cost and flexible scalability are starting to give way to more practical concerns like reliability and ease-of-migration as the market evolves.

This is likely caused by two factors. First, the number and diversity of cloud providers are increasing, allowing the enterprise to pursue more tailored infrastructure for their application needs, Second, business models are starting to catch up to technology so that organizations require more than just cheap bulk storage for their data overflow.

According to Research and Markets, cloud storage is still on a healthy upward trajectory. The firm estimates the cloud storage sector will more than triple by 2022, rising from $18.87 billion in 2015 to more than $67 billion. Major drivers include an influx of new users and the growing need to support Big Data applications in an increasingly digitized economy. As well, market outliers include the rapid adoption of cloud storage gateways that allow organizations to more easily integrate publicly stored data with in-house resources over hybrid cloud architectures.


(TNS) - Suvella Garza sometimes found it difficult to breathe in her water-scarred living room, where the air was thick and dank.

Mold test kits were set out on her child's plastic table, the family's latest effort to assess the health risks of continuing to live in an apartment where Garza felt, for now, stuck.

"We can't find an apartment in our price range. We can't move into a house. Where else are we going to live?" Garza asked as her 4-year-old son slept in the next room.


Rachel Stephens at the market-research firm RedMonk has some good analysis and charts showing price differences among various cloud Infrastructure-as-a-Service providers, mapping out how pricing wars appear to be pushing service costs generally down even as providers flesh out their offerings.

Her findings also show that providers are starting to be wary of focusing on simply being the cheapest offering, with many vendors aligning closely around one price point and instead.

One interesting exception: Google, which far undercuts the pack in memory pricing as well as compute units.

There are a lot of caveats to Stephens’ data, as she notes: She compares list — not actual — prices, apples to apples comparisons between providers are impossible, and a number of non-pricing factors are completely ommitted.


Dedicated, full-time developers know that, as with all forms of software development, security should be a top priority when building mobile apps. Yet increasingly, mobile development within enterprises is being done by what Gartner calls "citizen developers": business-line employees who create apps using approved tools but outside the traditional IT process. Unfortunately, far too many of them have an insufficient understanding of what needs to be done to protect their users' data.

The seriousness of this issue cannot be overstated. For an individual, the financial consequences of identity theft due to a mobile data breach could be devastating. And when a business's data is leaked by a flawed app, the potential cost is incalculable.

Still, ignorance about mobile app security remains widespread. Even when a mobile app is revealed to contain a major security flaw, its users often simply don't understand the risk well enough to uninstall it. Even worse, they remain completely unaware of security flaws present in their apps.


Last year's Ponemon’s Varonis-sponsored security study had users and IT practitioners agreeing that managing confidential information was inadequate at their organizations. Since then, the number and depth of attacks have significantly increased.

Let’s look as the study results and see how badly we are screwed.

Study Sample  

The Ponemon survey involved 3,000 employees and IT practitioners and it was international in scope (U.S. and Europe). The interviews were conducted in April and May of 2016 with 1,371 end users and 1,656 IT and security professionals. Industries were diverse but a special focus was on financial services, public sector organizations, health care firms, life sciences companies, retail firms, and firms in the industrial, software, and tech segments.


As we approach the one year anniversary of the explosions at the Port of Tianjin, China, a new report finds that a port’s size and its catastrophe loss potential are not strongly correlated.

Based on the 1-in-500 year estimated catastrophe loss for earthquake, wind and storm surge perils, the surprising analysis by catastrophe modeler RMS, shows that it’s not just the biggest container hubs around the world that have a high risk of insurance loss.

For example, smaller ports such as the U.S. ports of Plaquemines, Louisiana, and Pascagoula, Mississippi, as well as Bremerhaven, Germany rank among the top 10 ports at highest risk of marine cargo loss.


Wednesday, 10 August 2016 00:00

Big Data, Cloud Demand Drive IT Job Growth

If you've got a career in IT, 2016 has most likely been a stable year for you. That's because the IT sector has been adding jobs all year long, even in a presidential election year full of uncertainty.

A new report from CompTIA that analyzes some of this job growth attributes the trend to growing tech areas such as big data and cloud computing.

What do the numbers say?

The IT sector added 47,100 jobs total during the first seven months of 2016 for a total of 4,392,800. But July saw just 4,000 new jobs added, as the pace of job growth slowed.


CHARLESTON, W. Va.— Registering with the Federal Emergency Management Agency (FEMA) is the first step in qualifying for disaster assistance. If you have homeowners’ or renters’ insurance, your next step is to contact your insurance agent to see if your damage is covered.

In the aftermath of the June 22-29 severe storms, flooding, landslides and mudslides, FEMA is advising survivors who experienced property damage to contact both FEMA and their insurance company. Wednesday, Aug. 24, is the last date to apply to FEMA.

If you live in Clay, Fayette, Greenbrier, Jackson, Kanawha, Lincoln, Monroe, Nicholas, Pocahontas, Roane, Summers or Webster county you may qualify for assistance from FEMA – even if you have insurance.

If you are a homeowner or renter; your home or personal property was damaged by the storms; you have insurance, and you have registered with FEMA for disaster assistance:

  • You must contact your insurance agent to file a claim with your insurance company.

  • You should be prepared to fully describe to your agent the damage caused by the storms.

  • You should keep a record of all contacts you have with the agent and the insurance company.

  • You should keep a record of the claim number and the date you called to make the claim.

  • FEMA will send you a letter requesting insurance claim documentation, such as a decision letter (settlement or denial) from your insurance company, in order to further process your application.

FEMA will not duplicate benefits that are covered by insurance, but you may be eligible for help with losses not covered or those in excess of your insurance coverage. However, you will not be considered for this assistance until FEMA receives a decision letter from your insurance company.

If you experience an excessive delay (30 days or more) in receiving an insurance settlement after filing a claim, you may be eligible for an advanced one-time “rental assistance award” payment. If you fail to file an insurance claim, you will not be considered for advanced rental assistance. Your request for advanced rental assistance must be in writing.

For more information about delayed or insufficient insurance settlements, click on the “What If I Have Insurance?” section at .

Homeowners and renters may be eligible for FEMA Other Needs Assistance (ONA) grants to help with uninsured or underinsured expenses and serious needs caused by the disaster, including:

  • Child care;

  • Moving and storage expenses;

  • Disaster-related funeral, dental and medical expenses, such as wheelchairs, canes and prescriptions;

  • Repair or replacement of personal property lost or damaged in the storm, including furniture and appliances; and

  • Primary vehicles, approved second vehicles and modified vehicles damaged by the disaster.

    FEMA encourages both insured and uninsured survivors who sustained disaster-related damage or losses to apply by phone (voice, 711 or relay service) at 800-621-3362 (TTY users should call 800-462-7585) or online at . The toll-free lines are available 7 a.m. to 10 p.m. seven days a week. Multilingual operators are available. Aug. 24 is the last day for survivors to file an application.

    Additional information on West Virginia’s disaster recovery can be found by visiting,,,, and the flood information pages at .

When Boone County, Mo., emergency dispatcher Chuck Mastalski answered the phone, it was clear the caller was in distress. Unable to breathe, the man could not confirm his location or describe the crisis.

Fortunately, an on-screen popup box told Mastalski who was calling, where he was located and his medical history. Based on that information, the dispatcher was able to send a response team to render aid — all without the caller saying a word.
That caller had registered in advance for Smart911, an emergency call enhancement service that allows citizens to voluntarily input a wealth of personal information, which becomes visible to emergency responders when a 911 call is placed. County officials say the system has been a win for them since it was first implemented in 2011, and now they are moving to incorporate a range of additional services from the company that produces Smart911, Rave Mobile Safety.
The Business Continuity Institute - Aug 10, 2016 10:36 BST

Cyber security remains a critical business challenge and a growing concern with a potentially devastating impact on company brands and bottom lines. Even though the ramifications of a cyber security incident can be damaging, both financially and reputationally, many cyber security executives indicate that information protection may not be the strategic corporate imperative that it should be. This is according to a newly released report by KPMG.

Despite the Consumer Loss Barometer finding that 81% of executives admitted their companies had been compromised by cyber attacks during the previous 24 months, less than half (49%) of those same executives said they had invested in information security in the past year. Banks appear to be most proactive when it comes to investments in information security, with 66% reporting investments made, followed by technology at 62%, retail at 45% and automotive at 32%.

Cyber attacks are affecting nearly every single company we encounter, but we’re not seeing those attacks drive enough proactive business action as evidenced by the rate of investment made in information security,” said Greg Bell, KPMG Cyber US Leader. “We’re still seeing companies taking a passive or reactive approach toward cyber security, when in fact cyber should be a top-line business issue thought about and practiced company-wide.

Such is the level of the threat, it is perhaps no surprise that cyber attacks and data breaches were identified as the top two concerns to business continuity professionals in the Business Continuity Institute's latest Horizon Scan Report. In a global survey, 85% and 80% of respondents respectively, expressed concern about the possibility of these threats materializing.

If you’ve met blockchain before, it may well have been in the context of the cyber currency Bitcoin. To understand how it might affect business continuity, it’s good to know the basics about how blockchain works. Essentially, it’s a distributed file system.

People using blockchain keep copies of the blockchain file. The file is made up of blocks. Each block contains a cryptographic signature of the preceding block, making the whole blockchain file incorruptible.

Today with Bitcoin and other financial transactions, the blockchain file is a shared ledger. It also has the potential to replace other error-prone, manual processes. So how might blockchain contribute to business continuity?

Businesses today depend on a number of critical elements in order to function properly and continually.


Tuesday, 09 August 2016 00:00

7 deadly threats to your tape accessibility

Is your tape storage practice similar to that of most people? You might be ‘following the rules’ and making sure you regularly copy the company data into tapes, which you then diligently store and forget about for the next few years.

However those tapes store important information which you might have to access at the most unexpected moment. Would you be able to quickly find any requested information at the drop of a pin?

Time and time again we see IT managers start in a cold sweat when asked to get a specific set of data in a very limited time – their business risking a massive fine if they are unable to comply with the strict deadline.


This past March Bloomberg offered a compelling look inside the world of election hacking in which campaigns and their supporters hack into their opponents and steal or destroy data, saturate the online space with fake messaging and otherwise attempt to skew the election in their favor. Given the subsequent unveiling of the successful hack of the DNC here in the United States and the previous hacks of both campaigns in 2008, the article appears all the more prescient.

Indeed, this past April the head of the US Cyber Command testified before Congress that there was growing concern that hackers of the future will not simply steal data, but will instead penetrate computing systems and subtly change critical data in-place in such a way that the victim can no longer trust any of its data and doesn’t know what’s real or what has been changed.

NBC today published a fascinating look at how cyberwarfare has expanded beyond the purely digital realm to mission critical physical systems like GPS. Tracking systems based on GPS and using cellular backhauls have become commonplace in tracking valuable cargo, corporate vehicles and in police surveillance. However, the NBC article notes that GPS jammers have now become so commonplace that they can be purchased for a few tens of dollars online and plugged into a vehicle cigarette lighter jack, with criminals now routinely deploying them on the off chance that their stolen cargo might be carrying a tracker. Even enterprising employees are beginning to deploy them in an attempt to avoid their corporate office being able to track their vehicle.


(Bloomberg) -- Data centers, used by governments and large corporations to house their computer systems, have one big environmental problem: They get hot.

To keep them from overheating, large data centers can pump hundreds of millions of gallons of water a year through the facilities, according to company reports. That high demand for water has some investors concerned, especially in places where natural water resources are becoming ever more precious, like tech-heavy California.

"We definitely want our portfolio companies to be cognizant of their water use and take the appropriate steps to minimize their water use and recycle water," said Brian Rice, portfolio manager at the California State Teachers' Retirement System, which manages about $189 billion in assets as of June 30. He cited water usage as a concern at data centers as well as at other portfolio companies, such as those in agriculture.


Tuesday, 09 August 2016 00:00

8 Cloud storage Problems: How to Avoid Them

Moving storage to the cloud offers some enticing benefits, but only if you can avoid the common cloud storage problems. Here are some of the biggest cloud storage problems you need to be aware of before moving your invaluable data to cloud storage.


Phone trees and mass emails used to be great methods for keeping your employees updated on a situation. People also used to think the world was flat. Times, however, have changed. Today, old school one-way messages simply won’t cut it. Your staff deserves modern technology to facilitate efficient communication in the workplace. Two-way mass communication systems are crucial to keeping your personnel in the know, and an employee notification system is a perfect fit for your communication plan.

Old processes or homegrown solutions of notifying employees about a critical event have been rendered inefficient and impractical by advances in technology in recent years. Phone trees fail if one person isn’t available and rely too heavily on individuals to relay critical information. Mass emails aren’t seen if your staff isn’t at their desk or even if they don’t have their email tab open. One way communications are like a loudspeaker – no questions can be asked in response to the notifications, and elaborations are difficult to make.


Disaster-recovery-as-a-service (DRaaS) is difficult to distinguish from disaster recovery/business continuity (DR/BC). It seems that it is more of a semantic change: The ideas behind both appear similar. They offer an organization a way to simplify life by farming out backup and redundancy functions to specialists with geographically dispersed facilities, a high level of on-staff expertise, and state-of-the-art equipment kept completely up to date. They shift the burden from capex to opex and offer services under a variety of business models.

DRaaS, whether or not it is the same or slightly different than DR/BC, is growing. MarketsandMarkets recently released a report that said that the global market for DRaaS will grow from $1.68 billion this year to $11.11 billion by 2021, representing a compound annual growth rate (CAGR) of 45.9 percent.

- Advertisement -

The market is being driven by faster recovery capabilities, increased cost effectiveness, flexibility and simplicity of testing. Small- and medium-sized businesses (SMBs) are expected to be the main driver during the forecast period; North America is the biggest market and Asia-Pacific (APAC) the fastest growing.


Tuesday, 09 August 2016 00:00

Explosive DRaaS Growth a Boon to MSPs

By 2020, the Disaster Recovery as a Service (DRaaS) market will be about eight and a half times larger than today, according to research firm MarketsandMarkets. Currently at $1.42 billion, the market will reach $11.92 billion in the next four years, a compounded annual growth rate (CAGR) of roughly 53 percent.

MarketsandMarkets defines DRaaS as “DR planning and testing, real-time replication, backup solution, data security and compliance, consulting and system integration, support and maintenance, and managed services.” DRaaS, the research firm says, is a cloud-based approach that “can reduce the costs involved in buying, installing, upgrading, and maintaining the tools and services. Cloud-based DR services provide an elastic, scalable, easy entry, and lower per-person access costs.”

Disaster recovery is one of the primary goals of data backup. Yet, too little thought goes into the recovery planning piece. More than 75 percent of small-business owners don’t have a disaster recovery plan, according to a study by Nationwide Insurance, even though 52 percent of the owners surveyed said it would take them at least three months to recover from a disaster.


Tuesday, 09 August 2016 00:00

Upgrading Oklahoma's 911 Systems

(TNS) - In an era of ever-changing technology, officials with one system that helps save lives are trying to catch up with what many cellphone users consider old technology.

AT&T Inc. recently had power issues at its Oklahoma call routing center, disrupting the service that provides to 911 centers the location of the 911 caller. 

“The technology that is out there is something that 911 does not keep up with,” said Steve Bratcher,
E911 coordinator for Garvin County, who says 911 systems are outdated and favors newer technology.


(TNS) - The glass panels at Las Vegas City Hall rattle with thundering booms as a heavily armed couple donned with tactical gear enter the building shooting.

It’s an active-shooter training session and the attackers are using blank cartridges. But it sounded like the real thing.

Here’s how the scenario played out:

A screaming group of people, with their hands in the air, is escorted by officers to safety. The man and woman shoot and kill several in the lobby and overpower security to gain access to the upper floors where they continue exchanging gunfire with officers.


CHARLESTON, W. Va.— If you are facing the loss of your home, business or a cherished possession as a result of the severe storms, flooding, landslides and mudslides that hit on June 22-29, you may find that you are struggling to cope with the emotional impact of the disaster.

Everyone who lives through a natural disaster is affected by it in some way. The experts tell us that West Virginians who lived through the storms know well the profound sadness, grief and anger it is normal to feel anxious about your own safety and that of your family and close friends. The emotional toll taken by a disaster can sometimes be even more devastating than the financial strains resulting from the damage or loss of a home, business or personal property that follows a disaster. These are normal reactions to an abnormal event.

Children and older adults are of special concern in the aftermath of disasters. Even individuals who experience a disaster “second hand” through exposure to extensive media coverage can be affected.

The important thing, the doctors say, is how you react to your feelings; what you do to relieve your stress. Everyone has different needs and different ways of coping. Here are some tips from professional crisis counselors for West Virginia survivors coping with emotional stress in the wake of the storms and flooding:

  • Acknowledging your feelings helps you recover.

  • Focusing on your strengths and abilities helps you heal.

  • Accepting help from community programs and resources is healthy.

  • Contact local faith-based organizations, voluntary agencies, or professional counselors for counseling.

  • The Substance Abuse and Mental Health Services Administration (SAMHSA)  Disaster Distress Helpline is a national hotline dedicated to providing year-round immediate crisis counseling for people experiencing emotional distress related to any natural disaster.

Children can be especially vulnerable to stress following a disaster, such as June’s severe storms and flooding in West Virginia. Preschoolers, children and teenagers may have witnessed their home being damaged or destroyed, experienced an evacuation, suffered an injury, lost a pet or even just had their normal routines interrupted. These children are susceptible to bouts of anxiety, fear and behavioral problems.

Younger children may suffer sleep problems or bedwetting. Older children may display anger, aggression or withdrawal. Some children who have had only indirect contact with the disaster, but witness it on television, may develop distress.

As parents and adults, you can make disasters less traumatic for children by taking steps to manage your own feelings and plans for coping. Parents are almost always the best source of support for children in disasters.

What's the best way to respond to your child during or after a disaster? Click here for some pointers, including a guide to common child reactions to disaster by age.

Your older parents and other older loved ones may be just as vulnerable, if not more so, to post-disaster stress, as your children.

For more information on how caretakers can help older loved ones cope with disaster – and how caretakers should take care of themselves – visit .

If you or someone you know is struggling with post-disaster stress, you are not alone. Help is as near as your phone. Call the Help for West Virginia Helpline at 844-435-7498. Also, you can contact the Disaster Distress Helpline at 800-985-5990 or text “TalkWithUs” to 66746.

Additional information on West Virginia’s disaster recovery can be found by visiting,,,, and the flood information pages at .

LAS VEGAS—At this week’s Black Hat conference, some information security professionals turned to a key issue to control enterprise-wide cyberrisk: hacking humans. As phishing continues to be one of the top threats for businesses, hackers and security professionals here continue to try and make sense of why this threat vector is so successful and how to better defend against these attacks.

In a session called “Blunting the Phisher’s Spear: A risk-based approach for defining user training and awarding administrative privileges,” Professor Arun Vishwanath presented some of his research on the “people problem” of cybersecurity, proposing a new model for quantifying the cyberrisk posed by individuals within the enterprise and tailoring training to best mitigate the risk they pose. While many corporate training programs stage fake phishing emails and then lecture those who fail, he said, this model continues to be ineffective, as proven by the increase in these attacks and their efficacy across all industries. People are not the problem, Vishwanath asserted, rather it is in our understanding of people.


There's no greater battle among office workers than that over the temperature in the building, leading some workers to wear their coats in the middle of summer while others equip their desks with mini fans in January. This war is why so many office thermostats sport clear plastic covers secured with locks.

The temperature of office buildings and other commercial real estate is one of the many data points collected and managed by real estate giant JLL, a Fortune 500 company. JLL may not be a familiar name to those outside commercial real estate circles, but the company is big and influential. If you work in an office building, you may be a client.


Tuesday, 09 August 2016 00:00

Risks As Distractions

Writing this column in the summer is a dicey proposition.  Distractions abound, especially in an election year. There are so many risks to think about outside the world of banking that it comes almost as a relief to read Nathaniel Popper’s latest New York Times magazine column, “Has Wall Street Been Tamed?,” suggesting that the banking industry is healthier than we thought, that the capital requirements provision for large banks, along with the Volcker Rule, have forced banks to (in some cases) downsize and to better regulate themselves.  His column must come as a relief to Wall Street CEOs paying any attention at all to provisions in both major political party platforms that call for the re-implementation of something like Glass-Steagall.


We often talk about data in terms of what it can create, how it can increase sales, decrease waste, and help to engage with your audience more effectively. However, the use of data within the business can be as, if not more, important than any outwards facing use.

Corporate sustainability is constantly being questioned and those who fail to operate in a sustainable and moral way are being publicly shamed more and more frequently. Sir Phillip Green in the UK may have his knighthood removed because of his lack of sustainable business practices when he ran and then sold BHS, we have previously seen Fred Goodwin, who oversaw RBS when the bank nearly collapse, lose his knighthood over his business sustainability failings.

In fact, the sustainable running of companies has been at the centre of some major decisions in the past few months, with Stephen Hawking even claiming that the wealth inequality between company leaders in the UK was a reason for the Brexit vote. Theresa May, the new Prime Minister in her first speech also said 'We need to reform the economy to allow more people to share in the country’s prosperity.' The very core of both of these statements comes from a lack of business sustainability, something in which data has a huge part to play.


(Bloomberg) — Data centers, used by governments and large corporations to house their computer systems, have one big environmental problem: They get hot.

To keep them from overheating, large data centers can pump hundreds of millions of gallons of water a year through the facilities, according to company reports. That high demand for water has some investors concerned, especially in places where natural water resources are becoming ever more precious, like tech-heavy California.

“We definitely want our portfolio companies to be cognizant of their water use and take the appropriate steps to minimize their water use and recycle water,” said Brian Rice, portfolio manager at the California State Teachers’ Retirement System, which manages about $189 billion in assets as of June 30. He cited water usage as a concern at data centers as well as at other portfolio companies, such as those in agriculture.


Security, like most aspects of IT infrastructure, has historically been a siloed function. Focused on protecting data, applications, network connections, and with the advent of BYOD (bring your own device) policies, network endpoints, it is a practice that, for most companies, evolved in a reactive fashion – new technology acquired and implemented based on a specific need.

It is not uncommon for a medium-to-large company to have 50 or more different security technologies in place. While fiscally inefficient, this approach has been somewhat effective up to this point in dealing with the types of attacks launched against it.

The threat landscape is currently changing more rapidly than ever, forcing businesses to shift to a more forward-thinking security model. The need to effectively address attackers who constantly evolve focus, attack approaches, and targets has never been greater. The need calls for a proactive approach and an overarching security plan.


By any measure, data center REIT CyrusOne (CONE) just knocked the ball out of the park last quarter, and this leasing momentum continued into the third quarter.

According to Gary Wojtaszek, CyrusOne president and CEO.  “This was the strongest leasing quarter in the Company’s history, and we believe it is also a record for the industry,” He added, “These results reflect continued strong operational and financial performance, and our ability to deliver data centers at the fastest time to market has enabled our hyper-scale customers to keep pace with their increasing capacity requirements.”

Since speed to market was a major factor in winning these large-scale cloud deployments, hitting an inside-the-park home run — where a swift runner beats the throw to home plate — is a better analogy.

It is a real “head-scratcher” how a 34 percent earnings growth rate can disappoint investors.


If a natural disaster struck your business today, could it recover? For many business owners, the honest answer is no; some 30 percent of companies that are closed by a disaster never open their doors for business again. If you want to increase the odds that your business recovers after a catastrophe, you need to prepare for the unexpected.

Identify the Risks
What disasters are likely to strike your business? The answer to that depends partially on your location. Businesses in California probably do not need to worry much about a nor’easter, but they should know what to do in the event of an earthquake. For companies located in Maryland, the reverse is true. There are also some calamities that are universal. Fire and flooding can strike any business at any time. Consider the possibilities and identify what risks your business is likely to face. If you are unsure, contact your area’s emergency management office for guidance.


Monday, 08 August 2016 00:00

Leaning Toward a More Modular Data Center

As we enter the era of Big Data and the Internet of Things, the enterprise needs two things from its data infrastructure: rapid scale and minimal complexity. Modular infrastructure satisfies both these demands, which is why it is gaining ground in both the enterprise data center and in cloud and colocation facilities.

According to Research and Markets, the modular data center industry is growing by nearly 30 percent per year, with an expected increase from $10.34 billion in 2016 to more than $38 billion by 2021. Key drivers include the need to expand performance and capacity while maintaining, or even decreasing, energy consumption, as well as reducing the complexity of overall infrastructure to allow for improved provisioning, integration and management. As expected, the Asia-Pacific region is the fastest-growing market for modular systems given its high data demands and relatively low installed base of traditional, silo-based infrastructure.


Being adequately prepared for an emergency requires a strong crisis communications plan. As an organization, if a critical event arises, you must be able to respond immediately with confidence, and having a plan is the only way to do so without creating additional chaos.

Emergency events can range from terrorist attacks and shooter-on-site threats to fires, snow storms, and severe weather or IT power outages and network cyberattacks. Your emergency communications plan should describe how your organization will respond to a critical event and it should be detailed and clear, yet broad enough to apply to array of potential incidents or threats. A well-thought-out, simple step-by-step emergency communications plan—with room for flexibility—is a key asset in incident response and business resiliency management.


There was a time when businesses defended against cyberattackers by piling up the equivalent of digital sandbags. The idea was to trust whatever was inside the perimeter and distrust whatever was outside the perimeter.

But this approach to cybersecurity doesn't work in a world in which data, applications and employees don’t always reside inside a company’s four walls. It's a message managed service providers need to convey to IT: Late-20th century cyber defense strategies won't work to protect 21st century cloud deployments.


The Business Continuity Institute (BCI) and Regus are running the 1st BCI Workplace Recovery Survey and would greatly welcome your input. Workplace Recovery, also referred to as Work Area Recovery or Workgroup Recovery, is defined as providing an alternate location for employees when an event prevents them from accessing their primary work facilities. Your support will be vital in building a project that has the potential to become a well-regarded industry resource.

We will be providing a complimentary copy of the survey results in exchange for your time should you give your contact details. You will also be entered in a prize draw for Amazon vouchers worth £100.

Any references to identifying information (i.e. names, organizations, etc.) will be anonymous. If you have any questions, please get in touch with Gianluca Riglietti at This email address is being protected from spambots. You need JavaScript enabled to view it..

Thank you for your time and contribution.

Friday, 05 August 2016 00:00

What is physical media damage?

Ever had a drive that fell from your desk? Or had it experience a fire (and ensuing water from the sprinklers)? These and many other types of damages that a drive can experience are known as physical damages and, believe it or not, your data may survive it.

In this post, we’ll get to know the technical terms as well as the different stages of data loss and whether data is still (hopefully) recoverable after a ‘near-death’ experience.


I didn’t get to attend security conference Black Hat this year, but based on the highlights I’ve been seeing, ransomware is a major topic. I’m not surprised (and I’m sure my readers aren’t, either). As ComputerWeekly pointed out, ransomware is the security concern of the summer. I’d say it is the security issue of 2016. It seems like every security discussion begins or ends with ransomware. So I’ve rounded up some of the findings about ransomware that were disclosed this past week.

According to PhishMe’s Q2 malware report, ransomware made up half of all malware and, in fact, ransomware has developed into a real business for cybercriminals. There has been a significant rise in encryption malware and in evasion techniques, according to the study. As PhishMe CEO and co-founder Rohyt Belani was quoted by eSecurity Planet:

Barely a year ago, ransomware was a concerning trend on the rise. Now, ransomware is a fully established business model and a reliable profit engine for cybercriminals, as threat actors involved treat it as a legitimate industry by selling information, tools and resources to peers based all around the world.


According to the results of a recent survey of IT professionals, 43 percent of organizations estimate half or more of their IT infrastructure will be in the cloud in the next three to five years. The race to the cloud is picking up steam, but all too often companies begin implementing hybrid IT environments without first considering which workloads make the most sense for which environments.

The bottom line is your business’s decision to migrate workloads and/or applications to the cloud should not be arbitrary. So how do you decide what goes where?

The best time to consider migrating to the cloud is when it’s time to re-platform an application. You should not need to over-engineer any application or workload to fit the cloud. If it’s not broken, why move it? For the purposes of this piece, let’s assume your organization is in the process of re-platforming a number of applications and you are now deciding whether to take advantage of the cloud for these applications. There are a few primary considerations you should think through to determine if moving to the cloud or remaining on-premises is best.


According to the results of a recent survey [PDF] of 775 IT decision makers worldwide, 82 percent of respondents admitted to a shortage of cyber security skills, and 71 percent said that shortage is responsible for direct and measurable damage.

The study, commissioned by Intel in partnership with the Center for Strategic and International Studies (CSIS) and conducted by Vanson Bourne, also found that one in three respondents said a shortage of skills makes their organizations more desirable hacking targets.

One in four respondents said a lack of sufficient cyber security staff strength has damaged their organization's reputation and led directly to the loss of proprietary data through cyber attacks.


Friday, 05 August 2016 00:00

Ping Identity Acquires UnboundID

Yesterday, Ping Identity announced it has acquired Austin, Texas-based UnboundID. Although the financial terms were not disclosed, Forrester estimates the purchase price in the $50M-$75M range, based on typical M&A SaaS revenue multiples of 6X to 8X and Forrester’s estimation of UnboundID’s annual revenue.

This acquisition is not particularly surprising, as UnboundID and Ping have had a healthy reseller relationship since April 2015, so the purchase merely consummates the existing relationship. It also demonstrates how reselling relationships can help software vendors validate how they complement each other and set the stage for a complete acquisition.

For me, there are three key takeaways from the Ping Identity/UnboundID merger:


The Business Continuity Institute - Aug 05, 2016 14:21 BST

“You can always amend a big plan, but you can never expand a little one. I don’t believe in little plans. I believe in plans big enough to meet a situation which we can’t possibly foresee now.”

Harry S. Truman

The crisis management plan is just one aspect in ensuring your team are ready to respond to an incident or crisis. Taking the time to carefully consider the what, when, why and how enables the necessary steps to be taken to ensure everybody knows exactly what to do should the worst happen.

The following six points act as a great starting point in developing your thinking and an organization's crisis management plan.

1. What would constitute a crisis for your organization?

There are many definitions, but you need to consider what specifically would constitute a crisis for your organization and ensure your team fully understands what is expected of them.

2. Define the triggers for activation of your crisis management plan

What are the trigger levels, who is responsible, what structures come into play and how do you expect your team to respond to likely crisis scenarios? Taking the time to really consider these points helps to define the next stage.

3. Develop detailed action plans – ensure your people know how to respond

You now need to get into the specifics and consider the actions that would need to be taken to effectively respond and manage the incident or crisis. It is really important that these points are:

  • Specific and very clearly defined.
  • Assigned to a particular team or individual taking into account resilience
  • Realistic – incident management moves at pace but there must be realism within the plan
  • Time related – clearly define when the result needs to be achieved.
  • Assured – regularly review to ensure actions have been completed and the approach remains aligned to business need. Things quickly change.

4. Stakeholder engagement – ensure you maintain easily accessible lists of stakeholders and define requirements

There is nothing worse than trying to find contact details for stakeholders during an incident or crisis. Hopefully you have an existing system and back up to access these. If not this is a really important piece of work to progress.

It is also helpful to have considered how you would communicate messages, what you would communicate and the frequency. Remember – the usual method might not be available, have you considered a back-up?

5. Communications strategy – how are you as an organization going to respond

Carefully consider the likely scenarios that may impact your business and develop a communications strategy and your key messages for each of those scenarios now. Ensure that your top team has signed these off and regularly revisit to ensure the approaches remain current. Early assessment to define the best response is vital and having this activity pre prepared will ensure you can quickly and effectively manage your approach.

6. Resources – your response will take time and effort, ensure your team has all that it needs

Any crisis takes time to manage and it is the basic things that are often overlooked. Ensure you have the required resources necessary to sustain activity over an extended period. Nobody wants to be chasing around for the basics when you have far more important things to do.

These six points form the foundation of any crisis management plan, there are many more things to consider, but by carefully considering each stage you can take big steps forward in ensuring your organization improves its resilience in the event of an unforeseen event.

Chris Regan is the Director of Blue Rock Risk Limited a specialist crisis and risk management consultancy. Chris has developed an international reputation working with both private and public sector clients to help them plan, prepare and respond effectively to a wide range of crisis and risk issues. Chris can be contacted at This email address is being protected from spambots. You need JavaScript enabled to view it.

The Business Continuity Institute - Aug 04, 2016 14:39 BST

Civil unrest is significantly more disruptive to business in France than in any other western economy, reveals a new global index released by Verisk Maplecroft, which rates the country ‘high risk’ alongside emerging markets such as Brazil and South Africa. With a deep-rooted culture of political protest and strikes, the country is ranked 16th most at risk globally in the Civil Unrest Index.

According to Maplecroft, it is striking that Brazil, France, India, Mexico and South Africa, which have all witnessed substantial disorder in the last year, lack adequate structures to avoid grievances escalating into wholesale protests. While France has an active civil society and trade unions, these tend to encourage demonstrations. In contrast, Germany (ranked equal 140th with the UK and ‘low risk’) has a more consensual political culture that supports close cooperation between trade unions, industry and government, so protest is less likely to be an option of first resort in labour disputes.

Social and civil unrest may not have featured as a major threat in the Business Continuity Institute's latest Horizon Scan Report, but it was still noted as a concern for over a third of business continuity professionals.

As companies assess the viability of relocating European headquarters from the UK following the Brexit referendum, the findings provide a useful insight into some of the structural problems facing business in France. The country features among emerging markets such as India (4th), Mexico (7th), Nigeria (10th), South Africa (13th), Argentina (15th) and Brazil (21st). The only other Western European country to feature in the worst performers was Greece ranked 25th, while Italy (77th) is the next highest.

As we’ve seen in South Africa and Nigeria, poor economic performance is also a critical bellwether for the likelihood of civil unrest,” says Principal Political Risk Analyst Charlotte Ingham. “In addition, widespread political and ethnic discrimination or corruption can inflame popular discontent and trigger significant events.

Risk Acceptance must be a conscious decision, not a default action due to lack of information or desire to act

Risk Assessments and Risk Mitigation remain important topics in many association groups and business discussions. We are often asked to assist with formal risk assessments, as well as with individual components of an overall risk assessment. Over the last several months we have discussed different risk topics on our blog (Real Risks to an Organization, Maximize Compliance & Minimize Risk). These topics discuss how to prepare for or mitigate risks. One of the most used risk mitigation strategies is “do nothing – accept the risk.” Even if it is not thought of as one, it is a mitigation strategy and is often the most appropriate.


Strong corporate governance is the foundation on which all large companies can establish clear accountabilities, drive smart objectives and implement effective processes throughout their organization. Without strong corporate governance at all levels, companies can quickly find themselves in a state of flux, unable to do what they need to do in order to achieve the objectives they have set for themselves. Indeed, a lack of corporate governance can even make the objective-setting process inefficient.

As technology becomes a larger part of overall business processes, many companies are exploring how they can use available tools to enhance their corporate governance. Board portals are one such tool that can help by making boards more effective and board members more accountable, while assisting businesses in everything from setting objectives to measuring results.

Here’s a look at five ways board portals can do this:


Trust is an essential underpinning of life in the digital age. We trust our friends on Facebook not to share our private family photos. We trust our email clients and antivirus software to keep viruses and spam at bay. But for many people, the risks of using the internet are scary enough to curb their online activities.

Earlier this year, the U.S. Department of Commerce’s National Telecommunications & Information Administration (NTIA) looked at the results of a survey by the U.S. Census Bureau in 2015. Out of 41,000 U.S. households, 19% reported security breaches, identity theft, or other malicious activity in the previous 12 months. Among households with mobile data plans, 22% had experienced an online security breach. The most pressing concern, cited by 63% of online households, was identity theft, followed by credit card or banking fraud, and various forms of data collection.

What’s of greater concern is the chilling effect this has had on online activities. Nearly half of online households said that their worries had stopped them from engaging in financial transactions, buying goods or services, posting on social networks, or commenting on political issues online; 30% refrained from at least two of these activities. It’s not surprising that if users were concerned about a particular risk, they would avoid a related activity. Thus, 35% of households worried about identity theft had decided not to conduct financial transactions in the 12 months prior to the survey.


The Government of Canada has released a cloud adoption plan this week which restricts cloud storage of much of its data to Canadian data centers. The plan calls for “secret” and “top secret” data to be stored internally, while “classified” information, including personally identifiable information, will be stored in the cloud but within Canada.

Under the plan, unclassified information can be stored anywhere, so long as it is encrypted when it crosses a border.

The country’s Treasury Board, which has been tasked with modernizing the government’s IT practices, released the Cloud Adoption Strategy for public comment, along with Security Control Profile for Cloud and Right Cloud Selection documents, which together outline a plan based on three levels of data security.


New York – Acquirers are increasingly aware of the need for vigorous cybersecurity due diligence in M&A, yet often lack the proper personnel to conduct thorough analyses, according to a new study by West Monroe Partners and Mergermarket, Testing the Defenses: Cybersecurity due diligence in M&A. As the importance of big data and IT rises across sectors, cybersecurity has become a vital area to assess at deal targets.

West Monroe Partners, a North American business and technology consulting firm, commissioned Mergermarket to interview North America-based senior M&A practitioners to provide insight on the complexities and challenges of cybersecurity due diligence in the acquisition process.

Seventy-seven percent of respondents said the importance of cybersecurity issues at M&A targets had increased significantly over the last two years, due to the increase in corporate data breaches and the liabilities that can be incurred as a result. Vulnerable security systems can also indicate poor risk management at a company.


Wednesday, 03 August 2016 00:00

Still No Easy Road to the Data Lake

The enterprise is under the gun to convert existing infrastructure to more nimble, automated footprints that better support Big Data and the Internet of Things (IoT). This invariably leads to the creation of the so-called “data lake” that acts as both a warehouse and an advanced analytics engine to turn raw data into valuable, actionable knowledge.

The problem is, development of key technologies that go into the data lake is still at a very early stage, so organizations that want to be on the cutting edge of this trend have little or no guidance when working through the inevitable complications that arise in such an ambitious project.

According to Constellation Research principal analyst Doug Henschen, technical challenges will remain for some time, but there are ways to ensure that your data lake does not turn into a data swamp. One of the key pitfalls is thinking that the data lake is a single, monolithic entity rather than a collection of integrated components. The best designs focus on blending raw data sets to find correlations, model behaviors and present predictable outcomes, but this requires careful coordination between data ingestion, refinement, experimentation, governance and other functions. To date, platforms like Apache Hadoop incorporate all of these processes, but it will be a while before a truly integrated architecture hits the enterprise mainstream.


Wednesday, 03 August 2016 00:00

Monsoon Season Is Finally Here

(TNS) — The lightning came down in a white flash, hitting Don Jinzo’s daughter on May 15 last year in Carrizozo as she was riding on the back of her boyfriend’s Harley-Davidson motorcycle.

Kalina Jinzo, 40, died seven days later. She was the first of two people killed by lightning in New Mexico last year. Her boyfriend was not injured.

“I think about it every day,” said Don Jinzo, 62, of Los Lunas. “It’s been a year already, and we all miss her a lot.”

Weather forecasters say the monsoon season is finally here, bringing predictions of torrential rains, flash floods and thunderstorms all week. Over the weekend, the Santa Fe National Forest reported nearly 1,000 lightning strikes.


As IoT investment grows, with billions of dollars flowing into new enterprises, IT departments, as well as other parts of the business, are expressing concerns over the security risks the technology poses

As IT departments begin to adopt internet of things (IoT) technologies to modernize businesses, investment is picking up, specifically benefitting the developers of innovative sensors, according to a report from Lux Research.

That segment cornered nearly 80% of the investment due to demand from IoT technologies, with North America dominating. Specifically, more than 340 companies in the Americas attracted nearly 80%, or $3.4 billion, of the total investment in sensor technologies since 2006, according to the report.

Samsung is investing $13 billion, while Sony is raising $4 billion to ramp up sensor production. In addition, Panasonic has invested $780 million for image sensors, while IBM is investing $3 billion in sensor data, and Ford has opened a research and development center on sensors for transportation --- a further indication that IoT adoption is spreading across multiple verticals, and to companies outside of traditional technology firms.


Barcoded medical samples in transparent tubes

As Zika virus spreads across the globe, scientists in the United States are finding ways to fight it. Currently, there are no vaccines to prevent Zika or medicines for treatment. To create better tests – including rapid tests – and develop vaccines, scientists need to conduct research with the virus in their labs.

CDC manages the permit process for researchers to bring samples of Zika virus safely from other countries into the U.S. for studies, paving the way for lifesaving discoveries.

“Samples come from all over the world,” says LCDR Meredith Pyle, a CDC microbiologist. “While so far, most samples have come from Brazil and Colombia, we have received samples from countries ranging from India to South Korea to Switzerland to Zambia.”

Sending a virus sample from one place to another has to be done safely and securely. Samples of Zika virus can be brought into the U.S. in a variety of forms, including in a tube of blood (plasma or serum), a spot of dried blood, an isolate of the virus itself that has been separated from the blood, or even a live mosquito.

How researchers get a permit

Most permit requests come from laboratories at academic and private institutions. Permits are requested through the Import Permit Program (IPP), which is managed by CDC’s Division of Select Agents and Toxins (DSAT). The program makes sure infectious germs, like Zika virus, as well as other materials that could cause disease in people will be handled appropriately after they arrive in the U.S.

“IPP helps to ensure biological agents imported into the US that could cause disease in people are tracked,” said Dr. Dan Sosin, acting director of DSAT. “We also take steps to ensure that the facilities receiving these permits have appropriate biosafety measures in place to work with the materials.”

When a researcher or institution submits an application to get an import permit for Zika virus, CDC reviews the application to make sure the facility has the appropriate biosafety measures in place to prevent the virus from accidentally being released. The program goal is to approve all Zika virus import permit applications within 24 hours for known, appropriate facilities. DSAT may also conduct an in-person inspection before issuing a permit.

Since last year, the number of permits issued for Zika virus has increased by more than eightfold. As of August 1, 2016, the program had expedited the approval of 137 Zika virus import permits this year alone.

Get more information on the Import Permit Program.

Posted on August 2, 2016 by Blog Administrator

Tags , , ,

How planning helps you make the right call when the worst happens

A large and well known movie house chain recently found itself facing reputation headwinds, despite having won a long running court case – which, one would think, should have been good publicity. Right?The legal victory was the denial of a series of lawsuits filed by the families and victims of a mass shooting that had taken place at one of the chain’s locations. The lawsuits alleged the movie house should have had better security in place to prevent such shootings.

All the suits failed, including one where the jury deemed that the lack of guards and alarms paid no significant role in the shooting.

So far, so good. It was what happened next that brought the barrage of criticism and bad publicity.


This weekend, a historic flash-flooding event killed two people and caused massive destruction in Ellicott City, Maryland. The town received more than 6 inches of rain over the span of two hours. According to the National Weather Service, an event like this should statistically happen only once every 1,000 years, based on historical data.

But because of climate change, extreme events like this one are happening more frequently, and scientists expect that trend to continue into the future. Our past experiences with floods are no longer a reliable indicator of our present or future risk.

The same is true for other types of natural disasters, too. As the Federal Emergency Management Agency (FEMA) has noted, “the challenges posed by climate change, such as more intense storms, frequent heavy precipitation, heat waves, drought, extreme flooding, and higher sea levels, could significantly alter the types and magnitudes of hazards impacting states in the future.”


Tuesday, 02 August 2016 00:00

When Less is More in Risk Management

In business risk management, risk-reward is a concept known by many, but understood by rather fewer. Starting from the basic idea of comparing risks taken with reward gained, the risk-reward concept is that greater rewards may be accompanied by greater risks.

As a result, if you want to win big, then be prepared to take and manage considerable risks. The confusion sets in when higher risk is assumed to generate higher probabilities of reward.

In other words, organisations assume that simply because they are taking a bigger risk, they should automatically stand to gain a greater reward. Some organisations, however, are better positioned to deal with this confusion than others.


We’ve established that workplace violence is a very real issue facing society today. We’ve also covered the importance of forming a crisis management team while providing guidelines for establishing one within your organization. Next up in our “Workplace Violence” blog series? Highlighting a few critical steps involved in formulating an effective response to workplace violence incidences. Let’s count down six things all organizations should consider as part of their comprehensive emergency action plans.


Tuesday, 02 August 2016 00:00

Data recovery & a murder investigation…

From laptops thrown in the river to hard drives that have been damaged in an attempt to destroy any evidence of wrongdoing, Kroll Ontrack’s engineers and consultants have successfully assisted hundreds of law enforcement and government agencies, law firms and corporations to recover evidential data that was pivotal for their case.

Computer forensics is the science behind the investigation of computer media while data recovery is the technique used for the retrieval of data from a damaged media. For a comprehensive investigation to be carried out, both capabilities will have to be used in most cases. Data recovery techniques will be used to retrieve critical data from the target media and then forensic methodologies will be applied to analyse the data most critical to the case.

In many instances the media at the centre of an investigation, either as the tool used to commit a crime or a repository of evidence of a crime, might be damaged or unreadable due to reasons such as intentional damage, technical failure, fire or water among many others.


An employee notification system can revolutionize the way you communicate with your personnel. The benefits of having a notification system available for your staff are numerous. They’re better informed, safer, and the system creates a sense of transparency that workers appreciate from their management.

Your system should provide a variety of features to simplify and streamline communication efforts with your team. To get the most out of your employee notification system, you can leverage its key features like the mobile app, your dedicated emergency number, groups, and HR system synchronization – among others.


Every enterprise is becoming a data business. Data is the lifeline that guides intelligent decision making, enabling enterprises to effectively serve their customers. The rise of data has led to the modernization of data infrastructure, with Apache Hadoop as a critical foundational element for data storage and processing. Designed as a multi-workload platform, Apache Hadoop, along with related Apache projects, enables real-time insight, robust interactive analysis, and deep data mining.

In a connected world of Internet of Things (IoT), social networking, and online transactions, the capability to capture, monitor, and rapidly process information is becoming essential for modern enterprises. A new model has emerged, the Lambda Architecture, for storing and processing large amounts of data-in-motion and data-at-rest. In many cases, it includes support for complex event processing with applications such as Apache Kafka and Storm, near-real-time analytics with Apache Spark Streaming, interactive SQL with Apache Hive, machine learning with Apache Spark, and data persistence and batch analytics with the Hadoop Distributed File System (HDFS) and MapReduce.


A new study by Ponemon Institute and Gemalto has gone a long way in pinpointing the reasons why so many organizations struggle with cloud security. One of the findings in The 2016 Global Cloud Data Security Study is that our approach to cloud security doesn’t follow the organization’s regular security practices. While that isn’t the only finding in the study, I believe that the other issues build off that one point.

The majority of respondents said they struggle with controlling or restricting end-user access and protecting sensitive data, and find that they are unable to apply conventional information security in cloud environments or to inspect their cloud providers for compliance concerns directly – all areas that you’d expect in-house security practices to cover.

But here is the particular finding that I think strayed the most from conventional security practices. The study revealed that those in charge of an organization’s security aren’t involved in the cloud adoption or migration process. Again, could you imagine that being the case for other security matters? It could be that decision makers think that security in the cloud is controlled by the provider, but do you want someone else to be in charge of the security of your data? Especially with this revelation: Encryption isn’t pervasive in the cloud. Peter Bernstein addressed this finding in a Cloud Security Resource article:


(TNS) — A Zika outbreak in Miami has led to 10 more local cases spread by mosquitoes in the same neighborhood north of downtown and identified last week as having been the source of the nation’s first locally transmitted cases, Florida Gov. Rick Scott announced on Monday.

Scott said he called on the federal Centers for Disease Control and Prevention to dispatch an Emergency Response Team to Miami to help the state’s health department in their investigation of the local cases believed to have been spread in a one-square-mile area in early July.

“Florida has a proven track record of success when it comes to managing similar mosquito-borne viruses,” Scott said in a written statement. “We will continue to keep our residents and visitors safe utilizing constant surveillance and aggressive strategies, such as increased mosquito spraying, that have allowed our state to fight similar viruses.”


(TNS) — A chilling scenario has repeatedly played out across the country: A gunman enters a workplace, school, movie theater or other venue with dozens of potential victims and indiscriminately opens fire.

Most recently, a lone gunman armed with an assault rifle killed 49 people and wounded 53 more in an attack at a Miami nightclub popular with the gay community.

After the sad reality of another mass shooting sinks in, questions regarding motive and gun control soon emerge. But school administrators and business owners also must tackle another question: What can be done to prepare?


(TNS) — Instability in the Brazilian government is raising fears about the nation’s preparedness to keep the Olympic Games safe from terrorism in the age of ISIS.

“Brazilians have and continue to struggle to manage the situation, but it’s not really clear what’s going to end up happening,” said Bradley Schreiber of Homeland Security Solutions, a former senior adviser at the U.S. Department of Homeland Security. “The turnover in government and other domestic security challenges, obviously we’re always concerned about that because that could potentially distract from other larger international issues.”

In May, Brazilian President Dilma Rousseff’s powers were suspended pending the outcome of an impeachment trial, with an acting president now performing her duties.


Tuesday, 02 August 2016 00:00

Insurers Ready for the Summer Olympics

Opening ceremonies for 2016 Summer Olympics in Rio de Janeiro are just days away and amid crime, security and public health concerns, it is the global insurance industry that provides the critical risk coverage needed for this sporting event to go ahead.

More than 10,000 athletes from 206 countries will come together in Rio to participate in a total of 665 events which are expected to attract up to 500,0000 international spectators as well as a considerable number of domestic tourists.

Approximately $1 billion in insurance is in place for this event, via a policy purchased by the International Olympic Committee (IOC), Business Insurance reports.


The Business Continuity Institute - Aug 02, 2016 12:01 BST

Communication issues have, for the first time ever, been named as the top reason for UK businesses to invoke recovery services, according to a new study by Sungard Availability Services. Having increased by a third, issues arising from data communications or telecom failures now account for over 25% of all total invocations, and resulted in the highest level of communication problems since the annual analysis began over two decades ago.

The Availability Trends Report noted that while invocations due to technology dropped by 71%, workplace issues, in which the office environment is rendered inaccessible, leapt up by a substantial 37% – the biggest jump since 2009. Overall however, the number of downtime incidents, in which staff are unable to work from their usual office or access business critical systems, remained largely the same – with only a 5% decrease compared to 2014’s figures. Despite the minor drop, these findings have given rise to fresh concerns that organisations are still not investing adequate resources in maintaining business availability for that most important of resources – their people.

Companies therefore need to take a holistic approach to their continuity and resilience strategies. As well as recovering their mission critical technology and IT systems, they also need to ensure their ability to limit downtime for their workforce. The increased take-up of Disaster Recovery as a Service offerings, as well as a rise in investment for dedicated workspaces demonstrate that businesses are realising the need to invest in comprehensive and robust recovery strategies that will address their people, not just their systems. Such a holistic focus will enable organisations to meet ever-growing customer and stakeholder demands for both consistent and constant levels of availability.

The threat that communication failures pose to organizations is something that is echoed in the Business Continuity Institute's annual Horizon Scan Report which has consistently identified IT and telecom outages as a top three threat to organizations. The latest report revealed that 77% of business continuity professionals expressed concern at the prospect of this kind of threat materialising.

Commenting on the Availability Trends Report, Daren Howell, senior manager solutions marketing – availability, recovery and continuity at Sungard Availability Services, said: “From reputational damage to missing out on sales and the subsequent loss of customer trust; the cost of downtime is simply too high for modern businesses to contemplate. With ever more demanding customers, recovery and continuity has become a lynchpin in enterprise success."

Unfortunately, crisis happens. Recently, all too often.  Many companies are not fully prepared to communicate rapidly and effectively in a crisis. This second of a 2-part blog series covers the common mistakes all business continuity and disaster recovery professionals should avoid to avert disaster and foster resiliency.


In June 2014 the Adams County, Colo., Communications Center (Adcom911) went live with an LTE network in the 700 MHz band 14 spectrum. In so doing, it became the first successful Early Builder in the congressionally mandated FirstNet program, an effort to deploy and operate a nationwide dedicated public safety broadband network.

Much has been learned since Adams County made its early entry into FirstNet, the First Responder Network Authority. “The most important lesson here is that if this is done right, it works,” said Adcom911 Executive Director Joel Estes. “It really is a significant improvement for public safety people out in the field.”

Getting there is no small feat, however, as other Early Builder projects have shown. Funded in part by the Broadband Technology Opportunities Program administered by the National Telecommunications and Information Administration, these programs make it clear that public safety authorities can expect to meet a range of technical and cultural hurdles on the road to FirstNet deployment.


Monday, 01 August 2016 00:00

Data Quantity Or Data Quality

When we look at ways businesses embark on marketing campaigns, we can see that quantity is regarded as a good thing.

Lots of traffic - good. Viral posts are the Holy Grail: they generate thousands of page views every hour. Likes and shares: the more the merrier.

And from all of that traffic and social interest, the business hopes for a high quantity of leads and conversions.


More than half of this year’s $14.8 million in cash settlements for violating data privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) involved cases in which offenders failed to conduct proper risk assessments.

As the stakes for ignoring those risk assessments continue to grow, officials at software developer AvePoint are pointing to a tool they developed in conjunction with the International Association of Privacy Professionals (IAPP), which can help make the process of conducing those reviews more consistent and efficient.


As you’ll have no doubt seen in the press, Orlando, Fla.-based backup company Replibit was recently acquired by eFolder. It's not a surprising move, as eFolder was lacking its own solution for disaster recovery (DR). So, what is so special about Replibit?

There are a few core technologies that make Replibit interesting:


Top FEMA Officials Available for Interviews to Discuss Extreme Heat Safety Tips, Urge Residents to Download FEMA Smartphone App Designed to Help Families Before, During, and After Disasters

Washington – The Federal Emergency Management Agency (FEMA) is urging residents across the nation to take steps now to prepare their families and communities for extreme heat, by reviewing important safety information and downloading the FEMA smartphone app. 

The National Weather Service announced today that “dangerously hot and humid conditions are expected this week across a large portion of the nation.” Additionally, NOAA’s Climate Prediction Center’s latest outlooknotes that most of the continental United States is facing elevated chances of well-above-average summer temperatures. According to the Centers for Disease Control & Prevention, heat kills more people than hurricanes, lightning, tornadoes, earthquakes and floods.

To help Americans stay safe during extreme heat, FEMA urges residents to consider taking the following actions in affected areas:   

  • Postpone outdoor games and activities and limit exposure to the sun.
  • Drink plenty of water and avoid caffeine; limit alcoholic beverage intake.
  • Dress in loose-fitting, lightweight and light-colored clothing.
  • Spend the warmest part of the day in temperature-controlled buildings such as libraries, schools, movie theaters, shopping malls, or community facilities.
  • Check on family, friends, and neighbors who do not have air conditioning and who spend much of their time alone.

FEMA also urges residents to download and use the free FEMA app, which provides valuable safety tips to help families prepare for and recover from more than 20 natural and man-made hazards. The FEMA app enables users to receive weather alerts from the National Weather Service for up to five locations across the nation, making it easy to follow severe weather that may be threatening family and friends.  The app also provides family communication plans, customizable checklist of emergency supplies, and maps of open shelters and disaster recovery centers. The app is available on the Apple App Store and on Google Play.

What:  Interview opportunity with FEMA officials to share information on how to stay safe during extreme heat and FEMA’s updated Smartphone App

Who:  FEMA Director of External Affairs Josh Batkin

          FEMA Director of Public Affairs Rafael Lemaitre  

          FEMA Director of Individual and Community Preparedness Helen Lowman

When:  Upon request

RSVP:  To schedule a media interview contact the FEMA News Desk at 202-646-3272 or This email address is being protected from spambots. You need JavaScript enabled to view it.


FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at and  Also, follow Administrator Craig Fugate's activities at

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

Monday, 01 August 2016 00:00

Storm Debris Will Fuel Power Plant

(TNS) - Out of sight, out of mind. That's how many of us may feel after fallen trees and branches have been hauled away from our homes.

But what will become of all that tree debris culled by last week's destructive storm?

Pakou Ly, a spokeswoman for the city of Duluth, Minn., said most of it will be chipped and hauled, ton by ton, to Minnesota Power's Hibbard Renewable Energy Center, where it will be used to generate steam for the neighboring Verso paper and recycling mills, as well as renewable energy for local electric customers.

The plant can consume up to 40 semitrailer loads of biomass fuel per day, said Amy Rutledge, manager of corporate communications for Minnesota Power and its parent company, Allete.


(TNS) - About 50 first responders from around the Hill Country gathered at Schreiner University on Thursday to discuss successful practices and lessons learned from various critical incidents.

Gregory Pratt, a training coordinator with the Federal Bureau of Investigation — San Antonio division, said similar conferences like these are conducted throughout the state and country each year.

“This gives every department involved training on any event involving an active shooter or a similar situation,” Pratt said. “Our bureau offers supportive resources like victim assistance, crime scene management, crisis and media management.”


(TNS) - A new smartphone app is aimed at keeping Kanawha County residents up to date on emergency news and prepared in the event of local disasters.

The app, KC Ready, was a joint effort by Kanawha County Emergency Management and Metro 911. Dale Petry, director of Emergency Management, said that KC Ready is a valuable resource to have when disaster strikes in the county or when residents simply want to prepare for the worst.

KC Ready can help clear the Metro 911 phone lines for those with emergencies as well, Petry said. The app does this by sending push notifications to its users about weather situations and traffic accidents using Metro 911’s live feed, so that a large number of residents don’t call in to report the same problem.


According to the results of a recent survey of 3,476 IT and IT security practitioners worldwide, just one third of all sensitive corporate data stored in cloud-based applications is encrypted.

The survey, conducted by the Ponemon Institute and commissioned by Gemalto, also found that 73 percent of respondents said cloud-based services and platforms are important to their organization's operations, and 81 percent said they will become more important over the next two years.

Just over a third (36 percent) of respondents said their companies' total IT and data processing needs are met using cloud resources today, and that's expected to increase to 45 percent over the next two years.


News  •  Jul 29, 2016 11:59 BST

​Businesses vulnerable due to shortage of cyber security talent


There is serious talent shortage crisis impacting the cyber security industry according to a new report published by Intel Security, in partnership with the Center for Strategic and International Studies (CSIS). 82% of respondents to a global survey admit to a shortage of cyber security skills, with 71% of respondents citing this shortage as responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets.

The Hacking the Skills Shortage Report highlighted that the demand for cyber security professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. Despite a quarter of respondents confirming their organizations had lost proprietary data as a result of this skills gap, there are no signs of it abating in the near-term. Respondents estimate an average of 15% of cyber security positions in their company will go unfilled by 2020.

The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously, and this starts by making sure resources are available to combat the threat. Such is the level of the threat that cyber attacks and data breaches were identified as the top two concerns to business continuity professionals in the BCI's Horizon Scan Report, which also identified availability of talents / key skills as a top ten concern.

The Hacking the Skills Shortage Report analysed four dimensions that comprise the cyber security talent shortage, which include:

Cyber security spending: The size and growth of cyber security budgets reveals how countries and companies prioritize cyber security. Unsurprisingly, countries and industry sectors that spend more on cyber security are better placed to deal with the workforce shortage.

Education and training: Only 23% of respondents say education programmes are preparing students to enter the industry. This report reveals non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons, may be a more effective way to acquire and grow cyber security skills. More than half of respondents believe that the cyber security skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities.

Employer dynamics: While salary is unsurprisingly the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer’s IT department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.

Government policies: More than three-quarters (76%) of respondents say their governments are not investing enough in building cyber security talent. This shortage has become a prominent political issue as heads of state in the US, UK, Israel and Australia have called for increased support for the cyber security workforce in the last year.

A shortage of people with cyber security skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”

The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cyber security talent shortage,” said Chris Young, senior vice president and general manager of Intel Security Group. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line.

Many organisations report that they are improving their disaster recovery capabilities, and that their confidence in being prepared for a disaster has increased. Still, there is much work to be done in ensuring adequate preparation and protection.

The cost of a business interruption, whether due to network attack, data breach or natural disaster, can be a rude awakening. An estimation of system downtime costs when a data disaster strikes takes into consideration not only productivity losses, missed sales opportunities and staff’s hourly time, but also less quantifiable impacts such as damage to corporate image and customer confidence. This highlights the growing need for additional protection against business interruptions.


CIOs at fast-growing and dynamic enterprises are frantically trying to keep pace with business demands, as email, enterprise apps and offsite storage are increasingly moving to cloud.

As more companies migrate data and applications to the cloud, connectivity to and from cloud is very critical.

Traditional connections require long-term contracts, fees and may or may not be secure. This may slow down user experience, and in turn, business growth.


The world of emergency management is becoming increasingly interconnected and interdependent, and as the emergency management profession grows, the risks become more complex. From 9/11 and Katrina in the past to the Cascadia fault in the future — how and with what is the emergency manager in the future going to … manage?

Nobody is more interested in that question than academia. After all, most emergency manager positions require a college degree as well as training and experience in the field. The number of programs offering degrees has increased from just a few in 1995 to almost 300 today.

The debate has been one of consistency and content — what knowledge and skills should emergency management higher education programs integrate into their curriculums to meet the future challenges of the profession?


With over 1 billion people, a more than 7 percent annual growth rate and business-friendly government policies, India offers vast potential for success in the marketplace that few companies can afford to overlook. However, before committing a significant amount of time, talent and financial resources expanding operations into India, know this: While the rewards can be great, so can the risks.

Successful navigation of India’s tax and regulatory environment requires a deeper strategy than simply “follow the laws.” A holistic compliance strategy requires a thorough understanding of the country’s marketplace, business culture and regulatory environment.


(TNS) - As temperatures soared into the 90s again Wednesday, locals stuck by fans and air conditioning and dipped in pools and ponds trying to ride out the latest wave of sweltering heat.

Some professions are shown no mercy, however.

Late Wednesday morning as the mercury just touched 90 degrees, a fire on a South Lawrence porch was reported when residents smelled smoke and dialed 911.

Crews raced to 90-92 Jamaica St., where the single-alarm blaze in a two-story, two-family house was quickly knocked down. Fire investigators quickly determined the fire was caused by careless disposal of cigarettes. While there were no injuries, porches on the first and second floors were scorched.


Today’s business has a lot of storage and data options. And, requirements around data control are going to continue to grow and evolve. With that in mind – let’s touch on one aspect of the IT and data center administrative process that some organizations hate to discuss: data migrations.

What if you need to move a massive amount of data? What if it’s not as simple as just re-mapping a storage repository? In some cases, you might be migrating entire storage vendors to align with specific business strategies. Either way – when dealing with critical corporate data – you need to have a plan. So, here are 8 steps to creating an enterprise data migration plan:


(TNS) - Like many Minnesota Power employees, Stefanie Stollenwerk received a phone call shortly after 3 a.m. last Thursday.

It's not uncommon for the utility to face emergency situations and have to deploy crews at all hours. But this wasn't an ordinary emergency. It was what officials now say is the most damaging storm to hit Duluth's power grid in at least half a century.

"I've been working here 18 years and I've never seen a storm like this," said Stollenwerk, the utility's manager of transmission and distribution support services. "When I got the call, I told my husband that I wasn't sure when I was going to see him again."

For the past week, Stollenwerk and a team of Minnesota Power officials have worked around the clock at the company's Herbert Service Center on Arrowhead Road, coordinating the behind-the-scenes emergency response and power restoration efforts in Duluth, Rice Lake and many other Northland communities.


During a crisis, effective communication is one of the keys to mitigating damage and maintaining your organization’s reputation. A crisis is a time to be open, honest, and engaging. In our hyper-connected world, there is no sense in trying to hide from the media, your customers, or the public at large.

That being said, crisis communication can be tricky. An organization that, let’s say, tweets something controversial or experiences a customer data breach suddenly becomes a target for extreme public scrutiny. In the wake of such events, social media users take to Twitter, Facebook and other platforms to post comments, complaints and jabs.

As the online negativity piles up, many organizations might feel compelled to start deleting negative comments in an attempt to save face. But in reality, this simple step might be doing more harm than good.


The Business Continuity Institute - Jul 29, 2016 11:59 BST

There is serious talent shortage crisis impacting the cyber security industry according to a new report published by Intel Security, in partnership with the Center for Strategic and International Studies (CSIS). 82% of respondents to a global survey admit to a shortage of cyber security skills, with 71% of respondents citing this shortage as responsible for direct and measurable damage to organizations whose lack of talent makes them more desirable hacking targets.

The Hacking the Skills Shortage Report highlighted that the demand for cyber security professionals is outpacing the supply of qualified workers, with highly technical skills the most in need across all countries surveyed. Despite a quarter of respondents confirming their organizations had lost proprietary data as a result of this skills gap, there are no signs of it abating in the near-term. Respondents estimate an average of 15% of cyber security positions in their company will go unfilled by 2020.

The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously, and this starts by making sure resources are available to combat the threat. Such is the level of the threat that cyber attacks and data breaches were identified as the top two concerns to business continuity professionals in the BCI's Horizon Scan Report, which also identified availability of talents / key skills as a top ten concern.

The Hacking the Skills Shortage Report analysed four dimensions that comprise the cyber security talent shortage, which include:

Cyber security spending: The size and growth of cyber security budgets reveals how countries and companies prioritize cyber security. Unsurprisingly, countries and industry sectors that spend more on cyber security are better placed to deal with the workforce shortage.

Education and training: Only 23% of respondents say education programmes are preparing students to enter the industry. This report reveals non-traditional methods of practical learning, such as hands-on training, gaming and technology exercises and hackathons, may be a more effective way to acquire and grow cyber security skills. More than half of respondents believe that the cyber security skills shortage is worse than talent deficits in other IT professions, placing an emphasis on continuous education and training opportunities.

Employer dynamics: While salary is unsurprisingly the top motivating factor in recruitment, other incentives are important in recruiting and retaining top talent, such as training, growth opportunities and reputation of the employer’s IT department. Almost half of respondents cite lack of training or qualification sponsorship as common reasons for talent departure.

Government policies: More than three-quarters (76%) of respondents say their governments are not investing enough in building cyber security talent. This shortage has become a prominent political issue as heads of state in the US, UK, Israel and Australia have called for increased support for the cyber security workforce in the last year.

A shortage of people with cyber security skills results in direct damage to companies, including the loss of proprietary data and IP,” said James A Lewis, senior vice president and director of the Strategic Technologies Program at CSIS. “This is a global problem; a majority of respondents in all countries surveyed could link their workforce shortage to damage to their organization.”

The security industry has talked at length about how to address the storm of hacks and breaches, but government and the private sector haven’t brought enough urgency to solving the cyber security talent shortage,” said Chris Young, senior vice president and general manager of Intel Security Group. “To address this workforce crisis, we need to foster new education models, accelerate the availability of training opportunities, and we need to deliver deeper automation so that talent is put to its best use on the front line.

Wear a smartwatch and you could cause a data breach that brings your organization to its knees. Install an anti-virus product on any one of your endpoints and you could compromise the security of key enterprise applications.

Smartwatches and certain anti-virus products are just a small sample of the growing number of shocking application security threats. Just like more familiar application security threats such as code injection, cross site scripting and buffer overruns, the threats they pose can be critical.

This article discusses five emerging application security threats:

  • PIN and password inference software
  • Mobile app collusion
  • Anti-virus software
  • JavaScript ransomware
  • Voice-activated attacks


Zscaler is warning organizations to plan ahead for security threats and network performance issues linked to coverage of the Olympic Games, which commence on 5th August in Rio.

Cybercriminals are aware that users will be searching for convenient ways to stay up-to-date with the latest sporting action, forcing enterprises to roll out revised security policies that ensure the security of users watching, searching for, or downloading associated sporting coverage.

Most critically, organizations need to consider their exposure to phishing and malware attempts, exploitation of mobile applications and how this will impact business continuity. ThreatLabZ research from past events found that 80 percent of ‘Olympic’ web domains were found to be scams or spam, pinpointing the need for increased business vigilance.


Thursday, 28 July 2016 00:00

The Real Value of Lawyers to Compliance

The legal profession is transforming itself, especially in the area of compliance. Lawyers are an invaluable part of a compliance program. They provide important perspective and understanding of risk, they help a company to assess and navigate legal risks and they interface with regulators and enforcement agencies.

The most effective compliance programs usually are built around a strong partnership between a chief compliance officer and a general counsel. They are natural partners, assuming that egos do not get in the way, and should work together to advance the company’s compliance program.

Lawyers have two very specific benefits that should be incorporated into an effective compliance program.


Charleston, W.Va. — If you were affected during the June storms and have questions about legal issues such as repair contracts, working with contractors, replacing wills and other legal documents, you might be eligible to get free legal counseling from a group of West Virginia lawyers who have volunteered limited legal help.

Disaster legal Services provides legal assistance to low-income individuals who, prior to or because of the disaster, have little recourse to legal services as a consequence of a major disaster.

A partnership among the Federal Emergency Management Agency (FEMA), the West Virginia State Bar, and Legal Aid of West Virginia provides eligible callers 24/7 access to a toll free legal hotline, 877-331-4259. Callers may leave a message and will be matched with a local attorney.

Local legal aid providers might help you with:

  • Assistance with FEMA and other government benefits available
  • Assistance with life, medical, and property insurance claims
  • Help with home repair contracts and contractors
  • Replacement of wills and other important legal documents lost or destroyed in the disaster
  • Consumer protection issues such as price-gouging and avoiding contractor scams in the rebuilding process
  • Counseling on mortgage-foreclosure problems
  • Counseling on landlord-tenant problems

There are some limitations on disaster legal services. For instance, if a case might produce a fee, or where attorneys are paid as part of a court settlement, you’ll be referred to a local lawyer.

State/Tribal Government or Region: 
Thursday, 28 July 2016 00:00

Do You Know the Current Business Climate?

Understanding how the business climate is changing  will allow to you start looking at how you may need to change your recovery and resiliency strategies.

I was recently talking with my father who was in the convenience store and gasoline distribution business his entire career. We were talking about planning and how the business climate changes over time. He mentioned that when pay-at-the-pump devices first came to stations, his company resisted implementing them. Their convenience store model was to get customers to walk into the store to pay so they would purchase additional items. Their money was not made on gas sales, but on the sale of store items (beverages, candy, etc.). My father was an advocate of putting the new pumps in. He saw it as being more important than just having customers walk into the store, but instead making sure that customers were comfortable using the store for both gas purchases and quick stops for other items. If they got in the habit of using a different store to get gas because of pay-at-the-pump, they would likely stop at that store for drinks and other items as well. The result: a lost customer.

Do you know how your business climate may be evolving? Do your current processes or paradigms still meet customer needs and desires? In previous blogs and presentations, we have encouraged those in continuity planning to learn about their business processes. Understanding how the business climate is changing – and how business processes and functions may be changing along with that – will allow to you start looking at how you may need to change your recovery and resiliency strategies.

Consider the items below as you identify how your business may be changing.


We know that ransomware is a menace for just about everyone, but the health care industry has been hit unusually hard by this particular type of attack. In fact, according to Solutionary’s Security Engineering Research Team (SERT) Quarterly Threat Report for Q2 2016, the health care industry represented 88 percent of all ransomware detections during the second quarter.

Think about that number for a moment. Ransomware seems to be everywhere, yet, 88 percent of detections were in one industry. Education and finance were second and third, at 6 and 4 percent, respectively.

Now, it must be noted that we may not be getting the full picture, as Solutionary threat intelligence communication manager Jon-Louis Heimerl told SC Magazine, after pointing out that the analysis was based on actual ransomware activities:


AUSTIN, Texas – Two important deadlines are ahead for Texans who are considering a loan through the U.S. Small Business Administration for recovery from the May-June storms and flooding.

Most survivors who registered with FEMA for disaster assistance were contacted by the SBA with information on the agency’s low-interest disaster loans, as well as instructions on how to complete the loan application.

The deadline to submit the application for physical damage is Aug. 10. The deadline for businesses to submit a loan application for economic injury is March 11, 2017.

The SBA is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property, offering low-interest disaster assistance loans to businesses of all sizes, private nonprofit organizations, homeowners and renters.

Survivors may apply online using the electronic loan application via SBA’s secure website at

Disaster loan information and application forms are also available from SBA’s customer service center by calling 800-659-2955 or emailing This email address is being protected from spambots. You need JavaScript enabled to view it.. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339. For more disaster assistance information or to download applications, visit

Completed applications should be mailed to:

U.S. Small Business Administration
Processing and Disbursement Center
14925 Kingsport Rd.
Fort Worth, TX  76155

SBA loan applications should be submitted even as disaster survivors await an insurance settlement. The loan balance is reduced by the settlement. SBA loans may also be available for losses not covered by insurance.

The SBA encourages Texans who suffered damage or loss from the May-June storms and flooding complete the SBA loan application they received. There is no obligation to take a loan if offered. If approved, and a survivor does not accept the loan, it may make one ineligible for additional federal assistance.

  • Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence.

  • Homeowners and renters may borrow up to $40,000 to repair or replace personal property.

  • Businesses may borrow up to $2 million for any combination of property damage or economic injury. SBA offers low-interest working capital loans—called Economic Injury Disaster Loans—to small businesses and most private nonprofit organizations of all sizes.

# # #

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Download to locate open shelters and disaster recovery centers, receive severe weather alerts, safety tips and much more.

Your organization probably already has more data than it knows what to do with. Yet, it's quite likely you're overlooking, disregarding, unaware of, or unable to access important information that could directly affect analyses and business outcomes.

It doesn't matter what your universe of data is -- enterprise data or a combination of internal and external data sources -- important nuggets of information may be missing.

"Companies are collecting more data, but often struggle with what to do with it," said Dave Hartman, president and founder of technology advisory firm Hartman Executive Advisors. "Data can be extremely overwhelming in its raw form."


U.S. hotel group Kimpton Hotels & Restaurants and U.K. mobile operator O2 both recently acknowledged potential data breaches. In Kimpton's case, the attack appears to be similar to other recent point-of-sale breaches at hotel chains including Hyatt, Omni, Starwood and Hilton, while in O2's case an undisclosed number of customer accounts were exposed by password reuse.

Kimpton Hotels yesterday announced that it was "recently made aware of a report of unauthorized charges occurring on cards that were previously used legitimately at Kimpton properties."

"As soon as we learned of this, we immediately an investigation and engaged a leading security firm to provide us with support," the company stated. "We are committed to swiftly resolving this matter. In the meantime, and in line with best practice, we recommend that individuals closely monitor their payment card account statements."


(TNS) - With the recent, long-awaited arrival of the Elizabethtown Fire Department’s new custom-built engine, the focus of the department will now be shifting from the “pound of cure” to the “ounce of prevention,” in the form of a community risk reduction program.

“You’ve heard the saying ‘if it’s predictable, it’s preventable’,” said Fire Chief Nick West. “We can predict the potential for fires, so now we’re looking at ways to prevent them.”

The community risk reduction program is comprised of three components:


Today’s networking layer has become one of the most advanced infrastructure components in the data center. We are far beyond simple network route tables and ensuring data traffic patterns. Now, we’re creating contextual policies around information, users, applications, and entire cloud infrastructure components. We’ve created automation at the networking layer; and have even completely abstracted the data and control plane via next-generation SDN.

Administrators today are tasked with creating a much smarter networking layer. One that is capable of keeping up with some of the most advanced business and IT demands. In a recent Worldwide Enterprise Networking Report, IDC pointed out that virtualization continues to have a sizable impact on the enterprise network. IDC expects that these factors will place unprecedented demands on the scalability, programmability, agility, analytics capabilities, and management capabilities of enterprise networks. They predict that in 2016, overall enterprise network revenue will grow 3.5 percent to reach $41.1 billion.

It’s really no surprise that these new types of technologies will have major impacts around the entire enterprise networking layer. Most of all – these systems will change the way business create go-to-market strategies and where next-generation networking technologies can make an impact.


Organizations with responsibility for private health data have paid $18.7 million so far this year to settle cases alleging their systems for protecting patient data were inadequate.

In all, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights has resolved nine cases, with settlements ranging in size from $25,000, to $3.9 million.

This year’s largest settlement to date for violations of the Health Insurance Portability and Accountability Act (HIPAA) was leveled at Feinstein Institute for Medical Research, where a laptop stolen from a car contained electronic protected health information (ePHI) belonging to roughly 13,000 patients and research participants.


Many organizations are not responding to the continuing spread of “Shadow IT” and cloud use with appropriate governance and security measures, and more than half do not have a proactive approach, according to research released Tuesday. The 2016 Global Cloud Data Security Study, compiled by the Ponemon Institute on behalf of Gemalto, shows that nearly half of all cloud services (49 percent) and nearly half of all corporate data stored in the cloud (47 percent) are beyond the reach of IT departments.

The report is drawn from a survey of more than 3,400 IT and IT security practitioners from around the world. It shows only 34 percent of confidential data on SaaS is encrypted, and members of the security team are only involved in one-fifth of choices between cloud applications and platforms.

IT departments are making gains in visibility, with 54 percent saying the department is aware of all cloud applications, platforms, and infrastructure services in use, up from 45 percent two years ago. Also, the number of respondents saying it is more difficult to protect data using cloud services fell from 60 to 54 percent, however those gains were offset by more broadly reported challenges in controlling end-user access.


Wednesday, 27 July 2016 00:00

Battles in the Fight Against Ransomware

Ransomware, or the encrypting of a victim’s data until a ransom is paid, is one of the scariest of the many scary things companies face. And health care organizations should be a bit more frightened because, for some reason, this sector is the main target of these hackers.

Data from Solutionary says that health care organizations are 114 times more likely to be the target of ransomware than financial firms and 21 times more likely than educational institutions. Put another way: The firm tracked these exploits and found that health care was targeted 88 percent of the time, though it represented only 7.4 percent of its client base, according to Network World.

The security firm offers three possible explanations for the inordinate amount of attacks on health care companies: The high number of non-profit health care organizations suggests that budgets are low and security not as up to date or sophisticated, and these organizations simply have a lot of data to target and much of it is life and death. The criticality of the data makes it more likely that executives will feel compelled to do anything, including paying a ransom, to regain control.