DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

Industry Hot News

Industry Hot News (204)

Most organizations do a good job when it comes to developing plans to protect their staff in the event of an emergency. However, there are several other key tasks that often go overlooked.

In today’s post we’ll look at the six tasks that every organization should address in the plans it draws up to be in readiness for when an emergency strikes.

There is a right and wrong time for an organization to figure out how it’s going to respond to various types of emergencies. The wrong time is in the seconds after the fire alarm goes off, or trouble announces itself in some other way.

Responsible organizations plan ahead of time for emergencies, considering the different types of problems likely to occur and developing ways of dealing with them. They think about categories of an event (rather than specific problems), and they produce their plans in simple checklist form, excluding policy statements (or consigning such statements to the back). This is so their plans consist of simple steps that can be readily understood, taken, and checked off in the heat of an emergency. They also stage frequent drills, so their staffs are familiar with where the plans are and know their role in carrying them out.



At Forrester, it is our goal to be ahead of the market trends so we can advise clients on what is to come and how they should prepare. Each year, we publish a series of predictions reports about what may be of primary concern for various roles over the course of the coming year. Rather than using our market insight and intuition to predict what may happen in technology and business, what if we were able to see the future? If we could go in a time machine, what would differentiate businesses’ security postures and practices 10, 50, or even 100 years into the future?

Unfortunately, Forrester has not built a time machine (yet!), but several reports that the security and risk team has published in the last month can help practitioners prepare their security programs for far in the future:



New Orleans averted disaster this month when tropical storm Barry delivered less rain in the Crescent City than forecasters originally feared. But Barry’s slog through Louisiana, Arkansas, Tennessee and Missouri is just the latest event in a year that has tested levees across the central U.S.

Many U.S. cities rely on levees for protection from floods. There are more than 100,000 miles of levees nationwide, in all 50 states and one of every five counties. Most of them seriously need repair: Levees received a D on the American Society of Civil Engineers’ 2018 national infrastructure report card.

Levees shield farms and towns from flooding, but they also create risk. When rivers rise, they can’t naturally spread out in the floodplain as they did in the pre-flood control era. Instead, they flow harder and faster and send more water downstream.



Sandy Hook, Boston, Las Vegas, Parkland and Pittsburgh.  Those locations now have secondary meanings; mass casualty events.  Each having their own community impact and recovery process.

Response plans are created during the calm and quiet of a work day.  A variety of exercises are conducted to test those plans and modify them accordingly to meet their operational goals and needs.

These plans use real world lessons to help frame and update response protocols.

Public Safety agencies involved can be police, fire, EMS & OEM.  Steve Crimando, internationally recognized crisis management and trauma consultant, refers to these exercises as “Stop the Killing and Stop the Dying”.  You see them on the news… SWAT or a rapid response unit responds to an active shooter/hostile event call.  They enter the building/area to locate and/or neutralize the threat actor(s).



(TNS) — Low-interest federal disaster loans are now available to certain private nonprofit organizations in Osage and Nowata counties following President Donald Trump's federal disaster declaration for Public Assistance as a result of severe storms, tornadoes, straight-line winds and flooding that occurred April 30 - May 1, announced acting Administrator Christopher M. Pilkerton of the U.S. Small Business Administration.

Private nonprofits that provide essential services of a governmental nature are eligible for assistance.

These low-interest federal disaster loans are available in Alfalfa, Atoka, Bryan, Coal, Craig, Kay, Lincoln, Love, Major, Noble, Nowata, Okmulgee, Osage, Ottawa, Pittsburg, Pushmataha, Stephens and Tillman counties.



The CCPA, which goes into effect in six months, will cover data beginning in January 2019, so the time to prepare is now. Aparavi’s CTO Rod Christensen discusses the steps companies must take to ensure compliance as soon as possible.

The purpose of the California Consumer Privacy Act (CCPA) is mainly to rein in the use and sale of personal information by large companies for purposes such as advertising. This doesn’t mean the rest of us are off the hook for CCPA compliance, however. Let’s look briefly at some of the reasons the CCPA law may apply to you and what it covers.



Innovation isn’t just having a few bright ideas. It’s about creating value and helping organizations continuously adapt and evolve. ISO is developing a new series of International Standards on innovation management, the third of which has just been published.

Innovation is an increasingly important contributor to the success of an organization, enhancing its ability to adapt in a changing world. Novel and innovative ideas give rise to better ways of working, as well as new solutions for generating revenue and improving sustainability. It is closely linked to the resilience of an organization, in that it helps them to understand and respond to challenging contexts, seize the opportunities that that might bring and leverage the creativity of both its own people and those it deals with.

Ultimately, big ideas and new inventions are often the result of a long series of little thoughts and changes, all captured and directed in the most effective way. One of the most efficient ways of doing just that is through implementing an innovation management system.



Last week, the United States Conference of Mayors adopted a resolution against paying ransoms. What’s interesting about this is it’s creating what is essentially a vertical front of communities against ransomware. It may well disincentivize attackers from targeting US towns and cities. I’m hopeful and encouraged by this action, but I worry that this resolution is a dismissal of culpability and should have been about investing in cybersecurity before a ransomware outbreak, instead of advertising that we’d rather jump on a sword than pay a ransom.

I’ve been writing about the need for ransomware victims to prioritize their self-interest and consider paying ransom if they can establish that the actor will credibly provide decryption keys and that recovery would be discernably less costly in doing so. One of the common responses I’ve received in this regard is that I’m encouraging the creation of a ransomware market because the act of paying ransoms encourages more actors to get involved in this space — supply and demand.



As flexible working becomes the new normal, how can risk directors feel confident company data is secure?

The era of digital transformation is well underway. As new technologies – such as artificial intelligence and blockchain –increasingly become the arteries of industry, data has become the lifeblood for businesses. And yet many employees have very little knowledge about how to protect it.

According to IT consultancy ESG Cybersecurity, more than half of organisations report a “problematic shortage” of cybersecurity skills within their company. Globally, we’re currently experiencing a cybersecurity workforce gap of 2.9 million employees, according to research from IT security training organisation ISC².

Risk directors are racing against the clock to assess potential threats to sensitive company information. And, for some, the growing global trend for flexible working may seem to be one of them. According to research from Australian cloud data security company Rackspace, letting staff and third parties access data remotely is seen as the greatest threat to cybersecurity by executives.



Monday, 15 July 2019 14:13

Flexible working and cybersecurity

In over twenty years in the business, I’ve seen it all in terms of how our clients treat us at MHA as consultants, partners, and people. Most clients are great, but a few have made our lives miserable and have never quite learned how to treat a BCM consultant.

In today’s post, we’ll look at what differentiates good business continuity management (BCM) clients from bad—and explain how it benefits your company to have a healthy BCM consultant relationship.

Related on BCMMETRICS: The 9 Hallmarks of Quality BCM Service

Some clients are a joy to work with, and some are a pain in the you-know-what. What makes a client one or the other? I’ll get into the details of how to treat your BCM consultant in a moment.