Friday, 28 February 2014

Autumn is coming, are you prepared?

With the Autumn season just a day away we look to changing our wardrobe for some warmer clothing, preparing our home for the relief of rain and looking forward to making it into the garden and seeing what the summer sun has left for you to revive. It’s a chance for us all to take a break from the long and busy summer and nestle down in our homes ready for winter.

But what are the risks involved, initially you might think that there can’t be much, with looking forward to catching up on some of those books on the book shelf you haven’t had time to start, decorating the dining room because the summer was too hot to even think about it or taking up a new hobby if that’s your thing.

The first big downpour of 2014 left my gutters overflowing and my garden turning into a swimming pool, all of which was unexpected. I didn’t know it was going to rain that hard and we had already cleared out the gutters a few weeks before but with those record breaking 40 degree temperatures in Adelaide that had a big effect on the trees around my house and when the wind picked up they shed all their dry leaves back on to my roof and into my gutters, hence them overflowing and my husband getting soaked to his socks clearing them out and hoping he cleared them before the water got into the roof.

We hear it all too often on the radio and the news of people like you and I having their information hacked and money stolen from their bank accounts, and when we find out it’s happening we go into defence mode and change our passwords and have a rant to the bank until its fixed. But what if it’s your workplace and your office holds the information of others or your organisation is closed down for the day what then? It may not be just you who is affected and it doesn’t take long for someone on a laptop sat in their own home to leave you with a wealth of problems which can’t be fixed with a phone call or a password change. The risk of a cyber-attack isn’t your only threat; losing power to your premises for a long period of time can be just as harmful if you become out of contact or are unable to complete your daily tasks.

Having a disaster recovery plan in place can be a challenging and difficult task but in the event of a breach or natural event it could possibly be your only hope of maintaining service and being able to recover as quickly and efficiently as possible.

So what can I do?

For an organisation who have not taken a great deal of time to consider their disaster recovery CQR can assist any business to analyse a business and look at where experiencing a disruptive event can have an effect on a business through a Business Impact Analysis, this will provide a risk register, business continuity and recovery plans and most importantly enable show if the business can recover within a desired timeframe.

We can provide an independent review of your IT Service Recovery Plans through an IT Service Recovery Technical Review, ensuring that the information therein is adequate to support the recovery processes and that staff are aware of their roles and responsibilities.

In having a Vulnerability Assessment completed CQR have specialist consultants who can carry out technical vulnerability scans that will challenge the resiliency of your network architecture. We will provide you with a vulnerability report outlining the risks and provide recommendations to manage the identified vulnerabilities.

In addition to these services CQR can also provide Exercise / Test Facilitation, Document Development, Review of Business Continuity Gap Analysis against ISO 22301:2012 Business Continuity Standard and Business Continuity Management System (BCMS) Development. All of these services are done through partnering with the organisation and developing a scope to ensure that what is delivered is exactly what is needed in order to prevent the worst happening. 

So before the winter arrives I have my own plan in place to make sure that my gutters no longer get clogged with leaves and debris and that I reduce the risk of my garden becoming flooded again, and that will involve my husband getting back up onto the roof again, but hopefully this time he will be dryer.

Sarah Taylor

Friday, 21 February 2014

Managing a Data Breach

If you've ever watched a home renovation show on TV, you'll know that one of the biggest problems is the weather.  Rain in particular is a real pain if you don't yet have a roof, as it leaks everywhere, damages everything and stops work completely.  If you are doing the renovation privately, the best thing to do is patch up the damage, redecorate and tell no-one.  However if there is a TV crew around you don't have that option.

With the impending revisions to the privacy laws, this is exactly the place Australian business is about to find itself.  If you have a breach today the best advice is to patch up the damage, redecorate and tell no-one.  Within a couple of months however it will be as if there is a virtual TV crew around all the time, and businesses won't have a choice about having to admit their failure to protect personal information.

Unsurprisingly, vendors are having a field day promoting the new privacy laws, trying to sell umbrellas, wallpaper and camera blinding equipment.  Personally I think businesses should just build a watertight roof and stop the leaks happening in the first place.
Phil Kernick @philkernick

Tuesday, 18 February 2014

Benefits of Aligning Business Continuity Management with IT Service Recovery

IT departments within many organisations are likely to have well defined processes to support their own disaster recovery requirements.  General ‘good practice’ states that we need:
·         Backups;
·         Resiliency designs within the network architecture;
·         Data centre etc…etc…

IT Service Recovery is a legacy approach that many are comfortable with.  From the early mainframe computer days in the 1950’s initial recovery simply focused on restoring the mainframes, the systems were simply off line and business would have to wait, it could actually take a matter of days before affecting the business in anyway. 

However, with the explosion of the internet since 1995 and greater dependence on up-to-the-second information, the impact of loss can now be felt, not in days, but in minutes… if not seconds! 

The role of Business Continuity within an organization developed throughout the 90’s as it became obvious there was a need to provide protection and resilience spanning the entire business.  This led to Business Continuity professionals sitting well outside of IT, focusing on Business Impact Assessments, Crisis Management, and Business Continuity Plans, detailing how the business can continue to provide products and services at an acceptable minimum service level. 

IT has continued to support ‘general good practice’ and has kept up to date, where possible, on the technology that supports system resiliency and recovery, however, often choosing solutions without discussing requirements with the business.  Likewise, the business has been developing Business Continuity Plans on the assumption that IT services will be able to support their strategies.

It is therefore essential that you re-align Business Continuity Management with IT Service Recovery to ensure that the business clearly understands how it may implement strategies that either prevent incidents occurring, or reduce the impact if they do occur. 

To achieve continuity and recovery objectives an organisation should be able to answer questions such as:
·         Can IT recover the business systems within an acceptable period of time?
·         Has the business discussed what the “acceptable period of time” is?
·         Have you ever completed a full restore from backup?
·         Do you carryout vulnerability scans or penetration tests to examine the adequacy of your network designs?
·         Is your Data Center far enough away? Or is it likely to be impacted by the same disruptive incident as you?

CQR Services

CQR is able to help you define your Business Continuity and Service Recovery Strategies through a number of services, such as:



Business Continuity Gap Analysis against ISO 22301:2012 Business Continuity Standard

We will review existing business continuity plans, supporting documentation and governance against the industry standard ISO 22301

Business Continuity Management System (BCMS) Development

We can work with you to create a BCMS that can be certified to ISO 22301 or simply be ‘compliant to’ the requirements of the standard

Business Impact Analysis

We will work with you to analyse the consequences of a disruptive incident on your most time sensitive business processes.

Output will feed into your risk register, business continuity and recovery plans and most importantly verify whether IT are able to recover within the desired timeframes.

IT Service Recovery Technical Review

We will provide an independent review of your IT Service Recovery Plans, ensuring that the information therein is adequate to support the recovery processes and that staff are aware of their roles and responsibilities.

Vulnerability Assessment

We have specialist consultants who can carry out technical vulnerability scans that will challenge the resiliency of your network architecture.

We will provide you with a vulnerability report outlining the risks and provide recommendations to manage the identified vulnerabilities.

Exercise / Test Facilitation

CQR can work with you to design and facilitate an exercise that will test the limits of your documentation and ensure that it is:

-       Accurate and up to date

-       Relevant

-       Complete

-       Appropriate

The exercise will also ensure that staff get to understand their roles and responsibilities in an event.

We can also help you to test the continuity and recovery strategies outlined in the documentation to ensure that they will work as expected.

Document Development

We can review, update and create relevant business continuity and recovery documentation as per your requirements.

Yvonne Sears
Senior Security Specialist

Tuesday, 11 February 2014

How do you keep your family safe online?

Tuesday 11th February is Safety Internet Day with this year’s theme on ‘Let’s create a better internet’ focusing on our children and being safe online.

Helping positive digital citizenship across Australian communities, Coordinated by Insafe, the European network for internet safety, the event is supported in Australia by Cybersmart.

In the car on the way to school my son will occasionally ask “Mum, can I have an iPhone?” my answer to him is, “No, you can’t have one because you are 6 and you won’t be getting a mobile phone until you are much older, especially an iPhone”, his response to me is then one of discontentment with a bit of moaning thrown in for extra measure to which his 4 year old sister happily accompanies him on.

I have seen kids at his primary school stood at the gates on their phone’s they could be talking to their mum or their nan or even checking the automated clock (if that still even exists), but I am a firm believer that children of that age group do not need to have mobile phones of their own because as a parent it is my responsibility to know that they are always in an environment which is safe and with people who will look after them if I cannot be there myself, so what would they need it for?
This being said in school they are taught how to use computers from reception age and with this comes the use of the internet. When he came home from school one day and asked if he could use the laptop, after a bit of a debate I said yes, then I watched him switch it on, log in with my password, which made me think maybe I should be a little more secure with my home laptop access, and then open internet explorer. He typed into the search engine the word games, and it came up with a ream of websites, he seemed to know what he was looking for and through a series of clicks he got himself onto some car racing game and happily played on it for the next 10 minutes.

Now our children are the epitome of innocence which is what we all want for them. But inevitably as they get older and more inquisitive this can be a time when they can get up to things that we as parents are unaware of and it is important that we are educated in how we support and educate them to make the best of what technology offers without any of the negatives that we hear about in the media.
Recently I have been reading up on how I can ensure that my children are safe online and although much of it can seem obvious, it is sometime those things that we can forget to explain to our children.

Here are some tips that I feel are important:

·         Spend some time with your child at the computer and let them show them you how they use it. This is a better way of working out any do’s and don’ts together and you can show them the best way of doing things safely.

·         Give a time limit – it is easy when the kids are nice any quiet to forget and get on with some of your own jobs, maybe a timer will help so they aren’t spending too long on the computer, game console or tablet.

·         Bookmark a list of favourites for your child, this way their favourite websites are easily accessible and there is no need to use a search engine and parents can work with your child in setting it up and checking those websites.

·         Keep your computer in a space in the house where it is visible so you can see what they are doing at all times.

·         Look into installing filters, labels or safe zones to help manage their access. Also check your anti-virus or e-security software is up to date.

·         Teach them that if they come across anything that scares them or that they think is wrong to tell a trusted adult.

·         Helping them understand how to open and close programs safely can be useful if they come across something they don’t like.

·         Talk to them about using personal information and to never share things like phone numbers and home addresses without speaking to a trusted adult first.

·         If you are unsure or have any concerns seek help, the Australian Government Cybersmart website has lots of advice and also an online helpline which provides free, confidential advice.
Giving them the tools to make safe and conscientious decisions is a life skill that we all value and in the process we as parents can learn something too and this can make the online world less of a daunting place to explore.

Sarah Taylor
Sales Coordinator