May 17, 2012

Posts Comments

You are here: Home / 2010 / Archives for June 2010

ANSI/ASIS SPC.1-2009 Standard Formally Adopted by DHS

June 17, 2010 By Leave a Comment

As a continuation of this website’s coverage of DHS’s recent announcement concerning PS-Prep, we recommend that our readers perhaps revisit or at least become more familiar with the standards adopted for PS-Prep by the Department of Homeland Security.

Of the three standards selected by DHS, the ANSI/ASIS SPC.1-2009 Standard, titled “Organizational Resilience: Security, Preparedness and Continuity Management Systems — Requirements with Guidance for Use,” provides a holistic approach to cost-effectively improve any organization’s resilience and preparedness performance.

Click here   to read more about this standard and follow some of the related links cited in this informational press release by ASIS International and/or Click here to view the recent Homeland Security News Wire press release announcing this DHS adoption of ASIS International’s Organizational Resilience Standard as part of a program designed voluntarily to bolster the resilience of private organizations during man-made and natural disasters and emergencies.

Please pass this information along to the business continuity, PS-Prep Committee, and/or risk management team members in your organization.

Filed Under: PS-Prep Program Tagged With: , , , , , , , , , , , ,

PS-Prep: DHS Federal Register Notice of 16 June 2010

June 16, 2010 By Leave a Comment

As a follow-up to an earlier posting of Secretary Napolitao’s recent PS-Prep announcement , we offer our readers an easy link to the most recent update of the Department of Homeland Security’s (DHS) Federal Register Notice of its adoption of three standards for the Voluntary Private Sector Accreditation and Certification Preparedness Program (“PS-Prep”).  Click here to view the Federal Register Volume 75, Number 115 Notice.

Please pass this information — along with the accompanying links in the Federal Register Notice – to those business continuity, risk management and PS-Prep team members in your organization.

Filed Under: PS-Prep Program Tagged With: , , , , , , , ,

PS-Prep: Moving Forward

June 15, 2010 By Leave a Comment

by Donald Byrne, CBCP, CDCP, CBRO-M, Lead Auditor, Adjunct Professor, Boston University

The announcement by the Department of Homeland Security (DHS) of their final selection of the PS Prep standards will accelerate other crucial aspects of this program. For example, expect to see the accreditation rules which govern the way in which ANAB will deal with Certification Bodies following in short order. The guidelines for auditor training and credentialing will also be released. 

The marketplace will likely begin to take the PS-Prep program more seriously and those responsible for compliance, security, and business continuity are likely to see an increase in questions about this subject. It will be interesting to see how much energy the government puts into training and promotion of this initiative since the vast majority of U.S. businesses are unaware of this program. 

Still not definitively dealt with in this announcement is the plan for Small Businesses. Discussions on this topic are taking place but the issue remains unresolved. 

The ContinuityCompliance team is closely tracking the PS Prep program and is committed to providing you with the best available information as quickly as possible. 

Please read the information below and follow the links back to the appropriate FEMA websites for additional information……..

 Press Office U.S. Department of Homeland Security 

Press Release 

June 15, 2010 

Contact: DHS Press Office, 

(202) 282-8010 

 

SECRETARY NAPOLITANO ANNOUNCES NEW STANDARDS FOR

PRIVATE SECTOR PREPAREDNESS

WASHINGTON—Department of Homeland Security (DHS) Secretary Janet Napolitano today announced the adoption of the final standards for the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep)—a major milestone in DHS’ implementation of a program recommended by the 9/11 Commission to improve private sector preparedness for disasters and emergencies.  

“Private organizations across the country—from businesses to universities to non-profit organizations—have a vital role to play in bolstering our disaster preparedness and response capabilities,” said Secretary Napolitano. “These new standards will provide our private sector partners with the tools they need to enhance the readiness and resiliency of our nation.” 

PS-Prep is a partnership between DHS and the private sector that enables private entities to receive emergency preparedness certification from a DHS accreditation system created in coordination with the private sector. 

The standards—developed by the National Fire Protection Association, the British Standards Institution and ASIS International—were published for public comment in the Federal Register in Oct. 2009.  The adoption of the final standards was published in a Federal Register notice today following a series of regional public meetings and the incorporation of public comments. 

DHS will continue to accept comments on PS-Prep, the three adopted standards, and/or proposals to adopt any other similar standard that satisfies the target criteria of the December 2008 Federal Register notice which announced the program. 

Comments may be submitted to

http://www.regulations.gov or

FEMA-POLICY@dhs.gov, in Docket ID FEMA-2008-0017). 

For more information, visit  

http://www.fema.gov/privatesectorpreparedness/.

Filed Under: PS-Prep Program Tagged With: , , , , , , , , , ,

Information Security Risk and Tips Using Photocopiers

June 15, 2010 By Leave a Comment

In a recent article written by Michael Kassner and posted on the TechRepulic.com website, we notice an area of information security and compliance risk concern that needs to be brought to the attention of our readers.

If your organization is in compliance to or certified to any information technology framework or international standard (i.e. ISO 27001:2005), then the security analysis process or at least the information security policy of your organization should address the information security and data security risk(s) associated with any digital photocopier product operating in your organization.

Many of our readers may be already aware of this risk, but, they also may be less than totally clear on the information system security risks associated with those copiers.

While whether a particular multi-function peripheral (MFP) saves every digitized document or not appears to depend on the brand, and, how it is configured — we suggest adding this article to your library of information security reference documents.

Please pass this along to your information security assessment and risk management team members in your organization.

Click here to read the full article.

Filed Under: Information Security, Regulatory Compliance Tagged With: , , , , , , , ,

Risk Management: BS ISO 31000 vs. BS 31100

June 14, 2010 By Leave a Comment

Several inquiries have reached the attention of our staff regarding BS ISO 31000 and its related code of practice BS 31100, since we recently posted an article regarding the Icelandic Volcano eruption as measured through the lens of ISO 31000.

To respond to those requests, we would like to state that BS ISO 31000 is the international standard for risk management and provides principles and guidelines to the subject.  And, BS 31100 is a code of practice that compliments BS ISO 31000.  BS 31100 also gives additional guidance to risk management that is not covered in the international standard.

The documents take an almost identical approach to risk management but some of the headings and terms used are different.

For those readers more interested in this topic we suggest you click here to view the BSI Workshop website and read what they have to say about these documents and see how they differ regarding the risk management process.

Hopefully you will find this interesting enough to pass along to those risk assessment team members in your organization(s)……

If you have any comments on these documents, please share them with our business continuity and risk management community of readers of this website.

Filed Under: Regulatory Compliance, Standards & Best Practices Tagged With: , , , , ,

PS-Prep Remains Stalled as Disasters Continue

June 13, 2010 By Leave a Comment

The Center for Public Integrity website recently published an article, written by Josh Israel and Aaron Mehta, expressing the need for more than legislative action regarding mitigation of disasters such as the BP oil spill event in the Gulf of Mexico.

The article states that a perfect example of the fact that “without implementation by the executive branch, legislative action can prove meaningless”  — and that example is the long delayed “PS-Prep” program.

Our staff agrees with the level of frustration expressed in this article over the long delays in Washington lately regarding the lack of decisive action needed to promote private sector preparedness througout the United States.

Click here to read the full article and please share your comments and feelings on this topic with the rest of our business continuity community.

Filed Under: PS-Prep Program Tagged With: , , , ,

CYBERSECURITY – More U.S. Senate Bills Announced

June 12, 2010 By Leave a Comment

This posting is a follow-up to an earlier posting on this website regarding recent legislative activity in the Senate and around the long awaited cyber security and FISMA reform bill.

The Protecting Cyberspace as a National Asset Act of 2010 – sponsored by Committee Chairman Joseph Lieberman, ranking Republican Susan Collins and Tom Carper – would provide a framework for the president to authorize emergency measures to protect the mostly privately owned critical IT infrastructure – such as financial networks and utility grids – if a cyber attack is imminent.  Owners of these critical IT systems could face civil penalties if they don’t follow regulations to secure them properly.

The bill provides for the government and industry to collaborate on defining regulations and situations when a cyber emergency could be declared.

This bill would create two cybersecurity directors – one in the White House and the other in the Department of Homeland Security (DHS)  - to lead the federal government’s information security efforts.

The bill also would reform the Federal Information Security Management Act (FISMA), the 8-year-old law that governs how federal agencies secure their IT systems by jettisoning the paper-based compliance process with one that emphasizes continuous monitoring of computer systems and red-team assaults by “friendly hackers” to test vulnerabilities.

According to a committee-provided summary of the Protecting Cyberspace Act, a White House Office of Cyberspace Policy, headed by a Senate-confirmed director, would advise the president on all cyber security matters. The director would lead and harmonize federal efforts to secure cyberspace and would develop a national strategy that incorporates all elements of cybersecurity policy, including military, law enforcement, intelligence, and diplomacy. The director would oversee all federal activities related to the national strategy to ensure efficiency and coordination. The director would report regularly to Congress in the interests of transparency and oversight.

However, much of the day-to-day authority in implementing government cybersecurity policy would be granted to a Senate-confirmed director of the National Center for Cybersecurity and Communications, or NCCC, who would report to the secretary of Homeland Security and to the president through the Office of Cyberspace Policy. The NCCC would also oversee the United States Emergency Response Team, or U.S.-CERT, and lead federal efforts to protect public and private sector cyber and communications networks.

We believe that while there is yet more to be said and final decisions to be made over this matter, it is nonetheless, a good practice to keep our readers informed of all recent developments related to this critically important topic of cybersecurity.

Click here to read more about this important cybersecurity development and pass this information along to the information security and risk management team members in your organization.

Filed Under: Uncategorized Tagged With: , , , , , , , , , , , , , ,

Cyber Security Legislation Introduced by Lieberman, Collins and Carper

June 11, 2010 By Leave a Comment

Cybersecurity is an information security topic often discussed in postings on this website.

Many of the information security systems and security policies of organizations that follow this website face (or will face in the future) ever more challenging risk management decisions to be made over cyber security concerns.  Our staff views this legislative support activity as a strong component in the ability of our government to better support U.S. companies who are facing a growing number of cybersecurity related issues.  

To our point —  Senate Homeland Security and Governmental Affairs Chairman Joe Lieberman, Ranking Member Susan Collins and Committee Member Thomas Carper recently introduced legislation to strengthen, modernize and safeguard our nation’s cybersecurity networks today. 

View the video summary of this important development as posted on the Senate Committee on Homeland Security and Governmental Affairs website as well as read additional related articles on this topic — CLICK HERE.

Click here to read the complete letter written by Lieberman, Collins and Carper, posted on the Politico website and submitted in support of their legislative presentation. 

If your organization is affected by cybersecurity risk management issues, then please pass this information along to the appropriate information security management members assigned the responsibility of information technology security.

Do you think this kind of legislation activity is good for U.S. companies?

Filed Under: Cybersecurity, Information Security Tagged With: , , , , , , , , , , ,

Emergency Response Exercise to be Held in Chicagoland area

June 11, 2010 By Leave a Comment

Emergency Response Exercise to be Held in Chicago area

On June 9th, a staff press release was issued on the Chicago Breaking News Center website announcing a massive emergency response exercise which could affect some of our readers and organizations located in the Chicagoland area.

In a related press release by the Illinois Army and Air National Guard, it was stated that “It is a full-scale exercise, so residents can expect to see emergency responders looking and acting as if this was a real homeland security/domestic response mission.”

The five-day training exercise will run from Sunday (June 13th) through Thursday, June 17), and will range in a variety of Chicagoland locations including suburban areas such as Oaklawn, Bridgeview, Bensenville – click here to read the full staff report.

If applicable, please pass this information along to all of the risk management, disaster planning and disaster recovery, and emergency response planning teams in your organization as well as any related community emergency response program team leaders or any individual associated with supporting the Department of Homeland Security (DHS) PS-Prep program in the Chicagoland area.

Filed Under: Organizational Resiliency, PS-Prep Program, Safety Tagged With: , , , , , , , , ,

ISO 31000 Perspective of the Icelandic Volcano Crisis

June 10, 2010 By Leave a Comment

One of our readers suggested that we follow up our recent blog posting entitled, “ISO 31000:2009 – New Risk Management Standard” with a reference to a related article written by Kevin W. Knight and posted on the International Standards for Business, Government and Society website.

Kevin W. Knight AM* is Chair of the ISO working group that developed the new ISO 31000 risk management standard and the revision of ISO/IEC Guide 73, and a founding member of the Standards Australia/Standards New Zealand Joint Technical Committee OB/7– Risk management, and the title of the article is “ISO 31000 and the Icelandic Volcano Crisis”.

We believe that Mr. Knight presents a good case of comparison between companies that were and were not prepared to react in a timely basis to this disruptive incident.

We realize that much was written about the Icelandic volcano eruption, and probably much remains to be written given the ongoing volcano activity forecasted to continue in this area.  However, we believe that Mr. Knight’s analysis through the lens of the ISO 31000 risk management standard offers a unique value for organizations to review, evaluate and relate to their own organization’s risk management philosophy.

Please pass this information along as suggested reading material to those business continuity, risk and crisis management team members in your organization.

Click here to read the full article.

Filed Under: Business Continuity Info, Regulatory Compliance Tagged With: , , , , ,
« Older Posts
Newer Posts »