By Ron LaPedis – Mar 19, 2015 6:16 AM PT
…IT people know the facts. For instance, they know that, in 2014, the average organizational cost of a data breach was just over $5.85M – 15% higher than in 2013. They also know that companies spend an average of $686,000 per hour when experiencing downtime. ROI? The ROI for information security and disaster recovery testing is huge. It just happens to be measured in terms of what you don’t lose and what you don’t spend.
via IT Professionals Think Information Security And Disaster Recovery Should Be Last To Get Budget Cuts | CIO.
Kasich: State will replace Buckeye Lake dam
Ohio Gov. John Kasich said today the state will replace the deteriorated Buckeye Lake dam at a cost of up to $150 million, but warned the water level will not be raised in the interim to permit boating as sought by lakeside business owners.
via Breaking News: Kasich says state will replace Buckeye Lake dam
Sharon Gaudin | @sgaudin Senior Reporter, Computerworld Mar 18, 2015
Google botched its wearable, Google Glass, and now the director of GoogleX labs is openly talking about it.
Astro Teller, Google’s director of its research arm, GoogleX, was speaking to an audience at the South by Southwest conference in Austin on Tuesday when he said the company made mistakes with Glass.
via GoogleX exec: Where Google went wrong with Glass | PCWorld.
CONTINGENCY PLANNING GUIDE FOR INFORMATION TECHNOLOGY SYSTEMS
Elizabeth B. Lennon (Editor)
Information Technology Laboratory
National Institute of Standards and Technology
Information technology (IT) and automated information systems are vital elements in most business processes. Because these IT resources are so essential to an organization’s success, it is critical that the services provided by these systems are able to operate effectively without excessive interruption. Contingency planning supports this requirement by establishing thorough plans, procedures, and technical measures that can enable a system to be recovered quickly and effectively following a service disruption or disaster. Interim measures may include the relocation of IT systems and operations to an alternate site, the recovery of IT functions using alternate equipment, or the performance of IT functions using manual methods.
NIST’s Information Technology Laboratory has published a recommended guidance document on contingency planning for federal departments and agencies. (Industry will find the recommendations valuable as well.) NIST Special Publication (SP) 800-34, Contingency Planning Guide for Information Technology Systems, by Marianne Swanson, Amy Wohl, Lucinda Pope, Tim Grance, Joan Hash, and Ray Thomas, provides instructions, recommendations, and considerations for government IT contingency planning. NIST SP 800-34 supersedes Federal Information Processing Standard (FIPS) 87, Guidelines for ADP Contingency Planning.
NIST SP 800-34 provides guidance to individuals responsible for preparing and maintaining IT contingency plans. The guide discusses essential contingency plan elements and processes, highlights specific considerations and concerns associated with contingency planning for various types of IT systems, and provides examples to assist readers in developing their own IT contingency plans. This ITL Bulletin summarizes the contingency planning guide, which is available at http://csrc.nist.gov/publications/nistpubs/index.html.
via Contingency Planning Guide for Information Technology Systems.
Jeremy Kirk IDG News Service Mar 13, 2015
A Google software problem inadvertently exposed the names, addresses, email addresses and phone numbers used to register websites after people had chosen to keep the information private.
via Google error leaks owner personal info for nearly 300,000 websites | PCWorld.
Joab Jackson IDG News Service Mar 10, 2015
With the latest Patch Tuesday release, Microsoft is fixing the FREAK vulnerability that could help attackers intercept secured network communications.
via Microsoft fixes FREAK vulnerability in Patch Tuesday update | PCWorld.
By Joe Schreiber – solutions architect at AlienVault
6th March 2015
Getting breached doesn’t establish whether or not you have a decent security program in place: but how you respond to a security breach does.
via Don’t panic! Six steps for surviving your first data breach.
By Steve Johnson
SAN JOSE (CALIF.) MERCURY NEWS
Monday March 9, 2015 8:56
The breakneck pace of this technology has far outrun the legal system’s ability to keep up with it, many experts contend. Because of legal loopholes, consumers often lack any right to control how long their data are kept, who the information is shared with and what is collected about them, including personal information such as their finances, mental health, political leanings and sexual orientation.
via Legal system struggling to keep up with how consumers’ data is handled | The Columbus Dispatch.
By Earl Rinehart
The Columbus Dispatch
Monday March 9, 2015
America’s wealthy have walled themselves off in their suburban enclaves. College-educated people and the less-educated do not mix. And in many cities, the clusters of the poor are growing.That’s the conclusion of a recent study that, when all factors were considered, ranked Columbus as the second-most economically segregated major metro area in the U.S. Austin, Texas, was the most-segregated.
via Officials question Columbus’ No. 2 spot as most economically segregated | The Columbus Dispatch.
The EDUCAUSE IT GRC program provides resources that help you define and implement IT governance, risk, and compliance (GRC) activities on your campus.
GRC issues increasingly pervade higher education information technology. As institutional investment in IT and reliance on information systems have grown, so has the need for reliable structures and measures to ensure success and minimize failure.
IT GRC programs develop a framework for the leadership, organization, and operation of an institution’s IT programs. This framework can be used by IT staff to ensure that their programs support and enable the institution’s strategic objectives.
via IT Governance, Risk, and Compliance Program | EDUCAUSE.edu.