Business continuity and disaster recovery planning: The basics Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events—whether those event might include a hurricane or simply a power outage caused by a backhoe in the parking lot. The CSO's involvement in this process can range from overseeing the plan, to providing input and support, to putting the plan into action during an emergency. This primer (compiled from articles on CSOonline) explains the basic concepts of business continuity planning and also directs you to more resources on the topic. Last update: 4/2/2012. Q: "Disaster recovery" seems pretty self-explanatory. Is there any difference between that and "business continuity planning"? A: Disaster recovery is the process by which you resume business after a disruptive event. Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. What do these plans include? Where do I start?
Public-key cryptography An unpredictable (typically large and random) number is used to begin generation of an acceptable pair of keys suitable for use by an asymmetric key algorithm. In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of the private key. In the Diffie–Hellman key exchange scheme, each party generates a public/private key pair and distributes the public key. Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public. Public-key algorithms are based on mathematical problems which currently admit no efficient solution that are inherent in certain integer factorization, discrete logarithm, and elliptic curve relationships. Message authentication involves processing a message with a private key to produce a digital signature.
What is Business Continuity? Business Continuity is often described as ‘just common sense’. It is about taking responsibility for your business and enabling it to stay on course whatever storms it is forced to weather. It is about “keeping calm and carrying on”! BC is about building and improving resilience in your business; it’s about identifying your key products and services and the most urgent activities that underpin them and then, once that ‘analysis’ is complete, it is about devising plans and strategies that will enable you to continue your business operations and enable you to recover quickly and effectively from any type disruption whatever its size or cause. Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. At the heart of good BC practice, sits the BCM Lifecycle. To get a copy of the BCI’s Good Practice Guidelines click here.
How to view and manage event logs in Event Viewer in Windows XP This article describes how to use Event Viewer to view and manage event logs in Microsoft Windows XP. Event Viewer In Windows XP, an event is any significant occurrence in the system or in a program that requires users to be notified, or an entry added to a log. The Event Log Service records application, security, and system events in Event Viewer. Event Log Types A Windows XP-based computer records events in the following three logs: Application log The application log contains events logged by programs. How to View Event Logs To open Event Viewer, follow these steps: Click Start, and then click Control Panel. How to View Event Details To view the details of an event, follow these steps: Click Start, and then click Control Panel. How to Interpret an Event Each log entry is classified by type, and contains header information, and a description of the event. Event Header The event header contains the following information about the event: Date The date the event occurred. Event Types Applies to
Risk Mitigation Planning, Implementation, and Progress Monitoring Definition: Risk mitigation planning is the process of developing options and actions to enhance opportunities and reduce threats to project objectives . Risk mitigation implementation is the process of executing risk mitigation actions. Risk mitigation progress monitoring includes tracking identified risks, identifying new risks, and evaluating risk process effectiveness throughout the project . Keywords: risk, risk management, risk mitigation, risk mitigation implementation, risk mitigation planning, risk mitigation progress monitoring Background Risk mitigation planning, implementation, and progress monitoring are depicted in Figure 1. The risk mitigation step involves development of mitigation plans designed to manage, eliminate, or reduce risk to an acceptable level. Risk Mitigation Strategies General guidelines for applying risk mitigation handling options are shown in Figure 2. Risk mitigation handling options include: Best Practices and Lessons Learned What actions are needed?
Heuristic analysis This article is about antivirus software. For the use of heuristics in usability evaluation, see Heuristic evaluation. Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the "wild". Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. How it works Most antivirus programs that utilize heuristic analysis perform this function by executing the programming commands of a questionable program or script within a specialized virtual machine, thereby allowing the anti-virus program to internally simulate what would happen if the suspicious file were to be executed while keeping the suspicious code isolated from the real-world machine. Effectiveness References External links
ICABC: Industry Insights -- <strong>Risk Management:</strong> Understanding Risk Mitigation Risk Management: Understanding Risk MitigationIndustry Insights · February 2011 Download PDF Version By Lisa Dorian, CA∙CIA Risk management is all about understanding risks that can impact your organizational objectives, and implementing strategies to mitigate and manage those risks. In this article, we examine the most common mitigation strategies and how they can be used to effectively manage risk. When mitigating or managing risks, here are three steps to consider: What is the organization's appetite and tolerance for risk? Risk mitigation strategies Avoidance Some risks aren't worth taking in the first place. Acceptance Without risk there is no reward. Transference Risk transference is the process of transferring any losses incurred to a third party, such as through the use of insurance policies. Control A control is a procedure used to either prevent a risk from occurring or detect a risk after it has occurred. Figure 3 shows the link of control activities to the risk prioritization map.
Microsoft Baseline Security Analyzer 2.2 (for IT Professionals) <a id="b7777d05-f9ee-bedd-c9b9-9572b26f11d1" target="_self" class="mscom-link download-button dl" href="confirmation.aspx?id=7558" bi:track="false"><span class="loc" locid="46b21a80-a483-c4a8-33c6-eb40c48bcd9d" srcid="46b21a80-a483-c4a8-33c6-eb40c48bcd9d">Download</span></a> The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations. MBSA 2.3 release adds support for Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012. DetailsNote:There are multiple files available for this download.Once you click on the "Download" button, you will be prompted to select the files you need.MBSASetup-x64-EN.msiMBSASetup-x64-DE.msiMBSASetup-x64-FR.msiMBSASetup-x64-JA.msiMBSASetup-x86-DE.msi1.7 MB1.7 MB1.7 MB1.8 MB1.6 MB To easily assess the security state of Windows machines, Microsoft offers the free Microsoft Baseline Security Analyzer (MBSA) scan tool.
These Guys Will Hack Your Phone to Reveal Who It's Secretly Sending Information To Geoff White (left) and Glenn Wilkinson (right). Photo by James Snell. This article originally appeared on VICE UK. Most of us don't think twice when we connect to a WiFi network or download a new app. Turns out my phone was lying to me. To help people understand what's really going on with their smartphones, tech journalist Geoff White and ethical hacker Glenn Wilkinson have teamed up to create The Secret Life of Your Mobile Phone —a one-hour performance on interception technologies. VICE: Tell me about what happens in The Secret Life of Your Mobile Phone. Which companies are you sending information to? What kind of software do you use? Basically, we have two levels of interaction with the software. That's all fairly passive, but the final bit is really interesting. Geoff: And that's basically listening to what the phone is willingly giving out. "Phones are programmed to give out all sorts of information. Is it really? For more on advertising, watch our doc "The Real 'Mad Men'?"