E-Discovery – Compliance and Privacy Challenges

July 27, 2010

One of our readers recently brought our attention to the Legal Talk Network website and recommended that we pass along the fine reporting work this website provides its readership regarding the topic of e-Discovery.

Our staff agrees and recommends that anyone trying to keep current on this controversial risk management topic should visit and benchmark this website as well as pass this information to the business continuity and risk management team members in their organization.

Click here to listen to a recent podcast of host Gina Jytyla, Managing Staff Attorney in the Legal Technologies division at Kroll Ontrack, as she welcomes Kimberly Marin, Security Analyst and E-Discovery Specialist with the Hershey Company and Nasar Ali, Legal Consultant for Kroll Ontrack, to discuss key milestones in the history of e-discovery.

Federal Cybersecurity Guidelines Document Update Released by NIST

July 13, 2010

The National Institute for Standards and Technology (NIST) — associated the U.S. Department of Commerce — recently released an updated set of guidelines that organizations can use to develop their security assessment plans, as well as their associated procedures for security controls.

These new guidelines are officially entitled, “NIST Special Publication 800-53A, Revision 1, Guide for Assessing the Security Controls in Federal Information Systems and Organizations Building Effective Security Assessment Plans”.

This document is a valuable content resource that should be included in the library of reading requirements for your organization’s information security and risk management teams.

To download this guidelines document, CLICK HERE.

GAO Continues to Express Ongoing Cyber Security Concerns

July 5, 2010

Many postings about information security associated with Cloud computing decisions have indicated that the jury is still out regarding a final decision of how secure the cloud really is – now more than ever, it is very important to take the time to review, evaluate, and test those organization specific components of a cloud decision making process before you make a final decision.  

Compliance and regulatory requirements along with having  information security controls in place before you make a final decision are just a few of the elements to consider in that decision process.

It is with this in mind, that we point your direction to a recent article written by Grant Gross and posted on the Computerworld website.  In this article, you may see concerns about cloud computing or cybersecurity mentioned and summarized from a recent U.S. Government Accountability Office (GAO) report that match risk managment issues over cloud computing expressed in your own organization. 

It is also  likely that your organization and our own U.S. government are both being driven by similar anticipated cost reductions coming from a move to a cloud computing environment. 

Our staff believes that those similarities for both benefits and risks may have some relevancy in all organizational cloud computing decisions, and, should be passed on to information security and risk management team members in your organization.

Click here to read the full article, and let us know your thoughts and comments. 

Is your organization at the same point of review regarding a cloud computing decision? 

After reading this article, have you learned more of what to do or what not to do in order to make a best case decision for moving your organization to the cloud?

Best Practices Offered for Private Cloud Computing

July 3, 2010

In a recent article written by Features Writer Laura Smith, and posted on the SearchCIO website, some developing best practices for the utilization of private cloud computing are presented and offered to our readers. 

That list of best practices starts with three actions – (1) assess, (2) deploy and (3) analyze —  and ends with the following two recommendations —  (4) creating reusable code and (5) stressing  not to forget to charge back those reported metered services provided by private cloud computing providers.

Click here to read Laura Smith’s entire article.

Many of our past postings on this website have focused on the cloud and cybersecurity issues, and, as a result, have initiated readers inputs regarding ongoing concerns about information security and privacy.  Our staff  hopes that the information provided by Laura Smith’s article will offer more perspective 0f and input to the decision making process regarding this current and controversial topic. 

If applicable, please pass this information along to those business continuity and risk managers and management team members in your organization.

BP’s e-Discovery Challenges

June 20, 2010

In past postings on this website, our staff has tried to bring the attention of our readers to the topic of e-Discovery, and the potential risks involved, and, — if not properly mitigated with effective and timely responses – the probable negative burden that a discovery process will have on any organization’s assets and/or resources.  

Aside from all of the obvious damages stemming from the BP oil spill in the Gulf of Mexico, we believe that another less obvious challenge is facing BP – and that challenge is e-Discovery.

Even for those organizations not in the oil industry, we present the premise that there may be important lessons to learn in observing the ongoing developments of the discovery process in the pending litigation against BP over the next several months and the role that e-Discovery plays in those processes.

We also believe that surrounding this BP disaster recovery effort, there is an associated argument that clearly demonstrates the need for companies – especially global companies – to have a strong eDiscovery plan and/or policy in place as part of their total organizational resiliency and preparedness strategy.

We recommend reading a recent article written by Rob Ameerun and posted on the Legal IT Professionals website where Digital Reef’s Steve Akers was interviewed about the e-Discovery challenges that face BP after the oil spill disaster in the Gulf region. Steve talks about the best strategy, information governance, and Early Case Assessment.

Pass this information along to your organization’s in-house counsel and risk management or business continuity team leaders.

Click here to read the full interview.

Hurricane Preparedness Myths Dispelled

June 18, 2010

In a recent article posted on the FloridaRealEstateRama Florida website, several myths are dispelled and new facts are offered by The Institute for Business & Home Safety (IBHS) regarding the critical disaster safety topic of hurricane preparedness. 

In our efforts to expand the awareness of and need for preparedness activities of organizations, we fully recognize the role that individual employees of those organization play in support of those organizational driven business continuity and risk management actions. 

Therefore to help both organizations and individuals increase their levels of hurricane preparedness and awareness levels, we recommend adding this information to their preparedness reference content library.  We also recommend adding this information to your PS-Prep related reading  requirements list.

Click here to read the full IBHS article.

Information Security Risk and Tips Using Photocopiers

June 15, 2010

In a recent article written by Michael Kassner and posted on the TechRepulic.com website, we notice an area of information security and compliance risk concern that needs to be brought to the attention of our readers.

If your organization is in compliance to or certified to any information technology framework or international standard (i.e. ISO 27001:2005), then the security analysis process or at least the information security policy of your organization should address the information security and data security risk(s) associated with any digital photocopier product operating in your organization.

Many of our readers may be already aware of this risk, but, they also may be less than totally clear on the information system security risks associated with those copiers.

While whether a particular multi-function peripheral (MFP) saves every digitized document or not appears to depend on the brand, and, how it is configured — we suggest adding this article to your library of information security reference documents.

Please pass this along to your information security assessment and risk management team members in your organization.

Click here to read the full article.

Cyber Security Legislation Introduced by Lieberman, Collins and Carper

June 11, 2010

Cybersecurity is an information security topic often discussed in postings on this website.

Many of the information security systems and security policies of organizations that follow this website face (or will face in the future) ever more challenging risk management decisions to be made over cyber security concerns.  Our staff views this legislative support activity as a strong component in the ability of our government to better support U.S. companies who are facing a growing number of cybersecurity related issues.  

To our point —  Senate Homeland Security and Governmental Affairs Chairman Joe Lieberman, Ranking Member Susan Collins and Committee Member Thomas Carper recently introduced legislation to strengthen, modernize and safeguard our nation’s cybersecurity networks today. 

View the video summary of this important development as posted on the Senate Committee on Homeland Security and Governmental Affairs website as well as read additional related articles on this topic — CLICK HERE.

Click here to read the complete letter written by Lieberman, Collins and Carper, posted on the Politico website and submitted in support of their legislative presentation. 

If your organization is affected by cybersecurity risk management issues, then please pass this information along to the appropriate information security management members assigned the responsibility of information technology security.

Do you think this kind of legislation activity is good for U.S. companies?

Emergency Response Exercise to be Held in Chicagoland area

June 11, 2010

Emergency Response Exercise to be Held in Chicago area

On June 9^th, a staff press release was issued on the Chicago Breaking News Center website announcing a massive emergency response exercise which could affect some of our readers and organizations located in the Chicagoland area.

In a related press release by the Illinois Army and Air National Guard, it was stated that “It is a full-scale exercise, so residents can expect to see emergency responders looking and acting as if this was a real homeland security/domestic response mission.”

The five-day training exercise will run from Sunday (June 13^th) through Thursday, June 17), and will range in a variety of Chicagoland locations including suburban areas such as Oaklawn, Bridgeview, Bensenville – click here to read the full staff report.

If applicable, please pass this information along to all of the risk management, disaster planning and disaster recovery, and emergency response planning teams in your organization as well as any related community emergency response program team leaders or any individual associated with supporting the Department of Homeland Security (DHS) PS-Prep program in the Chicagoland area.

Lieberman & Thompson Urge PS-Prep Is a Necessity, Not a Luxury

June 5, 2010

With so much in the news surrounding British Petroleum (BP)’s difficulties and inabilities –for now nearly thirty (30) days — to cap its gushing oil well nearly a mile below sea level, a strong message of the need for more preparedness or readiness (or perhaps the lack of preparedness and/or readiness) is being raised across the U.S. and we believe that growing level of awareness in the U.S. can and should focus more attention again on PS-Prep — the voluntary program to help private sector companies develop preparedness, resiliency, response, recovery, and business continuity plans.

On Thursday June 3, Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and House Homeland Security Committee Chairman Bennie Thompson, D-Miss., co-wrote a letter to DHS Secretary Janet Napolitano noting that the PS-Prep program still has not been launched – even though that was a requirement coming from legislation passed by Congress almost three years ago.

The essence of the letter was that Lieberman and Thompson both urged the Department of Homeland Security to step up its implementation of PS-Prep.

Another strong message in the letter stressed that “private sector preparedness is a necessity not a luxury” – given that the private sector owns nearly eighty-five (85%) per cent of critical infrastructure in the U.S.

To read more about the message that Lieberman and Thompson sent to DHS’s Napolitano, we offer the full content of the letter reproduced below –

June 3, 2010

The Honorable Janet Napolitano
Secretary
Department of Homeland Security
Washington, DC 20528

Dear Secretary Napolitano:

We are writing to urge you to accelerate the Department of Homeland Security’s (DHS) launch of the voluntary private sector preparedness accreditation and certification program, commonly referred to as PS-Prep, required by Section 901 of the Implementing Recommendations of the 9/11 Commission Act of 2007, P.L. 110-53 (hereon referred to as “the Act”).

The Act, which was signed into law nearly three years ago, required DHS to adopt one or more preparedness standards for the program and to implement the program not later than 210 days after enactment. Unfortunately, the previous Administration missed the statutory deadline for implementation and failed to widely promote the program. To date, the program still has neither been implemented, nor promoted, as required by the law.

The Executive Branch’s failure to implement the program is regrettable. Given that the private sector controls 85 percent of the critical infrastructure in the nation, private sector preparedness is a necessity, not a luxury. The National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission) found that the private sector remains largely unprepared for disasters, and the recent devastating oil spill in the Gulf of Mexico serves as a painful reminder of why preparedness is so important.

To address these preparedness vulnerabilities, Congress required DHS to establish the PS-Prep program to replace ad hoc and isolated preparedness measures with appropriate voluntary standards implemented through a structured approach. The program will also raise the visibility of the importance of private sector preparedness and provide a roadmap to preparedness, benefitting businesses that choose to participate and making America safer.

We appreciate that under your leadership DHS has published draft standards for public comment and engaged in 10 public information sessions. However, we remain concerned that the timeline for adopting final standards for PS-Prep continues to recede. This past winter, DHS officials told staff from both Committees that they intended to adopt final standards this spring, but DHS recently informed us that it would miss this deadline. Current expectations for implementation appear to be set for this autumn. Needless to say, every additional delay in implementation further violates the Act and means less security for our country.

While DHS has moved forward with the rulemaking process, we note that DHS leadership has not embarked on a campaign to fully engage the private sector in this voluntary program. The success of PS-Prep will depend upon the active participation of the business community.

The impact of future disasters on vulnerable cities and towns across the country would be significantly mitigated if businesses were armed with preparedness and recovery programs. Proper preparation leads to resilience and recovery. PS-Prep would serve as a helpful tool in preparing the private sector for all types of disasters. This valuable program should be quickly implemented.

We implore you to act promptly to implement this program and vigorously promote it within the private sector. We ask that, within the next 15 days, DHS provide a timeline for adopting standards for the program. Additionally, please provide your plan to conduct a campaign to promote the program, as well as a plan to implement the Act’s requirements for separate classifications and methods of certification for small business concerns. We look forward to continuing to partner with you on this important program. Thank you for your attention to this important issue.

Sincerely,

JOSEPH I. LIEBERMAN
Senate Committee on Homeland Security & Governmental Affairs

BENNIE G. THOMPSON
House Committee on Homeland Security

cc: The Honorable Craig Fugate, Administrator, Federal Emergency Management Agency

Please pass this important development along to the business continuity and risk management team members in your organization, and share your comments with our BC community of readers.

Next Page »

• 
• 
• 
• 

• Subscribe

  • Subscribe to RSS
  • Comments

• Recent News

  • Career Options and the PS-Prep Program
  • E-Discovery – Compliance and Privacy Challenges
  • “Career Options and the PS-Prep Program” – July 27th, 2010 Webinar Reminder
  • Can Resilience be Enshrined in a Standard?
  • PS-Prep Developing Liability Protection?
  • PS-Prep Career Options Webinar
  • Emergency Plans and Behavioral Accuracy
  • Business Continuity Testing Guidance
  • Federal Cybersecurity Guidelines Document Update Released by NIST
  • Checklist Offered to Mitigate Project Related Risk Factors

• Categories

  • Events
  • Information
    • Auditing
    • Business Continuity Info
    • IT Service Management
    • Organizational Resiliency
    • PS-Prep Program
    • Regulatory Compliance
    • Standards & Best Practices
  • Security
    • Cybersecurity
    • Environmental Security
    • Executive Protection
    • Homeland Security Dpt
    • Information Security
    • Physical Security
    • Regulatory Compliance
    • Safety
  • Tools & Resources
    • Community Projects
      • Forms & Checklists
      • Glossary
    • First Timers
      • FAQs
  • Uncategorized

• Archives

  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

• What Others Are Reading About

  ANAB ASIS ASIS SPC.1-2009 best practices Business Continuity business continuity management business continuity planning Business Continuity Plans compliance compliance risk contingency planning corporate security crisis management cybersecurity cyber security data breach Department of Homeland Security DHS disaster recovery disaster recovery planning e-Discovery emergency response enterprise risk management FEMA Information Security information systems security network security NFPA 1600 organizational resilience Organizational Resiliency Physical Security preparedness privacy Private Sector Preparedness PS-Prep PS-Prep Program readiness Regulatory Compliance resilience Resiliency risk assessment risk management Security security management security policies Auditing (4)
  Business Continuity Info (89)
  Community Projects (2)
  Cybersecurity (26)
  Environmental Security (2)
  Events (3)
  Executive Protection (1)
  FAQs (1)
  Forms & Checklists (1)
  Glossary (2)
  Homeland Security Dpt (11)
  Information (2)
  Information Security (57)
  IT Service Management (6)
  Organizational Resiliency (12)
  Physical Security (15)
  PS-Prep Program (57)
  Regulatory Compliance (16)
  Regulatory Compliance (9)
  Safety (4)
  Standards & Best Practices (9)
  Tools & Resources (4)
  Uncategorized (2)
  

  WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.