 |
 |
 |
 |
 |
 |
|
|
||||||
|
|||||||
Assessing the Risk"Are Formal Risk Assessments of Any Use?", M. Jablonowski. (RM, Vol 49, 8) When making high-stakes risk management decisions, real world experience needs to be backed by the hard numbers of statistical analysis. But because of the lack of data available for many of the most costly risks, modeling and actuarial analysis can be seriously flawed, misleading decision makers with a false sense of precision. By recognizing and adjusting for knowledge uncertainty, risk managers can create the right mix between intuition and science. Go To Article "Business Continuity Planning: All the Right Moves", (DR Guide, 2002, p. 45) To countermand threatening concerns, businesses need a strategy based on the ability to anticipate, assess and know where threats lie. "Business Interruption, Part III: Finalizing Your BI Claim", J. Dempsey, D. Goodwin. (RM, Vol 49, 4) Putting together a good BI claim is up to the policyholder. Finalizing the BI claim, however, is a team effort. Go To Article "Can Your Company Be Liable For Not Making DR Plans?", Y. Mishra. (DRJ, Vol 15, 3, p. 38) Many high-level executives don’t appear to be making disaster recovery a top priority. In light of current legal developments, companies may be exposing their business, directors, and officers to potential liability by not implementing a disaster recovery plan. "Corporate Technology Risk Assessment: A Questionnaire", A. Scrimenti. (CPM, Vol 7, 1, p. 43) Being prepared goes beyond ceating a solid disaster recovery plan; it means constructing a technology environment that is always disaster-ready. Take this questionnaire to determine if your technology is disaster-ready, or a disaster waiting to happen. Go To Article "Crisis Management Series: Managing Psychological Claims", D. Price, M. Boutot. (RM, Vol 49, 6) Evaluating a psychological injury claim following a crisis event at work presents a delicate situation that combines the risk manager's responsibility to the business and the compassion involved in addressing the human aspects of crisis management. By setting forth a clearly defined path of evaluation, companies can differentiate between the cases needing legitimate response and those that are unfounded. Go To Article "Determining Business Risk For New Projects", K. Dye. (DRJ, Vol 15, 2, p. 74) As a business continuity planner, you most likely focus on the recovery of critical business processes in the event of a disaster. Do you also look at the recovery of critical business systems? If you are an IT disaster recovery manager, do you look at the recovery of the critical business processes or only focus on the recovery of systems? Do you have a process in place to ensure the synchronization of the recovery objectives of the two perspectives? Go To Article "Getting Your IP House in Order", F. Feng, M. Golden. (RM, Vol 49, 7) Intellectual property (IP) management has become a vital part of due diligence during any business transaction for high-tech companies. As a player in business transactions, the risk manager must understand: what IP the company has, how it is protected and where any potential liability may arise from it. Go To Article "Global Solutions to Terrorism Coverage", R. Meder. (RM, Vol 49, 5) In Israel, Italy, Spain, France and the United Kingdom government terrorism insurance coverage policy has already been made. These solutions offer a global perspective on how the United States might fare in the post-September 11 terrorism insurance market, with or without government assistance. Go To Article "Insurance Issues for Contracts", D. Julien. (RM, Vol 49, 3) Part of the risk manager's job is teaching the rest of the company about the field. Part of this is educating the managers who are responsible for negotiating contracts on the insurance implications of these signed agreements. Go To Article "Liabilities for Corporate Executives", D. Fischer, C. Feldman. (RM, Vol 49, 9) Directors’ and officers’ liability has taken on a new meaning and a new reality for many companies, with nervous executives who want to know how they could be held liable. Learn how to explain those potential exposures as well as techniques to minimize them through statute, charter provisions or contracts, and insurance. Go To Article "Limiting the Effects of Employee Fraud", T. Mohr. (CPM, Vol 7, 3, p. 34) Fraud prevention policies and procedures, coupled with effective employee education, can keep your company's profits from being siphoned off by dishonest workers. Go To Article "One Occurrence or Two: How the Courts Decide", J. Chanes, M. Daniels. (RM, Vol 49, 1) A continuing debate caused by the September events in New York is whether what happened at the World Trade Center will be judged as one occurrence or two. The answer will depend on which state court is giving the opinion, and which of three possible tests it uses. Go To Article "Paradigm Shift In Handling Disasters", M. Talon. (DRJ, Vol 15, 1) Every member of a corporation, from the CEO to the mailroom, is influenced by data loss and system outages. Regardless of who is directly and/or indirectly affected, the results of these interruptions are always the same at their most basic level – loss of time, loss of money, loss of business. Go To Article "Respecting Brand Risk", D. Abrahams, E. Granof. (RM, Vol 49, 4) A logo, a color scheme, even a jingle--companies spend a lot of money to leave a mark in the minds of consumers. A well-known brand, however, can go from famous to infamous overnight. How can you manage, mitiage and even use this inherent brand risk to your company's advantage? Go To Article "Returning from
a Deep Soft Market and the Largest Catastrophe in History",
G. Alff. (RM, Vol 49, 1) In his annual review, Alff examines how
much of a dip the insurance industry is destined to take--particularly
in light of the events of September 11, 2001--which sectors will
suffer the most and what risk managers should expect for renewals. "The Business Case for Continuity Planning" L. Douglass. (DR Guide, 2002, p. 10) There is now a widespread recognition of continuity planning as a business requirement. A list of challenges is presented naming the reasons for executing strategic plans post September 11, 2001. "The Perils of Web Site Liability", M. Greisiger. (RM, Vol 49, 7) New trends in cyberliability—including privacy policy breaches and Web site disability discrimination—could present problems for even the most secure network. But in an effort to mitigate these liabilities, risk managers find themselves without standards of due care against which to measure their companies’ cybermanagement policies. Go To Article "Tutorial: Drawing Risk Maps", M. Jablonowski. (CPM, Vol 7, 6, p. 28) Integrating enterprisewide risk mapping into the risk assessment process can help planners better foresee their organizations’ vulnerabilities. Go To Article Building the Plan"A Crisis Plan Is A Must Have For Every Company" E. Moed. (DRJ, Vol 15, 4, p. 25) How would your company evaluate and communicate if a dirty bomb exploded within a 10-mile radius or your building was threatened with radioactive, biological, or chemical agents? Does your current crisis plan really provide up-to-the-minute protection? "All Hands On Deck", J. Besharah, J. Glenn. (DRJ, Vol 15, 2, p. 56) Most planners are beginning to accept and to promote "enterprise" planning rather than either specifically "business" or "support" (read IT) function-only plans. What is often not stressed is the need for what we term "all hands" planning. Go To Article "Are You Managing The Risk Of Downtime?", W. Hinton, R. Clements. (DRJ, Vol 15, 3, p. 64) Can you imagine going out of business next month? Next year? Without an adequate DR plan, what seems like an unlikely scenario could become frightening reality. "BCP Testing Techniques and Alternatives", K. Williams, M. Keehan. (CPM, Vol 7, 2, p. 36) By learning the key aspects of recovery plan testing and investigating alternatives to full-scale tests, planners can effectively manage the maintenance and testing required for a solid program. Go To Article "Business Continuity Planning: A Guide to Outside Expertise", H. McKeefry. (DCM, Vol 22, 2, p. 18) No one, after Sept. 11 last year, can deny the value of having a plan for worst-case scenarios. Consider this vendor-neutral primer to be required reading on what a DR company can and can't do for your data center. "Clearly A Benchmark, Potentially A Requirement", S. Davis. (DRJ, Vol 15, 3, p. 14) The NFPA 1600 "Stand on Disaster/Emergency Management and Business Continuity Programs" is designed to be a description of the basic criteria for a comprehensive program that addresses disaster recovery, emergency management, and business continuity. Go To Article "Contingency Planning Confidence Based On Knowledge", L. Taylor-Hamm. (DRJ, Vol 15, 2, p. 71) You did your homework. Your contingency plan is well-written, up-to-date, accurate, and tested. Now you can sit back and relax with confidence that your business will recover quickly and survive any disasterous occurance.… Then there's Slugger; he's not prepared for a disaster. You know a Slugger; his computer backups are next to the CPU in the office. Go To Article "Contingency Planning Should Have Been Obvious", D. Perry. (DRJ, Vol 15, 3, p. 73) Business recovery and contingency planning are frequently utilized terms where the requirements are normally misunderstood and, without exception, never completely implemented. Go To Article "Creating a More Rigorous BIA" B. Zawada, L. Evans. (CPM, Vol 7, 7, p. 24) Here are some BIA methodologies that will improve the chances of executive-level buy-in for your business continuity planning efforts. Go To Article "Disaster Recovery: Predicated On Fallacies", N. Koehler. (DRJ, Vol 15, 1) Years ago, I was often amazed at the number of businesses that had no viable recovery plan in place. Even more disturbing was to encounter those who believed that they had a recovery plan, when, as a matter of fact, they didn’t. Go To Article "Do Small, Medium Companies Implement DR Plans?", R. Barclay. (DRJ, Vol 15, 3, p. 60) After the events of this past calendar year, there is much additional incidental evidence that if a company fails to prepare for an unexpected event, they probably will not survive the disaster. Go To Article "How NFPA 232 Can Help You Protect Your Records", D. Hague. (NFPA, Vol 96, 2, p. 53) NFPA 232 defines a vital record and how to protect it. "Keeping the Stockholders Satisfied", T. Beck. (CPM, Vol 7, 2, p. 25) Does your contingency plan have a chapter on investor relations? Go To Article "Looking Worldwide Before Disaster Strikes", K. Hackett. (DRJ, Vol 15, 3, p. 81) Increasingly U.S. companies are looking to split their operations between the U.S. and Europe to allow for continuity of client service and to provide a contingency service. Go To Article "Looking Worldwide Before Disaster Strikes", K. Hackett. (DRJ, Vol 15, 3, p. 81) Increasingly U.S. companies are looking to split their operations between the U.S. and Europe to allow for continuity of client service and to provide a contingency service. "NFPA 1600: An Important Tool for Disaster Response and Recovery", D. Schmidt. (NFPA, Vol 96, 4, p. 88) Outlining the components of a comprehensive disaster plan. "Not All Fun And Games", J. Fussner. (SEC, Vol 46, 8, p. 84) When a theme park prepares an emergency response plan, it needs to consider dangers ranging from earthquakes to e-coli. "Preparedness, Protection For Your Business", S. Bishop, R. Kramer. (DRJ, Vol 15, 3, p. 74) In the business world, downtime and lost productivity mean lost revenue, an unacceptable proposition in any economy. Go To Article "Protecting Records: Post 9-11", S. Baltic. (NFPA, Vol 96, 2, p. 48) Now more than ever, companies are recognizing that protecting records is a crucial part of business. "Regulations for the Financial and Health Care Industries", R. Fisher. (CPM, Vol 7, 6, p. 26) Continued federal and individual industry regulations, court rulings, and stockholder pressure could be the impetus for BCP. Go To Article "RTO and RPO Not Tightly Coupled", R. LaPedis. (DRJ, Vol 15, 3, p. 24) When working on the functional requirement phase of your disaster recovery or business continuity plan, there are two goals to keep in mind for each business process; the recovery objective (RTO) and the recovery point objective (RPO). Go To Article "Scenarios In BC Plan Validation", C. Rohrs. (DRJ, Vol 15, 1) This article will discuss the use of scenarios in validating business continuity plans. Some of the validation exercises can be as simple as a notification test to make sure that all the branches of the calling trees are still attached, or they can be as elaborate as a full scale exercise covering several days involving the police, fire and FBI. Go To Article "Selecting a Crisis Management Consultant", L. Sullivan, S. Adams. (RM, Vol 49, 11) Deciding if you need a crisis management consultant—and choosing the right one—is a difficult process because of the high stakes involved. Learn the guidelines to help you through the process of selection—from understanding your crisis risk management needs and evaluating a cultural fit to assessing your existing resources. "Technology Tools for Crisis Response", (RM, Vol 49, 10) RM compiles a checklist of information from expert sources on the technological tools for operations, facilities and personnel that can help your organization respond to an emergency situation. "Those Folks In The Back Office", C. Rohrs. (DRJ, Vol 15, 3, p. 48) Some support-type units may be overlooked in the planning process. These are infrastructure units that provide support and services to the entire organization. Go To Article "What Is Business Continuity Planning?", J. Glenn. (DRJ, Vol 15, 1) There are many articles addressing how to create a business continuity plan, but few actually describe the purpose of business continuity planning. This then is my biased attempt to explain what business continuity is and what it is intended to accomplish; it is not intended to describe a business continuity plan or how a to create a business continuity plan. Go To Article "Why Do Business Continuity Plans Fail?", R. Grimaldi. (RM, Vol 49, 5) Business continuity planning (BCP) has been acknowledged as essential to business recovery, but simply setting a plan in place does not ensure success. By looking at the eight points where BCPs have failed, and two case studies from last September, risk managers can learn from the mistakes of the past to build, maintain and implement a better plan for survival. Go To Article Industry Specific Issues "An Assessment Of HIPAA Security Requirements", V. Miller, K. Lehman. (DRJ, Vol 15, 1, p. 62) The “proposed” Rule CFR 45 Part 142 Security and Electronic Signature Standards associated with the Health Insurance Portability and Accountability Act (HIPAA) addresses physical safeguards to “guard data integrity, confidentiality, and availability.” Go To Article"Building Bridges Between Private And Public Sectors" M. Walton. (DRJ, Vol 15, 4, p. 28) All institutions depend on others to perform their daily business. These interdependencies become especially critical in the face of disruptions and emergencies. Without effective collaboration during a crisis, a company can lose money, customer confidence, market value, and, ultimately, human life. "Contingency Planning at Carlson Companies" A. Haag. (CPM, Vol 7, 1, p. 16) Innovation and accountability mark the success of the contingency planning program at Carlson Companies, combining to produce fresh recovery strategies, create incentives for companywide participation in planning and testing, and present BCP as a value. Go To Article "Healthcare Condition: Guarded" M. McDonnell. (DR Guide, 2002, p. 47) Any breakdown at any point in a healthcare organization's network of interdependencies could cripple them. Author discusses HIPAA and JCAHO legislation as well as other concerns. "Keeping Current in the Utilities Market" B. Zawada. (DR Guide, 2002, p. 50) Author groups business processes that are significantly impacted by downtime into four main categories. "Prescription for Risk in the Pharmaceutical Industry: Manage to it" G. Stevens. (DR Guide, 2002, p. 46) Explains the highly complex world of business continuity for pharmeceutical companies." "Protecting the Halls of Knowledge: Business Continuity Planning at Colleges and Universities" K. Miller. (CPM, Vol 7, 7, p. 16) There are many challenges associated with developing and maintaining a business continuity plan for a large college or university. "Protecting, Maintaining and Evolving: 21st Century Business Continuity for Financial Institutions" P. McAnally, L. Bailey, D. Taylor, C. Jansen, L. Boyer, & J. Riley. (DR Guide, 2002, p. 40) "Recent federal regulations make business continuity a mandated essential for financial institutions." How to build a plan is covered step-by-step. "Regulations for the Financial and Health Care Industries" R. Fisher. (CPM, Vol 7, 6, p. 26) Continued federal and individual industry regulations, court rulings, and stockholder pressure could be the impetus for BCP. Go To Article "Service Harm Crisis: The Case Of The Express Samina", G. Siomkos, Z. Maditinos. (DRJ, Vol 15, 1) This article aims to underline the need for crisis management planning in companies involved in crisis prone business activities like coastal shipping. Go To Article"Traditional Threats, New Risks Have Manufacturing Spinning" R. Quaranto. (DR Guide, 2002, p. 48) Discusses how manufacturing companies need to adapt to increased risks. Managing the Program "A Beginner's Guide to Learning Emergency Management", S. Adams. (RM, Vol 49, 5) The responsibility for developing an emergency management plan has settled into the hands of risk management departments across North America. Unfortunately, many of the staff members who have been put in charge of these initiatives have no experience in the field. This article provides first-step instructions for anyone setting out to tackle this topic for the first time. Go To Article "Analyzing Your Expedited Transportation Options Before an Emergency Strikes" J. Childs. (DR Guide, 2002, p. 29) "You can't afford not to have a predetermined contingency plan for handling emergencies of all types…. In these crisis situations, it is almost a sure bet that you will be required to expedite shipments of supplies or products to and from your facility." "Benchmark Report: BCP in 2002", A. Hagg. (CPM, Vol 7, 5, p. 14) Did the events that caught the attention of the public in 2001 and 2002 also dictate policy and spending at the boardroom level, or is the business continuity discipline still struggling to find a place in the corporate hierarchy? Go To Article "Blocking Information Passes: What's Your Game Plan?", J. Pooley. (SM, Vol 46, 7, p. 83) Management must ensure that all company departments work together to protect sensitive corporate information. Go To Article "Can Your Company Be Liable For Not Making DR Plans?", Y. Mishra. (DRJ, Vol 15, 3, p. 38) Many high-level executives don't appear to be making disaster recovery a top priority. In light of current legal developments, companies may be exposing their business, directors, and officers to potential liability by not implementing a disaster recovery plan. Go To Article "Creating a Healthy BCP", S. Skivington. (CPM, Vol 7, 3, p. 16) Its foundation laid by deliberate alliance-building and strategic preparation, HMO provider Kaiser Permanente undertakes an enterprisewide business continuity program. Go To Article "Creating Crisis Management Teams", A. Podolak. (RM, Vol 49, 9, p. 54) A crisis management team consists of carefully selected experts--from finance, legal, security, risk management, communications and human resources--trained to perform specific functions before, during and after a crisis. Go To Article "Don't Let Your Executives Become The Chokepoint", L. Trousdale. (DRJ, Vol 15, 3, p. 20) Would you like to see your CEO on CNN talking about your company’s response to a major disaster? "Executive Decision", K. Gaspers. (SH, Vol 165, 5, p. 44) Workplace safety flourishes when the CEO commits his or her stature. "Fear Factor: Ensuring Business Continuity on a Budget", L. Liebmann. (CPM, Vol 7, 7, p. 34) The real issue facing planners today is how to achieve maximum risk reduction with the minimum investment of resources. Go To Article "How Mature Is Your Business Continuity Program?", S. Ream. (CPM, Vol 7, 1, p. 26) A new model helps measure the development of your organization's business continuity management program. Go To Article "How To Maintain Control", A. Longmore-Etheridge. (SEC, Vol 46, 5, p. 59) Business best practices can help security take control of a facility. "It's The Relationship, Not The Data That Counts", B. Rudolph. (DRJ, Vol 15, 2, p. 64) The rapid adoption of collaborative technologies in today's intelligent enterprise applications has created new and unforeseen challenges for backup, restoration, and recovery strategies. Business has changed enormously in recent years. Go To Article "Lost in the Mail? Why You Should Plan for Print-to-Mail Recovery", N. Ross. (CPM, Vol 7, 2, p. 17) Most companies send out invoices, statements, and other critical documents that communicate information to current and potential customers and stakeholders, but many don't anticipate the risks posed to their businesses that stem from a failure to have print-to-mail recovery plans in place. Go To Article "Master Your Disaster", D. Hildreth. (SEC, Vol 46, 6, p. 76) Creating a comprehensive contingency plan is more, important than ever after 9-11. "Outlook 2003", (CPM, Vol 7, 5, p. 24) What are the most dominant issues shaping the future of the business continuity profession? Some experts weigh in on power reliability, regulations, and reputation management. Go To Article "Re-Evaluating Our Business Continuity Strategies", A. Noenchen. (DRJ, Vol 15, 2, p. 36) Recent terrorist attacks on the U.S. have forced us to look more closely at our disaster recovery and business continuity strategies. We are infinitely more aware of just how vulnerable and fragile our economic and social infrastructures are. The need for truly capable emergency response, business continuity and disaster recovery strategies has been clearly demonstrated. Go To Article "Selecting a Crisis Management Consultant", L. Sullivan, S. Adams. (RM, Vol 49, 11, p. 42) Choosing the right crisis management consultant is a difficult process because of the high stakes involved. Learn the guidelines to help you through the process of selection. Go To Article "Technology Tools for Crisis Response", (RM, Vol 49, 10, p. 44) RM compiles a checklist of information from expert sources on the technological tools for operations, facilities and personnel that can help your organization respond to an emergency situation. "The BCP Maintenance Challenge", G. Wold, T. Vick. (DRJ, Vol 15, 2, p. 44) Maintaining the business continuity plan is a challenge for every organization. An accurate and up-to-date business continuity plan can directly affect the recovery capabilities and recovery windows of the organization. However, many plans have not been properly maintained, are out-of-date and therefore, of limited value. Go To Article "The Challenge Of Getting Back To Business", M. Redmond, J. Hammill. (DRJ, Vol 15, 1) In light of recent events, we know that getting back to business as usual is a challenge. Leaders are faced with issues that were once unthinkable. The ramifications are impacting all aspects of business dealings and operations. At this time, it is critical to identify, respond to, and manage the unique risks associated with recovery and business continuity. Go To Article (PDF - Acrobat Reader Required) "The State of the Business Continuity Industry: A Panel Discussion", N. Ross. (CPM, Vol 7, 1, p. 20) A panel of experts in the disaster recovery and business continuity arena discusses the present and future state of the business continuity industry, the results of organizations' heightened awareness after 9/11, and what new challenges planners face in the new year. Go To Article "Those Folks In The Back Office" C. Rohrs. (DRJ, Vol 15, 3, p. 48) Some support-type units may be overlooked in the planning process. These are infrastructure units that provide support and services to the entire organization. "What A Difference A Day Makes", D. Perry. (DRJ, Vol 15, 1) This article is intended, believe it or not, to be a positive prediction of the contingency planning direction necessary to prepare the industry for the mid to long-term contingency planning future. Go To Article "Where Does Business Continuity Belong" J. Dato. (DRJ, Vol 15, 4, p. 56) In the early days of the contingency planning industry, disaster recovery - as it came to be known - was housed exclusively within the confines of the data center. Assessment & Performance"Past As Prologue: Assessing Job Candidates", R. Hunter. (SEC, Vol 46, 3, p. 76) Companies that fail to properly screen staff are exposing themselves to costly negligent hiring lawsuits. "Pre-Employment Testing", (RM, Vol 49, 1) Whenever a company hires someone, it takes a risk. According to Bill Greenblatt, president and CEO of Sterling Testing Systems, hirers should always risk themselves how well they know the person they are about to hire. Go To Article Building Your Team "Disaster Planners Focus on Coping with Key Personnel Loss" J. Stringer. (DR Guide, 2002, p. 58) In the post 9-11 world, disaster planners are thinking beyond hard infrastructure backup. More now than ever, businesses are examining potential disaster impact of key personnel loss. "Individual And Organizational Recovery From Crisis" N. Green. (DRJ, Vol 15, 4, p.18) People who successfully overcome personal crises can grow to function better than before. Significant predictors are their coping mechanisms prior to the event and the support received as a consequence. "Online Exclusive: Choosing the Right Test", W. Atkinson. (RM, Vol 49, 9) Testing employees for drug use could save your company the expense of lost work time and job-site accidents, but if a drug testing plan is not set up properly, testing employees could expose your company to liability. Drug testing programs should be consistent with all local and federal laws, included in contract negotiations, publicized to candidates and current employees, and carried out with sensitivity to privacy and precision. Go To Article "The Human Factor" S. Murphy. (NFPA, Vol 96, 5 , p. 54) World Trade Center evacuees share lessons learned as NFPA starts a new behavior study. "The Liability of Employee Drug Testing" W. Atkinson. (RM, Vol 49, 9, p. 40) Testing employees for drug use could save your company the expense of lost work time and job-site accidents, but if a drug testing plan is not set up properly, testing employees could expose your company to liability. Go To Article "The Policy Was Perfect" J. Roberts. (SEC, Vol 46, 9, p. 92) Good policies only protect companies from liability if they are followed. Regular staff training and monitoring are, therefore, essential. "'Til Termination Do Us Part" F. Rudewicz. (SEC, Vol 46, 10, p. 89) Information protection starts and ends with employee buy-in and controls. "Training Remains the Weakest Link" A. Briney, F. Prince. (IS, Vol 5, 9, p. 48) Large organizations have "people problems" at all levels. "Your Employees--Critical Asset or Expendable Commodity?" D. Saracco. (DR Guide, 2002, p. 12) How to address the difficult issue of protecting both people and property. New strategic plans are necessary to develop in a world fraught with terrorism and war. Employee Preparedness & Protection"A Lesson Plan To End Violence", T. Brunetto. (SEC, Vol 46, 4, p. 62) In the aftermath of the Columbine shootings, one school district hired experts to take a hard look at its security issues. "A Road Warrior's Guide To Survival", J. Briley. (SM, Vol 46, 7, p. 59) Whether employees are on a short business trip or a longer-term assignment, when they go to Latin America for business, they must be well prepared to protect themselves from local crime. Go To Article "Creating Your Family Disaster Plan", K. Baker. (DRJ, Vol 15, 1) A disaster can strike quickly and without warning. It can force you to evacuate your location or trap you at home. Your family could be scattered and separated, located at schools, work, home or in cars. How will you find each other? How can you determine if they are safe? Do you know what to do if basic services such as gas, water, electricity or telephones were cut off? Go To Article "Do You Know Where Your Employees Are?", M. Taylor-Smith. (SM, Vol 46, 7, p. 74) Companies with international operations must have contingency evacuation plans in place for employees who might be traveling to a foreign country on business as well as for expatriate workers stationed there. "Employee Stress Research", (RM, Vol 49, 6) An ever-present source of risk for any organization is its employees. Maintaining an optimal work environment is key to minimizing these inherent risks and one of the biggest factors that can invite risk into an organization is employee stress. The Sibson Consulting division of the Segal Company recently performed a Web-based survey of human resources (HR) executives to shed light on what type of stress are most effecting companies. Go To Article "Extending Corporate Safety Culture to the Home", E. Agnvall. (SH, Vol 165, 6, p. 52) Corporate America is finding that its bottom line improves when it cares about its employees' well-being away from work. "Helping Employees Cope With Disaster: The Emotional Aftermath of Terrorist Strikes" R. Edgren. (DR Guide, 2002, p. 55) Covers the emotional aftermath of terrorist strikes and anthrax scare. Offers what employers should expect, the need for compassion, the value of employee assistance programs and how to use them. "Home Alone", C. Cummings. (SEC, Vol 46, 4, p. 42) Companies should recognize the special risk of hostage situations for mid-level employees with access to high-level assets. "It's Up to Us to Keep Workers and Their Families Safe '24/7'", A. McMillan. (SH, Vol 165, 1, p. 28) "Kidnapped: Protecting Executives Abroad", J. Conley. (RM, Vol 49, 9) The risk of an executive being kidnapped overseas is higher than ever, according to the experts. There are ways to avoid this peril, and techniques to survive the event if it occurs, but companies abroad also should have kidnap and ransom insurance, just in case. Go To Article "Slips, Falls and Suicide Bombers: Workplace Safety After 9/11", G. Krafcisin. (SH, Vol 165, 1, p. 30) "The Intimidation Factor", J. Decker. (SEC, Vol 46, 6, p. 95) Bank employees may face intimidation that can jeopardize lives and affect job performance. Find out how security can help. "The Real Terror at Work", G. Stussie. (RM, Vol 49, 5) Worldwide terrorism has captured front-page headlines and cover photos as well as the attention of corporate executives. But does heightened awareness of this long-neglected risk come at the expense of a far more pervasive danger--workplace violence? Go To Article "Training For Tense Times", T. Anderson. (SEC, Vol 46, 3, p. 68) Four companies reveal how workplace violence response teams have helped them prevent incidents that result in injuries or death. "What You Don't Know Can Hurt You", W. Nixon. (SEC, Vol 46, 4, p. 94) To minimize the risk of workplace violence, companies need to implement a well-crafted hiring process that screens out violence-prone candidates. Training "Crisis Management Teams", A. Podolak. (RM, Vol 49, 9) A crisis management team consists of carefully selected experts—from finance, legal, security, risk management, communications and human resources—trained to perform specific functions before, during and after a crisis. Go To Article Information Availability"Adopting a Managed Availability Philosophy", B. Martinez. (CPM, Vol 7, 1, p. 31) The holistic methodology of managed availability encompasses an end-to-end view of a computing environment to guarantee consistent, predictable access to any data or applications wherever, whenever, and however users require them. Go To Article "Are You Managing The Risk Of Downtime?", W. Hinton, R. Clements. (DRJ, Vol 15, 3, p. 64) Can you imagine going out of business next month? Next year? Without an adequate DR plan, what seems like an unlikely scenario could become frightening reality. Go To Article "Availability Solutions: What Do You Need?", B. Merchantz. (CPM, Vol 7, 6, p. 22) This review of products, services, and technologies will help you choose the best managed availability program for your needs. Go To Article "Best Practices", D. Brooks. (STO, Vol 1, 6, p. 66) Avoiding failure in the SAN is easy-back your switch up. "Bulletproofing Microsoft Exchange Software", M. Kelleher. (DRJ, Vol 15, 2, p. 58) Microsoft Windows has matured into a stable, secure operating environment, capable of delivering effecient and reliable enterprise business services and running mission-critical applications. More and more companies are using Windows to run their Exchange/Outlook e-mail solution because it solves communication needs cost-effectively. Go To Article "Choosing Wisely: How To Select a Managed Availability Solution Provider" B. Merchantz. (CPM, Vol 7, 7, p. 20) By verifying a managed availability supplier's capability, flexibility, stability, and longevity, you can ensure that you are choosing the right partner. Go To Article "Cutting Through The Tape Maze", R. Levine. (STO, Vol 1, 5, p. 51) All tape is not created equal. Here's everything you need to know about tape formats for corporate backup. "Database Availability And Recovery Solutions", N. Puttagunta. (DRJ, Vol 15, 3, p. 70) Businesses today are faced with the critical need to ensure the availability and continuous operation of their databases as part of their business systems. "Distance Yourself From Disaster", C. Clark. (STO, Vol 1, 5, p. 30) Long-distance replication is reachable with new optical and IP storage networking technologies. "Do Small, Medium Companies Implement DR Plans?" R. Barclay. (DRJ, Vol 15, 3, p. 60) After the events of this past calendar year, there is much additional incidental evidence that if a company fails to prepare for an unexpected event, they probably will not survive the disaster. "Do You Need Managed Availability?", B. Merchantz. (CPM, Vol 7, 2, p. 22) Global and virtual enterprises, extended supply chains, and e-commerce are forming new business paradigms for the 21st century. Companies wishing to keep up might consider managed availability for their 24/7 computing environments. Go To Article "Does Your Disaster Tolerant IT Solution Measure Up?", R. Lyons. (DRJ, Vol 15, 1) How well is your computer system protected if a disaster were to occur? This article explores the three ways of configuring computer systems in order to provide disaster tolerance: remote copy, remote computing, wide area clustering. Go To Article "Enhance Tape Backup Systems To Keep Pace", D. Demlow. (DRJ, Vol 15, 3, p. 78) Here is an overview of the shrinking backup window situation, how disk-to-disk replication technologies offer an efficient solution to the business continuance challenge. Go To Article "Ensuring Application, SLA Performance In DR", I. Shefrin. (DRJ, Vol 15, 3, p. 68) The primary objective for IT disaster recovery planning is not only to guarantee application availability, but more broadly, to ensure business continuity. Go To Article "Enterprise Storage: A New Kind of Networked Storage", J. Toigo. (ESJ, Vol 17, 4, p. 32) A new storage solution called Network Unified Storage offers a compelling idea: A standalone networked infrastructure that beats both SAN and NAS. "Enterprise Storage: Cut Storage Costs with Selective Outsourcing", J. Toigo. (ESJ, Vol 17, 5, p. 28) If you're struggling with storage expenses, consider outsourcing the most expensive parts only: monitoring and problem resolution. "Enterprise Storage: How Do You Prove Storage Value?", J. Toigo. (ESJ, Vol 17, 3, p. 30) As an IT manager attempting strategic storage planning, you need to build requirements and objectives to help guide the decision-making process. "Enterprise Storage: Storage Management Quarrels", J. Toigo. (ESJ, Vol 17, 2, p. 26) The inability of storage vendors to agree on common standards hurts anyone trying to make storage software purchases. Here are tips to help. "NDMP Restores Sanity To NAS Backup", D. Braue. (STO, Vol 1, 5, p. 55) NDMP has emerged as the best way to provide plug-and-play connectivity between backup software and filer-attached tape drives. "Optimizing LAN-Free Backup", M. Farley. (STO, Vol 1, 7, p. 30) To get the most out of LAN-free backup, zero in on performance capabilities and constraints. "Pick The Right ATA Array For Backup", C. Preston. (STO, Vol 1, 7, p. 50) The cost of inexpensive ATA arrays for disk-to-disk backup is compelling, but they're not all created equal. Here's how to choose what's right for you. "Preparing For Fail-Safe Disaster Recovery", C. McLellan. (DRJ, Vol 15, 3, p. 75) As companies do more and more business on-line, it is now essential for continuity planners to reconsider their e-business risk mitigation strategies. Go To Article "Protecting Your Data, Protecting Your Business", C. Midgley. (DRJ, Vol 15, 3, p. 54) There is no doubt there is a new urgency and focus on business continuity and data protection - as two of the most critical aspects of disaster recovery for organizations today. Go To Article "Protecting Your Data With Adequate Storage, Backup", D. Gamrudt. (DRJ, Vol 15, 2, p. 16) Unexpected business data disasters happen all of the time. They can occur anywhere and do not need to be a headline-grabbing events such as an earthquake or major fire to cause serious problems. Actually, most data disasters are the result of a small mishap - a lost file that was not saved, a thrown out or misplaced disk or tape, an inadvertent deletion of a critical file, or a power surge that wipes out your media. Go To Article "Recovering Data In A Snap" G. Olson. (DRJ, Vol 15, 4, p. 60) As data we regularly store on our PCs and servers is becoming more and more valuable, the ways to "lose" this information are increasing. "Satellite-Based Backup Communications" J. Gross. (CPM, Vol 7, 1, p. 40) Is satellite technology right for your company's communications recovery needs? Here are a few features to consider. Go To Article "Scheduling Backups", D. Brooks. (STO, Vol 1, 5, p. 66) Avoid backup failures by carefully matching client's groups to your backup infrastructure's performance characteristics. "Securing Web Services", M. Schwartz. (ESJ, Vol 17, 7, p. 27) The upcoming SAML standard should help promote distributed, Web-services transactions, giving e-commerce an upgrade. But don't rush in; it's still only a framework. "Securing Your Microsoft SQL Server Databases in an Enterprise Environment", M. Pitkanen. (DCM, Vol 22, 2, p. 22) Has a disk problem corrupted your master database? Do you need to recover a single table that was destroyed during a batch job? Solve these problems and more by applying eight easy steps to greater database security and happier DBAs. "Setting Availability Targets", B. Merchantz. (CPM, Vol 7, 5, p. 26) Knowing whether recovery point objectives or recovery time objectives are more important to your company can help determine the type of managed availability program to pursue. Go To Article "Seven Steps To Backup And Restore", E. Palmer. (STO, Vol 1, 7, p. 56) As backup and recovery becomes increasingly difficult to manage, creating a backup and restore plan is becoming more necessary. "So-Called 'Small Disasters' Can Equal Big Trouble" R. Levine. (DRJ, Vol 15, 4, p. 76) The chances of storms, earthquakes and fiery explosions actually hitting and destroying your individual IT operation are infinitesimal. What should be worrisome are the far more common minor mishaps that occur every day and yet are capable of bringing businesses to their knees. "Special Challenges Over Extended Distance", T. Flesher. (DRJ, Vol 15, 1) Why replicate your database? The simple answer is – to have a hot standby copy of your organization’s most critical data in case you need it. This article will focus on special challenges encountered when contemplating data replication over extended distances. Go To Article "Standard IT Processes: Getting To Yes At Intel", B. Whittington. (STO, Vol 1, 5, p. 44) How one man helped standardize corporate backup and restore procedures--and lived to tell about it. "Storage Virtualization: Basics and Benefits", J. Banko. (CPM, Vol 7, 2, p. 32) Storage virtualization is an innovative technology that can help organizations manage their large quantities of data swiftly and securely. Go To Article "Surprise! Cheap Disks Cure Slow Backup", C. Preston. (STO, Vol 1, 4, p. 46) Why new ATA/IDE arrays, which are cheaper than tape libraries, might be a better bet for backup. "Tape Libraries Automate Backup", S. Green. (STO, Vol 1, 4, p. 58) Everything you need to know about tape libraries. "Tape Libraries On The SAN: Sharing Isn't Always Good" D. Brooks. (STO, Vol 1, 10, p. 28) If your latest project is choosing a new tape library for your SAN, you have a lot of decisions to make--the most important being how to architect your backup. "Test Data: Security Loophole?", M. Schwartz. (ESJ, Vol 17, 9, p. 26) When it comes to testing, using live data without access controls puts IT at risk. Special tools and processes can help. "The Hidden Factor In IT Network Downtime", J. Buckley. (DRJ, Vol 15, 3, p. 56) Ultimately, all companies across all industries today must maintain a high level of availability of their IT and network systems or face great peril. Go To Article "The Road To Practical SAN Security", B. Kuo. (STO, Vol 1, 7, p. 40) The spread of SANs has created a growing number of security products that address specific Achilles' heels, from authentication to transmission to encryption. "The True Cost of Downtime", B. Merchantz. (CPM, Vol 7, 4, p. 12) Calculating a company's total loss due to network and system downtime is not a simple undertaking. There are many tangible and intangible impacts that must be factored into the equation. Go To Article "The Weakest Link In Disaster Recovery", A. Bakman. (DRJ, Vol 15, 2, p. 26) Immediate access to current, detailed configuration settings contributes to faster IT disaster recovery and the continuity of business. Neglecting this part of the IT disaster recovery plan can add hours, or even days, to the recovery process. Go To Article "The Well-Oiled Backup Machine", R. Scannell. (STO, Vol 1, 5, p. 64) Systematic and repetitive processes are key to achieving smoothly running backup operations. "Time Is Money When Recovering Lost Data" F. Real. (DRJ, Vol 15, 4, p.14) Time is of the essense when recovering your company's lost data. While you are impatiently waiting for your IT department to recover your data, your customers may be contacting other vendors. "Trends", (STO, Vol 1, 7, p. 11) EMC in the consulting business … Disaster-proof storage a reality? … NAS is here to stay … IBM Shark stays afloat. "Using Technology To Plan, Notify And Recover" B. Carman. (DRJ, Vol 15, 3, p. 42) For many corporations and government agencies 9-11 reinforced their prior commitment to developing comprehensive disaster recovery plans and emergency notification procedure. Others are reviewing the effectiveness of their plans in light of the lessons learned. "Where Does It Hurt?", B. Merchantz. (CPM, Vol 7, 3, p. 22) Knowing whether your true business vulnerabilities are data-centric or application-centric will determine the type of managed availability program you should implement. Go To Article "Windows Backup: Avoid The Landmines", W. Preston. (STO, Vol 1, 6, p. 61) Backing up in Windows may be tricky, but there are shortcuts. "Wireless Insecurity", M. Schwartz. (ESJ, Vol 17, 8, p. 25) Whether or not you've deployed wireless networks, they're a threat. Fight back with these eight steps. "Your Customers Are On the Web. Is Your Site Ready? Ensuring High Availability for Your Web Environment" J. Lindeman. (DR Guide, 2002, p. 67) Organizations have been creating high availability architectures for back-end distributed environments for years It is only recently that they've began architecting high availability solutions for their front-end web environments. Information Management "Am I Liable?", K. Kiefer, R. Sabett. (CISO, Sept. 02, p. 22) There's no road map and little history to guide you, but here are some thoughts on the legal landscape that just might help. "Be a Data Center Survivor: Know When to Train, When to Outsource", D. Stack. (DCM, Vol 22, 2, p. 32) Few "either-or" decisions are simple ones. Learn what has worked for other data center managers who find themselves reluctant IT trailblazers in this thorny area. "Central Office Disaster Recovery: The Best Kept Secret", M. Smith. (DRJ, Vol 15, 2, p. 32) Since the Sept. 11 tragedy, disaster recovery has become a household word, there are even advertisements in Rolling Stone magazine. This has not been the case over the past 20 years. Early disaster recovery plans, initially developed for mainframe computers, called for backup tapes to be rushed to off-site locations and loaded onto waiting computers provided by outside companies. Go To Article "Dominate Your Data", D. Gibbs. (SEC, Vol 46, 6, p. 87) Twenty-first century business demands that security data management be automated. "Electronic Knowledge Management", A. Wilkins. (CPM, Vol 7, 4, p. 17) Does the ever-growing usage of electronic messaging pose legal and operational risks to your company, or does it enhance your legal diligence and administrative efficiency? It all depends on how you manage it. Go To Article "Enterprise Storage: SAN Vendors Cooperate? Ha!", J. Toigo. (ESJ, Vol 17, 6, p. 25) If SANs followed open management standards, you could say goodbye to Veritas, Tivoli and Legato, for starters. Relax--it isn't happening anytime soon. Instead, litigation is the order of the day. "Keeping Paper Trail Intact After Disaster Strikes", N. Anderson. (DRJ, Vol 15, 1) A virus has damaged the network irreversibly. Weather conditions force an area evacuation. The building has caught fire. No matter what the crisis, preparing paychecks and handling payables is one of the last things organizations should worry about in a disaster situation. Go To Article "Take Safety Into Consideration When Moving to a New Site", F. Cereghini. (SH, Vol 166, 2, p. 64) We plan to move our operations to either an existing or a new location. As the person tasked with health and safety considerations for this move, what should I look for? "The Five R's of Business Continuity" T. Bassett. (DR Guide, 2002, p. 76) There are five key stages in every successful business continuity plan. This article outlines the stages in an easy-to-remember format. "Wanted: A Host that Serves Reliability", A. Joch. (ESJ, Vol 17, 6, p. 34) No longer is disaster recovery the main reason for large companies to contract for shared time. By touting benefits like as-needed management services, low up-front costs and access to IT staff, a consolidated managed services provider industry is successfully courting large enterprises to outsource day-to-day operations. "Working The Data Mines", R. Sheridan. (SEC, Vol 46, 4, p. 72) This company explains how it uses data-mining software to reduce inventory losses. Information Security"4 Steps to Reducing Internet Abuse", M. Foster. (CPM, Vol 7, 3, p. 36) While your company's Web site and fast Internet connections may be making money, employees may be wasting it by spending work time surfing unrelated sites. A positive organizational culture is the key to closing the lost-productive gap. Go To Article "5 Myths of Infosecurity" P. Tippett. (IS, Vol 5, 11, p. 34) 5 reasons not to put your money where your myth is. "7 Things I've Learned", M. Ranum. (IS, Vol 5, 7, p. 96) Lessons from 15 years on the front lines. Go To Article "7 Things You Should Know About AV", R. Rosenberger. (IS, Vol 5, 5, p. 52) When it comes to fighting viruses, don't assume the "standard" way is the best way. Go To Article "A Limit to Cyberterror", E. Shaw. (IS, Vol 5, 9, p. 96) Culture and tradition may slow terrorists' expansion into cyberspace "A Smart Card for Everyone?", A. Briney. (IS, Vol 5, 3, p. 32) Europe and Asia are racing to deploy smart cards for everything from banking to telecommunications to retail. While the U.S. lags way behind, the need for better security is helping American businesses get on track. Go To Article "Analyze This!", N. King, E. Weiss. (IS, Vol 5, 2, p. 28) Network forensics analysis tools (NFATs) reveal insecurities, turn sysadmins into systems detectives. Go To Article "Automating Cyberdefenses", R. Thieme. (IS, Vol 5, 3, p. 54) Four of infosec's cutting-edge thinkers examine how "intelligent" systems might be made to analyze, understand and automatically respond to attacks. Go To Article "Biometrics: Security and Privacy Issues Come to a Head", D. Hochman. (CPM, Vol 7, 2, p. 28) Biometric technologies can help manage risk, prevent disasters, and secure assets. However, as the entire paradigm around security has shifted in the past few months, business continuity and disaster recovery professionals need to carefully and deliberately consider whether biometrics is right for their organizations. Go To Article "Building 'Synergistic' AV", P. Tippett. (IS, Vol 5, 5, p. 48) Signature scanners aren't enough to combat today's multivector viruses and worms. Go To Article "Bulletproof", M. Bobbitt. (IS, Vol 5, 5, p. 54) We tested three leading Web server shields for security, performance, flexibility and more. Go To Article "Call Me a Firefighter", A. Briney, F. Prince. (IS, Vol 5, 9, p. 44) IT security personnel at medium-sized organizations are between a rock and a hard place. "Code Wars: Virus Attack Trends", P. Piazza. (SEC, Vol 46, 3, p. 40) The worms of 2001 are the building blocks of the next generation of threats to the Internet, which are likely to be faster, harder to fight, and deadlier. "Combating Nonviral Malware", J. Heiser. (IS, Vol 5, 5, p. 44) Trojans, sniffers and spyware, oh my! Go To Article "Cracking Infosec's Paradigms", J. Heiser. (IS, Vol 5, 2, p. 54) Is your company spending too much on the wrong threats? Author and crypto maven Ross Anderson takes aim at infosec assumptions. Go To Article "Cracking the Books, Cracking the Case", G. Kessler, M. Schirling. (IS, Vol 5, 4, p. 68) Learning about the ins and outs of computer forensics technology and the law make four recent releases worth investigating. Go To Article "Defending the Faith", M. Schwartz. (ESJ, Vol 17, 5, p. 48) The Bahá'í International Community needed to maintain an absolutely secure Web site. Rather than implementing an intrusion detection system, it turned to a hardened operating system. "Does Size Matter?", A. Briney, F. Prince. (IS, Vol 5, 9, p. 36) The size of your organization may be the single biggest barometer of IT security's effectiveness. "Don't Hack Back" M. Plotkin, D. Fagan. (SEC, Vol 46, 11, p. 56) A company's policies with regard to IT defenses and emergency response to breaches must be crafted with an eye toward legal issues. "Eight Questions about the Human Role in Technology Risks", R. Shaw. (RM, Vol 49, 7) Most cyberattacks and security breaches that occur are a result of employee actions--either intentionally or inadvertently . In order to protect valuable information assets, companies not only need technological security tools, but also a culture of internal security and privacy that will ensure that the users of the system--the employees--know how to properly protect sensitive information and avoid cyberattacks. Go To Article "Enterprise Security: Put a Good Security Staff in its Place", M. Schwartz. (ESJ, Vol 17, 3, p. 34) Surprise! The biggest threat to the enterprise isn't an over-caffeinated, 15-year-old script kiddy. It's your organization. "Enterprise Security: Shell Game", M. Schwartz. (ESJ, Vol 17, 6, p. 27) In computer forensics, knowing where to look is as important as knowing what you're looking for. "Enterprise Security: The Homeland Security Imperative", M. Schwartz. (ESJ, Vol 17, 5, p. 36) The issue of homeland security has stormed into public consciousness. The government is beginning to scrutinize private companies' security measures. Privacy concerns and political consequences aside, is your company ready? "Enterprise Security: The Search for Good Security Staff", M. Schwartz. (ESJ, Vol 17, 2, p. 33) With top management giving a new focus to security, it may be a good time to hire. But who? Start your search with these guidelines. "Enterprise Security: Unleash the Cyberhounds!", M. Schwartz. (ESJ, Vol 17, 4, p. 36) Follow these five steps to a good computer forensics program, and you'll know what to do if (when) your network is hacked. "Facing Your Flaws", J. Bumgarner. (SEC, Vol 46, 2, p. 62) Find out how "red terms" could probe your company's computer network for vulnerabilities. "Faster, Stealthier… More Dangerous", E. Skoudis. (IS, Vol 5, 7, p. 40) From Web app manipulators to kernel-level rootkits, ingenious hacker tools challenge infosec's ability to thwart--or at least contain--attacks. Go To Article "Feeling Vulnerable?", A. Berg. (IS, Vol 5, 2, p. 42) If you're bedeviled by swarms of vulnerability alerts, you can take control by practicing good management. Go To Article "Five Access Points Security Plan Wraps Network in Layers of Protection", E. Ferrarini. (DCM, Vol 22, 4, p. 32) Keeping your network secure starts with a well-defined and well-enforced corporate security policy in physical protection, user authentication, access control, encryption and security management. "Homeland Defense: Are We Walking the Talk?", J. Toigo. (ESJ, Vol 17, 5, p. 44) Little has really changed in security and disaster recovery since Sept. 11, but some promising technologies are on the horizon. "IDS at the Crossroads", P. Lindstrom. (IS, Vol 5, 6, p. 32) Four infosec innovators size up new threats and how IDSecs are evolving to meet them. Go To Article "IDS in the Trenches", P. Lindstrom. (IS, Vol 5, 9, p. 56) Five IT security practitioners discuss what's right and wrong with intrusion detection systems. "Infosec's Worst Nightmares" E. Skoudis. (IS, Vol 5, 11, p. 38) The 5 attacks that haunt us, the 5 fears that trouble us. "Instant Headache", C. Dalton, W. Kannengeisser. (IS, Vol 5, 8, p. 32) The rapidly expanding use of instant messaging is introducing new security challenges to enterprise networks. "Integrating Business Continuity and Information Security", C. Herberger. (CPM, Vol 7, 5, p. 28) Organizations can significantly improve their odds of mitigating cyber attacks by integrating the business continuity planning process with information security policies and procedures. Here are some questions your organization should ask and steps it can take to begin addressing the threat of cyber terrorism. Go To Article "Investing Wisely in Security" J. Walker. (DR Guide, 2002, p. 72) This article gives an overview of four poor and four good information security investments. "Know Your Vulnerabilities", M. Schwartz. (ESJ, Vol 17, 10, p.22) There's a wealth of data points to your top security vulnerabilities. Seven strategies help you get the most from them. "Layered Insecurity", R. Mackey. (IS, Vol 5, 6, p. 60) Perplexed by your network's overlapping layers? Here's how to engineer practical and effective defense-in-depth. Go To Article "Learning by Doing", E. Genco. (IS, Vol 5, 4, p. 72) Do-it-yourselfer experiences the do's and don'ts of building a forensics workstation. Go To Article "Let The Record Stand", C. Howell. (SEC, Vol 46, 2, p. 75) A failure to produce electronic records at trial can be costly. To avoid liability, companies must understand the rules of spoliation and have good policies in place. "Partners In Protection", J. Morris. (SEC, Vol 46, 2, p. 82) By combining IT and physical security, this company saved money and improved response times. "Password Pain Relief", R. Yasin. (IS, Vol 5, 4, p. 28) Self-service reset and password synchronization products reduce the burden--and cost--of help desk calls. Go To Article "Practical Firewalling", F. Avolio. (IS, Vol 5, 6, p. 30) The virtual network perimeter has changed the rules of the game for firewalls--and that means changing our tactics. Go To Article "Probably More by Luck Than by Design", A. Briney, F. Prince. (IS, Vol 5, 9, p. 40) IT security at small organizations is a balancing act in which every person's actions can tip the scales. "Proving Ground", A. Briney. (CISO, Sept. 02, p. 14) Four IT security executives discuss the challenges of developing, implementing and policing an effective infosecurity program in today's volatile business climate. "Putting Spam in the Can", D. Dern. (IS, Vol 5, 9, p. 68) Filtering and blocking can dramatically cut down the amount of junk e-mail flowing through a mail server. "Reputations Can Be Damaged by Poor Security", A. Briney, F. Prince. (IS, Vol 5, 9, p. 52) Security budgets are growing the fastest at very large organizations, but they spend less on users, machines. "Securing Windows Workstations In Real Time" S. Sussman. (DRJ, Vol 15, 4, p. 71) Effectively protecting business-critical information, particularly the growing amount stored on distributed desktops, remote and laptop computers, represents one of the greatest challenges facing information technology professionals today. "Security on a Shoestring", R. Ferrell. (IS, Vol 5, 6, p. 42) Cash-strapped IT departments can turn to freeware security tools for robust access control, intrusion detection, content filtering and more. Go To Article "Security 'Round the World", N. Roiter. (IS, Vol 5, 7, p. 27) IT pros in Hungary, Singapore, Guatemala, South Africa and Iceland tell the story of infosecurity as they live it, including their unique challenges, triumphs and hopes for the future. Go To Article "Standard Practice", L. Walsh. (IS, Vol 5, 3, p. 62) ISO 17799 aims to provide best practices for security, but leaves many yearning for more. Go To Article "The Electronic Witness", C. Bryson. (SEC, Vol 46, 3, p. 100) A computer forensic team uses high-tech tools and traditional investigate techniques to search for evidence that a worker has stolen proprietary information. "The Future of Malicious Code", D. Harley. (IS, Vol 5, 5, p. 36) Predictions on blended threats, e-mail exploits, social engineering and more. Go To Article "The Real Deal on Wireless", F. Avolio. (IS, Vol 5, 8, p. 28) Sure, WLANs are scary. But since you're stuck with them, you might as well try to secure them. "The Road To Practical SAN Security" B. Kuo. (STO, Vol 1, 7, p. 40) The spread of SANs has created a growing number of security products that address specific Achilles' heels, from authentication to transmission to encryption. "Toothless Security" A. Briney. (IS, Vol 5, 10, p. 8) Many question the value of the White House's National Strategy to Secure Cyberspace because it lacks compliance requirements. "Tutorial: Network Security-What You Should Be Doing" P. Kirvan. (CPM, Vol 7, 7, p. 30) With all the talk about security, terrorism, and other disastrous events, planners must have a process in place to deal with security threats to their organizations. Go To Article "Watch Your Waste: How to Properly Dispose of Confidential Documents", R. Carey. (CPM, Vol 7, 4, p. 20) With legislation such as Gramm-Leach-Bliley putting pressure on companies' records management practices, contingency planners need to ensure that client information is properly discarded. Go To Article "What HIPAA Says About Document Destruction", (CPM, Vol 7, 4, p. 22) Because of new HIPAA requirements, the use of recyclers and trash haulers that claim to offer secure services is no longer acceptable. Go To Article "What Is a Smart Card?", J. Snyder. (IS, Vol 5, 3, p. 34) Smart cards may look like any other plastic card with a magnetic stripe on the back, but they're a radically different technology. While consumer advertising has tried to downplay the differences between smart cards and normal credit cards--other than to tout them as "safer"--the differences are what make smart cards worth considering. Go To Article "What Is Identity Management?", R. Yasin. (IS, Vol 5, 4, p. 30) With the growth of e-business, organizations are wrestling with the challenge of managing secure access to information and applications scattered across a wide range of internal and external computing systems. Furthermore, they have to provide access to a growing number of users, both inside and outside the corporation, without diminishing security or exposing sensitive information. The management of multiple versions of user identities across multiple applications makes the task even more daunting. Go To Article "What Isn't Intrusion Prevention?", A. Briney. (IS, Vol 5, 4, p. 6) Go To Article "Whom Do You Trust?", S. McNealy. (IS, Vol 5, 3, p. 13) Sun Microsystems' CEO says it's about time Microsoft started thinking about security. Go To Article "Windows Security Scripting", J. Vossen. (IS, Vol 5, 2, p. 64) A common technique in the *nix world can help Windows admins simplify routine tasks. Go To Article "Working Without A Net", D. Gonzalez. (SEC, Vol 46, 6, p. 115) Discover how to mitigate the risks of using a wireless device. "Your Worst Nightmares…And How To Avoid Them", J. Toigo. (STO, Vol 1, 6, p. 52) It's 10 p.m. Do you know where your data is? Telecommunications "Satellite-Based Backup Communications", J. Gross. (CPM, Vol 7, 1, p. 40) Is satellite technology right for your company's communications recovery needs? Here are a few features to consider. Go To Article "Tech Tenants Remain Dry At WiredZone", C. McDaniel. (DRJ, Vol 15, 1) Technology-dependent companies in Houston such as Internet service providers, telephone switch operations, and data and call centers suffered in early June’s disastrous flood caused by Tropical Storm Allison. Go To Article Infrastructure Management & Design "Energy: An American Infrastructure at Risk" A. Deering. (CPM, Vol 7, 3, p. 30) The U.S. energy infrastructure is complex, aging, taxed almost beyond capacity, and vulnerable to acts of terrorism. Business continuity managers therefore must take steps to ensure power reliability for their organizations. Go To Article "Reexamining Premises For High-Rise Design" M. Gips. (SEC, Vol 46, 9, p. 46) Engineers, building designers, and other experts have pored over the wreckage of the World Trade Center in search of risk-mitigation lessons for future building designs. "Restructuring Building Design against Terrorism", J. Lee. (RM, Vol 49, 11) Builders are rethinking how skyscrapers and commercial office buildings are designed to mitigate the risks of terrorist attacks. The role of risk management in construction or remodeling efforts |