February 5, 2012

Posts Comments

You are here: Home / 2010 / Archives for September 2010

DHS Announces Key Milestone in Efforts to Develop Robust Small Business Preparedness Plan

September 30, 2010 By Leave a Comment

Today, the Department of Homeland Security (DHS) Secretary Janet Napolitano announced a key milestone in the Department’s efforts to develop a robust small business preparedness plan—e.g. soliciting public comment on a private sector readiness certification program specifically tailored to the needs of small businesses. 

Secretary Napolitano said, “Ensuring that America’s small businesses have the critical information and training they need to better respond to disasters will strengthen the entire nation’s preparedness and resilience.” 

Our staff agrees with this position and as also reflected by the fact that several recent posting on this website have directed our readers to this sensitivity to small business within the PS-Prep program development. 

You can read more about Secretary Napolitano’s announcement as a major milestone event in the progress of the PS-Prep program in general by clicking here. 

Most importantly, however, please share your public comments on this DHS promoted and proposed plan for implementing separate classifications and methods of certification for small businesses under PS-Prep. This first-of-its-kind program will tailor voluntary private sector preparedness certification standards to specifically meet the needs and capabilities of America’s small businesses. 

Comments may be submitted HERE, in Docket ID FEMA-2008-0017.  And, to view some of the public comments offered to date on this matter, CLICK HERE.

Please pass this information along to the PS-Prep, business continuity, operational resilience or risk management team members in your organization.

Filed Under: PS-Prep Program, Uncategorized Tagged With: , , , , , ,

Cybersecurity Act of 2009: More Government Systems or Controls?

September 28, 2010 By Leave a Comment

Recently our staff came across an article written by Kevin Beaver, entitled, “Why the Cybersecurity Act is better for Government than Business”, and, posted on the SearchComplianc.com website.

Several comments received on this website indicate an interest from our readership to stay on top of this cyber security topic and we believe that Mr. Beaver’s article does just that.

 One of the reasons stated for this article is that the Cybersecurity Act of 2009 is not getting the attention it deserves.  And, the assumption that Mr. Beaver bases his position upon is that many people in corporate America assume that all the talk about “cybersecurity” involves government systems.  And since Mr. Beaver believes that this is not the case, he argues that this bill is really more about government control than anything else.

In this article, Mr. Beaver goes on to state further, “….Digging deeper into the Cybersecurity Act, you begin to see the White House will be calling the shots in deciding which private networks are critical and which ones are not. But how can the White House — or any other agency — decide which networks are more critical? Are networks owned by Internet service providers, banks and universities more critical than those owned by retail, manufacturing or Internet colocation facilities?

Clearly, Mr. Beaver takes the position that this bill is good for government and bad for business.

Given such an argument, does too much government control implied in this bill affect an organization’s decision to increase their readiness level of preparedness regarding steps they take to raise network security compliance levels within that organization?  Does too much government control create a fall sense of security in the sense that many small organizations may say that the government is taking care of the problem for them ….?

All interesting questions affecting information security, network security plan decisions and network security testing strategies.

And, to make matters even more difficult to monitor, especially for small business, is the fact that earlier this year the government released a committee amendment or staff working draft with the purpose to modify this bill as introduced.   CLICK HERE to read that entire draft version. 

Certainly we believe that this topic warrants more ongoing discussion and direction from both our government as well as our industry leaders.  We also always welcome our reader’s comments. 

If you found this information valuable, please pass it along to those information security, operational risk management, network security risk team members in your organization.

Filed Under: Cybersecurity Tagged With: , , , , , , ,

PS-Prep Accreditation Guidance Issued by ANAB

September 27, 2010 By 1 Comment

As many of our readers already know, the Ps-Prep journey started way back in 2007 when then President Bush signed the Recommendations from the 9/11 Commission into law.  Since then there have been many steps and stops along the way and we are sure that a few more are most certainly left to come.  

The standards have been selected, and ANAB has issued requirements and now invites certification bodies to submit applications for accreditation to become a Registrar for one or more of the selected standards announced  for the Voluntary Private Sector Preparedness Certification (PS-Prep) program. 

To read the full announcement, please CLICK HERE

Once applications are received, Lead Auditors will need to be trained to the standards and ANAB will need to witness the 1st audit that is conducted by each certifying body. 

Current information on ANAB’s PS-Prep program, including the Accreditation Rule that specifies requirements, is available on this site.

It is also anticipated that a publicly accessible list of organizations with accredited PS-Prep certification will be maintained on the site when certification bodies become accredited and begin issuing certificates.

Please pass this information along to those business continuity, risk management and PS-Prep team leaders in your organization.

Filed Under: PS-Prep Program Tagged With: , , ,

PS-Prep Accreditation and Certification Update by Don Byrne

September 24, 2010 By Leave a Comment

Recently, Donald Byrne, CBCP, CDCP, CBPRO-M, Lead Auditor and Adjunct Professor, Boston University, and frequent major contributing writer on this website, gave a presentation entitled, “Private Sector Preparedness (PS-Prep) Accreditation and Certification Program”.  The presentation was hosted on the EMForum.org website as part of its support for the National Preparedness Month and was moderated by Amy Sebring.

As an intent to keep our readership current on the recent developments of the PS-Prep program, we believe this resource is a great addition to the library of the business continuity, PS-Prep team members in your organization.

Click the following link to view the entire presentation and question session following…

http://www.emforum.org/pub/eiip/lm100922.wmv

Filed Under: PS-Prep Program Tagged With: , , , ,

Crossword Puzzle Will Test What You Really Know About ANSI

September 23, 2010 By Leave a Comment

Many of our readers, who are following the PS-Prep program, are now becoming more and more familiar with the American National Standards Institute (ANSI).  However, while some of those readers already know a lot about ANSI, we believe that a large part of our readership may not be nearly as familiar with ANSI.

To help everyone gain more knowledge about ANSI, we suggest viewing the recently released 2009-2010 ANSI Annual Report.

And, since this year’s Annual Report features a puzzle and games theme, we would like to further enhance and perhaps test your knowledge about ANSI by having you fill out the ANSI crossword puzzle.

Click here  to view the ANSI 2009-2010 Annual Report and view or printout the ANSI crossword puzzle.

If you found this information valuable, please pass it along to the business continuity or risk management team members in your organization.

Filed Under: PS-Prep Program Tagged With: , , , ,

Building Resilience vs. Risk Avoidance

September 22, 2010 By Leave a Comment

Building Resilience vs. Risk Avoidance

In a recent article written by Rita McGrath, and posted on the Harvard Business Review blog, we are focused on the thought that building resilience into an organization may serve the organization better than solely driving risk avoidance into the organization’s methodology.

In her posting entitled, “The Benefits of Thinking the Unthinkable”, Ms. McGrath refers to results and studies conducted by both US-educated Fulbright scholar Zeeshan-ul-hassan Umani, and, Aaron Wildavsky, a well-known social scientist.

Which approach does your organization take?  Build resilience into your organization’s methodology?  Or, is your organization mainly focused on risk avoidance?

Please share your thoughts and comments…and if applicable, please pass this information along to those organziational risk management, business continuity, or crisis management team members in your organization.

CLICK HERE to read the full article.

Filed Under: Business Continuity Info Tagged With: , , ,

Cyber-Crime Study Confirms Potential Economic Costs Related to Cybersecurity Breach

September 22, 2010 By Leave a Comment

Recently, one of our staff came across a posting on the ArcSight company website, entitled “First Annual Cost of Cyber Crime Study – Benchmark Study of U.S. Companies”.  This study commissioned by ArcSight was conducted by the Ponemon Institute and its findings were released in July 2010.

The stated purpose of the study was “…to quantify the economic impact of a cyber-attack, and, to reach a a better understanding of the cost of cybercrime in order to better assist organizations in determining the appropriate amount of investment and resources needed to prevent or mitigate the devastating consequences of an attack.”  

This website has often referred its readers to similar information and stressed the risk management issue that cybersecurity and cybercrime continues to pose for organizations, and, with this update, our staff wants to send a strong message that cyber-crimes can do serious harm to an organization’s bottom line.  And, with cybercrimes becoming a more common occurrence to both small and large enterprises, it is time to revisit this topic and make certain that our organization’s risk management team members read this benchmark study.

Some important findings revealed in this study state that:

  1. The median annualized cost of cyber-crime of the 45 organizations in the study is $3.8 million per year, but can range from $1 million to $52 million per year per company.
  2. The most costly cybercrimes are those caused by web attacks, malicious code and malicious insiders, which account for more than 90 percent of all cybercrime costs per organization on an annual basis.  
  3. That quick resolution is needed for today’s sophisticated attacks.
  4. The average cost to mitigate a cyber-attack for organizations with a high Security Effectiveness Score (SES) is substantially lower than organizations with a low SES score, and
  5. On an annualized basis, information theft accounts for 42 percent of total external costs. Costs associated with disruption to business or lost productivity accounts for 22 percent of external costs.

We wish to thank the ArcSight organization for funding and sponsoring this study, and we encourage our readers to both visit the ArcSight website for more information and read the full report.

If applicable, please pass this information along to the information security, operational risk management, network security compliance team members in your organization.

Filed Under: Cybersecurity Tagged With: , , , , , , , , , ,

PS-Prep Survey is Relevant Reading

September 17, 2010 By Leave a Comment

In a recent posting on the DomesticPreparedness.com website, Albert Romano, has written an excellent article to help our readership observe the ongoing survey results regarding the topic, “PS-Prep – Is It Relevant?”  In addition, as a visitor to the website, you can also participate in the survey so that your position on this important private sector preparedness can be added to the real time measurement results of the survey.

Some of the early indications of the survey results show that most respondents are not as knowledgeable about the PS-Prep Program as they would like to be. Nonetheless, most respondents supported at least some elements of the program — but many believe that there are other elements that need to be reviewed and perhaps modified.

In Mr. Roman’s posting, he also states that “…Observations from this latest DP40 survey indicate that, although the majority of DomPrep40 members have heard about the PS-Prep Program, they are divided about the advantages and disadvantages of certification for participating organizations”.


The survey also suggests that more information about the PS-Prep Program is needed. Among the concerns raised were questions related to incentives for compliance, the risks posed by non-compliance, and the cost to businesses.

If you would like to view this posting to learn the results of the survey to date, please CLICK HERE.

If you find this information valuable, please pass it along to the PS-Prep, business continuity, disaster preparedness or crisis management team members in your organization.

Filed Under: PS-Prep Program, Uncategorized Tagged With: , , , ,

Business Continuity's Personal Side

September 16, 2010 By Leave a Comment

While most of us recognize and in fact believe that a company’s most precious assets are its employees, it is somewhat surprising to see in many postings on the Internet, that when a company is faced with an unexpected disruptive event, that company often is found to be unprepared for the resulting impact of that event on the workforce.

That is one of the reasons that our website and the company Personal Recovery Concepts have recently struck a partnership with the sole purpose to bring our readership’s attention to the strong linkage that exists between organizational readiness and personal preparedness.

Others have found this personal side of business continuity as a critical component when addressing the human capital management issues during a crisis. 

Our staff believes that a recent whitepaper posted on the IBM Global Business Services website, and written by Eric Lesser, Russell Lindburg and Tim Ringo is well worth reading.  CLICK HERE to read the full report.

If you found this report valuable reading, please pass it along to the business continuity, disaster preparedness, or risk management team member in your organization.

If your organization is already addressing this personal preparedness aspect, please share your comments with our readership so as to encourage other organizations to do the same.

Filed Under: Personal Continuity Tagged With: , , , , , ,

"PS-Prep: The Definitive Upate" Recorded Webinar Posting Coming Soon

September 15, 2010 By Leave a Comment

Shortly, this website will be posting a recorded session of the webinar held today entitled, “PS-Prep :  The Definitive Update!”

Meanwhile, we would like to share the bio’s of the participants in this webinar’s presentation — they are:

Donald Byrne, CBCP, CDCP, CBRO-M, Lead Auditor, Adjunct Professor, Boston University 

 The former CEO of several companies, Don Byrne brings an executive perspective to resiliency planning.  Don’s expertise includes all types of technology, dealing with operational challenges, and strategic planning.  He is on the Board of Directors of several companies and professional organizations.  His experience includes working with government agencies and firms in legal, insurance, manufacturing, maritime, energy and supply chain fields, as well as, cultural institutions, non-profits and data centers.  Don is an Adjunct Professor at Boston University where teaches graduate programs in business continuity, risk and security.

A sought-after speaker at conferences, Don serves as a Director of several professional societies. Currently, he is the Association of Contingency Planners representative to the ANSI National Accreditation Board’s Committee of Experts (ANAB-COE). Working under a contract with the Department of Homeland Security (DHS) this group is charged with developing national standards and practices for the United States in the area of Business Continuity Management and advising the government on the PS-Prep program. Don is also a member of the core technical committee working with the American Society for Industrial Security (ASIS International) on a forthcoming international (ISO) standard in the area of business continuity. 

A Lead Auditor, Don is the Program Manager for Business Continuity at one of the largest certification firms in the U.S.  He has participated in sanctioned audits of international standard BS 25999 in both the US and Asia. Don is working with other interested parties and organizations to develop a small business continuity standard, a community resiliency benchmark tool, and personal preparedness guidelines. 

A graduate of the U.S. Army Chemical and Biological Warfare School, Don has spent much of the past thirty years working in the fields of computer development, emergency management, business continuity, and operational resiliency. His technical expertise includes storage technologies, customer relationship management, document management, and workflow solutions. He has been the CEO of several successful firms involved in the development of risk management software and is active in the emerging area of electronic discovery (e-Discovery). 

An entrepreneur and former venture capitalist, he has helped launch several technology firms. Don is the founder and Managing Director of North River Solutions (NRS), a consulting, and research firm; and is CEO of Metrix411, a software company specializing in assessments and business benchmarking. Both these companies maintain a worldwide presence with offices in North America, Europe, the Middle East, and China. North River Solutions offers a full range of business and resiliency planning services including strategy development, pre-audit assessments, crisis management, risk assessments, business impact analysis, education and awareness programs, executive communications training, and plan testing and evaluation. 

NRS has teamed with several insurance firms and leading educational organizations to develop specialized programs for various government, private sector, and non-profit institutions. Working with others, the firm has developed the Resiliency-1 Index, a benchmarking tool that assesses an organization’s level of preparedness across twelve operational areas. Similar assessment tools covering various ISO standards as well as supply chain concerns and the threat from natural hazards are in active development and will shortly be available from Metrix411. 

Don holds degrees in mathematics and philosophy, has a Masters in International Marketing, and has earned professional certifications in the areas of business continuity planning (CBCP) and data center operations (CDCP). He is an ISO Lead Auditor and a contributing writer for the Domestic Preparedness Journal and the NEWS website www.continuitycompliance.org.

Brian Zawada, MBCP

Brian Zawada is a co-founder and the Director of Consulting for Avalution Consulting. Over the past thirteen years, Brian has actively managed internal business continuity programs and consulted with public and private sector organizations of all sizes. He focuses exclusively on business continuity management, specifically program definition, risk assessment, business impact analysis, strategy definition, plan development, testing, training and program maintenance.  To date, Brian assisted two organizations with preparing and obtaining BS 25999 organizational certification, and he has advised dozens of others.  Brian is a frequent author and speaker, serves on the Editorial Advisory Board of Continuity Insights magazine.  Brian is on the Technical Committee authoring the new ANSI/ASIS-sponsored business continuity standard.  He also serves on the US Technical Advisory Group participating in the ISO preparedness standards development effort, specifically Technical Committee 223. Formerly, Brian served as President of the Northern Ohio Chapter of the Association of Contingency Planners.  Brian is certified by DRI as a Master Business Continuity Professional, and he is also a Member, Business Continuity Institute

Philip Oppenheim, CBCP

International Continuity Oversight Board, Chairman

Continuity Information Support Services, Continuity Consultant

ACP – Old Dominion Chapter 

Philip Oppenheim, a graduate of Georgia Institute of Technology, is a Certified Business Continuity Professional.  He has had a diverse career and worked for a variety of industries in the US and overseas.  As a Continuity Consultant he has worked for a number of companies including Fannie Mae and LandAmerica Financial Group, since he retired from the Federal Reserve Bank of Richmond.  Philip has been involved in all aspects of business working for others as well as having his own consulting company.  He has firsthand experience with a variety of disruptive events including building collapses, strikes and refinery fires.  He has developed information management systems for companies in the US as well as multinational organizations in the Middle East.  

Philip is a Chairman of the International Continuity Oversight Board, member of ACP Old Dominion Chapter, Business Recovery Association of Virginia and the ASIS Business Continuity Management Standards Working Group

Filed Under: PS-Prep Program Tagged With: , , , , , , , , , , , , , , ,
« Older Posts