This week’s resources are focused on the challenging and closely related subjects of business continuity planning (BCP) and disaster recovery programs (DRP). Being able to recover from a disaster is critical to an organization’s long term success, as something is going to happen eventually.

  Read the rest of this entry »

Posted on June 19th, 2008 by Dan Swanson and filed under Business continuity, Disaster Recovery |

No Comments »

Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati

Dan Swanson’s Security Resources: #7

Have you implemented a security education and awareness program to help educate management and staff on their security responsibilities? Have you organized a process to communicate good practice information to your workforce, particularly to the key IT specialists that are implementing new IT solutions? Have you reached out lately to your DR and BCP professionals regarding recovery processes and plans? Could your organization recover from a significant disaster? This week’s resources provide guidance regarding all these issues and more!

Enjoy.

Good luck and have another great week.

Dan Swanson
Dswanson_2005@yahoo.com

1. Security awareness for governance, risk, compliance and business
Information security is a vital element of corporate and IT governance and risk management. It minimizes risks to valuable information assets and maximizes compliance with laws, regulations and standards such as ISO 17799/ISO 27001, HIPAA, SOX, data protection/privacy, software copyright and intellectual property protection, banking industry regulations and many more. 
Secure organizations may confidently pursue new business opportunities that would be considered too risky by their insecure peers. Simply put, good security is good business. 
NoticeBored helps build a genuine security culture through security awareness
http://www.noticebored.com/index.html

2. Twelve habits of successful IT professionals.
http://www.educause.edu/ir/library/pdf/erm0613.pdf

3. Schaser-Vartan Books’ new release, Say What You Do, spells out in layman’s terms the often bewildering differences between policies, procedures and standards — topics that have historically been written about in industry jargon. What sets the book apart is its candidly practical approach, focusing on creating policies that really work rather than pushing theories that break down in the real world. “Armed with this book, you should be able to lead a policy development project at your company from the ground up and from the top down without losing your mind,” says co-author and attorney Marcelo Halpern.
http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20070417005246&newsLang=en

4. Second edition of Guide to Business Continuity Management.
This comprehensive resource guide reviews in detail numerous BCM areas and strategies, including an overview of the regulatory landscape, risk assessment and business impact analysis, program design, business alignment, training, testing, maintenance, and compliance monitoring and auditing. Updates to the second edition of Guide to Business Continuity Management include a special introduction that examines two significant issues in the field of BCM: the continuing difficulties caused by devastating hurricane seasons, and the potential business disruption that an avian flu pandemic could cause. Other additions include industry-specific questions for BCM programs in the manufacturing, retail, healthcare and telecommunications sectors.
http://now.eloqua.com/es.asp?s=361&e=FADCF1F859DE4310969DEB6DFB1726D7&elq=54F37758B1AB48F98DD409D0C10064D7

5. The Canadian Centre for Emergency Preparedness (CCEP)
CCEP is a not-for-profit organization based in Canada & devoted to the promotion of emergency risk management to individuals, communities and organizations, in both government and the private sector, with the aim of reducing the risk, impact and cost of natural, human-induced and technological disasters. CCEP’s objectives are to raise awareness of the increasing risks of disasters, promote the need for sound disaster management practices and disseminate information on the availability of professional expertise and resources, including technology.
http://www.ccep.ca/index.html

Posted on June 5th, 2008 by Dan Swanson and filed under Business continuity, Disaster Recovery |

No Comments »

Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati

Hacking for Good

Is there such a thing as a good hacker? Isn’t “ethical hacking” an oxymoron? Let me challenge your beliefs and the prevailing media message. Hackers are not evil; in fact, they generally want things to be safer and better for all. At this point, you’re probably ready to either label me as a lunatic, or give me a lesson about “hacker” vs. “cracker”. Let’s skip the historic definitions. The facts are simple. Public perception is that a hacker is evil, but within the hacker community, it’s a badge worn with honour. Hackers don’t ask what something does; they ask, “How does it do it”? Seeing hackers in a negative light just for seeking that information is unfair. They may have the knowledge to be harmful, but the current reputation associated with a “hacker” is about the same as labeling all martial artists violent and evil. Sure they have combat training, but most martial artists aren’t criminals making stealthy kills for fun or profit.
Read the rest of this entry »

Posted on June 2nd, 2008 by Brian Bourne and filed under Hackers, Security |

No Comments »