May 17, 2012

Posts Comments

You are here: Home / Archives for Information

Free Smartphone Downtime Cost Calculator Available

April 19, 2012 By Leave a Comment

Photo courtesy of StoragePipe Solutions

Recently one of our staff members came across a website offering a free Downtime Cost Calculator application for smartphone users.  We would like to share that link with our readers and hopefully, when performing your next business impact analysis exercise or participating in your organization’s business continuity team meeting to review or improve your existing BC/DR plan this DT Cost Calculator application will come in handy…..

Click here for more information and to reach the links to both Android and iPhone application downloads…

If applicable, please pass this information along to those risk management or information network security team members in your own organization.

If you are aware of other tools available for smartphone applications to assist the downtime cost evaluation effort, please share that info with our readers.  Thank you.

Filed Under: Business Continuity Info, Risk Management Tagged With: , , , , ,

Risk Management Required for Top HR-Related Organizational Concerns

April 14, 2012 By Leave a Comment

Photo courtesy of employeeleasingquotes.com

Areas of risk for many organizations often come from departments of that organization being overlooked for the true risk potential hidden in the day-to-day operations of that department.  Business continuity planners and risk management team members need to always be aware of and plan for controlling those risks.  Such is the case for the posting below which brings our attention to some top HR compliant concerns for risk and threat potential to those SMB’s…..

AssumptionUnlike their large enterprise company counterparts, small and mid-sized companies (SMB’s) too often do not have the time and resources to build and maintain proper information management systems and processes beyond those required to support their core business objectives.  However, that fact does not take away the potential need for risk mitigation capabilities often necessary to protect those companies from issues those companies may fail to recognize as true threats to their company.

In a recent whitepaper posted on the Trinet website, the topic of risk management regarding the top five (5) HR compliance related potential risks for SMB’s  is presented in a clear manner that should make business continuity and private sector preparedness teams (PS-Prep) aware of these potential threats to their organizations.

A quick summary of the major HR compliance related concerns for SMB’s presented in this whitepaper are:

  1. More training is needed in the areas of employment discrimination and/or sexual harassment for employees in SMB’s.
  2. SMB’s spend up to 80 per cent more per employee on federal regulatory compliance (i.e. HIPAA, COBRA and FMLA) than large enterprises.
  3. For most SMB’s, the human resource “department” is one person too often wearing too many hats and being too much of an HR generalist – and therein lies a risk.
  4. The growing need for more and more administrative paperwork can create potential and substantial errors in HR activities for employees when all of these independent areas are not properly connected and accessible on a timely basis to meet regulatory requirements.
  5. For too many SMB’s, HR functions are simply not being coordinated effectively enough – yet decisions are too often being made to accept this as a “..will have to make due” acceptable condition.

If some of these points listed above are beginning to sound too much like situations that exist in your organization, then, click here to download this whitepaper (registration may be required).

Also, and if applicable, please pass this information along to appropriate HR and risk management teams in your organization.

Filed Under: Business Continuity Info, PS-Prep Program, Regulatory Compliance, Risk Management Tagged With: , , , , , , , , , , , , , ,

COBIT 5 Governance and Enterprise IT Framework Released by ISACA

April 10, 2012 By Leave a Comment

Photo courtesy of isaca.org

For those readers who are members of organizational governance, regulatory or compliance (GRC) related committees and/or information security / risk management teams, a posting recently released by the Information Systems Audit and Control Association (ISACA) is worth adding to your group’s reading resource library.

This new version of COBIT promotes seamless continuity between an enterprise’s IT department and its overall business goals, and represents a major evolution of the globally accepted framework used worldwide for more than 15 years.

According to ISACA, COBIT 5 can be tailored for all business models, technology environments, industries, locations and corporate cultures. It can be applied to:

- Information security

- Risk management

- Governance and management of enterprise IT

- Assurance activities

- Legislative and regulatory compliance

- Financial processing

Additionally, Derek Oliver, Ph.D., CISA, CISM, CRISC, CITP, FBCS, FISM, MInstISP, and co-chair of the COBIT 5 Task Force, states “…the advance interest in COBIT 5 is overwhelming. It’s clear that enterprises everywhere are aggressively seeking guidance on how to manage and ensure value from the growing mountain of information and increasingly complex technologies they are grappling with —Information is the currency of the 21st century, and COBIT helps enterprises effectively govern and manage this critical asset.”

Click here to read the press release about COBIT 5 and click here to download a free copy of COBIT 5 now being offered from ISACA.

If applicable, please pass this information along to those information security, network control or business continuity team members in your organization.

Filed Under: Cybersecurity, Information Security, Organizational Resiliency, Risk Management, Standards & Best Practices Tagged With: , , , , , , , , , , , , , , , , , , ,

ENISA “Procure Secure” Report Offers Guidance on Cloud Service Provider Decisions

April 5, 2012 By Leave a Comment

The European Network and Information Security Agency (ENISA) has recently released a new guidance report entitled “Procure Secure: A Guide to Monitoring of Security Service Levels in Cloud Contracts” which should be a valuable reading resource for all information and/or network security and risk management team members.

Marnix Dekker, who co-authored the report states, “Organizations have started switching from running systems internally to outsourcing and using cloud services. So the skills and focus of IT staff have to change.”  This guidance document is full of valuable information to assist that change process.

One of those skills reviewed is the procurement and management of service contracts for cloud services — thus indicating a need for more understanding of the security and deliverable capabilities of cloud services along with the measurement indicators and methods to guarantee the consistency of those deliverables called out as requirements in those agreements.

Another example would be the need for users to become more proficient at asking cloud providers about the finer points of availability and vulnerability management challenges and opportunities in those cloud provider contracts.

The guide covers several different parameters that IT staff members need to be on top of. Among the most important ones are incident response, technical compliance and regulatory and compliance driven levels of certification.

As a final point, and as Dekker states in that report, “…you need to be sure that the solution you are buying fits your security requirements.”

Click here to read and download the full ENISA report and add it to your risk mitigation planning library of reading resources.

If applicable, please pass this information along to those network security and risk management team members in your organization.

Photo courtesy of ENISA

Filed Under: Cybersecurity, Information Security, Regulatory Compliance, Risk Management Tagged With: , , , , , , , , , , ,

Business Continuity Benefits List Created by Results of a Recent Survey

April 5, 2012 By Leave a Comment

Photo courtesy of wilkins-consulting.com

Business continuity planning teams must always be ready to offer upper management a list of the benefits to the company gained from by having a current, tested and continually improving business continuity/disaster recovery plan.  As a result, our staff receives inquiries for assistance in organizing a list of benefits received from having a BC plan, and expressed in language meaningful to upper management.

To fulfill that request our staff offers the results of a recent survey conducted by Continuity Central in the U.K. and recommends that this summary report of findings be added to the resource list of all active BC/DR team members whether or not your company resides in the U.K.

A quick summary of some of that report’s highlighted benefits coming from business continuity planning:

  1. Business continuity plans can significantly reduce the cost of disruptions for your organization.
  2. BC plans can make the difference between having to close your business or be able to be open for business.
  3. Companies with BC plans very often can benefit from insurance premium discounts while it can preserve brand value and company reputation levels.
  4. Customer confidence in doing business with your company can be higher when your customers perceive your efforts to be more resilient.
  5. Business continuity can provide competitive advantage and regulatory or compliance driven benefits to the company.

Click here to read more about and view some of the survey respondent’s input(s) to this timely and relevant topic as related to ongoing risk mitigation and risk management activities performed by so many more companies today.

Continuity Central is an often referenced website  by our staff, and, one that most business continuity planning teams should add to reading resource bookmark list.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, Risk Management Tagged With: , , , , , , , , , , , ,

Brookings Report Reveals Deeper Understanding of Current Disaster Response Trends

March 29, 2012 By Leave a Comment

Photo courtesy of ravica.com

What would be your reaction if you were told that 2011 was a below-average year regarding both the number of disasters that occurred in that year as well as the number of people affected by those disasters?

If you were somewhat skeptical of that claim, then you should read the full report just released by the Brookings Institution entitled “The Year that Shook the Rich: A Review of Natural Disasters in 2011”.

In that report you will find many statements that might or might not challenge: (1)  the disaster preparedness activities that your family has decided to implement, (2) the community preparedness steps taken by the readiness and disaster recovery teams in the community where you live, or (3) the risk management and business continuity plans decided by management to support the organizational resilience objectives of the company where you work.  Nonetheless, our staff recommends this report as a valuable reading resource to be added to your preparedness related reading list.

A quick summary of some of the other major finding in this study are:

  1. Examples from last-year’s disasters in the rich world show that investment in disaster risk reduction and preparedness pay off and are cheaper than post-disaster reconstruction.
  2. Disaster plans and defenses need to be adjusted to a new and shifting “normal.”
  3. The interconnections between disasters (especially mega-disasters), media coverage and humanitarian funding means that humanitarian funding tends to be directed toward disasters that have higher media coverage rather than to those with disaster-affected populations in greater need of assistance.
  4. More work is needed to recognize the positive contributions which older people can make in reducing the risks from disasters, in disaster response and in recovery and reconstruction.
  5.  Developed countries were particularly hard-hit by disasters in 2011 as evidenced by floods in Australia, earthquakes in New Zealand, an earthquake/tsunami in Japan and a series of disasters in the United States. While natural disasters result in higher economic losses in rich countries, fewer people tend to be affected and loss of life is less than in developing countries.
  6. Several positive trends in international humanitarian response were evident in the course of 2011, including promising developments in international disaster law, greater emphasis on disaster risk reduction and preparedness, and better communications during crises, including the use of social media in disaster response.

Click here to read a short article written by Elizabeth Ferris and Daniel Petz for more details and information regarding the summary points listed above as well as others stated in the executive summary of the report.

Click here to read and download the full Brookings Institution report.

If applicable, please pass this information along to those risk management and business continuity planning teams in your company, those first responder and disaster recovery training teams in your community, and to those family members who recognize the need to promote personal preparedness skills within their families and to their friends.  It is also a good reading resource for those private sector entities working on their PS-Prep strategy planning activities.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , , ,

Cyber Security, Cloud Service Providers, and the Vetting Process

March 28, 2012 By Leave a Comment

Photo courtesy of the DHS blog

If your organization relied upon you to research and recommend a cloud service provider that would be the best at protecting your company’s information and the most secure by having effective tools, strategies and methodologies to thwart the many ongoing threats to that security, how would you arrive at that recommendation?

Based on reader’s inquiries and comments, this question is a common one and for most companies trying to answer it, would require the contacting of each potential provider to gain access to independent audits and security assessments, possibly requiring the signing of a nondisclosure agreement. You could be certain that the process could quickly become onerous — in fact, a company considering a handful of cloud vendors would have to request this kind of security information from each potential vendor, translate their internal documents into a common language, and then compare the security specifications of each vendor against the other.

According to claims in a recent article, written by Robert Lemos, some assistance to help that vetting process seems to now be available.  Mr. Lemos is writing about the Cloud Security Alliance (CSA) group which recently launched the Security, Trust and Assurance Registry (STAR)  to give potential cloud customers a central database from which they can compare providers’ security assertions. As part of the requirements , participating providers submit their answers to a self-assessment questionnaire, attesting to the security controls and monitoring that they have put in place to protect customer data.

In the article, Lemos states that, “…last year, a Ponemon Institute study found that 69 percent of providers placed the responsibility for security with their customers, while only 35 percent of customers believed they needed to worry about data security. Yet most cloud service providers will not allow most clients to audit their security because they cannot accommodate a large number of such requests.”

However you interpret the findings of that survey, no one should question the significance of the need for controls and security in any offering by any cloud service provider.

Click here to read Mr. Lemos’ full article.

Click here to go to the CSA website to learn more about this new Security, Trust and Assurance Registry (STAR).

If applicable, please pass this information along to those information security professionals and risk management team members in your organization.

Filed Under: Cybersecurity, Information Security, Risk Management Tagged With: , , , , , , , , , , , , , ,

Private Sector & Government Experts Present Continuity Planning and Management Conference

March 26, 2012 By Leave a Comment

For many of our readers who are in charge of disaster preparedness, crisis management and contingency planning teams for their organizations or communities within which they live or work, an upcoming event is being offered 2-4 April 2012.

For the first time in its history, the Contingency Planning and Management Conference and Expo is taking place in Washington, D.C., and collocating with GovSec– the Government Security Conference & Expo featuring the U.S. Law Enforcement Conference & Expo – to give attendees more robust free programming and entry to the larger GovSec trade show.

According to Don Berey, event director for both Contingency Planning and Management and GovSec, “The individuals who attend GovSec and Contingency Planning and Management – whether they are from the private or public sector – share many of the same interests, such as preparing for and responding to threats to their businesses, agencies and the homeland, as well as ensuring continuity and protecting critical infrastructure, and, by bringing these two events together into a single location, we’re giving our attendees a chance to see a wider breadth of products and services in the expo, as well as a broader opportunity to learn from each other at our educational sessions.”

Topics being presented at the conference will include:

-Continuity Planning

-Continuity of Operations (COOP)

-Disaster Recovery

-Emergency Response

-Risk Assessment

-Data Protection, Availability and Recovery.

If applicable, please pass this information along to those associates in your organization who are also members of business continuity, risk management or disaster recovery teams.

Click here to obtain more information about this valuable BC/DR related event.

About Contingency Planning and Management

The Contingency Planning and Management Conference and Expo is a leading event for the risk management community at large, including individuals in both the public and private sector who focus on business continuity, COOP, data recovery, contingency planning, security and emergency management.

About the Security, Safety, and Environmental Protection Group

GovSec is a member of the Security, Safety, and Environmental Protection Group – a division of 1105 Media, Inc. Comprised of the Security Products, Occupational Health & Safety, and Environmental Protection brands, as well as events and ancillary products related to these brands, it is an industry leader in every category it includes.

Filed Under: Business Continuity Info, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , ,

Business Continuity Awareness Week 2012 and an Opportunity to Play BC24 Free

March 16, 2012 By Leave a Comment

With Business Continuity Awareness Week 2012 approaching, (19-23 March), the Business Continuity Institute (BCI) has recently announced a special offering regarding BC24 the internet Business Continuity Management (BCM) game. The BC24 game helps businesses understand the value of effective BCM and provides those businesses with a reason to change the way they deal with and plan for disasters and other potentially disruptive incidents or events.

In essence, BC24 is a single scenario game involving a flood and a supply chain failure and all its consequences right from operational impacts to potential threats to the reputation of that business. Written by professional e-learning and gaming professionals, it avoids the use of BCM jargon, so anyone can play the game and there is value in it for everyone who does. All you need is internet connection and a standard browser. And it only takes 15 minutes to complete!

The BC24 game is normally available on a license fee-basis only —-but, the BCI is making it available to businesses free of charge throughout the Business Continuity Awareness Week 2012 – i.e. 19-23 March 2012.

Is your business up for the challenge and ready to find out how resilient it may be?

As presented in an earlier posting about BCAW2012  —take full advantage of this year’s Business Continuity Awareness Week— be part of and attend many other similar offerings regarding business continuity, risk management, disaster preparedness and recovery, along with free webinars and presentations from BC/DR professionals from around the world.

To get started and to play the BC24 online incident simulation game, click here.

Filed Under: Business Continuity Info, Organizational Resiliency, Risk Management Tagged With: , , , , , , , , , , , , , , ,

Cyber Security — 2012 List of Tools to Create and Support Secure IT Environments

March 15, 2012 By Leave a Comment

Photo courtesy of Google Images

Recently our staff has been receiving requests for more information regarding defense strategies, cybersecurity monitoring tools, and just general direction as to where to go to direct in-house CIO and information security professionals so that they can validate and continually update and improve their risk mitigation strategies regarding cyber security related incidents, threats and events.

In response, our staff would like to direct you to a recent article posted on the CWZ website.  This posted cyber security tools list for 2012 provides some unique elements, such as;

  1. Rather than listing the paid security solutions normally provided on other websites, this list offers cybersecurity related tools for FREE, and
  2. This list is well organized to help you find the right tool for the right job.

To assist our own staff’s efforts to continually improve its offerings to our readership, please let us know how this list compares to your own, and, if you have a cybersecurity tool that needs to be added to this list, please share it with our community of readers.

Click here to read the full posting and view the complete list.

If applicable, please pass this information along to those cyber-security, information security and network and privacy control team members in your organization.   IF you are part of a private sector company, you also might want to pass this info along to members of your PS-Prep strategy planning team. Thank you.

Filed Under: Cybersecurity, Information Security, PS-Prep Program, Risk Management, Standards & Best Practices Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
« Older Posts
Newer Posts »