Janco Associates, Inc. (Janco), announced today the release of Version 4.1 of its disaster Recovery and business Continuity Template. This electronic document is over 183 pages and can be used in the creation of a unique disaster Recovery Plan (DRP) and business Continuity plan (BCP) for any entity. In the process of creating DRPs and BCPs for organizations across the country, Janco has found every department, in every corporation or organization needs a universal, yet comprehensive DRP and BCP to safeguard the use of their computers and all related equipment and information which support enterprise wide operations in the event of a disaster. Version 4.1 has detail activation procedures for the plan as well as a specific form set for web site that are informational and e-commerce based.

fema water truck in a field near temporary housing in Kansas (ID: 35039)
Greensburg, Kansas, April 25, 2008 — A fema water truck is parked near temporary housing. fema continues to provide recovery to Greensburg families displaced by the tornado that struck a year ago at the Keller Estates group site. fema photo/ John Shea.

Take your child to work day at fema (ID: 35005)
Mount Weather, VA, April 24, 2008 — Mount Weather Police Officer James Brown fingerprints fema Kids during their visit to Mount Weather on “Take Your Kids to Work Day”. Cards were given to the parents to take home. fema/Karen Nutini

disaster Recovery and Compliance
disaster recovery and remote backup strategies need to take into account not just technical issues, but also how to implement those strategies within the letter and spirit of applicable legislation. CFOs and CIOs need to take care that a seemingly simple plan for disaster recovery does not in turn create a potential legal disaster. A compliance-based managed services provider (CMSP) can reduce risk and cost for many businesses.

Debris remains in Greensburg (ID: 35027)
Greensburg, Kansas, April 25, 2008 — One year after the tornado that destroyed Greensburg, Kansas, debris remains on the ground and on the slabs of previous homes while in other areas of town there is new construction. fema photo/John Shea.

What is a Chief Security Officer - the CSO Who is it?
What is the Chief Security Officer (CSO)?  The title Chief Security Officer (CSO) was first used inside the information technology department and function to identify the person responsible for IT security. At many enterprises, the term CSO is still used in this way. The CSO title is also used in many enterprises to describe the leader of the “corporate security” function, which includes the physical security and safety of employees, facilities and assets. This individual often holds a title such as Vice President or Director of Corporate Security. Historically, corporate security and information security have been handled by separate departments. The CSO is the executive responsible for the organization’s entire security posture, both physical and digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy. At a tactical level, technology is being infused into physical security tools, which are increasingly database-driven and network-delivered. At a strategic level, CEOs and corporate boards, motivated in part by regulations such as the Sarbanes-Oxley Act, HIPAA, and ISO 27000 (formerly ISO 17799) 27001 & 27002 standards, desire an enterprise-wide view of operational risk. The Chief Security Officer (CSO) is responsible for overall direction of all security functions associated with Information Technology applications, communications (voice and data), and computing services within the enterprise.  At the same time the CSO must be aware of the implications of legislated requirements that impact security for the enterprise.  This includes but is not limited to Sarbanes Oxley Section 404 requirements. The CSO has the responsibility for global and enterprise-wide information security; he/she is also responsible for the physical security, protection services and privacy of the corporation and its employees.

How minimize your backup exposure
Are you taking the right steps, or could you reduce your backup window further? Are you setting the right data protection goals? Have you established the best benchmarks? How can you optimize your backup model to meet your SLA s? Have you projected your data growth accurately? Will your technology fit all your needs? To accomplish this you should: Set data protection goals based on buisness needs Establish performance benchmarks Optimize backup performance to exceed your benchmarks Forecast the capacity needs for both hardware and software Build a modular data protection architecture      

Cracking GSM Phone Security - disaster Recovery Implications
(TechWorld.com) Two enterprising researchers claim to have figured out a way to eavesdrop on calls made using GSM mobile phones, cracking open its much-vaunted encryption. GSM calls can now be recorded over long distances and cracked open in half an hour using only $1,000 worth of field-programmable gate array-aided computer equipment and a frequency scanner. Although GSM’s 64-bit A5 stream cipher has been theoretically vulnerable for some time, this is the first time anyone has demonstrated a way of doing it without investing in expensive, specialized equipment and without it taking years. If one spends $100,000 on hardware and the crack can be done in only 30 seconds using massively parallel processing technology. Pico Computing Inc., is now developing the fast version to sell to agencies such as law enforcement, but plans to give away the slower version for free. GSM is used all over the world by mobile phone companies, and is used in the U.S. by several networks, most notably AT&T and T-Mobile. It is considered to be secure enough that even criminals use it, simply cycling phones to avoid the theoretical risk of being tracked. The attack depends on exploiting a vulnerability in the way GSM sets up calls. Assuming attackers were able to find out a phone’s mobile subscription identification number and built-in hardware ID — garnered by sending a text message to that phone, say — they would have enough information to isolate calls from that phone. Because networks set up some frames of the call security exchange using the same plain text scheme, throw enough hardware at the problem and the encryption can be forced open by using mathematical tables. “f we know the plain text, we can derive exactly what is coming out of A5.

Microsoft patches one Office flaw, leaves another
(IDG News Service) — Microsoft Corp. has released its monthly set of security patches, fixing a critical flaw in Office. Attackers could exploit the bug by tricking Office users into opening a maliciously encoded .pub document, which would then allow attackers to run unauthorized software on a victim’s PC. These .pub documents are created by Microsoft’s Publisher software, an Office component used for designing print and online business publications. Microsoft rates the bug as “critical” for Publisher 2000, but this warning has been downgraded to “important” for the Publisher 2002 and Publisher 2003 products. Some security experts expected Microsoft to fix a similar bug in Word, which has been used by online attackers over the past few weeks, but that problem remains unfixed. Microsoft acknowledged the Word problem last week and probably did not have time to run a fix through its quality assurance tests, said Jonathan Bitle, a manager of technical accounts at Qualys Inc. “It’s really late in their engineering cycle, so it’s understandable that they wouldn’t manage to get something out,” he said. Both the Word and Publisher bugs rely on the same type of attack to work: An attacker e-mails a malicious document and somehow tricks the victim into clicking on the attachment. Security experts have been seeing more of these Office flaws exploited of late. “This is one of the trends that we have observed,” said Amol Sarwate, director of the Qualys vulnerability research lab. “The growing number of client-side vulnerabilities where you have a malformed Publisher file or Word file or Excel file.”

NFL tackles disaster recovery
(Computerworld) — Like many other organizations, the Baltimore Ravens took note of what happened to New Orleans after Hurricane Katrina last year and decided to take steps to prevent a similar occurrence, said the senior director of IT at the American Football Conference team. The professional sports team had been backing its data up to tape, but it moved to a combination hardware, software and service offering from AmeriVault Corp., he said. The National Football League Inc. organization, which had about 200GB of stored data, started out with a 500GB system at AmeriVault and took an initial snapshot which took about a day and then shipped it to Waltham, Mass., to be loaded into the AmeriVault data centers. It was then shipped back to Baltimore, and every night, any files that were changed during the day get backed up to the Massachusetts facility. The data is also mirrored to a facility in Illinois.