DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 32, Issue 1

Full Contents Now Available!

Industry Hot News

Industry Hot News (338)

What does a business continuity or disaster recovery plan consist of? In a nutshell, it’s what needs to happen in case you can’t continue normal operations or business due to an “activity” that may have affected your organization. I am not trying to minimize this in the least. That’s just the tip of the iceberg. We NEED plans. We need to know what to do so that when we have to make critical decisions, the information is as our finger tips (especially when it’s an automated tool). Building these plans is vital to the survival of the business, should something occur. Most of our organizations are regulated and required to have plans. It’s not only a type of insurance policy, but it makes us feel better knowing it’s in place…but what happens when you need to activate that plan? Just as critical as the plan itself are the people needed to respond and assist in the recovery efforts. People execute the plan. Someone needs to flip the switch. Without people, your effort, time and planning will not be much help.

With that said, we need to make sure we prepare our employees, so they know what to expect and what is expected. How do we do that? We teach them. We exercise the plans and involve those people.

Most organizations don’t do full-scale exercises with their entire staff. It costs a lot of money, resources and takes up a lot of time from the work day. This would be the most desirable type of exercise and something we should all aim to achieve. If you can conduct something like this, that’s fantastic! If not, consider starting by setting up a table top exercise to walk through what’s currently in place in your plans.

...

https://www.bcinthecloud.com/2019/02/have-we-prepared-our-most-valuable-resources-for-disaster/

A wireless device resembling an Apple USB-Lightning cable that can exploit any system via keyboard interface highlights risks associated with hardware Trojans and insecure supply chains.

During a month-long hiatus between jobs, Mike Grover challenged himself to advance a project he'd been working on for over a year: Creating a USB cable capable of compromising any computer into which it's inserted.

His latest iteration, the Offensive MG or O.MG cable, resembles an Apple-manufactured Mac USB-Lightning cable but incorporates a wireless access point into the USB connector, allowing remote access from at least 100-feet away, according to Grover. A video demonstration shows Grover taking control of a MacBook and opening up Web pages from his phone.

The cable takes advantage of a known weaknesses. To make keyboard, mice, and other input devices as easy to connect as possible, operating system makers have made computers accept the identification, through the Human Interface Device (HID) protocol, of any device plugged into a USB port. An attacker can use the weakness to create a device that acts like a keyboard to issue keystrokes, or a mouse to issue clicks.

...

https://www.darkreading.com/threat-intelligence/from-omg-to-nsa-what-hardware-implants-mean-for-security/d/d-id/1333889

(TNS) - It’s been a year since the Valentine’s Day murder of 17 students and staff members and the wounding of 17 others at Marjory Stoneman Douglas High School in Parkland, Florida.

Since then, schools around the country have taken steps to beef up security.

In this area, several schools have made great strides to improve the safety of the students and teachers.

Many of the improvements deal with how people enter school buildings.

“The number one thing that we’ve done: we put a kiosk system in where when you come in you have to bring your [driver’s] license in now. We know everybody who comes in and out of our building. So will that stop a shooting? No, but we actually have a better understanding of who is going to be in our building or not,” said Mel Rentschler, superintendent at Allen East schools.

...

http://www.govtech.com/em/safety/Preparing-for-the-Next-School-Shooting.html

Friday, 15 February 2019 15:06

Preparing for the Next School Shooting

Doron Pinhas looks at the common factors behind various high-profile technology outages in 2018 and proposes a practical approach which will help organizations reduce unplanned downtime in 2019.

Flying these days is almost never a pleasure, but in 2018, it was a downright nightmare with dozens of glitches and outages that kept planes grounded. 2018 wasn't such a great year for other industry sectors as well. Financial service customers also had a rough year accessing their funds and performing urgent financial transactions. In the UK, for example, banks experienced outage after outage. Three of Britain's biggest banks - HSBC, Barclays and TSB - all experienced outages on a single day, making online banking impossible, and there were dozens of other incidents peppered throughout the year.

And if your business lives on cloud platforms and SaaS, you might have found yourself running ragged at times trying to access your IT with all of the major cloud platforms suffering from outages throughout the year as well.

It may be 2019 now, but the fundamental gaps that led to those service disruptions haven't been resolved, so we can expect more such outages this year, and probably every year until companies figure it out – which, if you’re a business continuity or IT professional, raises the question: what should I do to avoid outages?

...

https://www.continuitycentral.com/index.php/news/technology/3728-2018-s-outages-what-are-the-lessons-for-2019

Some have even turned to alcohol and medication to cope with pressure.

A quarter of chief information security officers (CISOs) suffer from mental and health disorders as a result of tremendous and growing work pressures, a new survey shows.

Contributing to the strain are concerns about job security, inadequate budget and resources, and a continued lack of support from the board and upper management.

Domain name registry service provider Nominet recently polled 408 CISOs working at midsize and large organizations in the United Kingdom and United States about the challenges they encounter in their jobs.

A whopping 91% of the respondents admitted to experiencing moderate to high stress, and 26% said the stress was impacting them mentally and physically. A troubling 17% of the CISOs who took Nominet's survey admitted to turning to alcohol and medication to deal with the stress, and 23% said their work was ruining personal relationships.

...

https://www.darkreading.com/careers-and-people/high-stress-levels-impacting-cisos-physically-mentally/d/d-id/1333888

Paul Barry-Walsh argues that as complexity increases in society, so do interdependencies. To prevent cascading disasters, organizations need to implement firebreaks which will ensure that they do not become the weak link in the supply chain.

There is a characteristic which is self-evident to the professionals in this field, that is, as we develop as a society, we become increasingly reliant on more and more suppliers delivering products or services. Should just one component of the supply chain be disrupted then this service or product cannot be delivered. This can result in chaos. This is simply a manifestation of Adam Smith’s contention that the increased division of labour allows increasing output. However, with ever more suppliers, and the implementation of just in time production, the loss of just one small component disrupts the entire chain. This is as true for services as it is for manufacturing and after Adam Smith we should perhaps refer to this as ‘Adams Law’.

To illustrate this, imagine yourself to be a Venetian banker in the 16th century. He would need ledges quills and ink, possibly a desk and to operate in a secure environment, under the rule of law, but that’s about it. Now consider his modern counterpart. Just providing the most basic of modern day services the banker needs to operate both within and under the rule of law, she/he needs sophisticated computers, needs a base to operate from, needs communication devices and needs an army of people to run this operation: accountants, data entry, lawyers, compliance people and then HR to manage them.

That’s a complex web of people and products just to do the simplest banking operation. This complexity brings with it vulnerability; if staff are denied access to the office, if there is no electricity, (or water) then the organization cannot function. If you cannot function, there will be a knock-on effect for the counterparties, due to the interconnectedness of our society. If just one bank fails, this has a domino effect on other financial institutions and counterparties.

...

https://www.continuitycentral.com/index.php/news/business-continuity-news/3729-adam-s-law-vulnerability-to-disruption-increases-with-development

(TNS) — Garfield County, Okla., Sheriff's Office is offering training in active-attack response to area schools and also will provide the course to employees at the county courthouse.

Acting Sheriff Jody Helm said this is the third year the sheriff's office has offered training to county schools. Previous training topics concerned weapons in schools and drugs in schools.

"They've been really receptive," Helm said.

Deputy Lloyd Cross presented the training, from the Advanced Law Enforcement Rapid Response Training at Texas State University, Wednesday to the staff of Kremlin-Hillsdale High School.

Cross said the goal was to present the information to administrators and teachers and not determine policy for the school system.

...

http://www.govtech.com/em/preparedness/-Oklahoma-Sheriffs-Office-Providing-Active-Attack-Response-Training.html

Many times when we talk abut communications plans and campaigns, we focus on the tactics. Which makes sense – there are the things we can see. The clever social media post, the direct mail piece, the slick website. But the true way to evaluate a communications plan or marketing campaign is through measurement.

My favorite way to illustrate the different types of measures and how they work comes from the book Effective Public Relations, Ninth Edition. This is the book I used to study for my Accreditation in Public Relations, and it’s still on my shelf, dog-eared and bursting with post-it notes. I have adapted their graphic into my own, which you can see here:

...

https://cordeliaandersonapr.com/2019/02/14/how-to-measure-communications-plan-success/

Friday, 15 February 2019 14:57

How to measure communications plan success

When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.

Today, enterprises consist of complex interconnected environments made up of infrastructure devices, servers, fixed and mobile end-user devices and a variety of applications hosted on-premises and in the cloud. The problem is traditional cybersecurity teams were not designed to handle such complexities. Cybersecurity teams were originally built around traditional IT—with a specific set of people focused on a specific set of tools and projects.

As enterprise environments have grown, this siloed approach to cybersecurity no longer works. When each member of your security team is only focused on one narrow slice of the pie, it’s far too easy for adversaries to enter through the cracks. The following are critical steps chief information security officers (CISOs) must take in order to establish a dream team for the new age of cybersecurity.

...

https://www.darkreading.com/cloud/how-to-create-a-dream-team-for-the-new-age-of-cybersecurity/a/d-id/1333849

Truth is, in most of the reports we write about how to prepare your company for the future, two major recommendations always come out: Get your C-level leaders on board, and cultivate a culture that can transform your business. The first is crucial yet obvious, and I’ve grown tired of writing it. The second, culture, is equally obvious, but it’s also huge. Yes, we have statistically measured the role of culture in successful digital transformations and found that culture is the strongest predictor of whether you’ll make it. But culture is enormous, and changing it can feel overwhelming.

Today we offer a lifeline of incredible value. Culture can encompass a myriad of things, but it is best measured at the level of individual employees. Do they like being there? Do they support the mission of the organization? Do they feel supported in trying to accomplish the goals of the company? All of these things matter, but today the responsibility for engaging employees is diffused across the org. HR helps but focuses on narrow metrics while not touching on the business strategy. Leaders occasionally try to motivate with enthusiasm, but they don’t rigorously account for the impact of their demands on the employee base. And when you add technology, it’s clearly not IT’s job to make sure people feel like the tech is helping them as much as it’s helping the customer. Drowning yet?

That’s where our lifeline comes in: “Introducing Forrester’s Employee Experience Index.” Rather than simply telling you to go engage your employees, we’ve systematized the process. We’ve spent two years surveying more than 13,800 employees in seven countries. Drawing from the best of three decades of organizational psychology research, we’ve constructed a tool that identifies what an engaged worker looks like and then worked backward from there to figure out what factors either help or hurt employee engagement. The result is a clear blueprint for inspiring, empowering, and enabling your employee base. 

...

https://go.forrester.com/blogs/engaged-employees-you-cant-get-there-without-them/

Page 1 of 2