Introducing Our Information Security Practice

Introducing Avalution's Information Security PracticeFor twelve years, Avalution has been laser focused on business continuity. We’ve become the leading provider of business continuity software and consulting in the US. We work with 13% of the Fortune 100, including the largest organizations in seven different industries.

We’ve become well known for delivering business continuity services that are connected to the strategy of the business, pragmatic, and reliably delivered.

Today, we are expanding into Information Security Management.  Continue reading

Ownership – Where Do Our Responsibilities Begin and End as Business Continuity Professionals?

Ownership – Where Do Our Responsibilities Begin and End as Business Continuity ProfessionalsAs published in the Summer 2016 Issue of the Disaster Recovery Journal – Volume 29, Number 3.

One of the latest threats to organizations is something termed “ransomware”.  Commonly defined as a type of malware that blocks access to an application and its data until the victim pays a predetermined amount of money.  You may have read about two recent attacks, one targeting the Hollywood Presbyterian Medical Center and the other targeting MedStar.  If you haven’t heard about these two attacks, perhaps you can pause for a minute and do a quick Google search to learn more.  And, after you do, I have a question for you to consider:

If your organization hasn’t already prepared for this type of threat (ransomware or malware in general), who owns planning for it or preparing contingencies addressing the affected resources?

This article discusses some of the threats and risks that are currently top-of-mind for executive managers and why resilience-related thinking is so important, as well as the different roles that the business continuity professional can perform to add value. Continue reading

Integrating Cyber Security and Business Continuity

The last several years have continued to see an increase in the sophistication and volume of cyber threats, with a 42% increase in targeted attacks in 2012 (as reported by Symantec, in its 2013 Internet Security Threat Report).  The range and types of threats vary greatly as well; in June 2013, InfoSecurity magazine listed the top five specific IT cyber security threats as: data breach, malware, DDoS, mobile threats, and industrialization of fraud – each of which requires a different preventive and response approach.  An Ipsos survey for Lloyds Risk Index 2013 indicated that cyber risk is the third biggest concern for CEOs when assessing organizational threats, jumping nine spots from the previous year’s ranking of 12th.

In most organizations, monitoring and response has continued to develop and mature within IT to proactively address vulnerabilities.  That said, there may be opportunities to better integrate IT’s response to such illicit activity with the organization’s business continuity program and structure, so that if an event does occur, the organization ensures a timely and coordinated response.  After all, cyber security incidents can have business continuity implications and impacts that extend far beyond IT. Continue reading

Data Breaches On Deck for Federal Oversight (Again)

Data BreachIn December 2009, my perspective titled “Data Breaches: A Sidewalk Sale of Consumer and Personal Information” detailed the financial, reputational and regulatory implications surrounding a data breach occurrence. Since then, little has changed (other than the fact that the term “data breach” is now commonplace throughout workplaces and households due the continuous increase of breaches worldwide). Organizations around the world ranging from US Bank and Outback Steakhouse to the U.S. Air Force and Sony have experienced (or are currently experiencing) a data breach and the headache of breach notification. Despite numerous attempts to implement federal data breach notification legislation, little has been done on a national level to streamline the process.

This perspective highlights the data breach notification process and how recent legislation proposed by the Obama Administration is hoping to consolidate dozens of diverse state breach notification regulations into one integrated national plan. Continue reading