February 5, 2012

Posts Comments

You are here: Home / Archives for Information

PRIVATE SECTOR UPDATE — DHS Presents State of America’s Homeland Security

January 29, 2012 By Leave a Comment

Photo courtesy of DHS

PS-Prep strategy planning groups, along with all business continuity and risk management members of teams in organizations of all sizes should be interested in listening to Janet Napolitano, Department of Homeland Security Secretary (DHS), as she delivers the second annual State of America’s Homeland Security address, on Monday, January 30 2012 at 1:00 PM EST.

Increasing our nation’s security and resilience remains a goal achieved through strong connections between DHS and our nation’s private sector.

Click here to watch Janet Napolitano’s presentation LIVE on Monday, January 30 2012 at 1:00 PM EST.

Filed Under: Business Continuity Info, Homeland Security Dpt, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , ,

Business Continuity and Emergency Management Plan Testing — Need Help Pitching the Need?

January 28, 2012 By Leave a Comment

Photo courtesy of blog.abn.org.au

Many of the readers of this website belong to emergency management and business continuity planning teams.  And, hopefully, those disaster preparedness focused teams are testing their emergency, continuity and disaster recovery plans regularly.

But if not, or if those risk management centered groups are looking for some useful information to assist the testing of those BC/DR plans, then, an article written by Jim Satterfield is a valuable resource to turn to when you need content and reasons to convince your fellow BC/DR team members – or even upper management — that funding and support is justified to test your plans.

As Satterfield says, “Everyone has a role in a crisis. Some are strategic, some are tactical. How decisions are made in a crisis is critical to the outcome. Because of this, the following holds true:

  1. Practicing emergency response helps assure that the response can proceed predictably during a crisis or disaster;
  2. Participation in exercises familiarizes everyone with the vulnerabilities, impacts, plans, mitigation strategies, incident management and crisis communications;
  3. Testing allows problems or weaknesses to be identified and used to stimulate necessary and appropriate changes; and
  4. Errors committed and experience gained during testing will provide valuable insights and lessons learned that can be factored into the planning/updating process.”

The full posting by Satterfield is in two parts, so be sure to read the entire posting, and, if applicable, pass this info on to those associates in your organization or even those disaster recovery and first responder teams in your community’s Emergency and Crisis Management Response areas.  And if your organization is in the private sector, please get this info to in-house team members of the PS-Prep strategy planning leaders.

Click here to read Part 1 and Click here  to read Part 2 of Satterfield’s postings.

Filed Under: Business Continuity Info, Homeland Security Dpt, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , , , ,

Privacy and Security Controls in Your Corporate Board Room — Perhaps a Review is Necessary

January 27, 2012 By Leave a Comment

Photo courtesy of blog.dattobackup.com

In a recent article written by NICOLE PERLROTH a potential risk mitigation event was revealed and should be cause for all organization’s to re-verify that camera’s used in their corporate board rooms are properly and verifiably protected from hackers.

Ten years ago, videoconferencing systems were complicated and erratic, and ran on expensive, closed high-speed phone lines. Over the last decade, however, videoconferencing — like everything else — migrated to the Internet.

Now, many businesses use Internet protocol videoconferencing — a souped-up version of Skype — to connect with colleagues and customers. Most of these new systems were designed with visual and audio clarity — not security — in mind.

Click here to read this full article and become aware of how easily professional security experts were able to hack into the board room conference cameras of unsuspecting companies of all sizes.

If applicable, please pass this info along to those risk management and IT / information security team members in your own organization.

Filed Under: Corner Office Viewpoint, Cybersecurity, Information Security Tagged With: , , , , , , , , , ,

Google Plans to Alter Privacy Policy and Terms of Service

January 25, 2012 By Leave a Comment

Photo courtesy of blog.mclane.com

The actions and decisions of Google can potentially affect many information security teams in organizations across the globe.  With that thought in mind, a recent announcement by Google to alter its privacy policy and terms of service to reflect the fact that it is now going to combine data from its various services into a single user profile may well be an event that requires close study, review and evaluation regarding an organization’s own existing privacy policy – i.e. particularly where services such as Google are involved.

It goes without saying that this privacy change by Google needs to also be closely reviewed where individual use of Google is employed as well.

In a recent article written by Thomas Claburn, Claburn is quick to point out that critics of the change have been quick to question Google’s decision.

This article also references Sen. Richard Blumenthal (D-Conn.) who said in a reaction blog posting that he’s troubled by the lack of an opt-out mechanism, and, David Jacobs, consumer protection fellow at the Electronic Privacy Information Center (EPIC), expressed concerns that Google’s changes decrease the ability of users to control how their personal information is being used.

Click here to read Claburn’s full article, and, be sure to utilize the useful links in that article to dig more deeply into the reference documents and related postings to this potential privacy risks.

Additional stories about this controversial decision by Google are also listed below:

Google Says Privacy Change Won’t Affect Government Users” by Jaikumar Vijayan

Google Stirs Up Privacy Hornet’s Nest” by Sharon Gaudin

Google Privacy Policy: Who Will be Affected and How You Can Choose What Information Gets Shared” by Cecilia Kang

Google Seeks to Clarify New Privacy Policy” by Doug Gross

Lawmakers Press Google on Privacy Policy Changes” (Reuters)

If applicable, please pass this information along to those information security and risk management team members in your organization, those members of privacy rights protection groups in your community and to members of your family who use Google on a daily basis.

Filed Under: Cybersecurity, Information Security, Risk Management Tagged With: , , , , , , , , , ,

Business Continuity Planners May Face “Frictionless Sharing” Risks from New Facebook Apps

January 19, 2012 By Leave a Comment

Photo courtesy facebook.com

While information security and privacy rights protection teams within organizations continue to monitor the potential privacy risks that Facebook may be presenting to their employees, a new announcement was made today indicating that Facebook is now adding over 60+ new applications within their auto-share technology.

Click here to read a Facebook company blog covering this news as released by Facebook’s director of platform Cal Sjogreen.

As you will read, Facebook users can now immediately begin adding these new apps to their timelines.

As Sjogreen states, “…the apps are all set up to use the “frictionless sharing” function on the social network, meaning that users only have to give an app permission to share information once. After that, the app updates automatically to a user’s profile, letting their friends know instantly what they may be eating, studying or listening to at any given moment.”

While it may be too early to accurately assess any additional risks these apps may present to existing business continuity plans, it may be a good idea to inform information security specialists, risk managers and HR privacy managers of this event.

PS-Prep strategy planning teams in the private sector, in local community disaster preparedness groups and even risk mitigation discussions among family and friends may warrant a close watching of this recent announcement.

Filed Under: Business Continuity Info, Information Security, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , ,

E-Discovery No Stranger on Campus

January 18, 2012 By Leave a Comment

Photo courtesy of sonian.com

In response to a few recent inquiries and comments from readers working in the educational field, and, in particular for those readers working in a university campus information security department, who requested that more discussions and information be presented on the topic of e-discovery relevant to a university campus environment, our staff would like to present a listing of recent postings and articles addressing this growing dynamic within the “discovery” process itself.

Dian Schaffhauser, a writer who covers technology and business related topics for a number of various publications, has recently written and posted an article entitled “An e-Discovery Primer”  — and, this information may be a great reference resource to offer anyone who wants to learn the basics of e-Discovery.

To this point, it is also important to realize that the “discovery” process is neither something new nor is this process limited to the digital era.  As Seth Gilbertson, associate counsel for the State University of New York states, “…discovery is the process of saving and producing records and other evidence pertaining to an activity that may be the subject of litigation.”

If applicable, or even if you are new to the discussions and risk mitigation potentials embedded in the e-discovery process, click here  to read Schaffhauser’s full article.

E-Discovery Guideline and Toolkit offering posted on the EDUCAUSE website presents e-discovery issues for universities to consider.

E-Discovery Trends: Potential ESI Sources Abound in Penn State Case” by Doug Austin

E-Discovering Reference” article by Spolanka

School districts wrestling with ABCs of electronic discovery, compliance” by Beth Pariseau, Senior News Writer

“Hey @wfryer looking for the 411 on eDiscovery: http://bit.ly/9hcxe9 (your wiki) Bottom line: do schools have to archive STUDENT email?”

The E-Discovery Question   – Don’t panic over the new regulations, but make sure your school’s policy is clear.

If applicable, please add your inputs, comments and experiences of e-discovery challenges you might have had to face in your university campus environment.

Filed Under: Cybersecurity, Information Security, Risk Management Tagged With: , , , , , , , , , ,

Hacker “Yama Tough” Threatens Release of Source Code for Norton’s Antivirus Software

January 16, 2012 By Leave a Comment

Photo courtesy of reuters.com

For our readers who utilize Norton’s Antivirus software applications as part of their organization’s information security plans, be aware of a story recently released on the Reuters’ news related website announcing that “Hackers are to release full Norton Antivirus code on Tuesday”.

It appears that a hacker who goes by the name of “Yama Tough” is threatening to release the full source code for Symantec Corp’s flagship Norton Antivirus software.

Click here to read more about this developing story as reported by Frank Jack Daniel.

If applicable, please pass this information along to those disaster preparedness and network security planning team members in your organization.

Filed Under: Cybersecurity, Information Security, Risk Management Tagged With: , , , , , ,

Emergency Responder Knowledge Base Website Resource Available Online 24/7

January 12, 2012 By Leave a Comment

The concept now well known as “Information Sharing” had its early adoption during the implementation, in October 2003, of “Project Responder”.

This original project was jointly sponsored by the Oklahoma City Memorial Institute for the Prevention of Terrorism (MIPT) and the U.S. Department of Homeland Security (DHS), and, was meant to assist emergency and first responder teams.

The project later evolved again – into the development and now widespread use of the Responder Knowledge Base (RKB) website (www.rkb.us).

The Responder Knowledge Base website is funded by DHS’s Federal Emergency Management Agency (FEMA), and is designed specifically to provide emergency personnel and organizations with a single source of integrated information on not only products, standards, certifications, and training, but also grants, publications, and equipment.

The RKB currently makes all of this information, and more, available to almost 78,000 registered users – a number that continues to grow.

If your organization or community emergency response personnel are not yet fully aware of this great resource, click here to give them more information and reasons to join.

Private sector organizations sponsoring PS-Prep strategy planning teams should also take advantage of this valuable resource.

Photo courtesy of kevincarbonaro.com

Filed Under: Business Continuity Info, Personal Preparedness, PS-Prep Program, Risk Management Tagged With: , , , , , , , , ,

Great Central U.S. ShakeOut Coming Feb 7th.

January 12, 2012 By Leave a Comment

 

Photo courtesy of sundimmers.com

Organizational business continuity planning teams, along with disaster recovery and first responder teams in local communities within the central United States, will be busy on February 7, 2012.

In the states of Alabama, Arkansas, Illinois, Indiana, Kentucky, Mississippi, Missouri, Oklahoma and Tennessee, on Feb 7, 2012, at 10:15 am CST, more than one million people will participate in the 2012 Great Central U.S. ShakeOut.

As you may remember, in April of last year, over three (3) million people in eleven states practiced a similar “Drop, Cover, and Hold On” preparation drill called simply the Central U.S. Shakeout.

In addtion, please notice that at 10:15 a.m. on April 17, 2012, thousands of Utah residents will “Drop, Cover, and Hold On” in The Great Utah ShakeOut, the largest earthquake drill in Utah history!

All of these future, and, many other past earthquake drills held throughout the United States are necessary exercises to raise awareness and preparedness levels among U.S. citizens regarding the risks and dangers caused by earthquakes.

Click here for more details and information regarding who is registered to participate, how to participate, and how to obtain ShakeOut Resources such as Quake Scenarios for your in house or local community drills.

If you are a resident within any of the nine (9) states participating in this drill, please pass this information about the Great Central U.S. Shakeout to those disaster preparedness, emergency and crisis management training teams in your organization, and/or your local affected community.

Filed Under: Business Continuity Info, Organizational Resiliency, Personal Preparedness, Risk Management Tagged With: , , , , , , , , , , ,

BS 25999-2:2007 Certification Awarded to BIAL

January 12, 2012 By Leave a Comment

Bangalore International Airport Limited (BIAL) has been awarded BS 25999-2:2007 certification status.  BIAL is Asia-Pacific’s first airport to be certified with BS 25999-2:2007, and, is the world’s second airport to be certified in Business Continuity Management Systems (BCMS). This award was certified by British Standard Institution (BSI).  

Speaking on this occasion, Managing Director of BSI Group, Venkataram Arabolu said, “Being the first International airport in Asia-Pacific and second anywhere in the world to have attained Business Continuity Management system certification speaks about the leadership intent of providing best in class services to the not just the passengers but also ensure the attention to supporting the country through uninterrupted operations of the Airport.”

BIAL embarked on the BCMS certification process in January 2011. Risk assessments, impact analyses, and recovery planning of every process spread across the organization were just part of the issues and controls reviewed and audited by BSI.

The BCMS of the airport also went through internal auditing and third party audits to ensure that the BCMS is adhering to international standard requirements.

Commenting on the award receipt, Managing Director of BIAL Sanjay Reddy, said, “This certification shows commitment towards safeguarding the interests of our partners, customers and users. In working towards these certifications, BIAL has scrutinized and tested every aspect of the company’s operation and developed an integrated approach that can help resume operation after unforeseen event or disaster.”

As part of any country’s critical infrastructure to consider when addressing business continuity planning activities, perhaps expectations of reading about more airports around the world pursuing business continuity goals and objectives are in order.

If any of our readers are aware of such activities, or would simply prefer to share comments on BIAL’s achievement, please submit them so that they can be shared with the readership of this website.

If applicable, this information should also be shared with other business continuity, resiliency, or risk management planning teams in your organization.

Click here  to read the original IBN Live press release on this story.

Photo courtesy of iconglobe.net

Filed Under: Business Continuity Info, Organizational Resiliency, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , , , ,
« Older Posts