May 17, 2012

Posts Comments

You are here: Home / Archives for 2010

Business Continuity 2010 : Top BC Planning Tips

December 29, 2010 By Leave a Comment

In a recent posting on the SearchDisasterRecovery.com website, we offer our readers the ability to take advantage of some great research and practical offerings regarding business continuity planning.

 Even though in recent studies, it has been shown that most organizations are working harder on business continuity planning, we still reminded that many gaps still exist in this critical planning process.  According to a recent survey entitled, “2010 Disaster Recovery Survey,” funded and presented by the Symantec group, 72% of organizations experience downtime due to system upgrades; and 64% of organizations experience downtime due to configuration change management issues. 

What does this mean to the business continuity planners in your organization?  Certainly, most of us are aware of the fact that increasingly complex IT environments are making the process of both IT and organizational business continuity planning more difficult.

To help our readers formulate the best business continuity planning strategy for their own organization, we suggest you read this article, where you can read about the suggested top five business continuity strategies, and download an offering of their best business continuity planning templates

A summary of the top five selected BC strategies are focused on the following areas:

  1. Emergency Communications Planning
  2. Emergency Evacuation Plans and BC
  3. Business Impact Analysis Planning
  4. Business Continuity Templates for SMB’s
  5. Maximum Tolerable Period of Disruption (MTPOD) in Business Continuity Planning

Click here, to read the full article and get some valuable template downloads from the SearchDisasterRecovery website.

If you found this information valuable and applicable, please pass it on to those business continuity, disaster recovery, emergency responders, or crisis management team members in your organization.

Filed Under: Business Continuity Info Tagged With: , , , , , , , , , , , ,

Business Continuity Planners: “In Case of Emergency – Pack Snowshoes”

December 29, 2010 By Leave a Comment

As the year 2010 winds down, Lisa DuBrock, one of this web site’s contributing editors, points our direction to a recent article written by Owen Edwards, published by the Smithsonian magazine  and titled, “In Case of Emergency, Pack Snowshoes”.  

This article talks about Charles and Anne Morrow Lindbergh’s travels in 1933 over the Artic to scout possible commercial air routes for Pan Am, but, more importantly, it is also a reminder that we often need to be aware of  the “calculated, acceptable levels of risk” in what we do – even if not at a level of intensity as presented by Charles Lindbergh in this article.   As Ms. DuBrock states, “…I always knew Charles Lindbergh was an explorer and on the forefront of aviation, however I never knew that he was arguably an accomplished Continuity Planner and Risk Manager.” 

As we quickly now pass into the New Year, we remind our readers to think about Charles Lindbergh’s seeming obsession with taking calculated risk and planning for the unexpected and try to apply some of that same obsession to our business continuity planning and risk management proactive policies and procedures for increasing our personal preparedness levels where we live and for the organizational readiness and resiliency levels of where we work.  

To read this interesting article in its entirety  – CLICK HERE

And of course, if you find this material applicable, please pass it along to those disaster preparedness and disaster recovery team members in your organization.

Filed Under: Business Continuity Info Tagged With: , , , , , , , , , , , ,

Season's Greetings from ContinuityCompliance.org

December 24, 2010 By Leave a Comment

The ContinuityCompliance.org staff would like to take this opportunity to offer Seasons Greetings to all our readers.

Filed Under: Business Continuity Info, Regulatory Compliance

Privacy Rights and Why Santa Claus Was Flagged for the “Do Not Fly” List

December 22, 2010 By Leave a Comment

A recent article written by Ms. Smith and posted on the NetworkWorldCommunity website caught the eye of our staff — and — given this website’s commitment to report on all matters concerning information security, network security and the protection of private rights of individuals – especially when we noticed that Santa Claus was being flagged for the “Do Not Fly” watch list — we were obliged to bring this article to the attention of our readers.

From the article’s information, and a statement from Mrs. Claus, it appears that “…after shoppers at a famous retailer were encouraged to report suspicious activity observed from in-store videos, names on the naughty list skyrocketed and it crashed the North Pole Naughty or Nice database. Since the flood of “bad people” names originated in America, Santa felt compelled to travel to the U.S. for a fact finding mission. Flying commercial also would give him a first-hand look to observe activities of the TSA to see if claims by many citizens were true or not. Santa wanted to know what was happening to America.”

To get the full story from this investigative trip by Santa, and find out the conclusions reached by Santa regarding this trip, CLICK HERE.

Filed Under: Information Security, Security Tagged With: , , ,

Information Management Predictions for 2011

December 20, 2010 By Leave a Comment

For over 60 years, AIIM has been the leading non-profit organization focused on helping users to understand the challenges associated with managing documents, content, records, and business processes. AIIM was founded in 1943 as the National Microfilm Association and later became the Association for Information and Image Management. AIIM is also known as the enterprise content management (ECM) association.

As we have done in the past, we would like to point our reader’s attention to an article, written by John Mancini, the President of AIIM, and posted on the Digital Landfill website associated with the AIIM group.  The title of the article is “The 12 Days of Christmas – My 12 Information Management Predictions for 2011” — and— given the increased attention to the need to heighten information security levels in most organizations, along with the strong positive correlation between information management and information security, we recommend adding this article to the reading list of those information security and risk management team members in your organization.

Some of the predictions claimed by Mr. Mancini are listed below:

  1. Smart organizations will rethink what control and governance mean in this new era and only seek to control what must be controlled.
  2. The “business” will demand cuts in legacy system spending to fund new initiatives centered on customer engagement and operating flexibility.
  3. Social “neighborhoods” will spring up in organizations.
  4. Many organizations will see SharePoint as the answer to content chaos. However, with IT in control, content chaos will often be replicated inside of SharePoint.
  5. Ubiquitous access to social and corporate information through portable devices will present new security challenges of a complexity once faced only by governments.

Click here to read the full article.

Filed Under: Cybersecurity, Information Security Tagged With: , , , , , , ,

Disaster Recovery Global Study — Latest Report Released

December 18, 2010 By Leave a Comment

A recent disaster recovery study report from Symantec – e.g. the sixth annual “Symantec Disaster Recovery Study – Global” — demonstrates and clarifies the many challenges that data center managers face in managing disparate virtual, physical and cloud resources. 

The study points out that these ever-changing resources add complexity for organizations protecting and recovering mission-critical applications and data. In fact, the data revealed that virtual machines are most often not properly protected because of resource and other storage constraints that hamper backups. 

The study also found a huge gap in terms of how fast IT managers think they can recover and how fast they actually do. 

In addition, organizations still experience more downtime than they should from basic causes such as system upgrades, power outages and cyber-attacks..

Finally, from a positive perspective, the study shows significant improvements in disaster recovery testing frequency; however disruption levels to employees, sales and revenue were found to be still quite high.

Click here to read the full Symantec report and find particular information perhaps relevant to your organizaton.

If applicable, please pass this information along to those information security, data network security, risk management, business continuity, disaster preparedness / recovery or PS-Prep program team members in your organization.

Filed Under: Business Continuity Info, Information Security, Organizational Resiliency Tagged With: , , , , , , , , ,

iPhone PatriotApp – "Game Changer" or "Big Brother"?

December 17, 2010 By Leave a Comment

In an recent article written by Matt Liebowitz and posted on the http://www.msnbc.msn.com/ website, we revisit an updated version of a very controversial application for iPhones which is getting a lot of buzz again on the web.  And, while it is gaining popularity, it is at the same time, also attracting scorn from people who disagree with the controversial law on which it is based.  That application is called the “PatriotApp” and can be downloaded free from the iTunes store website.  You can find more detailed information also on the www.patriotapps.com website. 

Launched in September, the “PatriotApp” allows people to report criminal or suspicious activity to several federal agencies, including the FBI, EPA, CDC and GAO (Government Accountability Office), the office responsible for investigating public funds. It also includes RSS feeds for the FBI’s Most Wanted list and the Department of Homeland (DHS) Security’s threat level, and allows people to report workplace harassment and discrimination. 

Playing off the Patriot Act name, “the app was founded on the belief that citizens can provide the most sophisticated and broad network of eyes and ears necessary to prevent terrorism, crime, environmental negligence, or other malicious behavior,” according to Patriotapps.com.

Our staff has been following this story since it was introduced last September, and from the information discusssed in Mr. Liebowitz’s, we believe it should be brought to the attention of those risk management, physical security, network security and disaster preparedness team members in your organization. 

Click here to read Mr. Liebowitz’s full article and follow the links to other locations addressing the controversy surrounding this latest attempt to increase our awareness and ability to achieve real time reporting status of conditions which have the potential to become a disruptive event for ourselves, where we live and for the companies where we work. 

Do you have a strong opinion about this technology approach?  Do you see it as being more of a “Big Brother” control play?  Or, do you see it as the kind of “game changer” claimed in Mr. Liebowitz’s article?

Filed Under: Physical Security, Safety, Security Tagged With: , , , , , , , , , , , , , ,

WikiLeaks Present Benchmarking and Learning Opportunity for Enterprises

December 16, 2010 By Leave a Comment

In a recent article, written by Brian Roddy (Jive Software), entitled “WikiLeaks Teaches Enterprises 5 Hard Truths”, and posted on the CIO website, we can read about lessons to be learned from the ongoing WikiLeaks imbroglio.  Bottom line message from this posting shows that enterprises can no longer ignore the reach of social networking or shifting paradigms about privacy rights in a challenging cybersecurity environment for both organizations and individuals.

We believe that the truths shared by Mr. Roddy are also great lessons which should be noticed, evaluated and treated by enterprises as both risks and opportunities.

Click here to read about the lessons to be learned.

Please share this information with all of the risk management, information security, data network security and computer security policy team members in your organization.

Filed Under: Cybersecurity, Information Security Tagged With: , , , , , ,

BCM.01-2010 (New Business Continuity Standard) in the News Again

December 15, 2010 By Leave a Comment

Photo courtesy of blog.abn.org.au

BCM.01-2010 (Business Continuity management Systems: Requirements with Guidance for Use (ANSI/ASIS/BSI BCM.1-2010)) — the new business continuity management standard that is the product of collaboration between ASIS International and the British Standards Institute (BSI) — has been receiving new posting coverage on a variety of websites again lately.

As this website posted earlier this year, this new standard has been designated an American standard by the American National Standards Institute (ANSI).  And, we are pleased to also remind our readers, that two of our staff members – Ms. Lisa DuBrock and Mr. Don Byrne – were very active participants of several committees and discussions leading to the final development and issuance processes for this standard.

In an article recently posted on the Security Magazine website, it was stated that “…the standard provides auditable criteria with accompanying guidance for developing and implementing a business continuity management system that improves an organization’s ability to prepare for, respond to, and recover from a disruptive event.“  Click here to read the full article.

Using the globally-accepted ISO “plan-do-check-act” model, the new ASIS/BSI business continuity management standard specifies requirements for planning, establishing, implementing, operating, monitoring, reviewing, exercising, maintaining, and improving a Business Continuity Management System.

However, a question that remains to be answered regarding this new standard is “Will the Department of Homeland Security (DHS) add this new offering to the list of approved standards for PS Prep?” 

While it can be stated that no one knows for sure, this website did build a case for this and that position was posted earlier on our website … click here.

Meanwhile, we do feel fairly confident in stating that the ASIS/BSI Business Continuity Management Standard complements the ANSI/ASIS Organizational Resilience standard (ASIS SPC.1-2009) as well as BSI’s BS 25999 standard and addresses most if not all of the core elements of the DHS PS-Prep Program.

If applicable, please pass this information along to those business continuity, risk management, organizational resilience and compliance management team members in your organization.

All ASIS Standards and Guidelines are available through the ASIS website, http://www.asisonline.org/.

This website is committed to keeping our readership informed and up to date as more details and postings emerge around and about this topic.

Filed Under: Business Continuity Info, PS-Prep Program, Regulatory Compliance, Standards & Best Practices Tagged With: , , , , , , , , , , , , , , , , ,

Online Privacy Policies Called for by FTC

December 15, 2010 By Leave a Comment

One of our staff writers called our attention to an information security and privacy related article recently posted on the HealthCareInfoSecurity website.   In this article, entitled “FTC Calls for Online Privacy Policies”, it states that a new Federal Trade Commission report on privacy endorses implementation of a “do not track” mechanism so that consumers can choose whether to allow the collection of data regarding their online searching and browsing activities. From the comments received on this website, and the perceived need to do a better job of protecting individual and organizational privacy, our staff believes that this FTC action to promote a better cybersecurity environment  has merit and should be supported as much as possible.

The 122-page preliminary FTC staff report, “Protecting Consumer Privacy in an Era of Rapid Change,” concludes that industry efforts to address the need to develop a privacy culture through self-regulation “…have been too slow and up to now have failed to provide adequate and meaningful protection“. The report calls for a framework that includes many protections.

“This proposal is intended to inform policymakers, including Congress, as they develop solutions, policies and potential laws governing privacy, and guide and motivate industry as it develops more robust and effective best practices and self-regulatory guidelines,” according to the report.

FTC Chairman Jon Leibowitz says that in addition to making policy recommendations, the agency “will take action against companies that cross the line with consumer data and violate consumers’ privacy, especially when children and teens are involved.”

We encourage our readers to view this report to better understand the issues, the recommended actions and the long-term direction intended by the FTC regarding the protection and enforcement of rights of privacy for us all.

To help that process, your comments and reactions to this preliminary privacy report are requested and being accepted through Jan. 31, 2011.  Click here to link to the proper submittal form for your comments so that you can be properly represented as this preliminary report will become the basis for a better and more effective enforcement and protection of privacy rights for all.

Filed Under: Cybersecurity, Information Security Tagged With: , , , , ,
« Older Posts