May 17, 2012

Posts Comments

You are here: Home / 2010 / Archives for February 2010

Physical Security and IT Security Convergence: Myth or Reality

February 9, 2010 By Leave a Comment

With so much emphasis today being placed on the need for cost reduction(s) in organizations, the topic of evaluating, implementing and executing plans for potentially integrating elements of IT and physical security is often raised as a primary way to eliminate redundancies and lower expenses.   However, we believe a strong element of caution is warranted before this step is taken.

If your organization is considering this option or if your company is too small to have separate departments (i.e. CSO vs CIO) handling physical security and IT security, then a recent article written by George Campbell and posted on the Computerworld website may be worth reading.

This article presents a logical reason for concern for anyone getting caught up in the convergence process for convergence sake and cost reduction motives only.  Mr. Campbell clearly states that “…Convergence of bits of techie stuff is NOT converged corporate security!”  And, he suggests that the convergence debate should seek an appropriate mix of IT services to support and not diminish the stated total corporate physical security functions goals and objectives.

Without such a level of sensitivity by IT  to the needs of the total physical security system requirements, an organization can too easily ignore the needs of other elements in the total security family – i.e. background vetting, due diligence, incident investigation, fraud risk management and safety, compliance and crisis planning and management functions, etc.

In one of the examples stated in the article to stress his point, Mr. Campbell states his concerns that while the IT brethren sweat bullets fixing a cyber attack, all too often they can and do trash evidence critical to the incident investigation process necessary to perform a proper cyber investigation report as it may relate to and include physical security processes and procedures.

If your organization is in the middle of such a debate to converge or not to converge your IT security and physical security functions within your organization, then, we believe that this article is worth reading and adding to your library of reference materials and links on this topic.

CLICK HERE to read the entire article.

Filed Under: Information Security, Physical Security Tagged With: , , , , ,

Security Threats to Business Continuity Affect All Business Owners – No Matter How Big or Small the Business

February 8, 2010 By Leave a Comment

Size does not matter when it comes to maintaining business continuity in light of security threats.

In a recent article written by Tom Collins, and posted on the Security Park.net website, this topic is addressed and is one we recommend to be added to the library of reading materials by our business continuity and security threat management community of readership.

In his article, Mr. Collins lists some of the key mistakes made by companies regarding their maintenance of ongoing business continuity and IT security readiness levels within their organizations:

  1. My data is secure; I have it backed up on-premise”
  2. “I just bought a new PC, so I already have the latest and greatest security software loaded.”
  3. “I installed new security protection software in the past couple years or so.”
  4. “ I have to update my browser and operating system(OS) security patches myself, and I just do not have the time.”

If your company entertains any of these common culprits of business continuity threats, you will want to read the entire article to view more of the detailed advice and findings presented by Mr. Collins.

Many business continuity and risk managers will encounter many threats in their careers.  We challenge them to learn from their mistakes and from the mistakes and advice offered by others who share that knowledge with websites like continuitycompliance.org.

Therefore, we hope you keep visiting this website and others like it to stay current and updated on this critical subject for your organization.

Filed Under: Business Continuity Info, Information Security Tagged With: , , ,

Security Governance Frameworks Needed to Counter Ongoing Cyber Security Threat

February 7, 2010 By Leave a Comment

An analysis of a recent report released at the Davos Economic Summit in January 2010, and posted on the Gerson Lehrman Group website on February 7th, claims that nations across the globe have low levels of preparedness to meet cyber attacks which have the potential of devastating impact.  This report further states that countermeasures against denial of service attacks, network intrusions, etc., must include appropriate legislation, budgetary support and enforcement activities working primarily through security governance frameworks to be totally effective.

An additional point to note is that while this report is primarily focused on nations across the globe, we believe that there is a strong message as well for the many public and private sector organizations within the United States, and in particular for the many security and risk managers who visit and read the postings on this website.

The basic conclusion by the writer of this report is that countermeasures to cyber security threats have to include a combination of regulatory requirements, government-industry collaboration, security awareness, security governance framework, organizational structures and budgetary support for implementation of effective security practices.  The analysis also is concerned that the current focus of critical infrastructure has been on reliability and availability and not on security – that has to change.

If you too have found that making a case for receiving budgetary support to control cyber security is a major challenge facing your security risk management team, then we believe that reading this article and analysis may provide with you a new and more effective argument to present to your management in order to receive their support to better protect your organization from this ongoing and growing cyber security risk.

CLICK HERE to read this analysis report.

Filed Under: Cybersecurity, PS-Prep Program Tagged With: , , , , ,

Twitter: Valuable Tool in Haitian Disaster Recovery Efforts

February 5, 2010 By Leave a Comment

As we continue to follow ongoing developments in the disaster recovery efforts in Haiti, we are finding that Twitter was often the most reliable way to pass on information between those  who have the potential to deliver relief to individuals most in need.  In many disaster areas, internet access can be weak and sporadic at best.  So when you could get an internet signal, communicating in short bursts becomes the most efficient way to send a message on the internet.

We believe that more awareness and understanding of Twitter is needed by our business continuity, crisis management and disaster planning teams, and, often that may mean planning for the use of Twitter as another channel of communications in their disaster recovery as well as  readiness and preparedness plans.

We realize, in some cases,  that even Twitter can have some downside issues to be addressed and we certainly are not suggesting that we avoid those issues at all.  However, when we see something that clearly exemplifies the benefits gained from Twitter, we want to bring that to the attention so that our business continuity planners remain in touch with this powerful tool that is constantly teaching people the power that information carries in these disaster recovery situations, and, how Twitter has the amazing ability to empower individuals to deliver and receive that information when and wherever it is needed most.

Therefore, we highly recommend reading a recent article, written by Jesse Stanchak, posted on the Smart Blog on Social Media website and entitled “Live from Social Media Week: How Twitter Saved Lives in Haiti”.

Click here to view the entire article.

Filed Under: PS-Prep Program Tagged With: , , , ,

DHS National Emergency Communications Goals Progress Report

February 4, 2010 By Leave a Comment

One of our regular readers, Katie Stefanich, recently submitted an article and press release that she thought would be of interest to the Continuity Compliance community — we agree with her and would add that the report referenced below should become part of your organization’s library of information relating to your business continuity and crisis management activities.

“[After the] Con Agra building explosion, many agencies requested to respond, but not all agencies knew how to find or obtain a patch to the used radio channels.” 

“First responders unable to coordinate with each other delayed services.” 

These are just two of the emergency communications challenges faced by first responders captured in CDW Government, Inc.’s 2009 Emergency Communications Report.  

Emergency communications improvement is imperative:  Nearly 30 percent of public-safety communications professionals said they experienced a communications challenge in the last year that hampered a response effort, according to CDW-G’s survey of more than 200 state and local public-safety communications professionals.  

In the report, CDW-G, a leading provider of technology solutions to governments, examines emergency communications progress and remaining gaps, and benchmarks progress toward meeting the goals of the Department of Homeland Security National Emergency Communications Plan (NECP), which set goals for demonstrating response-level emergency communications during routine and significant events involving multiple jurisdictions and agencies. 

More than a year after publication of the NECP in July 2008, just half of U.S. public-safety communications professionals are familiar with the plan. Yet despite low awareness, CDW-G found that once public-safety communicators were briefed on the NECP goals, an overwhelming majority – 93 percent – said the NECP has the potential to address their communications issues – and that a majority will meet or expect to meet the NECP’s goals on time.  

Please find the press release about CDW-G’s Emergency Communications Report below.  For a copy of the full report or to discuss the findings with a CDW-G public-safety communications expert, please do not hesitate to contact Katie at  kstefanich@okco.com . 

CDW-G Report:  Awareness of the DHS National Emergency Communications Plan (NECP) is Low,

but Its Promise is High 

“Just half of public-safety communications professionals were familiar with the NECP, yet when briefed, almost all believe it could address their communications challenges.”

Vernon Hills, ILL – CDW Government, Inc. (CDW-G), a leading source of Information Technology (IT) solutions to governments and educators, today released its 2009 Emergency Communications Report: Awareness and Progress Toward the National Communication Plan. 

The report benchmarks progress toward meeting the goals outlined in the Department of Homeland Security National Communications Plan (NECP) and identifies key challenges and highlights lessons learned.

While only half of public-safety communications professionals were familiar with the NECP prior to CDW-G’s survey, once briefed on its goals, an overwhelming majority – 93 percent – said the NECP has the potential to address their communications issues.  Emergency communications improvement is imperative:  28 percent said they experienced a communications challenge in the last year that hampered a response effort, and 61 percent said the ability to achieve and sustain seamless communications across jurisdictions and agencies is their No. 1 challenge to providing timely and effective emergency services. 

The NECP, which was published in 2008, recommends a multi-faceted approach to strengthening emergency communications capabilities nationwide, focusing on technology, coordination, governance, planning and training at all levels of government.  It sets the following goals:  

  • By 2010, 90 percent of all high-risk urban areas designated within the Urban Areas Security Initiative (UASI) are able to demonstrate response-level emergency communications within one hour for routine events involving multiple jurisdictions and agencies
  • By 2011, 75 percent of non-UASI jurisdictions are able to demonstrate response-level emergency communications within one hour for routine events involving multiple jurisdictions and agencies
  • By 2013, 75 percent of all jurisdictions are able to demonstrate response-level emergency communications within three hours, in the event of a significant incident as outlined in national planning scenarios 

Despite low initial awareness of the NECP, public-safety communications professionals indicate the goals are achievable.  Seventy-four percent said they will meet the 2013 target timeline for demonstrating response level emergency communications for significant incidents.  Still, many agencies and jurisdictions do not have formal plans to meet the NECP goals.  Just 46 percent of respondents familiar with the NECP said they have a written plan in place to meet the NECP goals.  

“The NECP has the potential to address public-safety communications problems, but to be successful, all jurisdictions and agencies must embrace the NECP goals and work to achieve them,” said CDW-G Vice President Bob Kirby.  “Every day, communities across the United States are affected by communications challenges – inability to communicate across agencies, across jurisdictions, during routine events and during significant incidents.  Formal plans to meet the NECP goals, backed by training, cross-agency and cross-jurisdiction collaboration, and technology infrastructure, can speed emergency response and save lives.”  

CDW-G’s national online survey, conducted during August 2009, collected responses from 210 state and local emergency communications professionals in 41 states.  The margin of error for the total sample is ±6.76 percent at a 95 percent confidence level.   

For a copy of the complete CDW-G Emergency Communications Report, please visit http://newsroom.cdwg.com/features/feature-10-26-09.html.

Filed Under: Business Continuity Info, Homeland Security Dpt Tagged With: , ,

Convergence Remains a Hot Topic for Business Continuity Planners

February 3, 2010 By Leave a Comment

From correspondence received and published on this website, we would have to agree that convergence within the business continuity community and its related disciplines is a hot topic.  However, we must stress that it is a topic that needs to be constantly watched, discussed, updated and debated by all business continuity and risk management team members.

It is with this intent that we refer our readers to a recent article written by Buffy Rojas and posted in the November/December 2009 edition of the Continuity Insights magazine.

This article presents a series of discussions and arguments to support and suggest that the dynamics of convergence present now in the BC community is less revolutionary than it is evolutionary and organic to the process itself.

The article builds an argument that the challenge to the BC community is to look within themselves and ask whether there is a fear of this convergence dynamic inherent in the BC community or should the community welcome the potential unions stemming from this convergence dynamic?

In this article, Buffy Rojas states, “I don’t think we should consolidate all disciplines into one department or group. What we should do is move quickly to begin to collaborate with others, by inviting our peers within risk management, security, business continuity, disaster recovery, emergency management, and crisis management to come to the table to talk and compare notes. We can begin by bringing these people together within our own organizations and not wait for the industry to open these doors.  If we can open up the possibility to share what we know with others and they in turn share with us, we will all benefit by learning more about our customers. We can design ways to do what we do more efficiently. We can use this cross-industry education as an opportunity to innovate. We can leverage the power of many, and we will develop higher levels of trust within the organization. These aren’t bad benefits to work towards.”

Filed Under: Business Continuity Info Tagged With: , ,

First -Ever Quadrennial Homeland Security Review Report Now Available

February 2, 2010 By Leave a Comment

The Department of Homeland Security (DHS) delivered the Quadrennial Homeland Security Review (QHSR) Report: A Strategic Framework for a Secure Homeland  to Congress on February 1, 2010. The QHSR outlines the strategic framework to guide the activities of participants in homeland security toward a common end.

The QHSR is the beginning of a multi-step process. It offers a vision for a secure homeland, specifies key mission priorities, outlines goals for each of those mission areas, and lays the necessary groundwork for the subsequent steps. The next step, which is currently underway, is a bottom-up review of the Department which will align the programmatic activities and organizational structure of the Department with the strategic framework set out in the QHSR. The third and final step of this process will culminate in the Department’s fiscal year 2012 budget submission.

Many of our readers and the companies they work for, have been following this website’s coverage of the Department of Homeland Security’s PS-Prep program.  This DHS report should be added to the reading list of your internal readiness and preparedness planning teams to assist their PS-Prep program activities.

Click here to see the entire report.

Click here to read an executive summary of the report.

Filed Under: Homeland Security Dpt, PS-Prep Program Tagged With: , , , , , ,

Newest Twitter Phishing Attack May Affect Social Networking Ties to Business Risk

February 2, 2010 By Leave a Comment

In a recent CNN article written by John D. Sutter, our attention is focused on yet another cybersecurity issue – e.g. a phishing attack scheme that recently hit Twitter and attempts to lure Web users to fake sites to steal personal information. 

With so many companies now integrating social networking into their internet marketing strategies or just having so many of their employees or associates utilizing Twitter, we recommend that the information in this article be brought to their attention and to the attention of your organizational risk management team members as soon as possible. 

CLICK HERE to read the full article and to determine what level of information security compliance controls may be at risk of failure or non-conformance in your organization.

Filed Under: Cybersecurity Tagged With: , , , ,

February is Earthquake Awareness Month for Missourians

February 1, 2010 By Leave a Comment

 When most of us think of earthquakes, we do not usually think of Missouri – yet – this month of February is Earthquake Awareness Month in Missouri.  This time has been chosen to provide critical information to Missourians about earthquakes in the New Madrid Seismic Zone (NMSZ).

The fact is that many Missourians experience small earthquakes weekly. 

The NMSZ, located in southeastern Missouri, northeastern Arkansas, western Tennessee, western Kentucky and southern Illinois, is the nation’s most active seismic zone east of the Rocky Mountains.  The fault cuts across the Mississippi River in three places and the Ohio River in two places.  More than 200 small earthquakes occur in the zone each year. 

So if your company is located in this seismic zone, you most certainly should be serious about implementing either a business continuity, a disaster recovery or a risk management and preparedness plan as soon as possible for your organization. 

As one of the first activities to search for the resources you would need to develop such a plan, your company should take advantage of and visit the various Missouri governmental departmental websites which are now offering events, information and resources capabilities to help your organization be prepared and ready for such a potential disaster.  

The Missouri Department of Natural Resources, the State Emergency Management Agency (SEMA), and the Missouri Seismic Safety Commission, and, others  will take part in a number of public activities to provide: scientific data about the New Madrid Seismic Zone, mappings for risk assessment, updated potential earthquake risks for citizens, and geologic information about the basics of earthquakes. 

We recommend that you have your risk organizational management teams and employees read a recent article posted on the Environment infoZine website (CLICK HERE) and, go to the following website for more related events and information:   http://dnr.mo.gov/geology.

Filed Under: Business Continuity Info, Physical Security Tagged With: , , , , , ,
Newer Posts »