February 5, 2012

Posts Comments

You are here: Home / 2010 / Archives for August 2010

Compliance Officer's Obligation to Preserve Data Upheld by SEC Ruling

August 30, 2010 By Leave a Comment

Many of our postings on this website have addressed the ongoing risks for any organization regarding its requirements to protect the privacy rights of both individuals and corporate assets.  Much of that risk to be understood, evaluated and implemented in the business continuity planning and risk management strategies of organizations involves e-Discovery.  To further prove the seriousness of this matter, we would like to point you to a recent article written by Marshall Bender , entitled “Compliance Officer Found Liable for Failing to Preserve Data, and posted on the Quarles & Brady, LLP website.

The focus of the article deals with the fact that on July 2, 2010, the SEC ruled that vFinance Investments Inc., a Florida based broker dealer, violated securities laws by failing to preserve and produce electronic communications requested by the SEC as required by Section 17(a) of the Securities Exchange Act of 1934. In re vFinance Investments Inc., SEC, Admin. Proc. File No. 3-12918, 7/2/10. 

There are two important implications we believe need to be mentioned as well:  (1) corporate executives are not immune from e-discovery sanctions by virtue of being a few corporate steps removed from the process; and (2) the standard for liability in SEC actions is lower than in district courts — recklessness rather than actual knowledge. 

For those readers who often struggle to get management’s attention regarding business continuity planning and involving eDiscovery policies and corporate strategy positions, we encourage you to pass this information along to the proper risk management team members in your organization. 

CLICK HERE to read the full article.

Filed Under: Business Continuity Info, Information Security, Regulatory Compliance Tagged With: , , , , , , , ,

View the August 24th B.I.A. Webinar

August 27, 2010 By Leave a Comment

Here’s the August 24th B.I.A. Webinar

B.I.A. Webinar 8-24-10 from ken on Vimeo.

To view in full screen click the 4 small arrows on the bottom right of the video that are just to the left of the vimeo logo.

Filed Under: Uncategorized

B.I.A. Webinar: View the Slide Deck

August 26, 2010 By Leave a Comment

Response and attendance during the “Business Impact Analysis Webinar: Methods and Techniques That Work!” was great and we thank all of our readers for their support and participation.

Click the link below to view the Slide Deck of that webinar.

BIA Webinar V2.0(drb)

Once again, the presenters for that webinar were:

Donald R. Byrne, CBCP, CDCP, CBRO-I, Lead Auditor

The former CEO of several companies, Don Byrne brings an executive perspective to resiliency planning. Don’s expertise includes all types of technology, dealing with operational challenges, and strategic planning. He is on the Board of Directors of several companies and professional organizations. His experience includes working with government agencies and firms in the legal, insurance, manufacturing, maritime, energy, and supply chain fields as well as cultural institutions, non-profits, and data centers. Don is an Adjunct Professor at Boston University where he teaches graduate programs in business continuity, risk and security.

A sought-after speaker at conferences, Don serves as a Director of several professional societies. Currently, he is the Association of Contingency Planners representative to the ANSI National Accreditation Board’s Committee of Experts (ANAB-COE). Working under a contract with the Department of Homeland Security (DHS) this group is charged with developing national standards and practices for the United States in the area of Business Continuity Management and advising the government on the PS-Prep program. Don is also a member of the core technical committee working with the American Society for Industrial Security (ASIS International) on a forthcoming international (ISO) standard in the area of business continuity.

A Lead Auditor, Don is the Program Manager for Business Continuity at one of the largest certification firms in the U.S. He has participated in sanctioned audits of international standard BS 25999 in both the US and Asia. Don is working with other interested parties and organizations to develop a small business continuity standard, a community resiliency benchmark tool, and personal preparedness guidelines.

A graduate of the U.S. Army Chemical and Biological Warfare School, Don has spent much of the past thirty years working in the fields of computer development, emergency management, business continuity, and operational resiliency. His technical expertise includes storage technologies, customer relationship management, document management, and workflow solutions. He has been the CEO of several successful firms involved in the development of risk management software and is active in the emerging area of electronic discovery.

An entrepreneur and former venture capitalist, he has helped launch several technology firms. Don is the founder and Managing Director of North River Solutions (NRS), a consulting, and research firm; and is CEO of Metrix411, a software company specializing in assessments and business benchmarking. Both these companies maintain a worldwide presence with offices in North America, Europe, the Middle East, and China. North River Solutions offers a full range of business and resiliency planning services including strategy development, pre-audit assessments, crisis management, risk assessments, business impact analysis, education and awareness programs, executive communications training, and plan testing and evaluation.

NRS has teamed with several insurance firms and leading educational organizations to develop specialized programs for various government, private sector, and non-profit institutions. Working with others, the firm has developed the Resiliency-1 Index, a benchmarking tool that assesses an organization’s level of preparedness across twelve operational areas. Similar assessment tools covering various ISO standards as well as supply chain concerns and the threat from natural hazards are in active development and will shortly be available from Metrix411.

Don holds degrees in mathematics and philosophy, has a Masters in International Marketing, and has earned professional certifications in the areas of business continuity planning (CBCP) and data center operations (CDCP). He is an ISO Lead Auditor and a contributing writer for the Domestic Preparedness Journal and the NEWS website www.continuitycompliance.org.

KATHLEEN A. LUCEY

CURRENT RESIDENCE

New York City

EDUCATION

 University of California at Berkeley, BA  in English Literature (Renaissance)

PROFESSIONAL CAREER
  • Montague Risk Management – President
  • Exchange Resources, Inc.  (Trading Floor Recovery) –  Director of Consulting
  • Comdisco, Inc. – Consulting Director for NY Metro Region
  • SLIGOS, S.A (Paris, France) – Senior Consultant
  • SRI International (formerly Stanford Research Institute) –  Senior Computer Scientist
  • Bank of America – Network Security Manager
  • Amdahl Corporation – Systems Programmer, Data Security Manager

NOTABLES

 Ms. Lucey is a thought leader in the business continuity/disaster recovery industry.  She has published many articles and interviews on a variety of subjects related to BC/DR in UK and US industry journals.  She is a sought-after speaker at industry conferences: in the last 10 years, she has given 40+ individual conference sessions (in both English and French), and has chaired 5 industry panels on subjects ranging from Title IX (PS-Prep) to Supply Chain Resilience, to HIPAA and other regulatory issues.

She has also received extensive recognition from her peers in the industry:

  • 1998:  received the inaugural Business Continuity Practitioner of the Year Award, given by IBM to the individual who has made the most significant contribution to innovation in the field that year
    • 2000:  certified as a Fellow of the Business Continuity Institute (FBCI).
    • 2005:  inducted into the Contingency Planning and Management Hall of Fame

She is the sole practitioner to date to hold all three of these industry distinctions.

  • 2007:  elected Chair of the Contingency Planning & Management  Advisory Board
  • 2008:  founding President of the USA Chapter of the Business Continuity Institute
  • 2009:  elected Member of the Board of Directors of the Business Continuity Institute

Double nationality: US, EU (Ireland)

Fluent in both English and French

Exceptional management, communication, presentation and leadership skills.

Mark Carroll

Mark Carroll is the former Vice President of Business Continuity for enterprise operations at Fidelity.  During his Fidelity tenure, in addition to BCP, he has had responsibility for risk management in the areas of Records, Vendor Risk and Technology Risk.

Prior to this Mark served as Director of Global Business Continuity for Procter&Gamble with responsibility for Gillette Business Continuity plans worldwide; a total of 150 Gillette and vendor sites globally.  In this capacity he built the Gillette BCP program into a best-in-class, global continuity function.

Mark also held the position of Director of Worldwide IT Audit with Gillette, responsible for the Information Technology audit function globally as well as reorganization and integration of the business audit function.

He holds certifications at the highest levels in the industry including Business Continuity (MBCP and FBCI), IS Security (CISSP), IS Audit (CISA), IT Governance (CGEIT), Integrated Resource Management (CIRM) and Production and Inventory Management (CPIM).  Mark is a regular speaker at industry conferences on Business Continuity and is on the Editorial Advisory Board of Continuity Insights magazine.  He is a graduate-level instructor in Risk and Organizational Continuity at Boston University and serves as Faculty coordinator and key architect of the University’s graduate program in Business Continuity, Security and Risk Management.  He is also the 2010 recipient of the University’s Deveau award for teaching excellence.

Mark is a magna cum laude graduate of Boston College with undergraduate degrees in both Economics and Political Science.  He has an MBA in Finance from Babson College.

Filed Under: Business Continuity Info Tagged With: ,

PS-Prep, the Insurance Industry, and Private Sector Preparedness

August 24, 2010 By Leave a Comment

Donald Byrne, who has contributed several of his articles to this website in the past, recently posted an article entitled, “The Insurance Industry’s Role in PS-Prep” on the DomesticPreparedness.com website.

Our staff recommends this article to be added to the PS-Prep, business continuity, or risk management library of resources in your organization.

Click here to read the full article.

Filed Under: PS-Prep Program Tagged With: , , , ,

RISK MANAGEMENT AND WORKPLACE VIOLENCE PREVENTION PROGRAMS

August 19, 2010 By Leave a Comment

by Steven M. Crimando, MA, CHS III

Of all the risks we seek to mitigate, those involving human behavior can be the most difficult. Behavior in continuity planning is often referred to as the “X-factor”, a wild card.  But, there is a good base of evidence in the behavioral sciences that can help us predict and prepare for how leaders and decision-makers, crisis team members, employees and their families may behave in different emergency scenarios. Such insight can greatly enhance policies, plans and even exercises, and, also help ensure that our assumptions about crisis-related behavior are sound.

One of the most complicated behavioral risks in the workplace is the risk of violence. The possibility of workplace violence exists in nearly every work environment. While we are often shocked when a headline announces the most recent workplace rampage, it is important to note that we have learned and applied many lessons in workplace violence prevention over the past decades, and in fact, have significantly decreased levels of  job-related violence and homicides. 

But even organizations with robust and successful workplace violence prevention programs should not rest on their laurels. New reports from the U.S. Department of Homeland Security, The U.S. Department of State and other government agencies indicate that there have been significant shifts in the national threat matrix regarding the types and frequency of violence acts that can affect both the private and public sector workplace.

While recent headlines describing the mass shooting incidents in Connecticut and New Mexico might create the impression that, as usual, a “disgruntled employee” is at the center of every episode of workplace violence, it is important to note that the nature of workplace violence is changing at the same time the nature of terrorism is changing.

In light of these changes, it may be necessary to take a fresh look at the problem of workplace violence and make adjustments to policies, plans and exercises to reflect the evolving threat.

A new white paper from Extreme Behavioral Risk Management (XBRM) entitled, “Type V Workplace Violence and the “New Terrorist”: Exploring the Active Shooter Threat,” —-and which I have co-authored with Melanie Barth, MS — examines these changes, and goes inside the minds of the perpetrators of workplace violence and terrorism to provide a fresh look at the dynamics of violence solutions needed to address today’s challenges.

Central to this discussion is also the need to prepare for active shooter scenarios within the larger context of a violence prevention program. This whitepaper provides concrete recommendations and action steps for addressing the active shooter risk within the framework of workplace violence prevention, and explores the strategies for detection and deterrence consistent with new recommendations from the U.S. Department of Homeland Security (DHS). 

An episode of workplace violence can be disruptive, dangerous and potentially dangerous. And, it must be considered in the overall assessment of hazards that can affect your operations and personnel.

It is important that anyone tasked with managing operational risk, security and business continuity, or risk management issues must understand the ever-changing nature of the risk of violence and continue to adapt anti-violence measures to meet these challenges.

To read the complete white paper, CLICK HERE.

Want the latest on Human Factors/Behavioral Sciences in Disasters, Emergency Management and Homeland Security?   Follow me on Twitter:  XBRM_COM

As part of the policy of this website, all comments related to the story above, are encouraged to be shared with our readership.

Filed Under: Business Continuity Info Tagged With: , , , , , , , , , , , , , ,

Business Impact Analysis Webinar: Methods and Techniques that Work!

August 13, 2010 By 3 Comments

BIA’s: Methods and Techniques that Work!

The Association of Contingency Planners (ACP) ongoing educational webinar series continues with its next presentation: “BIAs: Methods and Techniques that Work!”

Considered by many to be the most complex and expensive step in the business continuity planning process, Business Impact Analysis (BIA) afford a wonderful opportunity to provide tangible added value. Properly conducted, a BIA is like having an MRI of business. Processes are prioritized, workflows are detailed, inflows and outflows documented, and the contribution of each key process is clarified and quantified. 

Anyone involved with the BIA process cannot afford to miss this informative sixty minute session where nationally recognized business resiliency expert Mr. Don Byrne  and other expert panelists in the area of Business Impact Analysis will present practical suggestions for maximizing the effectiveness of your BIA process. 

Featured Speakers

In this free, sixty (60) minute session, experts in the area of Business Impact Analysis will present practical suggestions for maximizing the effectiveness of your BIA process.

Our featured speakers are:

Kathleen Lucey:  Practice Manager, EMC Corporation

Mark Carroll:  Faculty Coordinator, Boston University

Don Byrne:  Managing Director of North River Solutions, LLC

Detailed biographical profiles on all the presenters as well as a copy of their presentation material will be available on the ACP homepage prior to the webinar.  Mr. Byrne will also act as moderator of this event.

Pre-registration is required. Register at – 

https://www1.gotomeeting.com/register/866228200

Who Should Attend

If you are a professional in the emergency response, business continuity, regulatory compliance, or disaster recovery business and have an interest in knowing more about the mechanics of running a successful Business Impact Analysis program, you can’t afford to miss this webinar. 

This session will be recorded and available after the webinar via the ACP Home Page or at our co-host’s website:  http://www.continuitycompliance.org/  

Questions:

Please refer all questions about the webinar to the information request section of Metrix411.com

Filed Under: Business Continuity Info Tagged With: , , , , , , ,

Business Continuity and Benchmarking Professional Practices

August 12, 2010 By Leave a Comment

Business continuity, PS-Prep and organizational resiliency are some of the most viewed topics posted on this website.

To continue our support of this readership interest, our staff would like to revisit the DRI Institute website and utilize one of its postings in a benchmarking exercise that we would hope will help many of our readers and their organizations as they pursue the implementation of either a business continuity planning or private sector preparedness strategy.

The particular posting that is of interest for this exercise addresses the topic of professional practices by business continuity professionals and the free online document that the DRI website  makes available to business continuity planners.

Our staff believes that thisProfessional Practices for Business Continuity Planners document is a valuable reference document to be added to the libraries of your organization’s business continuity, risk management and disaster recovery teams.

Click here to view this document which includes at least the following subjects:  Risk Evaluation and Control, Business Impact Analysis, Emergency Response and Operations, Awareness and Training Programs, Public Relations and Crisis Communication, Business Continuity Plan/Exercise/Audit /Maintenance, and, other Sources and References related to business continuity and disaster recovery.

Filed Under: Business Continuity Info, Risk Management Tagged With: , , , , , , , , , , , , ,

Cyber Security: Internet Protocol version 6 (IPv6)

August 11, 2010 By Leave a Comment

With so much attention given to the topic of cybersecurity, it is no wonder that our staff paid particular attention to the presentation, papers, and demonstrations at the recently held Black Hat-DefCon Conference from July 30th to August 1st, 2010.   A particular case in point was the presentation and discussion by Sam Browne about the topic of IPv6 – the Internet Protocol version 6. 

Our staff believes that this presentation should make all of us even more uneasy about the current state of cybersecurity – hopefully enough to spur more of us into action so as to better address both the current and ongoing vulnerabilities related to cybersecurity.

For those of us who are not as familiar with the topic of IPv6, perhaps a little background may be in order….

The transition to IPv6 is necessary to deal with the growing exhaustion of IPv4 addresses. The older protocol, which is based on a 32-bit addressing system, yields about four billion unique numbers, fewer than the seven billion humans who populate the planet. At the current usage rate, the allocation of free addresses could be used up by June of next year, according to some estimates. IPv6, by contrast, is a 128-bit scheme that allows for over 3.4×1038 addresses, which ought to keep the world going for quite some time.

Given that supposition of why it is necessary to move to IPv6, you would expect that more people would be all over this topic … and especially since Mr. Browne’s presentation offers some scary thoughts to consider and some “what-if” scenarios of risk mitigation that IT security and information security specialists might want to have on their “to-do” lists — sooner rather than later.

Click here to read a recent posting on this topic by the Homeland Security News Wire website, and be sure to view the link to the slides presented by Mr. Browne in his presentation.

We would like to thank the Homeland Security News Wire for bringing our attention to this cyber security topic of interest to organizations both large and small.

And please pass this information along to those information security management, risk assessment, risk analysis, enterprise risk management, and business impact analysis team members in your organization.  Also, if your organization is working on its private sector preparedness and readiness level, perhaps those PS-Prep team members should also include this topic in their reading libraries and potential future agenda listings.

Filed Under: Cybersecurity, Homeland Security Dpt, Information Security Tagged With: , , , , , , , , , ,

E-Discovery 2010 Socha/Gelbmann Survey Discussion

August 6, 2010 By Leave a Comment

For some time now, this website has attempted to bring its readership’s attention to the risks of e-discovery as it relates to your organization’s business continuity plan.  With so much attention now being given to ediscovery, and, so many growing cases of penalties now being levied for dollar amounts that would be a serious threat to the ability of a small of even mid-sized business to sustain, our staff felt convinced that this topic is beginning to qualify for inclusion to all of the other more normal threats and risks to be considered in a business continuity planning exercise.

With this in mind, we would like to point your attention to one of a series of podcasts hosted by Monica Bay and titled “Law Technology Now – 2010 Socha/Gelbmann E-Discovery Survey”.   Our attention was brought to this website by one of our readers recently and after reviewing it, we would like to share what we believe to be a valuable exercise in gaining more background knowledge and information regarding e-discovery and how it potentially might affect your organization.

Please pass this information along to the other business continuity and risk management team members in your organization and we hope you find this as a value-added activity in your busy day…..

Click here to hear the full discussions from an edition of Law Technology Now, where host Monica Bay chats with George Socha and Tom Gelbmann about their recently released 2010 Socha/Gelbmann E-Discovery Survey.

Filed Under: Business Continuity Info, Information Security, Regulatory Compliance Tagged With: , , , , , ,

Disaster Supply Chain Management

August 3, 2010 By 3 Comments

One of our staff’s favorite writers on the subject of Supply Chain is Jan Husdal.  And today our staff wishes to focus your attention on a topic raised by Mr. Husdal and dealing with the challenges of disaster supply chain management and trying to find the answers to the question, “What are the key supply chain factors for improving disaster supply chain management?”

Mr. Husdal points his readers to a recent issue of the International Journal of Production Economics  for some answers to the question posed above…..e.g. bringing together an interdisciplinary group of scholars with a keen interest in the effective functioning of supply chains in face of human disaster.  

We recommend this article become required reading for your organization’s business continuity, disaster recovery and PS-Prep teams and thus give those members – first responders, crisis management leaders and risk management liaisons, etc. — an excellent introduction to an emerging field:  the study of disaster supply chains.

In an attempt to bring together the world of disaster response with humanitarian supply chains, Mr. Husdal claims that this issue of the journal does an excellent job and goes on to conclude that “…..while disaster management can learn a lot from supply chain management, so can supply chain management learn a lot from disaster management.

Click here to view Mr. Husdal’s website and review the thirteen (13) articles he has selected from this journal, with links to the publisher’s website and help your organization’s disaster recovery and response teams be better prepared for this emerging field of study.

Filed Under: Business Continuity Info, PS-Prep Program Tagged With: , , , , , , , , , ,
« Older Posts