Social Networking Threat to Business Security

March 31, 2010

Social networking has long been suspected as being a potential information security threat for business.  And, in a recent Security Threat 2010 report from Sophos, it was announced that after an analysis of all the submitted survey data in this report, businesses believe that social networking  poses one of the biggest threats to information security for their organizations.

The Sophos report lists the order of the top three threats from social networking to be from Facebook (the highest), followed by MySpace and Twitter.  Only 4 percent of the survey results named LinkedIn as a security threat.

An article on this topic was recently written by Carrie-Ann Skinner, and published on the PC World website.  This article expands on the findings of the Sophos report, and, has some interesting links to help your business continuity and risk management team members stay current on this important security system and otherwise enterprise security risk topic. Click here to read Carrie-Ann Skinner’s article.

Another resource for addition to your team’s information security risk library of reading might be two interesting blog entries by Graham Cluley  as also published on the Sophos website, entitled: (1) “Do You Support Facebook’s Proposed Privacy Policy Changes?”  and (2) “Facebook Privacy Settings: What You Need to Know”  

With Facebook reported as the highest social networking potential risk to many organizations, the information provided by Graham Cluley should be required reading for those security analyst members of any company’s risk management teams responsible for writing and enforcing internal information security policies and procedures. 

Click here to read blog entry #1 and click here to read blog entry #2.

All of the referenced websites above also include many connecting links that offer additional resource materials — please let us know if this referenced information has helped your organization deal with its own real world social networking risks …..Thank you.

Business Continuity Awareness Week’s PS-Prep Presentation is a Keeper

March 29, 2010

Hopefully, many of our readers were able to take advantage of the valuable free informational offerings provided during  Business Continuity Awareness week which was held 22-26 March 2010.  As a reminder, most of the webinars and general information presentations which were recorded during last week, are now available to be viewed again or heard for the first time — we urge you to pass this reminder along to your business continuity and risk management team members. 

Because of so much recent interest shown by our readers to learn more about Private Sector Preparedness or PS-Prep, we would like to focus your attention particularly on the PS-Prep presentation given by Robert Whitcher, Product Manager for the British Standards Institute (BSI) and which was entitled “PS-Prep Overview: What Is It and Why Is It So Important?” 

We believe that Robert Whitcher’s presentation and subject matter content is a great addition to our website’s PS-Prep content offering to its readership.

This presentation as well as all the other presentations given through the http://www.businesscontinuityawarenessweek.org/ website are now available as recorded sessions accessible via the  http://www.brighttalk.com/ website.  In order to see and hear Mr. Whitcher’s PS-Prep presentation (or any of the others), a short free  registration process is required. 

Once you complete the short registration process, you will also be able to then access and view all the many other recorded sessions that took place during last week’s Business Continuity Awareness Week period– in other words, you will have a mini-library of business continuity, security and risk management related resources that will be a significant addition to even the best of resource libraries on these important organizational related topics.

Click here to see and listen to Robert Whitcher’s full presentation.

E-Discovery and Why It Could be Part of a Company’s Business Impact Analysis Process

March 29, 2010

In an interview recently published by the ITBusinessEdge website, and organized by one its writers, Lora Bentley, the following observation was quoted, “…according to recent surveys (by the law firm Fulbright and Jarworski), about three quarters of U.S. businesses have at least one lawsuit commenced against them in the past year, and one third had a regulatory proceeding commenced within the last year.”

This revealing fact brings our attention to an area of busines continuity that is often ignored by most small and mid-size businesses – i.e. e-discovery.   Since the recent changes to the Federal Rules of Civil Procedure, and some famous legal cases, including Zublake v. USB Warburg, numerous corporations have recently been sanctioned and fined because of their failure to identify, collect and produce electronically stored information (ESI) as required by the rules and the case law.  In other words, those companies were not prepared for what could have been a controlled and well tested internal e-discovery process which could have produced the required documentation on time and without those sanctions and economic penalties.

When these sanctions and fines are applied to small or mid-sized organizations, and when these same companies have to take their eyes off of doing their everyday activities to address the timely requirements from these e-discovery demands, the result can be a major threat and risk to the ongoing business continuity of those businesses.    

For this reason, we believe that it is important to not ignore e-discovery in your business impact analysis process. And, it is also important to keep current developments in e-discovery on the agendas of your business continuity and risk management and regulatory compliance team meetings.

To read more about the topic of e-discovery in Lora Bentley’s interview with Andrew Cohen, compliance solutions VP and associate general counsel, EMS Corporation, click here.

Continually Improve and Expand Your Organization’s BC Resource Library

March 26, 2010

The British Standards Institute (BSI), has created an online resource to help organizations learn more about Business Continuity Management (BCM) and can be viewed by clicking on the following website: http://www.talkingbusinesscontinuity.com/.

While the website has been live for several months, we realized from our internal marketing discussions that many of our readers may have not yet taken advantage of this free online BCM information source, and it might be time to remind our readers again of this valuable BCM resource.

While BSI certainly emphasizes its internationally recognized BCM standard BS 25999 on this website, it should be pointed out that this website does also offer a more general resource of information, website links, publications and webinars regarding business continuity, and, should be added to your organization’s resource library of required reading by all members of its business continuity and risk management teams.

Please let us know if you could suggest other additional reading and reference resources that we could pass along to our BC community of readers.

Canadian BC Professionals and Business Continuity Awareness Week

March 25, 2010

For all of our business continuity professionals in Canada, we would like to point your attention to an article regarded as a Government of Prince Edward top news story entitled, “Understanding the Value of Business Continuity Management”.

The article cites Attorney General Hon. Doug Currie, Minister Responsible for the Office of Public Safety, as encouraging Island businesses and organizations to take time during this Business Continuity Awareness Week to identify potential threats to their organization, determine how business operations may be impacted, and begin planning to minimize disruptions and ensure continuity of operations.

We agree with Minister Currie, and we would like to add that attention should also be paid to the many available resources offered during this Business Continuity Awareness Week.

Click here to read this article.

New 2010 Edition of NFPA 1600 Now Available

March 24, 2010

For many of our readers following the progress of the PS-Prep program, it is important to note that   The National Fire Protection Association (NFPA) has recently released the 2010 Edition of NFPA 1600®, Standard on Disaster/Emergency Management and Business Continuity Programs. 

If your organization is choosing the NFPA 1600 framework or standard as its guidelines to meeting the PS-Prep requirements, then click here to be taken to the NFPA press release that provides more details and information about this new edition of NFPA 1600, which is a completely revised and reorganized version that includes major changes to the technical requirements and definitions.

The press release also has an internal link where you can obtain a download copy of the new NFPA 1600 standard at no charge. 

Please pass this information along to the members of the business continuity and preparedness planning team(s) within your organization.

Updated BIA Calculator and Help Guide Now Provided

March 23, 2010

As a work in progress, please note that a new help guideline for how to use our Business Impact Analysis (BIA) Calculator has now been added to our website.

You can access this information by clicking here or by going to the Community Sandbox section of the homepage, and, then once you have clicked on the BIA Calculator tab,  go down and click on the “BIA Calculator Case Studies“ tab on that same page.

This additional information was provided as a result of the input and inquiries received by our development team, and those parties who have helped the testing of the calculator.  Please try this tool and give us your comments and/or suggestions for improving this community tool …… and pass this information along to the members of the business continuity and risk management planning teams in your organization.

Getting Our Storage Fix!

March 23, 2010

Many business continuity and risk management planners have covered the topic of information storage – e.g. what data do we save, how and where do we save it, and how quickly and completely can we retrieve it when needed? — as they try to include this critical IT function into their business continuity and disaster recovery plans.    

One of our contributing writers, Don Byrne, has written his take on the subject of data storage and we invite you to read and comment on his article as follows: 

Getting Our Storage “Fix”!

By, Donald Byrne CBCP, CDCP, CBRO-M, Lead Auditor 

While the cost of data storage continues to drop at an amazing rate, the world’s appetite for this commodity is growing at a phenomenal 60% per year according to a recent study by the research group IDC. and entitled, “Storage is a Narcotic”. 

The more you get the more you want,” says Greg Kenley, a leading data management expert. Kenley points out that the amount of information being generated is truly staggering. Each week, the New York Times contains as much information as a typical 18^th century adult would have been exposed to over the course of an entire lifetime. 

Today, more information is generated in one year than was discovered in the previous five thousand and the pace of knowledge creation in some disciplines grows at near exponential rates. For example, scientific discoveries, engineering breakthroughs, medical advances, and other technological insights more than double every year. 

Much of this knowledge explosion can be traced to the near ubiquitous nature of the Internet and its place in the fabric of our lives. Consider that in 1984 there were approximately 1,000 devices connected to an early version of the World Wide Web. By 1992 that number had grown one thousand-fold to 1,000,000 and by 2008 it increased to 1,000,000,000 devices. With widespread access comes increased usage. Consider, Google estimates that there are now 31 billion online searches conducted every month. In 2006, that number was 2.7 billion – an eleven-fold increase in three years! 

So what is happening to all this information? 

Much of it is ephemeral such as the three billion text messages sent every day. Few people have a need or interest in keeping a record of these highly abbreviated exchanges. But enough of the information is deemed worthy of filing that the storage market continues to grow seemingly without bounds. In 2010 over four exabytes (or 4,000,000,000 gigabytes) of unique information will be generated and much of it will be retained. 

Incredibly, unique material may represent only one-third of the total information stored online; implying that two-thirds of computer disks are filled with redundant material, rarely accessed and often outdated. It seems that most humans are data hoarders and have much in common with the unfortunates whose compulsion to retain material eventually can crowd them out of their homes. 

Perhaps it is in our nature to be storage junkies who clutter our online lives with redundant data and obsolete files. Just as narcotic addicts need enablers to help them support their habit, technology continues to deliver lower cost/high capacity devices that allow us to continue our “bad habit” without fear of exposure. Need another five hundred gigabytes? No problem, simply drop into any shopping mall and for less than $100, you can get your storage fix. 

Will these technical advances eventually cause us to change our attitudes toward what constitutes good and bad storage behavior? Is it time to rethink our view of storage ethics and not view data hoarding as bad behavior but rather something akin to antique collecting? 

Maybe we should reverse the question and ask “What is wrong with keeping one or more copies of everything we ever wrote, read, saw, photographed, or thought?” If it is now technically feasible never to have to delete any bit of information that you create, send or receive, why not do it? 

Of course such a decision does lead to a different and currently more difficult question. If you kept everything you ever created, how would you find anything? Let me suggest we leave that question to be answered by whatever company eventually succeeds search engine giant Google.

For now, I would be content to find all my tax information.

Red Cross’ Ready Program and Business Continuity Awareness Week

March 22, 2010

With this week being recognized as Business Continuity Awareness Week, we thought it would be very appropriate to remind our readers once again to visit the website of the American Red Cross’ Ready Program. 

If an emergency struck tomorrow, would your business or organization be able to efficiently and effectively manage the safety of staff and members, maintain lines of communication, access needed supplies and information, and continue operations?

If you answered either “no” or “not sure” to the question above, then at least,  go to the Red Cross’ website, download and introduce the easy questionnaire found on that website to your organization’s business continuity and risk management  planning teams.

Click here to go to that Ready Program website and link to that questionnaire….

Business Continuity Awareness Week 2010: March 22-26

March 19, 2010

The Business Continuity Institute (BCI) reminds us of the annual global Business Continuity Awareness Week (BCAW), which runs from March 22^nd through March 26^th, 2010.  The theme of this year’s BCAW is “Solving the Business Resilience Puzzle”.

This week includes many virtual events that are open and free-of-charge to all – a standard internet connection is the only requirement to listen to and take part in live webcasts, as well as, gain access to online collateral, resources and tools.

“It’s fashionable to talk about business resilience these days, but how do you achieve it?” asked Lyndon Bird, FBCI, and International & Technical Director of the BCI. “business continuity management (BCM) is a proven methodology that helps organizations understand what is important to them and their stakeholders, and how to protect that value in the uncertain times that we all live in.

“This extraordinary week of knowledge-sharing has proven to be instrumental in strengthening the awareness of this critical business discipline as well as providing business continuity professionals with additional information all from the convenience of their computer.”

The full program of available webcasts can be viewed by clicking here, and the entire program of all events can be viewed at http://www.businesscontinuityawarenessweek.org/

There will be many opportunities for your organization to gain real business continuity, risk management and organizational resilience information by taking advantage of this BCI offering — be sure to pass this information along to your organization’s business continuity and risk management team members. 

During the week of 22-26 March, the BCI will also launch many new resources such as the much-anticipated Good Practice Guidelines 2010 which serve as the cornerstone for its professional certification; research on supply chain resilience, corporate governance and risk management; plus a number of new case studies.

Next Page »

• 
• 
• 
• 

• Subscribe

  • Subscribe to RSS
  • Comments

• Recent News

  • Career Options and the PS-Prep Program
  • E-Discovery – Compliance and Privacy Challenges
  • “Career Options and the PS-Prep Program” – July 27th, 2010 Webinar Reminder
  • Can Resilience be Enshrined in a Standard?
  • PS-Prep Developing Liability Protection?
  • PS-Prep Career Options Webinar
  • Emergency Plans and Behavioral Accuracy
  • Business Continuity Testing Guidance
  • Federal Cybersecurity Guidelines Document Update Released by NIST
  • Checklist Offered to Mitigate Project Related Risk Factors

• Categories

  • Events
  • Information
    • Auditing
    • Business Continuity Info
    • IT Service Management
    • Organizational Resiliency
    • PS-Prep Program
    • Regulatory Compliance
    • Standards & Best Practices
  • Security
    • Cybersecurity
    • Environmental Security
    • Executive Protection
    • Homeland Security Dpt
    • Information Security
    • Physical Security
    • Regulatory Compliance
    • Safety
  • Tools & Resources
    • Community Projects
      • Forms & Checklists
      • Glossary
    • First Timers
      • FAQs
  • Uncategorized

• Archives

  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

• What Others Are Reading About

  ANAB ASIS ASIS SPC.1-2009 best practices Business Continuity business continuity management business continuity planning Business Continuity Plans compliance compliance risk contingency planning corporate security crisis management cybersecurity cyber security data breach Department of Homeland Security DHS disaster recovery disaster recovery planning e-Discovery emergency response enterprise risk management FEMA Information Security information systems security network security NFPA 1600 organizational resilience Organizational Resiliency Physical Security preparedness privacy Private Sector Preparedness PS-Prep PS-Prep Program readiness Regulatory Compliance resilience Resiliency risk assessment risk management Security security management security policies Auditing (4)
  Business Continuity Info (89)
  Community Projects (2)
  Cybersecurity (26)
  Environmental Security (2)
  Events (3)
  Executive Protection (1)
  FAQs (1)
  Forms & Checklists (1)
  Glossary (2)
  Homeland Security Dpt (11)
  Information (2)
  Information Security (57)
  IT Service Management (6)
  Organizational Resiliency (12)
  Physical Security (15)
  PS-Prep Program (57)
  Regulatory Compliance (16)
  Regulatory Compliance (9)
  Safety (4)
  Standards & Best Practices (9)
  Tools & Resources (4)
  Uncategorized (2)
  

  WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.