Photo courtesy of ediscoverylawreview.com

In its ongoing effort to provide current and relevant updates regarding developments in the field of e-discovery, our staff would like to recommend a reading of the Sidley Austin LLP firm’s current newsletter written by its in-house “E-Discovery Task Force” group.

This group from Sidley Austin LLP works to stay abreast of the shifting legal landscape surrounding e-discovery.

The most current update addresses the following recent developments and court decisions involving e-discovery issues:

1. A Northern District of Illinois ruling sanctioning a defendant company for failing to conduct an adequate search for relevant documents in a related company’s possession;

2. A District of New Jersey decision ordering an adverse inference instruction against the plaintiff for deleting his Facebook account after he had been ordered to make the account available to the defendants;

3. A District of Colorado decision imposing sanctions under Federal Rule of Civil Procedure 16(f)(1) for inappropriate conduct by the EEOC that delayed discovery and cost the defendant time and money; and

4. A New Jersey federal court decision denying a protective order or cost shifting sought in response to a party’s sixty-seven term search request.

Our staff believes that this monthly updated newsletter would be a great addition to your organization’s e-discovery related resource reading library.

Please pass this along to the in-house counsel and/or those information technology and regulatory and compliance focused professionals in your organization.

Click here to download and read this newsletter.

Emergency Preparedness Week – CANADA – e.g. an opportunity to take an active role in your community and support a culture of disaster preparedness in Canada — is May 5-11, 2013.   More people working together can better communicate the importance of emergency preparedness to all Canadians.

Emergency Preparedness Week

Emergency Preparedness Week is a national awareness initiative that has taken place annually since 1996, and, is also a collaborative event undertaken by provincial and territorial emergency management organizations supporting activities at the local level, in concert with Public Safety Canada and partners.

EP Week encourages Canadians to take three simple steps to become better prepared to face a range of emergencies:

• Know the risks
• Make a plan
• Get an emergency kit

Click here to get the online toolkit offering.

Disaster preparedness

Getting the importance of disaster preparedness out to members of your family, members of your community and to your fellow workers remains one of the core missions of this website.

With this week recognized as “National Hurricane Preparedness Week 2013”, it is important to remind everyone again to take advantage of all the comprehensive information available and to pass that information along to others in order for them to be better prepared in the event that any hurricane related events come their way.

Click here to view a checklist provided on the Ready.gov website.

According to the National Hurricane Center’s website, “History teaches that a lack of hurricane awareness and preparation are common threads among all major hurricane disasters. By knowing your vulnerability and what actions you should take, you can reduce the effects of a hurricane disaster”…..for where you live and where you work.

Hurricane hazards come in many forms. Those potential hazards could come in the form of storm surges, residual and heavy rain fall, flooding, high winds, tornadoes, rip currents and even thunderstorms accompanied by lightening.

Are you prepared should you lose power? Are you prepared should you be forcibly barricaded in your home for days, even weeks after a powerful hurricane?

The following summary of website links gives everyone additional concrete ways to raise levels of awareness and ways to stay better informed where you live and where you work:

1. Mobile National Hurricane Center (NHC) website in basic HTML: www.nhc.noaa.gov/mobile
2. Mobile NWS website for smartphones: www.mobile.weather.gov
3. Mobile NWS website in basic HTML: www.cell.weather.gov
4. Audio Podcasts:  www.nhc.noaa.gov/audio/index.shtml
5. Hurricane tracking charts:  www.weather.gov/os/hurricane
6. NHC Facebook Page:  www.facebook.com/US.NOAA.NationalHurricaneCenter.gov
7. Twitter Atlantic: @NHC_Atlantic
8. Twitter Eastern North Pacific: @NHC_Pacific
9. Twitter Central Pacific: @NWSHonolulu
10. Storm Surge: @NHC_Surge
11. NOAA Weather Radio All Hazards: www.weather.gov/nwr
12. American Red Cross:  www.redcross.org
13. Tropical Cyclone Preparedness Guide.  Spanish Version.
14. Ready.gov for Kids

Please pass this information along to those disaster preparedness, first responder and organizational disaster readiness team members in your organization – as well as doing the same for members of your family and the emergency management teams in your community.

Photo courtesy of ASQ Northern VA Section 0511

The larger the organization the more likely it is that there are written instructions about how things are done within that organization. This makes sure that nothing is left out and that everyone is clear about who needs to do what, when and how. When an organization systematizes how it does things, this is often known as a management system.

With that thought in mind, it is not surprising to notice that ISO Management Systems are becoming increasingly popular with risk based standards for Information Security, Service Management and Business Continuity.

How do these standards (along with their inclusive and related management systems) make an organization more competitive and how does the quality aspect of an ISO Management System benefit the overall business?

ASQ Northern Virginia Section 0511 Meeting

Sally Smoczynski will be the guest speaker at the American Society for Quality (ASQ) Northern Virginia Section 0511 Dinner Meeting — on June 19, 2013, and, she will present answers to the questions above.

She will also define: (a) the elements of a management system, (b) its certification requirements, as well as, (c) facilitate discussions and offer examples on how a growing number of today’s businesses are gaining value from these risk based standards.

Click here for more details and to register to attend.

Sally Smoczynski has spent over 25 years assisting clients to achieve success in business process alignment within Information Technology. Sally has a strong background in Governance, Risk and Compliance with an emphasis in Information Security Management and IT Service Management.

Sally is a Managing Partner for Radian Compliance, LLC. She manages client engagements with assessment, implementation, internal audit and training services for many auditable Standards including ISO 27001, ISO 20000, SPC1, ISO 22301 and ISO 9001.

If you have any concerns about protecting the reputational risk of your organization, our staff recommends you to view a free webinar being offered from the Disaster Recovery Journal group.

The title of the webinar is “Reputation Equals Revenue” and will be offered Wednesday June 12^th at 12:00PM – 1:00PM (CDT).

The effect of cyber security related risks on corporate and brand reputation is real.  And, because reputational damages are often measured in millions of dollars, unplanned downtime can carry far more than a “per hour” cost.

Based on data from a new global study from IBM conducted in cooperation with the Economist Intelligence Unit (EIU), this webcast will help you make the connection between reputational ROI and your IT investment in security and business continuity.

Cyber Security Webinar

Hear Jason Sumner of the EIU provide unique perspectives on reputational risk and IT and  IBM Business Continuity and Resiliency executive, Ron Martel, who will discuss steps you can take to effectively prevent and mitigate these risks.

Click here for more details and to register.

Find out more about emergency reporting.

Courtesy of desirulez.net

As one of the risk management options mentioned in an earlier cyber insurance related posting on this website, our staff would like to recommend the CyberEdge Mobile App for the iPad to cyber security risk management team members where you work.

AIG “Cyber Risk Report 2013

This CyberEdge Mobile App was developed by the American International Group, Inc. (AIG) in response to a recent AIG survey and report, where it was found that 80% of executives and brokers find it very difficult – if not sometimes nearly impossible – to keep pace with defending against and mitigating risk related to cyber threats.

This report focuses to the many new forms of risk facing firms today and stresses how important it is that these firms quickly become acquainted with these potential breaches to their data (such as hacking) and the ways to mitigate them. The report also realizes that the insurance industry as a whole needs to be at doing all that it can and remains able to offer innovative solutions to assist firms in mitigating this risk.

Other findings of note provide further insight into the level of cyber risk concern among executives and brokers:

•        69% of executives and brokers believed that the reputational risk from a cyber-attack is far greater to a company than the financial risk

•        75% of executives and brokers said legal compliance issues are making companies think more about cyber risks.

•        The vast majority of brokers and executives (82%) believed hackers are the primary source of cyber threats, though a significant portion of those surveyed (71%) also perceive human error as a significant component of cyber risk.

Whether or not your firm is ready to sign up to the CyberEdge product offering available now from AIG, the fact remains that there is valuable information and value-added purpose in taking a look at this AIG app offering.  Currently the app is available only to iPad users.

But with that limitation aside, this CyberEdge Mobile App delivers at least some of the following benefits and information to its users:

• All the latest cyber news from industry-leading news providers

• Information on the most recent data breaches nationwide

• An extensive database of cyber resources

• A calculator to help estimate potential liability costs

• More than 20 claims narratives to better understand how AIG has responded to other breaches

• A glossary of common cyber terms

• Information on CyberEdge and contact details to learn more

If you find this information applicable, please pass it along to those information security, disaster preparedness and cyber risk management team members in your organization.

And, of course, if you are aware of any other developing similar tools to assist in mitigating similar cyber threats, please comment and offer them to all of readers.

Click here to get even more information about this app.

Click here to download the full AIG Cyber Threat Report 2013.

It is our staff’s assumption that many disaster preparedness, first responder or disaster recovery team members fully recognize the growing role which social media and its social networks play as the primary source of news and information when disasters occur.

In a recent InfoGraphic, the University of San Francisco Online Master of Public Administration group organized findings from a variety of surveys which collectively bring home the fact that during disasters, social networks often replace 911 as the go-to source for help and assistance in many communities throughout the U.S.

A quick glance at some of the other findings shown in this Info Graphic would include at least the following observations:

1. One (1) in five (5) Americans have used an emergency app on their smartphones or portable devices,
2. 80% of Americans expect emergency response agencies to monitor and respond to social media platforms,
3. 76% of Americans contact friends and family via social networks to make sure they are safe,
4. 18% retrieve emergency information through Facebook,
5. 33% of social media users expect help to show up within 60 minutes of a posting, and
6. At its peak, Instagram users uploaded Hurricane Sandy related photos at a rate of ten (10) every second.

How survivors and disaster recovery and rescue teams harness social media in the future can only strengthen its position as a critical component in the disaster recovery process over time.

Certainly, if you’re D/R or incident response team – where you work or where you live – requires additional testimony to the value-added purpose and role of social media/networks —then this InfoGraphic fills the bill.

Click here to view the full InfoGraphic, review its source materials, and better understand how social media has revolutionized communications during natural disasters.

What role does social media play in your business continuity or disaster recovery plan where you work, in the community where you live, and/or simply in your own family’s emergency response plan?

Continuity Insights and Fusion Risk Management, Inc. – together – will host a webinar entitled: “Trending ISO 22301 — Does It Matter?” on Wednesday May 29th at 3:00 PM EDT.

ISO 22301 is the first converged standard in the DR/BC Industry. As a result, it is gaining momentum and is certainly a trending topic. But what does it mean to you and your organization? Where does it provide leadership and best practice, and where does it present the obvious or represent compromise? Most importantly, what aspects provide direction for opportunities to improve your program and deliver business value?

Register today to learn how to make ISO 22301 work for you! https://www1.gotomeeting.com/register/598934057

photo courtesy of vpnchoice.com

For quite some time, business continuity professionals have been associating Cyber Security as an important Business Continuity Planning (BCP) concern, but, like so many other issues in the world of BCP, without full buy-in from upper management (or the Board of Directors), it will be almost impossible to truly implement effective Cyber Security policies, plans and procedures throughout any organization.

With that point in mind, and to assist the process of increasing cyber security awareness in your company’s upper management, our staff recommends reading an article written by Edward B. (Ted) Brown III, CBCP CBCV MBCI, where Brown not only stresses the importance and need for awareness of how Cyber Security relates to your organization, but primarily presents a logical argument for what an organization needs to do to heighten that awareness and develop proactive and preventive action plans to mitigate those potential cybersecurity related risks and threats against your organization.

Brown begins that process by recognizing the fact that as the world becomes increasingly interconnected, BCP professionals must pay more attention to all security levels of their organization’s connections with everything required for that organization to successfully achieve all of their strategic objectives.

Given the growing awareness of hacker threats and the need to do something about them, Brown then suggests that the best way to protect your organization from these threats is to implement effective policies, plans and procedures which directly address and mitigate such threats.

And, finally, Brown believes that the best way to demonstrate the needs for those policies, plans and procedures to upper management is to perform a Cyber Security audit of your organization and then, evaluate, plan and implement the resulting recommendations —followed by effective measurements to allow improvement to that process over time.

Click here to read Brown’s full article and, if applicable, please pass this information along to those risk management and business continuity planning team members in your organization.

photo courtesy of catastrophy property casualty

Protecting a company’s digital assets continues to be a challenging component of a director’s and/or board member’s total fiduciary duties — and— with the growing number of regulations now imposing more specific privacy and cyber security related obligations on companies — answering the question of whether or not those directors are managing cyber risks responsibly begs the need to find out how well those directors are really doing…..

To that point, Carnegie Mellon University’s “CyLab” group recently released the results of a survey it conducted which examined data across geographical regions and by various industry sectors to find out how well directors and officers were doing in managing cyber threats and risks and governing the security of their organizations’ information, applications and networks —i.e. their digital assets.

The title of that survey is “The Carnegie Mellon Governance of Enterprise Security: CyLab 2012 Report” and was sponsored by RSA, The Security Division of EMC.

The results of this survey reveals that corporate boards and executives are taking risk management seriously, but there is still a gap in understanding the link between information technology (IT) risks and enterprise risk management, and, it appears that this gap also indicates that boards have a lack of understanding of how all business operations are supported by computer systems and digital data and how risks in these areas can undermine operations.

Additionally, the survey results indicate that North American boards lag behind European and Asian boards in undertaking key activities associated with privacy and security governance such as regular reviews involving annual budgets, roles and responsibilities, and top-level policies.

Some of the recommendations made in this report to significantly improve any organizations’ security posture and to mitigate or reduce cyber related risk(s) included:

1. Establish a board Risk Committee separate from the Audit Committee and assign it responsibility for enterprise risks, including IT risks.
2. Recruit directors with security and IT governance and cyber risk expertise.
3. Ensure that privacy and security roles within the organization are separated and that responsibilities are appropriately assigned.
4. Evaluate the existing organizational structure and establish a cross-organizational team that is required to meet at least monthly to coordinate and communicate on privacy and security issues.
5. Require regular reports from senior management on privacy and security risks.

Click here to read the entire report, and, if applicable, please pass this information along to those risk management team members who may want to add this information to their resource library for further reference.