February 5, 2012

Posts Comments

You are here: Home / 2010 / Archives for May 2010

Online Privacy Concerns

May 31, 2010 By 1 Comment

Some of this website’s recent postings, regarding the subject of privacy rights for individuals and organizations using the Internet, have resulted in increased reader viewing levels.  As a result, we would like to continue this positive trend and re-visit an earlier article written on this subject by Steve Lohr, and posted on the New York Times website earlier this year.  The article was entitled; “Redrawing the Route to Online Privacy”.

Our staff believes it is worth a mention and potential addition to our recommended reading list on this subject.  Read the full article….

Please pass this information along to your organization’s risk assessment and information security team members, and share your comments if you will …..

Filed Under: Information Security Tagged With: , , , ,

Business Resiliency for Small Business

May 29, 2010 By Leave a Comment

In a recent article written by Gerry Singson, posted on the Small Business Computing website, and entitled, “8 Ways IT Improves Small Business Resiliency”, we find some feedback received from a recent reported survey of 613 small business located nationally, and organized by CDW, a leading provider of information technology solutions.

That report is entitled “Report on Small Business Resilience” and identifies factors contributing to business survivability and examines elements of how small businesses have dealt with the ebb and flow of the economy – especially in recent times.  To find a quick summary of the findings of this report as well as a link to download the report, please click here

How does your organization fit into the results and suggestions for action sanctioned by this article and  report?

Would you pass this information along to the business continuity and risk assessment team managers and members of your organization?

Filed Under: Business Continuity Info Tagged With: , , ,

SAFETY Act – Often Overlooked Part of PS-Prep Program

May 28, 2010 By Leave a Comment

Many of our readers have responded to our postings regarding the PS-Prep Program and the events and information we have passed to them regarding the identification of widely accepted preparedness standards and the incorporation of those standards into company policies and procedures.

However, there is also an often overlooked and second program element to PS-Prep, which is focused on terrorism preparedness, and that program  is explicitly designed to help companies defend against lawsuits.

The DHS-administered Support Anti-terrorism by Fostering Effective Technologies (SAFETY) Act is intended to facilitate the development and deployment of “anti-terrorism technology” by capping (and in some circumstances precluding) liability for those who have developed or deployed the technology and received one of several types of DHS approval.

While the SAFETY Act applies only in the event of a terrorism incident, the definition of “anti-terrorism technology” is incredibly broad. It can include not only products and intellectual property but also services of various types. Many mundane services, including security services (e.g., guards), analytical services (e.g., risk assessments) or emergency preparedness services may qualify as “anti-terrorism technology.”

The relative scarcity of service companies that have sought SAFETY Act approval has been a surprise to many observers, including some in the SAFETY Act office at DHS, who have said that many companies may be missing opportunities to obtain significant liability protections.

For more information about this important and often overlooked part of PS-Prep, please click here.   

One of the first indications of this fact was brought our staff’s attention in an article written by Stephen Heifetz, and entitled; “An Ounce of Prevention: DHS Private Sector Preparedness Programs“.

Filed Under: PS-Prep Program Tagged With: , , , , , , , , , , ,

Privacy Matters

May 27, 2010 By Leave a Comment

In a recent posting on the ITBusinessEdge website, we found what our staff believes to be as one of the better “short and to the point” blog entries dealing with the topic of user privacy.  The other reason we like this posting is that we see this posting directed to a larger audience than just the audience of users on Facebook. 

When you look at the “Five Facts Facebook Should Know about Privacy” presented in this posting

            ●          Privacy Is Not Dead

            ●          Privacy Is an International Affair

            ●          Lip Service Won’t Cut It with Regulators

            ●          Simpler is Better for Users

            ●          Pushing the Envelope is not Always Worth It 

….. we believe that you too will see these facts as real and substantial elements of sound advice for anyone who is seriously concerned in general with protection of their rights to privacy.  

To read more of the details and information added to each of these presented facts, click here 

Nonetheless, and certainly not meant to belittle the concerns of Facebook users and the protection of their rights to privacy, we have also gathered some other related articles about privacy in general that we suggest should be added to the reading list of all organizational team members who are accountable for protecting the privacy rights of their associates along with all social networking related compliance risks and future information security audits facing their organization.  Those articles are titled: 

Seven Things to Stop Doing Now on Facebook 

Facebook CEO Zuckerberg announces new Privacy Tools 

U.S., D.C. Officials Call for Probe into Google’s Inadvertent Privacy Breach 

Facebook Pushes the Boundaries of Online Privacy Again 

Our staff hopes that you find this reading material relevant and valuable, and we ask again that you share your own comments on this topic so that our community of readers can be better informed and more valuable assets to their organizations.

Filed Under: Information Security, Regulatory Compliance Tagged With: , , , , , , ,

Top Corporate Compliance Risk Areas in 2010

May 26, 2010 By 1 Comment

Much of the subject matters discussed on this website are focused on identifying those risks which have the potential of creating conditions, incidents and disasters which could disrupt the operations of a company and at the very least stop that company from being able to keep its doors open for business and thus satisfying the requirements of its customers.

With that thought in mind, we recommend reading a recent article written by Mark Srere, and posted on the Corporate Compliance Insights website.

In his article, Mr. Srere states that compliance risks for U.S. companies will increase in 2010.  And, given the economic downturn and current market conditions, this prediction, if true, will create many difficulties for many organizations.

He goes on to list the following five areas that are expected to generate some, if not most, of the increased risks facing a company in 2010:

●          Impact of Healthcare Reform Legislation

●          Increased Regulatory Oversight and enhanced enforcement in variety of areas

●          Implications of increased use of social media

●          Anti-Fraud / Anti-Corruption Prosecution

●          Managing e-data and document productions for any litigation

Moving forward in 2010, many compliance departments within organizations (if they have any at all) may be facing similar departmental risks found throughout so many organizations today – i.e. those risks resulting from a common denominator dynamic called lack of sufficient resources.  While we often relate these risks in our business continuity and risk managements team meetings, it is important to focus on the compliance requirements surrounding these risks.

For more details click here to read more ….and then, ask the question, “How does my organization fit into these categories of risk?”

Please pass this information along to the appropriate compliance risk managers in your organization.

Filed Under: Regulatory Compliance, Regulatory Compliance Tagged With: , , , , ,

Business Continuity Planning and Preparedness Levels Improved

May 25, 2010 By Leave a Comment

The subject of business continuity has been the object of much debate among many organizations and we would hope remains at least a tentative line item on the agenda for most Board of Director meetings.

Fortunately, according to a recent study by AT&T, and for the period including the past five years, businesses across the U.S. are responding more to the need for business continuity planning.  That is encouraging news for so many of our readers who are also members of business continuitymanagement teams in their organizations. 

The AT&T Business Continuity Study was reported to have found at least the following:

●          83% of respondents stated that they have a BC plan in place (up 14% in the past five years)

●          Six out of ten (63%) include wireless network capabilities as part of their plan

●          77% indicate that employee use of mobile devices plays a major/minor role in the BC plan

●          50% have virtualized their computing infrastructure, with 38% having implemented a BC plan for the virtualized infrastructure

●          40% require suppliers and other vendors to have a business continuity plan in place in order to do business with the company

●          Three out of four executives surveyed are very/somewhat concerned about the increased use of social networking capabilities (77%) and mobile networks/devices (76%). 

How do some of the findings listed above, compare with your own organization?

These findings are part of AT&T’s annual study on business continuity and disaster recovery preparedness for U.S. businesses in the private sector, now in its ninth consecutive year, and was reported upon in a recent PR Newswire website posting. 

We recommend passing this information along to the business continuity and risk management team members in your organization.

Filed Under: Business Continuity Info, PS-Prep Program Tagged With: , , ,

e-Discovery Preparedness – Next BP Test of Readiness

May 24, 2010 By Leave a Comment

Only time will tell if BP is prepared from an e-discovery and litigation standpoint and its settlement efforts regarding the oil spill incident in the Gulf of Mexico— and, we are not implying any relationship to or from observations of BP’s readiness to handle a deep water oil spill incident to be a forecast for BP’s ability to meet the e-discovery related requirement’s expressed in a recent article written by Christy Burke, and posted on the Legal IT Professionals website.

However, in citing this article, our team is also offered an opportunity to address the topic of e-discovery, the potential risk it presents especially to small and mid-sized entities, and why it is a topic discussed at all by this website.

Many of our readers have followed past postings of articles about e-discovery on this website, and, some have thanked us for raising this topic as a potential risk for their organizations.  Others have asked the question, “…Why is this a risk, and why should my organization be concerned about it?”

These are great questions and we would like to present our view of answers to those questions.  We also hope that our response to those questions will help our readers better understand how we are trying to support the purpose of this website, i.e. to be “Your Business Continuity Lifeline”.

First of all we believe that the definition of the term “business continuity” has been and continues to be greatly debated in the business community, but, more importantly, has been less recognized as a critical board room agenda item – primarily in the small to mid-sized business categories – than it should be.  So we do try to raise the awareness level of business continuity among our readership.

In an attempt to perhaps over-simplify the issue(s) surrounding the subject of “business continuity” and link the purpose of our website to supporting ongoing business continuity and compliance-related objectives, we present a simple definition of business continuity for your consideration.  That definition can be expressed as, “keeping the “doors of your business” open to satisfy your customers and create value for your shareholders”. 

With those thoughts and that definition in mind, we then assume that any activity or event that potentially or actually threatens the ability for your business to fulfill those goals is an element of risk which must be evaluated, understood in the context of your business, and acted upon to prevent any negative impact or potential disruption of that business. We believe that regulatory requirements surrounding e-discovery, if not fully understood, can be such a potential risk.

From an e-discovery and litigation readiness standpoint, responding to requirements can potentially escalate your organization into an activity that may drain its assets and resources to the point of forcing the “closing of doors” for that business.

We want to assist organizations and give them information that will help them raise their awareness of such risks so that they are ready to mitigate those risks faster, better and cheaper than their competitors.

 We are not trying to create undo concern over this e-discovery issue; however, we do want to raise just enough of a red flag so that organizations keep current on the news and relevancy issues regarding e-discovery and what risks it may or may not present to that organization.

Bringing us back to the title and topic of this article, it seems all but certain that BP is a potential target from an e-discovery and litigation standpoint, and we would hope that BP is fully aware of and prepared to mitigate this risk.

Read more about how e-discovery can become an integral part of the dynamics of the oil spill disaster and recovery efforts by BP, and please share your thoughts and comments, and experiences with e-discovery in order that we may share that with the readership of this website.

Also, please pass this information on to those business continuity and risk assessment team members in your organization.

Filed Under: Business Continuity Info, Regulatory Compliance Tagged With: , , , , , ,

Hurricane Preparedness Week: May 23-29, 2010

May 21, 2010 By Leave a Comment

For readers who live in areas potentially affected by hurricanes, we want to remind them that next week is Hurricane Preparedness Week. 

As individuals and as organizations, we must remember that history teaches us that a lack of hurricane awareness and preparation are common – and unfortunately recurring – threads among all major hurricane disasters.  By knowing and understanding your vulnerability and by having an action plan for what actions you need to take in the event of a hurricane, the devastating effects from a hurricane disaster can be greatly reduced. 

You, and/or the company you work for, should be able to answer the following questions before a hurricane threatens:

  • What are the Hurricane Hazards that could affect me or my organization?
  • What does it mean to me or my organization?
  • What actions should we be prepared to take?

Click here to go to the Hurricane Preparedness Web site and learn more about hurricane hazards and receive the information that can assist you or your organization to take ACTION.

Please pass this information along to the business continuity, disaster recovery, emergency response and/or risk management team members in your organization, and for you, as an individual, please take this information back to your families and from this information help them plan right to have a personal readiness objective in place to face this potential damaging event .

Filed Under: Business Continuity Info, PS-Prep Program Tagged With: , , , ,

Remote Office Advice for Risk Management Teams

May 21, 2010 By Leave a Comment

To assist the rapid response capabilities in the event of a business disruption, many disaster recovery and risk management team members are recommending a remote office component to their Incident or Emergency Response plans for their organizations.  And, in some cases, the entire home office concept is working very well on a regular basis for some organizations more interested in the virtual organization model for their business.

In either case, we recommend that those risk assessment team members refer to a list of “Home Office Safety Tips” from the National Crime Prevention Council (NCPC) that was published recently on the Security Products magazine’s website.  Read more …..

Filed Under: Physical Security, Safety Tagged With: , , , , , , , , , ,

ISO 31000 and the Volcano Crisis in Iceland

May 20, 2010 By Leave a Comment

As we observe events such as the Icelandic volcano crisis, we are reminded of the difficulty facing risk management and crisis management team members when examining potential incidents of risk to corporate plans and ultimately the achievement of business continuity plan provisions or objectives.

As Kevin Knight states in a recent article that he wrote and posted on the International Standards for Business, Government and Society (ISO) website, “….the cloud of ash from the Icelandic volcano and its subsequent blanketing of much of Europe is a classic example of a low probability, severe consequence event that tends to be overlooked by management…”  We totally agree with Mr. Knight’s statement.

The whole lack of readiness and response plan effectiveness by so many companies to this event, may well cause you to wonder as to just how seriously, if at all, upper management participates in the planning and testing processes of disruption-related scenarios directly having a potential impact on their organization.

In his article, Mr. Knight clearly points out that risk is all about uncertainty or, more importantly, the effect of uncertainty on the achievement of objectives. On 15 November 2009, ISO published ISO 31000:2009, Risk Management – Principles and guidelines, to help industrial, commercial and public sector organizations to confidently address such risks.

We recommend you read Mr. Knight’s article to help you and your organization improve your capabilities to successfully mitigate similar ever-changing and developing risks that must be managed in an increasingly global economy with greater reliance on “just in time” delivery.  

Please pass this information along to your organization’s business continuity and risk management and risk assessment team members.

Click here to read the full article.

Filed Under: Business Continuity Info, Standards & Best Practices Tagged With: , , , , ,
« Older Posts