To better protect an organization and adhere to compliance and recovery requirements, organizations are turning to Enterprise Resilience to combine all recovery operations and personnel within a single entity that speaks the same language and uses the same tool set, while assuring that the company adheres to the laws and regulations of all countries they do business in. This document will help you achieve these goals.

Continue reading Achieving Enterprise Resiliency and Corporate Certification: A Presentation by Thomas Bronack, CBRP

Tags: best practices, Business Continuity, certification, enterprise resilience, regulatory requirements, resiliency, zero downtime

Mismanaging a potential risk exposure can cost your organization money as well as reduce your shareholder value. It can also leave your company unprepared to take advantage of business opportunities and limit growth and innovation.

Continue reading How Sound Are Your Business Continuity Plans?

Tags: Business Continuity, shareholder value

DRJ’s Fall World 2013 will feature an unprecedented amount of information! We are adding new tracks, revamping old ones and creating the best conference ever for our attendees.

Continue reading Fall World 2013 – The Show You Can’t Afford to Miss!

Tags: Business Continuity, Business Continuity Management, conference, Training

In 2012, Continuity Insights published its first report into the use of social media as a crisis communications tool. This year, Continuity Insights dug a little deeper in an effort to learn more about the industry’s social media strategies, how respondents view the risks associated with social media, and whether sentiment towards social media’s effectiveness has changed.

Continue reading Ignoring Social Media Is No Longer An Option

Tags: Business Continuity, Business Continuity Management, crisis communication, crisis management, social media

The 2013 Continuity Insights Management Conference, April 22-24, 2013, is less than three weeks away, and the team at Continuity Insights is gearing up for an exciting lineup of thought leaders, original content and recognized vendors.

The conference lineup includes three plenary sessions:

• In “The New Crisis Of Cyber Warfare — Are You Under Attack?” presented by David Chalk, Entrepreneur, Technology Expert and Visionary, Chalk will give attendees a clear picture of the current state of cyber warfare, and empower them to take the steps necessary to prepare for, and recover from, a cyberattack.
• In “Shots Fired: Managing The Operational Risk Of An Active Shooter Incident,” presented by Steven M. Crimando, MA, BCETSETSETS, CHS-V, Principal, Behavioral Science Applications, Crimando will give a candid presentation about the evolution of the active shooter threat, and introduce a comprehensive approach to active shooter prevention, response and recovery.
• To round out the plenary lineup, “From EF3 To FOB (Freight On Board) In 33 Days: Resilience At Spirit AeroSystems,” presented by Scott Norlin, BCM Program Manager, Spirit AeroSystems and Damian Walch, Director, Enterprise Risk Services, Deloitte, Norlin and Walch will share the feel-good business continuity story of the year — detailing how a disaster that could have easily disrupted operations was handled efficiently.

In addition to plenary sessions, the conference’s breakout sessions will detail how companies and organizations can better handle IT risks, crisis management, social media, pandemics, day-to-day decision making, and more. The pre- and post-conference workshops will offer an in-depth look at topics including BCI best practices and how to ensure a successful BIA, among others.

Do you have a business continuity conundrum of your own?  If so, there’s good news: The popular “Ask The Experts” track is back, giving attendees the chance to present their problems, challenges and questions to the panel of experts, who will then provide real-world solutions.

After being on your toes, it’s important to kick up your heels. Therefore, the conference will also offer a number of relaxed events, including a welcome reception, a “Zoofari” celebration at the San Diego Zoo, a silent auction, and the Continuity Cares community service project (to be held at the San Diego Food Bank).

Please visit http://www.cimanagementconference.com/ for more information, including a detailed agenda. If you have any questions, don’t hesitate to contact Jonna Mayberry, Continuity Insights’ editor, at Jonnatha.Mayberry@advantagemedia.com!

Tags: Business Continuity, CIMC, Continuity Insights, Disaster Recovery, Events, Standards, Training

My  topic of choice for today’s webinar listen-into was the one on Cyber Threats and Cyber Security by Brendan Byrne from IBM in which Brendan shared both IBM’s and other organizations experiences from the dark world of cyber threat.

According to a recent IBM survey, the biggest threat perceived by Business Continuity professionals is cyber-security.  Some of the challenges faced include BYOD (Bring Your Own Device) which is on the increase; the widespread use of social media with its pros and cons; workforce mobility and the increasing use of cloud-based solutions.

The landscape is changing for organizations all around the globe.  Big Data or Smarter Data inevitably means more security considerations and the growing use of online services is another cause for security concern.  The boundaries are becoming blurred as we step up the use of the innovative technology that is advancing our way.  Supply Chain Security, as Brendan quite rightly said, is indeed only as strong as the weakest link in the chain and the expanding use of data is presenting more and more problems in terms of potential threats to an organization.

According to the X-Force Research Team (just one of the jewels in IBM’s crown) who is tasked with analysing the worldwide web on a daily basis, scanning the horizon for new trends and new vulnerabilities, there are over 40M spam and phishing attacks every month!  Now that is a scary figure.  KPMG’s Data Loss Barometer 2012 showed that hacking is the number one cause of data loss and that data loss incidents have increased by 40% since 2011.  There is evidence of new attack activity as malware gets too clever for its boots.  Some of the challenges faced are down to things as apparently simple as passwords (or rather the common and widespread use of the same password) and of course there is the challenge of BYOD and a new concept, called APT (Advanced Persistent Threats).

One of the key messages that this webinar drove home, was the importance of embedding cyber-security into an organization’s business culture.  It is not enough to develop a policy and then file it away thinking that the job is done and a big fat tick has been put in the box.  With a constantly changing landscape and new threat activity entering the “Cyber Charts”, it is essential that organizations review, review and review again to ensure that their policies and procedures meet the current and future security needs of their business.

One of the key issues is that cyber threats are just getting more and more sophisticated.  Motives for cyber-attacks range from simple curiosity, to revenge, right through to the big stuff like espionage and political activism.  The players or actors on the cyber stage are also becoming increasingly more educated and organised.  They scale of actor type runs from the inadvertent actor, who may cause an incident through ignorance or lack of training; to the opportunist that just grabs the moment to do some damage; to the “hacktivist” (remember that is the number one cause of data loss); right through to the top of the tree with the advanced actor, that heads up some big scam.

According to IBM research, the top three IT risks that damage a company’s brand (its greatest asset) and reputation (as perceived by BC professionals) are:  Data Breach; Systems Failure and Data Loss in that order.

An interesting example of a botnet was put in the room as such to demonstrate both its apparent innocence and its inherent danger.   We can all very easily download a botnet.   More often than not, this just sits harmlessly on our computers until the organiser of said botnet decides to sell this onto another organization, which in turns uses this to collate important and personal data and there we have it – bring this data together into one central location and you have a hacker’s dream and the so-called Money Mule concept kicks or trots (does a donkey trot?) into action.  So we see that the end users are also part of an organization’s security landscape.

Brendan also expanded on the IBM approach to managing cyber threats. The IBM approach consists of two elements – the first is the “Pre-exploit”, which is all about prediction and prevention and the second is the “Post-exploit” which is about reaction and remediation.  Every organization needs to adopt this approach.  Every organization needs an instant handling approach and every organization needs an intelligent view of their security position.  When working with clients, IBM has discovered that most organizations think they have an optimised approach; but reality tells another story with the majority only having basic measures in place.  Organizations need to aim to be proficient in order to be able to proactively protect themselves from cyber-attacks.

Brendan listed the essential practices as follows:

1. Build a risk awareness culture and management system
2. Manage security incidents with greater intelligence
3. Defend the mobile and social workplace and make social media work for you and not against you
4. Have security-rich services by design and not as an after-thought
5. Automate security hygiene
6. Control network access and help assure resilience
7. Address the new complexity of cloud and virtualisation
8. Manage third party security compliance
9. Better secure data and protect privacy
10. Manage people’s identity throughout the whole security lifecycle

Brendan then talked about the IT Trends for 2013, which he defined as follows:

1. Cloud security will move from hype to a mature solution and will progress
2. Advances in BYOD mobile will increase and be more secure than laptops by 2014
3. Compliance will be a big driver for 2013 with organizations facing potential fines of 2% of their global annual turnover
4. Data explosion will increase

And in conclusion, Brendan left us with the top threats for individuals to consider in 2013 and these are:

1. Cyber Security
2. Supply Chain Security
3. Big Data
4. Data Security in the cloud
5. Consumerization

So yes, cyber-threats are very real, but with the right approach to cyber-security they can be managed.

If you missed Brendan’s webinar, you can catch up here >>

Tags: BCAW 2013, Business Continuity, Business Continuity Institute, Business Continuity Management, cloud computing, crisis communication, crisis management, cybersecurity, information security, IT Risk Management, reputation management, Risk Management

During November and December 2012 Continuity Central conducted a survey to determine what changes and challenges we can expect to see in the business continuity profession during 2013.

Continue reading Business continuity in 2013: survey results

Tags: Business Continuity, survey

After several close calls with hurricanes, executives at Florida Hospital in Orlando decided to rethink their disaster plans. A direct hit by a storm could, of course, endanger patients. But it could also destroy the technology that the facility depends on for medical records, clinical test results, and accounting.

Continue reading CEO Guide to Disaster Preparedness: The Importance of Disaster Plans

Tags: Business Continuity, disaster preparedness, Disaster Recovery, Florida Hospital, hospital, Sungard

This easy-to-use yet comprehensive package of 1,700+ pages and 50 files of expert, step-by-step instructions and editable templates is just what you’re looking for if you need…

•  A clear, actionable Business Continuity Plan (BCP)—either freshly minted or totally revamped—and you need it yesterday!
•  To collect detailed information and perform a thorough analysis of your business.
•  Confidence to actually welcome an unexpected request from your CEO, auditor, or supply chain partner to see “the BCP.”
•  A no-fuss method to keep your BCP continuously updated or expanded.

Template for Comprehensive Business Continuity Management to Enhance Your Organization’s Resilience:

Business Impact Analysis, Business Continuity, Emergency Response, Training, Implementation, Exercise and Maintenance 

Continue reading Easy-to-Use Template for Comprehensive Business Continuity Management to Enhance Your Organization’s Resilience

Tags: 978-1-931332-59-0, 9781931332590, Business Continuity, Emergency Response, exercise, Implementation, Maintenance, template, Testing, Training

Creating a business continuity plan isn’t always an easy process. Small business owners may understand the importance of having one but it may be difficult for them to understand exactly how to go about creating one or obtaining buy in from employees.

Continue reading Business continuity planning for small businesses

Tags: Business Continuity, small business, smb, SME

More than a week after slamming into the East Coast, Hurricane Sandy is causing headaches in payroll.

Continue reading Disaster Dilemma: How to Pay Employees Who Missed Work

Tags: Business Continuity, compensation, employees, hurricane Sandy, payroll