Posts tagged November
How CIOs can prepare to combat cyber attacks | Network World

If you’re like most chief information officers (CIOs), you may be feeling a sense of uncertainty and unpreparedness when it comes to dealing with cyber threats. And the truth is, you likely have good reason to feel that way.

“Cyber attackers are more organized and sophisticated than ever,” stated KPMG’s Steve Bates. “They’re using better tools and have greater access to funding — be it from competing corporations, rogue nations, or activist groups. These cyber criminals have the commitment and the means to breach and inflict significant damage to almost any company.” Read more

What's in the fine print of your disaster recovery vendor agreement? | Network World

Disaster-recovery solutions require several complex, moving parts coordinated between your production site and the recovery site. Service-level agreements are ultimately the most accurate way to determine where responsibility is held for disaster-recovery process and execution. It’s important to have SLA documentation around these critical aspects of recovery so that customers have commitments from their vendor. I’s also important that a service provider’s agreements contain service-credit backed SLAs for additional accountability. Read more

Data breach hits Department of Social Services credit card system | The Guardian

The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached.

In letters sent in early November the department alerted the employees to “a data compromise relating to staff profiles within the department’s credit card management system prior to 2016”.

Compromised data includes credit card information, employees’ names, user names, work phone numbers, work emails, system passwords, Australian government services number, public service classification and organisation unit. Read more

5 rules for smarter cyber communications | CSO

With the Equifax data breach continuing to make headlines, we're seeing yet further proof that the way you communicate in the aftermath of an incident plays a significant role in determining its ultimate impact. Executives responsible for cybersecurity need to understand how a good cyber communications function works, and they need to make it a regular part of any conversation related to information security or risk management.  Read more

Workplace Recovery Report 2016 | The BCI and Regus

If adverse weather or system failures mean the workplace is no longer usable, where do employees go to continue working? Whether the incident only affects the organization's facilities or it’s area wide, there should be clear arrangements in place.

This report, in association with Regus, gathers responses from 914 respondents across 78 countries. It looks at how many organizations have workplace recovery arrangements in place, what those are, and how well informed the employees are on how it affects them.

TCFD Recommendations | Financial Services Board

One of the essential functions of financial markets is to price risk to support informed, efficient capital-allocation decisions. Accurate and timely disclosure of current and past operating and financial results is fundamental to this function, but it is increasingly important to understand the governance and risk management context in which financial results are achieved.

The financial crisis of 2007-2008 was an important reminder of the repercussions that weak corporate governance and risk management practices can have on asset values. This has resulted in increased demand for transparency from organisations on their governance structures, strategies, and risk management practices. Without the right information, investors and others may incorrectly price or value assets, leading to a misallocation of capital. More

Patricia Scheltus2017, November
Horizon Scan 2017 | The BCI

Threats. Disruptions. Trends. There’s a lot to consider when putting together a business continuity plan. But what are the biggest risks facing your organization right now? Are we all worrying about the right things?

The Horizon Scan Report 2017 answers these questions and more. Created in association with BSI, it reflects the views of business continuity professionals in 726 organizations across 79 countries. Now in its sixth year, the report delivers insight that helps organizations plan for any challenging conditions coming their way, and to thrive in the long-term.

Strategies to mitigate cyber security incidents | ASD

The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents. This guidance addresses targeted cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, 'business email compromise' and industrial control systems.

This guidance is informed by ASD's experience responding to cyber security incidents and performing vulnerability assessments and penetration testing Australian government organisations.  Read more

Patricia Scheltus2017, November
Using drones in business continuity planning and exercising | Continuity Central

The benefits of drone deployment during disaster recovery are well-known. They have supported emergency response teams around the world many times - providing critical, real-time insight for faster damage assessments and faster recovery decisions. But drones can also be deployed during business continuity planning and exercising to great effect, says Kate Treen.

For businesses with structural assets, such as buildings, powerlines, turbines and physical infrastructure, an incident is far more likely to impact badly when business continuity planning updates for these assets has not been effective or frequent enough. Collecting accurate data periodically (and aiming to reduce recovery times) can significantly improve the effectiveness of business continuity plans.

More