February 5, 2012

Posts Comments

You are here: Home / 2010 / Archives for April 2010

Business Continuity Lessons Learned from a Volcanic Ash Cloud

April 30, 2010 By Leave a Comment

Our writers and staff agree that Keith Sherringham, a contributing writer for the continuity central website, offers a great summary, viewpoint on the issues and a presentation of business continuity lessons and insights to be learned from the recent volcanic ash cloud incident.

Some of the insights stated by Mr. Sherringham, and offered to business continuity managers in general include at least the following:

* Business redundancy – businesses that have a natural redundancy and resilience capability built in as part of everyday operations were well placed before, during and after these events.

* Crises are part of the business landscape – crises are a routine part of business of as usual and not a special event.

* Supply chain logistics – the incident highlighted the criticality of managing supply chain logistics and the need for sustainable contingencies

* Building a better business – priority on building a better business using business continuity and disaster recovery as ways to driver out issues and in the process, build natural redundancy and resilience and have the appropriate crisis management, business continuity and disaster recovery capabilities as a bonus from these activities.

The article also does a fine job in listing some complementary reading on the topic of business resiliency and business in tough times, and should be recommend reading for your organization’s business continuity and risk management teams.

Click here to read Keith Sherringham’s full article.

Filed Under: Business Continuity Info Tagged With: , , ,

Privacy Law Violation Leads to Prison Time

April 29, 2010 By Leave a Comment

We would venture a bet that many of our readers and information security managers would never believe that anyone ever caught violating a privacy law such as HIPAA would ever be sent to prison.  Yet that is exactly what happened to a former UCLA Healthcare System surgeon who illegally read private electronic medical records of celebrities and others. 

In an article recently written by  Howard Anderson, Managing Editor, and posted on HealthcareInfoSecurity.com., we are told that Huping Zhou of Los Angeles is the first defendant in the nation to receive a prison sentence for a HIPAA privacy violation, according to the U.S. attorney’s office for the central district of California.

This would be an interesting article to share at your next company meeting discussing the topics of information systems security, information security policy, personal privacy rights or HIPAA compliance issues.  Certainly these privacy laws were written and adopted with the full intent to be enforceable as an effective deterrent.

Click here to read the full article.

Filed Under: Information Security Tagged With: , , , ,

IT Service Management — Meeting Business Requirement Gap

April 28, 2010 By Leave a Comment

In spite of volumes of information available on the importance of managing organizational change and aligning IT with the business, recent surveys and correspondence reviewed by this website reveals that many organizations are still experiencing a significant gap between the services IT provides and those that are needed by the business. 

As part of this website’s education efforts, we suggest that you inform your internal IT Service Management and ISO 20000 team members about the itSMF USA 2010: On-Line Conference series of presentations around this topic.  The presentations can be scheduled to be heard either live on the original presentation date(s) or as a recorded resource to be heard later.

At the same time, we also realize that our readers are fully aware of the significance of managing organizational change and the importance that role plays in supporting the organization’s business continuity and disaster recovery plan strategies.  Certainly having these presentations as an available resource for these planning groups is a good thought as well.

Click here to attend or listen to a presentation.

Filed Under: Risk Management Tagged With: , , , ,

Revisited Security Trend Report by SANS Institute

April 27, 2010 By Leave a Comment

The most visited pages on our website often have to do with any publication or posting regarding a trend in any of the industry sectors reported under our continuity or compliance management methodologies.  Our posting today references such an issue regarding the topic of organizational and personal information security.

Many of our readers, who are part of business continuity or risk management teams, read, utilize and save such referenced articles and/or postings to keep their resource libraries current – especially regarding today’s topic of information security in a cyberspace environment.  In fact, even though the original report was issued nearly four (4) years ago, many will be surprised to see the same cybersecurity threats still affecting their organizations today.  With so many similar general information security trends and threats still present, it may cause us to rethink how much progress has really been made in fighting these cybersecurity threats.

Very often this website refers to the SANS Institute for referenced postings, research reports, and predicted security trends to provide reading and research resources for those risk management teams. 

As a general background, we wish to remind everyone that the SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.

With all those thoughts above in mind, and perhaps, offering a lesson of how to potentially learn from the past, we suggest revisiting and reviewing the SANS’ posting of the ten most important security trends and passing that information along to those information security and risk management specialists in your organization.

Click here to read the complete  Ten Most Important Security Trends Report by the Sans Institute.

Filed Under: Cybersecurity, Information Security Tagged With: , , , , , , , ,

Canada Emergency Preparedness Week — May 2-8, 2010

April 26, 2010 By Leave a Comment

Emergency Preparedness Week (EP Week) is a Canadian annual event that takes place each year during the first full week of May. This national event is coordinated by Public Safety Canada, in close collaboration with the provinces and territories and partners.

During Emergency Preparedness Week, activities are organized across Canada to raise awareness of the importance of having an emergency kit; making an emergency plan; and identifying risks in the region. These three simple steps can help Canadians prepare for all types of emergencies, and be a benchmark for preparedness guidance  for each of us and the organizations we work for…..as our neighbors to the North, it is also a complimentary information resource to the United States’ FEMA PS-Prep program.

For more information regarding what preparedness events are happening across Canada, please click here…..

Filed Under: PS-Prep Program Tagged With: , , ,

Company Wikis – A Collaborative Tool and Potential Crisis Management Channel

April 23, 2010 By Leave a Comment

For any of our readers who are struggling with their ability to embrace their company wiki, we recommend reading a recent article written by Ann All, and posted on the IT Business Edge website.  We also think there is an implied message in this article regarding the potential for a company wiki to play in its crisis management and disaster recovery planning strategy.

As business continuity and disaster recovery planning managers seek new technology to assist the achievement of their strategic, operational and crisis management goals, the use of the company wiki is a methodology that should not be overlooked.  While promoted primarily as a collaborative tool for improving business processes, we believe that there may well be a hidden opportunity to expand the value of a company wiki to be a potential additional communication channel in a crisis management or disaster recovery situation.

By better understanding if and how a company wiki can potentially add value to your crisis management or disaster recovery plan, your risk management team members can then evaluate if and how a company wiki might help achieve their risk management goals and objectives.  We believe that the information Ann All shares in her article may start that thinking process.

And, in any case, this article is a good candidate to place in the resource libraries of your business continuity and risk management team members.

This internet posting can be viewed as a slideshow to receive a quick run-through of pointers Ann culled out of her research, or you can read Ann All’s full post entitled “Why Aren’t More of Us Using Wikis?

Filed Under: Business Continuity Info Tagged With: , , , , ,

Cyberspace and Cybersecurity — The New Battlegrounds

April 22, 2010 By Leave a Comment

Cyberspace and Cybersecurity – The New Battlegrounds

There have been many postings on this website to address the subject of both cyberspace and cybersecurity and the potential threat it poses to organizations and individuals.

Unfortunately, our staff of writers continues to encounter a lack of serious attention paid to this cyber threat on a small and mid-sized enterprise (SME) level.  It appears that until a major disruption or incident actually happens to such organizations, this form of threat does not become a real priority for upper management to properly evaluate as a potential risk to that organization, and then properly mitigate as a real risk against that organization.  We believe the large global enterprise level of organizations and governments understand this concern but more awareness and preventive actions are required by those SME companies — and more effort should be made to incorporate this risk analysis effort by those in-house individuals responsible for internal  business continuity planning, preparedness and risk management activities.

At times, organizations do have to look at other resources to help them better define their risk assessment strategies in this cyberspace area.  It is with this in mind, that we point our readers to a recent article written by Senator Susan Collins and posted as a press release on the Senate Committee on Homeland Security and Governmental Affairs website.

In this article Senator Collins points out very clearly that cyberspace and cybersecurity related dangers pose serious threats to all of us. Hackers could attack critical civilian infrastructures, such as electrical grids, transportation systems, and communications, affecting whole communities. The Senator also states that our military assets are at risk, too. In fact, military officials now describe cyberspace as the fifth domain of war — following land, sea, air, and space. They note that cyberspace is unique because it is the only battlefield to be invented by humans.

The article also asserts that in February, Dennis Blair, the Director of National Intelligence, gave this chilling account before the Senate Select Committee on Intelligence: “The national security of the United States, our economic prosperity and the daily functioning of our government are dependent on a dynamic public and private information infrastructure, which includes telecommunications, computer networks and systems and the information residing within. This critical infrastructure is severely threatened.” Cyberspace, he said, “is exponentially expanding our ability to create and share knowledge, but it is also enabling those who would steal, corrupt, harm or destroy the public and private assets vital to our national interests.”

How vulnerable does our government think we are? Consider these statistics from the Senate’s Sergeant-at-Arms Office, which found that Congress and other government agencies are under a cyber attack an average of 1.8 billion times a month, compared with an average of 8 million times a month in 2008.

The Senate Security Operations Center alone receives 13.9 million of those attempts per day.

We operate in an escalating attack environment in which threats to our information infrastructure are increasing in both frequency and sophistication,” said Senate Sergeant-at-Arms Terrance Gainer in testimony before a Senate Appropriations subcommittee in March. “Our raw numbers bear this out, so we must remain on guard.”

More gathered data from ongoing survey efforts now seems to be raising a more urgent alarm for SME’s to recognize this cyberspace and cybersecurity risk as a real threat to them too – not only to itself as an organization, but more importantly, to its suppliers, employees, customers and communities which are the foundation of its very existence.

Click here  to read about additional findings revealed by Senator Collins.

Filed Under: Business Continuity Info, Cybersecurity Tagged With: , , , ,

Measuring Resiliency for PS-Prep

April 20, 2010 By Leave a Comment

We suggest viewing a presentation, which was given by Don Byrne at the 2010 Continuity Insights conference recently held from April 12-14 in New Orleans — it offers additional insight and understanding to FEMA’s PS-Prep program.

The title of Mr. Byrne’s presentation is “Measuring Resiliency for PS-Prep.”

To learn more about the U.S. Federal government’s PS-Prep initiative please go to PS-Prep Overview  and to view Mr. Byrne’s presentation Click Here.

Mr. Byrne is a staff reporter for ContinuityCompliance.org and president and CEO of two companies: North River Solutions and Metrix411.

Filed Under: PS-Prep Program Tagged With: , , , ,

Citizen Corps Encourages Individual and Corporate Preparedness

April 16, 2010 By Leave a Comment

As FEMA’s PS-Prep program comes closer to being a reality in our country, for our companies and for our citizens, it is important to revisit the significant role that the Citizen’s Corps has and will play to ensure a more secure and safer homeland by being better prepared, trained and involved in the support of first responders.

Many of our readers as individuals and as members of preparedness teams in organizations embrace the concept of personal responsibility to be prepared; to get training in first aid and emergency skills; and to volunteer to support local emergency responders, disaster relief, and community safety.

As a general background, Citizen Corps was created to help coordinate volunteer activities that will make our communities safer, stronger, and better prepared to respond to any emergency situation, and, to build on the successful efforts that are in place in many communities around the country to prevent crime and respond to emergencies.

Click here to read more about the Citizen Corps and discover opportunities for you and your organization to pursue and help support local emergency responders, disaster relief, and community safety.

Filed Under: PS-Prep Program Tagged With: , , , , , , , , , , ,

What is CLOUD, Inc.?

April 15, 2010 By Leave a Comment

CLOUD Inc. is the Consortium for Local Ownership and Use of Data, a non-profit organization that has filed for 501(c) (6) status with the IRS and is open to people, companies, and other organizations. CLOUD has been formed to create standards to give people property rights in their personal information on the Web and in the cloud, including the right to decide how and when others might use personal information and whether others might be allowed to connect personal information with identifying information.

The CLOUD website was introduced to our team by one of our contributing writers, and after several internal team meetings and discussions,  we thought it might be of some value to our readers to at least be aware of its existence.

Many postings on this website have tried to address a variety of internet and cybersecurity related privacy issues, but, we believe this CLOUD approach to personal information ownership and privacy status of that information is unique enough to present to our readership for comments and opinions.

Click here to read more about CLOUD and please let us know your thoughts and opinions…..thank you.

Filed Under: Information Security Tagged With: , , ,
« Older Posts