Your Business Continuity Lifeline
Public Relations Society of America (PRSA)
Time: November 7 – 10, 2009
Location: San Diego, CA USA
Contact info: www.prsa.org
————————————-
Time: November 15 – 18, 2009
Location: Phoenix, AZ USA
Contact info: www.7x24exchange.org
———————————————-
Time: November 18, 2009
Location: Los Angeles, CA USA
Contact info: www.theitsummit.com
Financial Services ISAC Fall CIP Congress
Time: October 4 – 6, 2009
Location: TBD USA
Contact info: www.fsisac.com
————————————-
Time: October 7 – 9, 2009
Location: Orlando, FL USA
Contact info: www.ifma.orlandomeetinginfo.com
————————————————
Time: October 13 & 14, 2009
Location: The Sheraton New York
Contact info: http://www.scmagazineus.com/SC-World-Congress-2009/section/886/
———————————————————————————————————-
Time: October 21, 2009
Location: Richmond, VA USA
Free to ICOR Members
Contact info: www.theitsummit.com
————————————————-
Time: October 22, 2009
Location: Philadelphia, PA USA
$100 Discount to ICOR Members
Contact info: www.nationaldisastersummit.org
———————————————————
Contingency Planning and Management (CPM) East 2009
Time: October 27-29, 2009
Location: Hilton Orlando Bonnet Creek
Orlando, FL 32821
Contact info: http://cpm-east.com/
——————————————–
Computer Security Institute Annual Conference
Time: 24-30 October, 2009
Location: Gaylord National Resort and Convention Center
201 Waterfront St.
National Harbor, MD 20745
Contact info: http://csiannual.com
———————————————-
Time: October 31 – November 5, 2009
Location: Orlando, FL USA
$50 Early Registration Discount to ICOR Members
Contact info: www.iaem.com
————————————
World’s Largest BC/DR Conference
Time: 13-16 September, 2009
Location: Sheraton San Diego Hotel & Marina
1380 Harbor Island Drive
San Diego, CA 92101-1092
Contact info: http://www.drj.com
——————————————
MESW 09
Midsize Enterprise Summit West
Time: 13-16 September, 2009
Location: Hyatt Regency Century Plaza
2025 Avenue of the Stars
Los Angeles, CA 90067 United States
Contact info: http://everythingchannelevents.com/mesw09
———————————————————————–
Titled: Counter-Terrorism: Emerging Technological Solutions
Panel Moderator: Donald Byrne, North River Solutions, LLC
Time: 15 September, 2009
Location: Northeastern University
Waltham, MA
Contact Info: www.entretechforum.org
————————————————-
Time: September 15-16
Location: Sydney, Australia
Contact Info: www.gartner.com
———————————-
Time: September 16
Location: Baltimore, MD USA
Free to ICOR Members
Contact Info: www.theitsummit.com
——————————————–
Time: September 17
Location: Seattle, WA USA
$100 Discount to ICOR Members
Contact Info: www.nationaldisastersummit.org
———————————————————
Lunch and Learn Session: “Business Continuity: What Is It and Why Is It Important?”
Time: 18 September, 2009
Location:
George Mason University,
Fairfax County Campus, Virginia
Contact info: info@RadianCompliance.com
——————————————————-
Gartner Information Security Summit
Time: September 21 – 23
Location: London, UK
Contact Info: www.gartner.com
————————————–
Time: September 21 – 23
Location: University of Warwick, UK
Contact Info: www.theirm.org
————————————-
American Society for Industrial Security Conference
Time: 21-24 September, 2009
Location: Anaheim Convention Center
800 West Katella Ave.
Anaheim, CA 92802
Contact info: http://www.asisonline.org
—————————————————————————-
Uniting the World of Service Management
Time: 20-23 September 2009
Location: Gaylord Texan Resort and Convention Center
Dallas, TX
Contact info: http://itsmfusion.com
———————————————
Time: September 30
Location: Phoenix, AZ USA
Free to ICOR Members
Contact Info: www.theitsummit.com
———————————————-
Institute for Business & Home Safety
Time: Fall 2009
Location: Lansdowne, VA USA
Contact Info: www.disastersafety.org
———————————————-
Compliance
Certification or confirmation that the doer of an action (such as the writer of an audit report), or the manufacturer or supplier of a product, meets the requirements of accepted practices, legislation, prescribed rules and regulations, specified standards, or the terms of a contract.
Copyright©2009 BusinessDictionary.com
Compliance audit
Audit undertaken to confirm whether a firm is following the terms of an agreement (such as a bond indenture), or the rules and regulations applicable to an activity or practice prescribed by an external agency or authority.
Copyright©2009 BusinessDictionary.com
Compliance test
Audit undertaken to confirm whether a firm is following the rules and regulations (prescribed by its internal authority or control system) applicable to an activity or practice. See also substantive test.
Copyright©2009 BusinessDictionary.com
Conformance
Certification or confirmation that a good, service, or conduct meets the requirements of legislation, accepted practices, prescribed rules and regulations, specified standards, or terms of a contract.
Copyright©2009 BusinessDictionary.com
Supplier quality assurance
Confidence in a supplier’s ability to deliver a good or service that will satisfy the customer’s needs. Achievable through interactive relationship between the customer and the supplier, it aims at ensuring the product’s ‘fit’ to the customer’s requirements with little or no adjustment or inspection. The US quality guru Joseph Moses Juran (born 1904 in Romania ) divides the supplier quality assurance process into nine steps: (1) definition of the product’s quality requirements, (2) evaluation of alternative suppliers. (3) selection of the most appropriate supplier, (4) conduction of joint quality planning, (5) cooperation during relationship period, (6) validation of conformance to requirements, (7) certification of qualified suppliers, (8) conduction of quality improvement plans, (9) creation and use of supplier ratings.
Copyright©2009 BusinessDictionary.com
Conflict resolution
Intervention aimed at alleviating or eliminating discord through conciliation.
Copyright©2009 BusinessDictionary.com
Scope of work
Chronological division of work to be performed under a contract or subcontract in the completion of a project. Also called work scope.
Copyright©2009 BusinessDictionary.com
Work scope
Alternative term for scope of work.
Copyright©2009 BusinessDictionary.com
Information security
Safe-guarding an organization’s data from unauthorized access or modification to ensure its availability, confidentiality, and integrity.
Copyright©2009 BusinessDictionary.com
Inherent risk
Probability of loss arising out of circumstances or existing in an environment.
Copyright©2009 BusinessDictionary.com
Risk mitigation
Systematic reduction in the extent of exposure to a risk and/or the likelihood of its occurrence. Also called risk reduction.
Copyright©2009 BusinessDictionary.com
Business continuity
Ability of the key operations of a firm to continue without stoppage, irrespective of the adverse circumstances or events.
Copyright©2009 BusinessDictionary.com
Business continuity planning (BCP)
Task of identifying, developing, acquiring, documenting, and testing procedures and resources that will ensure continuity of a firm’s key operations in the event of an accident, disaster, emergency, and/or threat. It involves (1) risk mitigation planning (reducing possibility of the occurrence of adverse events), and (2) business recovery planning (i.e. ensuring continued operation in the aftermath of a disaster).
Copyright©2009 BusinessDictionary.com
Business continuity program
Ongoing management-level process to ensure that necessary steps are regularly taken to identify probable accidents, disasters, emergencies, and/or threats. It also involves (1) assessment of the probable effect of such events, (2) development of recovery strategies and plans, and (3) maintenance of their readiness through personnel training and plan testing. See also business impact analysis.
Copyright©2009 BusinessDictionary.com
Business risk
Probability of loss inherent in a firm’s operations and environment (such as competition and adverse economic conditions) that may impair its ability to provide returns on investment. Business risk plus the financial risk arising from use of debt (borrowed capital and/or trade credit) equal total corporate risk.
Copyright©2009 BusinessDictionary.com
Disaster recovery
Process of returning an organization, society, or system to a state of normality after the occurrence of a disastrous event.
Copyright©2009 BusinessDictionary.com
Operational risk
Probability of loss occurring from the internal inadequacies of a firm or a breakdown in its controls, operations, or procedures.
Copyright©2009 BusinessDictionary.com
System testing
The process of performing a variety of tests on a system to explore functionality or to identify problems. System testing is usually required before and after a system is put in place. A series of systematic procedures are referred to while testing is being performed. These procedures tell the tester how the system should perform and where common mistakes may be found. Testers usually try to “break the system” by entering data that may cause the system to malfunction or return incorrect information. For example, a tester may put in a city in a search engine designed to only accept states, to see how the system will respond to the incorrect input.
Copyright©2009 BusinessDictionary.com
System analysis
Use of experimental approach (simulation) in understanding the behavior of an economy, market, or other complex phenomenon where mathematical analysis techniques are inadequate or unfeasible. See also system dynamics and systems analysis.
Copyright©2009 BusinessDictionary.com
System dependability
Probability that a computer or other system will perform its intended functions in its specified environment without significant degradation.
Copyright©2009 BusinessDictionary.com
Quality management system (QMS)
Collective policies, plans, practices, and the supporting infrastructure by which an organization aims to reduce and eventually eliminate non-conformance to specifications, standards, and customer expectations in the most cost effective and efficient manner.
Copyright©2009 BusinessDictionary.com
Niche marketing
This is the practice of concentrating all marketing efforts on a small but specific and well defined segment of the population. Niches do not ‘exist’ but are ‘created’ by identifying needs, wants, and requirements that are being addressed poorly or not at all by other firms, and developing and delivering goods or services to satisfy them. As a strategy, niche marketing is aimed at being a big fish in a small pond instead of being a small fish in a big pond.
Copyright©2009 BusinessDictionary.com
Regulations
A type of “delegated legislation” promulgated by a state, federal or local administrative agency given authority to do so by the appropriate legislature. Regulations generally are very specific in nature; they are also referred to as “rules” or simply “administrative law.”
Source: Georgetown Law School
Best Practices
Methods and techniques that have consistently shown results more superior than those achieved with other means, and which are used as benchmarks to strive for.
Source: Business Dictionary, COM
Standards
Documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose.
Source: International Standards Organization – ISO
Spoliation
Spoliation, in a legal context, is any act that renders potential evidence invalid, either intentionally or through negligence. In the case of a document, for example, destroying, altering or hiding it would all be considered spoliation if the document were relevant to current litigation.
Spoliation is illegal in many countries, including the United States, and is punishable by fine and/or incarceration. Furthermore, the legal system has established through case law that when spoliation has occurred it may be inferred that the evidence was unfavorable to the responsible party. As a result, that inference may be factored into the decision of the case.
Spoliation comes from the Latin spoliare, meaning to plunder. The use of the word in its current legal context dates back to a Roman rule of conduct, Omnia praesumuntur contra spoliatorem, which translates, roughly, as “Let everything be presumed against the spoiler of evidence.”
SearchCIO.com Definitions (Powered by WhatIs.com)
Cold site
In business continuity planning, empty building equipped with electric power, air conditioning, telephone connections, water, etc., but without computers, office equipment, and furniture. A cold site provides a less timely response to a disaster because it must be converted into a hot-site for use.
Source: Business Dictionary, COM
Hot site
Fully-equipped alternative computer center, office, work space or industrial facility that can be made immediately available to continue critical business functions affected by a disaster at the primary location. See also cold site and warm site.
Source: Business Dictionary, COM
Internal Audit
An audit conducted by, or on behalf of, the organization itself for management review and other internal purposes, and which might form the basis for an organization’s self-declaration of conformity.
Source: International Standards Organization – ISO
Organization
A group of people and facilities with an arrangement of responsibilities, authorities and relationships. An organization can be public or private.
Source: International Standards Organization – ISO
Process
A set of interrelated or interacting activities which transforms inputs into outputs.
Source: International Standards Organization – ISO
Recovery time objective (RTO)
A target time set for resumption of product, service or activity delivery after an incident.
Source: International Standards Organization – ISO
Resiliency
The ability of an organization to resist being affected by an incident.
Source: International Standards Organization – ISO
System
A set of interrelated or interacting elements.
Source: International Standards Organization – ISO
Incident
A situation that might be, or could lead to, a business disruption, loss, emergency or crisis.
Source: International Standards Organization – ISO
Critical activities
Those activities which have to be performed in order to deliver the key products and services which enable an organization to meet its most important and time-sensitive objectives.
Source: International Standards Organization – ISO
Consequence
The outcome of an incident that will have an impact on an organization’s objectives. There can be a range of consequences from one incident. A consequence can be certain or uncertain and can have positive or negative impact on objectives.
Source: International Standards Organization – ISO
Cost-benefit analysis
A financial technique that measures the cost of implementing a particular solution and compares this with the benefit delivered by that solution. The benefit may be defined in financial, reputational, service delivery, regulatory or other terms appropriate to the organization.
Source: International Standards Organization – ISO
Disruption
An event, whether anticipated or unanticipated, which causes an unplanned, negative deviation from the expected delivery of products or services according to the organization’s objectives.
Source: International Standards Organization – ISO
Exercise
An activity in which the business continuity plan(s) is rehearsed in part or in whole to ensure that the plan(s) contains the appropriate information and produces the desired results when put into effect. An exercise can involve invoking business continuity procedures, but is more likely to involve the simulation of a business continuity incident, announced or unannounced, in which participants role-play in order to assess what issues might arise, prior to a real invocation.
Source: International Standards Organization – ISO
Invocation
An act of declaring that an organization’s business continuity plan needs to be put into effect in order to continue delivery of key products or services.
Source: International Standards Organization – ISO
>Maximum Tolerable Period of Disruption
The duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed.
Source: International Standards Organization – ISO
Nonconformity
The non-fulfillment of a requirement. A nonconformity can be any deviation from relevant work standards, practices, procedures, legal requirements, etc.
Source: International Standards Organization – ISO
Emergency planning
The development and maintenance of agreed procedures to prevent, reduce, control, mitigate and take other actions in the event of a civil emergency.
Source: International Standards Organization – ISO
Likelihood
The chance of something happening, whether defined, measured or estimated objectively or subjectively, or in terms of general descriptors (such as rare, unlikely, likely, almost certain), frequencies or mathematical probabilities. Likelihood can be expressed qualitatively or quantitatively. The word “probability” can be used instead of “likelihood” in some non-English languages that have no direct equivalent.
Source: International Standards Organization – ISO
The loss of data in your corporate environment, can be like flipping a 2 headed coin and calling ‘Tails’. No matter which ‘Head’ comes up….you lose. Data loss for the purpose of this article is defined as the permanent unforeseen loss of data or information. The definition of the 2 heads of the coin can be viewed as– loss due to unforeseen destruction of the data, or – loss of data due to a security breach.
Unforeseen destruction of Data –
There are 3 reasons where your organization has unforeseen destruction of data;
Poor handling can be linked to everything from accumulated dirt within the device that stores the data, to electro-static discharge, to the failure of an HVAC system to maintain a constant cool temperature. No matter what the reason, important data that was there a minute ago is now gone. If no copy of the lost data exists, the loss of the data can be devastating to your business.
Security Data Breach –
The other reason for data loss, which unfortunately is occurring with increased frequency, is categorized as a breach of security. The loss of a laptop, thumb drive, or other media is considered a security breach data loss. Also include in this category is the introduction of a virus into your system or worse, an attack by a hacker where data to diverted away from your environment a security breach, even a disgruntled employee gaining access to confidential information and selling it or using it against the organization
Consequences
The loss of business due to an unforeseen data loss or a security breach can be permanent. The publicity alone can have a devastating aftershock. Data that is destroyed AND then unrecoverable is seen within any industry as poor business process. Loss of supplier contracts and consumer confidence is most likely evident.
Now consider that while you may have the same devastating business loss as you suffered above, with a data breach, you may now have additional, and expensive responsibilities. If the data that was lost is considered confidential and consumer related, it is considered a Security Data Breach which may require your organization to conform to any number of Data Breach Notification Laws or risk federal or state penalties. The notification process is very expensive; current estimates are over $200.00 per account lost, and penalties and fines are starting to increase to unrecoverable amounts.
Ways to Prevent Data Loss
The most economical way to prevent the permanent loss of data is to have a back-up of that data. This can be accomplished not only easily, but relatively inexpensively. Newer technologies have made not just the creation, but also the storage of duplicate data cheaper than it’s ever been. Although many organizations continue to create back-up tapes every day and move those tapes off-site, the electronic vaulting of data or even full replication of the data is now easier than its ever been. It is also proving to be a more reliable recovery method.
Another way to help prevent data loss is by maintaining a clean environment for your corporate servers, disk arrays, and other storage devices. The accumulation of particles on your storage devices never has a good outcome. So similar to how you make sure your kitchen counter clean before you prepare food, always make sure the area where you store your data is clean and secure
To help prevent a security breach, various appliances and software solutions are available, everything from encryption to biometics may be used. The trick here is to make sure that the end user is comfortable using the solution and can easily adapt to it.
Having reliable security controls in place will also help reduce the risk of sensitive data being removed without your knowledge. Creating corporate policies and communicating them to your customers and employees will assist in the education of how important your organization takes the securing of it critical data.
For more information on data loss please visit us at www.continuitycompliance.org
Written by Lisa
Dealing with an airborne toxin
Immediate evacuation is not always a best practice response to accidental chemical plumes or other non-nuclear airborne hazard releases. Not only is it challenging to initially notify and direct the potentially affected populations, but issues such as the safest direction to evacuate (if any), population density, and type of toxic agent are situation-specific and in some cases require minute to minute meteorological information to be valid. Follow-up instructions for these populations are as important as the initial notification, but are frequently taken for granted or omitted in Emergency Response Plans.
Oak Ridge National Laboratory has defined four levels of sheltering: Normal, Expedient, Enhanced, and Pressurized.[1]
Only the first two levels are commonly available. The above study states that the effectiveness of sheltering in place is subject to
Guidelines for SIP must be specifically drawn for each threat. A weighted multi-dimensional Decision Matrix can be developed using event-specific parameters. Visually, this matrix would resemble the famous Rubix cube. Some of the parameters that would be included in such a decision process would be:
I. Effectiveness of Notification and Update Methods
II. Education of Population and Media
III. Education of Emergency Response teams
IV. Meteorological Data
V. Presence of Additional Threats
VI. Population Density
VII. Road Conditions and Transportation issues
VIII. Time (Season, Daylight) of Event
IX. Shelter-in-place locations and characteristics
X. Presence of Symptomatic People or Animals
XI. Medical Surveillance and Oversight
XII. Toxin concentration and health effects
Often forgotten is the question “At what point is it more dangerous to remain sheltering in place?” Argonne National Laboratory (ANL) has studied this issue[11] and suggested steps toward building a decision-tree or matrix for instituting and terminating SIP under very controlled circumstances at or near Army chemical stockpile sites. This document contains a useful bibliography. It concluded that there are no “off-the-shelf” methods available to institute, manage, or terminate SIP.
Based on multiple studies and methodologies, a general timeframe for particle infiltration was sought for unpressurized structures, leading to a determination of when the shelter would become more contaminated than the outside air. Options for dealing with this included ventilating the shelter while occupied or exiting the shelter and relocating. The ANL study concluded that further development was needed. As part of that development, they have designed Sync Matrix planning software.[12] Homeland Security also has begun using the Sync Matrix Planning Process to study the “disaster dimensions of time, space, and hazard characteristics.”[13]
Other study groups have asked similar questions, including queries about how to handle populations emerging from an SIP episode.
Others have approached single issues through a Decision Matrix. An example is the Agency for Healthcare Research and Quality study of Call Centers for Crisis Support, performed as part of the U.S. Dept. of Health and Human Services.[14] An example of a simple ranked Decision Matrix is described by the Hancock County [Maine] Hazard Mitigation Plan.[15]
Continuity Compliance continues to monitor these complex response issues and to support the development of a Decision Matrix to aid clients in designing their own specifically tailored education and response plans.
For more information on this subject, other business continuity topics or business continuity policies please write to:
Written by Don
[1] Sheltering_In_Place_As_A_Public_Action.doc.
[2] Actions_To_Take_When_Ending_Shelter_In_Place.doc
[3] Shelter_In_Place_It_Works_With_You.doc
[4] Shelter_In-Place_In_The_Work_Environment.doc or Shelter_In_Place.doc
[5] Issues_Related_to_Expedient_Shelter_In_Place.doc; see also EXPED.doc and Expedient_Respiratory_And_Physical_Protection.doc
[6] Residential_Shelter_In_Place.doc
[7] NICs_SIP_brief-examples.doc
[8] Family.doc
[9] Protecting_Building_Hazardous.doc
[10] Protecting_Buildings_From_A_Biological_Or_Chemical_Attack.doc
[11] Temporary_Shelter_In_Place.doc
[12] http://www.dis.anl.gov/projects/sync_matrix_planning.html
[13] http://www.globalsecurity.org/security/systems/synchronization-matrix.htm
[14] http://www.ahrq.gov/prep/callcenters/callapp1.htm
[15] http://www.co/hancock.me/us/pdfs/Mitigation%20Plan%20-%20Strategy%205.pdf
Events of recent years have demonstrated that having an alternative worksite is not only prudent, but an essential precaution. Considered an element of Business Continuity, in some industries the decision to maintain an alternative worksite is not a choice but a matter of regulatory compliance.
Sungard, Hewlett Packard, International Business Machines, and large numbers of regional vendors offer various shared facility programs. In some cases, the vendor supplies a fully equipped infrastructure complete with computers, telecommunication equipment, printers, high volume mailing systems, and high speed Internet access – all for a fixed monthly charge. In other cases, the offering consists of little more than an empty warehouse or ready-to-move-in office. There are even mobile options consisting of specially equipped trailers that can be driven to your facility and used as temporary office space for weeks at a time.
Choosing from these alternatives can be an overwhelming undertaking, especially for managers who are unfamiliar with this area of Business Continuity Planning. The following “checklist” is designed to help our clients perform a self-assessment and make an informed decision.
While important, the selection of an alternative work site involves more than a decision about a site’s location. The following list provides a few of the business continuity policy issues, grouped into seven categories that should be discussed before choosing an alternative worksite.
Organizational Preparedness
Business Continuity Policies
Facility Infrastructure
Information Technology Support Services
Local Support Services
Accessibility
Security
For more information on this subject, other business continuity topics or business continuity policies please write to:
Info@ContinuityCompliance.org
Physical information security, although vital to information security strategy, does not garner as much attention as more technologically sophisticated security techniques. This inattention to physical information security exposes an organization to a host of threats, both natural and man-made, that can cause serious damage to infrastructure and assets, as well as disruption of operations. Mitigation of physical information security risks like fire, theft, vandalism, terrorism or natural disaster can be achieved through prevention, detection and planning.
Prevention measures usually incorporate barriers that deter would be attackers and features that “harden” a facility against natural disasters or accidents. Deterrents can include door locks, biometrics, man-traps, fences, moats, file cabinet locks, shred bin locks, laptop/desktop computer locks, and clean desk policies. Features that may harden a facility in the event of a natural disaster or accident include earthquake resistant construction, fire suppression systems, redundant power supply to data centers, redundant cooling in data centers, multiple telco feeds, raised floors, and data center design that minimizes the need to access the server area.
Detection can be achieved through various notification systems and surveillance methods. Building automation systems and data center monitoring devices can be used to alert of temperature deviations, humidity levels, water detection, intrusion detection, smoke detection, heat detection and equipment function. The automation systems and monitoring devices allow remote management of the facilities. Surveillance can incorporate on-site physical monitoring using security guards, as well as cameras and video/digital recording equipment.
The last mitigation technique, planning, can be implemented as a preventive measure, but can also be used as a recovery method after a physical information security breach. Organizations need to develop plans for how to recover from flood, earthquake, fire or power loss, as well as theft, burglary or vandalism. Planning helps an organization assess vulnerabilities, measure probability of occurrences, and create processes and procedures for mitigating damage and interruption of operations. Successful planning will enable the organization to recover effectively and efficiently, thereby preserving the organization’s reputation and standing.
Organizations need to be sure they have strong physical information security measures in place at their premises and should also review prevention measures of vendors who may be providing information or data center services, in order to ensure information is adequately protected from physical threats.
When I was a kid my favorite cereal was Post’s Alpha-Bits. I spent hours trying to find all the little cereal letters to spell my name in the bowl on the breakfast table. Some days I had success and others were dismal failures with nothing but vowels, P’s, Q’s and X’s. These days when looking at the business cards of business continuity professionals, I revert back to that alphabet soup that was in my cereal bowl.
Credentialing Organizations
Today business continuity professionals have several options when looking to obtain business continuity certifications. There are many credentialing organizations with various training and testing programs, each with their own experience requirements and continuing education point systems. In alphabetic order, the major credentialing organizations are:
The Business Continuity Institute (http://www.thebcicertificate.org/index.html)
The Business Continuity Institute was founded in 1994 and is headquartered in the United Kingdom. They have a membership scheme of credentialing for their association. You can pass the BCI certification exam or you can pass with merit. The level of passing the exam and your experience in the business continuity field will determine the level at which you can be a member of the professional association. Please see their website for specific requirements for each level. The BCI certification levels are:
Business Resilience Certification Consortium International (http://www.brcci.org/)
BRCCI is an open non-profit international business resilience certification body and association that emphasizes business continuity and enterprise risk management to develop business resiliency. They have varying levels of membership and certification. Anyone who is interested in business resiliency is able to join the association at an associate level without taking an exam. The BRCCI certification levels are:
DRI International (https://www.drii.org/)
DRI International was founded in 1988 and is headquartered in Conway, Arkansas. They provide business continuity training and certification. Their certification levels require an exam, experience levels, and references. The certifications available are:
International Consortium for Organizational Resilience (http://www.theicor.org)
International Consortium for Organization Resilience (ICOR) is a not-for-profit education and credentialing organization. They have several levels of membership in the organization and many different certification programs all relating to organizational resilience. The credentialing is based on education, experience, continuing education, certifications, authoring and public speaking. Their credentialing levels are as follows:
There are many options for business continuity certifications being offered to professionals today. We have listed just a few of the major providers of credentialing and certification. Please refer to the organization websites for all the details regarding the certification programs.
Information security risks abound in today’s information age. How many risks below can you correctly match with their definitions?
| 1. Virus | A. Deliberate malicious damage or destruction of property. |
| 2. Worm | B. Illegally implanted non-replicating computer code that does damage to local computer when launched. |
| 3. Malware | C. Hidden method for bypassing computer’s authentication system. |
| 4. Botnet | D. A process or state of combustion in which fuel is ignited and combined with oxygen to produce light, heat and flame |
| 5. Theft | E. Computer program that captures or records keystrokes to illegally obtain passwords or encryption keys. |
| 6. Rootkit | F. Any type of software that has a malicious intent. |
| 7. Backdoor | G. Illegally implanted computer code that destroys data when the program is downloaded. |
| 8. Spyware | H. Army of infected computers formed by a virus that orders the infected machines to follow instructions from attacker. |
| 9. Keylogger | I. Illegally implanted computer code that intends to take control of the computer operating system without the owner’s consent |
| 10. Fire | J. An attempt to make computer resources unavailable to intended users. |
| 11. Trojan Horse | K. A segment of self-replicating, illegally implanted computer code that is intended to damage or shut-down a computer or network. |
| 12. Vandalism | L. Software that secretly records information about a person or organization. |
| 13. Distributed Denial of Access | M. The wrongful taking of property of another. |
Answers: 1. G, 2. K, 3. F, 4. H, 5. M, 6. I, 7. C, 8. L, 9. E, 10. D, 11. B, 12. A, 13. J.
In a recent article written by NICOLE PERLROTH a potential risk mitigation event was revealed and should be cause for all organization’s to re-verify that camera’s used in their corporate board rooms are properly and verifiably protected from hackers. Ten years ago, videoconferencing systems were complicated and erratic, and ran on expensive, closed high-speed phone [...]
The actions and decisions of Google can potentially affect many information security teams in organizations across the globe. With that thought in mind, a recent announcement by Google to alter its privacy policy and terms of service to reflect the fact that it is now going to combine data from its various services into a [...]
In response to a few recent inquiries and comments from readers working in the educational field, and, in particular for those readers working in a university campus information security department, who requested that more discussions and information be presented on the topic of e-discovery relevant to a university campus environment, our staff would like to [...]
follow: RSS Tweet with me