The application would have the ability to rapidly assemble critical open source information and intelligence that would allow the FBI to quickly vet, identify, and geolocate breaking events, incidents, and emerging threats according to the FBI's RFI (request for information).

The FBI is looking to harvest feeds from Twitter, Facebook, and the like because "social media has become a primary source of intelligence because it has become the premier first response to key events and the primal alert to possible developing situations," according to the RFI. "It has emerged to be the first instance of communication about a crisis, trumping traditional first responders that included police, firefighters, EMT, and journalists."

In a recent study 87 percent who said their organization suffered a data breach in the past two years, 21 percent said the breach occurred when a drive was in the possession of a third-party data recovery service provider.

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements.

When enterprises allow their employees to have uncontrolled free access to the web they run a serious risk that there will be misuse of the web. Web misuse has serious implications for your enterprise and its employees.  The implications are:

• Reputation risk - Social networking can create opportunities for employees to leak confidential information or spread damaging rumors online. Bad behavior by a single employee can reflect on the reputation of the whole organization.
• Reduced productivity - If employees spend their time on social networking sites such as Tweeter they are not spending it doing their job.
• Data Leakage - Confidential and sensitive information could be transmitted to unauthorized individuals and competitors. In addition, data that is covered by mandated privacy and security requirements (HIPAA and PCI-DSS) could be exposed.
• Security problems - Malware hides on websites and can install itself as users browse infected pages. One company reports that the number of new, malicious websites blocked each day by it nearly doubled (91 percent) in just one month.
• Legal risks - When users download inappropriate material to their computers, other employees may take serious
• Wasted bandwidth - Internet connections cost money. If half of an enterprise's bandwidth is taken up with non-work related traffic, the enterprise could be paying than they need to and the enterprise-critical communications could be running at half their speed capacity.
• Unlicensed software - When users download and install software from the internet, they create a legal risk. If an organization uses unlicensed copies of software, it may face a civil suit and company directors risk criminal penalties.

This makes sense: mobile content management increases user productivity, ramps up customer engagement, enhances customer service, maximizes collaboration and drives more effective business decision-making. What does all this user mobility mean for IT? Simply this -  A modern mobile strategy is no longer a "nice-to-have" Â… it's an absolute business necessity.

Risk professionals from both organizations were asked which three cyber risks they thought were the greatest threats to business in general and to their own organizations. A total of 186 replied to the online survey.

For business in general, reputation risk from social media was cited as a material risk by nearly 50 percent of respondents and loss of confidential information through social media by 20 percent. These concerns ranked social media along with non-malicious operational IT risks, theft of customer information and malicious interference with IT systems as the greatest cyber threats to business in the eyes of the risk professionals.

The emphasis shifted somewhat when it came to respondentsÂ’ own organizations. More than half put operational, non-malicious IT risks among the top three, followed by 43 percent who mentioned theft of customer information. However social media risks were next with 42 percent who included them among the biggest exposures to their own organization with 21 percent concerned about loss of confidential information through social media.

In response to additional questions to FERMA members, one-third of 36 responses said they had already been concerned by a denigration attack. One-quarter of the 98 responses said their company had suffered an attack on confidential information.

Power supplies and communication links are one of the most critical components in a DRP/BCP strategy.

Companies with no information management programs - or programs that do not sufficiently address the full life-cycle of electronic data - end up creating mountains of legacy data and media. Most of this data has no real business value, is free from any statutory or regulatory retention requirements, and is not subject to any legal preservation obligations.

As a result of this threat, investment in data protection and recovery continues to rise, with 94 percent of businesses maintaining expenditure on it and 35 percent increasing budgets for it from 2010 to 2011.

The independent survey 'Insights: Data Protection and the Cloud 2011,'also reveals that 41 percent of organizations expect cloud computing to play an increasingly important role in their business continuity plans over the next year.

Of the businesses surveyed, 39 percent have data that resides in the private cloud and 21 percent in the public cloud. Encouragingly, these companies displayed high levels of confidence in the safety of this data. A significant 68 percent of those using private cloud trust that their data and applications are properly protected in the event of a disaster whilst 78 percent of those using public cloud are confident in the data protection SLAs agreed with their provider.

88 percent of respondents suffered application and data loss incidents in the last year. These were due to a wide variety of causes. Nearly two thirds (63 percent) of companies had experienced an IT systems failure (e.g. network, storage, software failure) – the most common cause of data loss. Other recurrent causes included employee or human error (40 percent of companies) and external attacks on IT (36 percent).

Although there was a high frequency of data loss across the UK, few businesses have adequate disaster recovery systems in place. Just over a third (34 percent) reported having full and comprehensive disaster recovery plans to protect their data in the event of such an incident. The primary reason given for this lack of DR planning was inadequate training of IT personnel in risk and DR planning (42 percent). Lack of budget was also a significant factor (40 percent).

In disaster recovery, three jobs need to be accomplished quickly:

• The data associated with critical applications needs to be recovered and placed into a usable form: no small feat given the massive amounts of data involved (though much of it non-essential to recovery).
• The applications serving critical business functions must be re-hosted on platforms that are adequate to support comparable (though not always identical) workload to what is experienced in normal production environments.
• Users, suppliers and customers need to be re-connected to the newly-instantiated application platform so that work can continue.
  

Unfortunately, this kind of breach is becoming altogether common as information is shared between partners, customers and contractors to reduce costs and improve services. The idea of protected information staying within the network perimeter is effectively dead.

A data privacy breach at the hospital has resulted in medical records for 20,000 emergency room patients being posted on a public Website for nearly a year. The records included names, diagnosis codes, account numbers, dates of admission and discharge, and billing charges. Social Security numbers, birth dates, credit card accounts or other information that could potentially result in identity theft was not exposed. Even so, the hospital is offering free identity-protection services to all affected patients.

The spreadsheet originated at one of the hospital's vendors, a billing contractor called Multi-Specialty Collection Services. The spreadsheet appeared on a Website called Student of Fortune, where students pay for assistance with schoolwork. The spreadsheet was part of a question on how to convert the data into a bar graph. Student of Fortune removed the post with the spreadsheet immediately after being contacted by the hospital last month.

• Prepare your systems, processes, and people for an organized response to disaster when it strikes.
• Identify critical IT systems and develop a long-range strategy.
• Select and train your disaster recovery team.
• Conduct a Business Impact Analysis.
• Determine risks to your business from natural or human-made causes.
• Get management support.
• Create appropriate plan documents.
• Test your plan.
  

In a recent research report, high priority projects for ROBOs included improving information security measures; ensuring compliance with government, industry or corporate governance mandates; and improving Disaster Recovery Business Continuity processes.

Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events—whether those event might include a hurricane or simply a power outage caused by a backhoe in the parking lot.

A writer Jason Hiner at TechRepublic states that because most workers have used technology for at least a decade and often want to select and set up their own technology, most companies don't need that much in the way of IT staff. His forecast is that three jobs will be in high demand in the future:

• Consultants: Companies increasingly are farming out traditional IT administration and support functions to outsourcers and third-party consultants. Predictions are that more IT staff will be working instead for the service providers.
• Project managers: It staff to be working in the business units rather than a centralized IT department.
• Developers: Someone has to program.

• Perform an initial risk assessment to determine current information systems vulnerabilities.
• Perform an initial business impact analysis to document and understand the interdependencies among business processes and determine how the business would be affected by an information systems outage.
• Take an inventory of information systems assets such as computer hardware, software, applications, and data.
• Identify single points of failure within the information systems infrastructure.
• Identify critical applications, systems, and data.
• Prioritize key business functions.

The Disaster Recovery Plan Template has tools that can be used immediately and defined in detail all of these responsiblities and provides a work plan that can be use as is.

"1234" was the most commonly used and the second most common code was "0000". People choosing "1234," "0000" and "1111" as their passcode are doing the equivalent of locking up their cars with a piece of thin string. "0852" and "2580" aren't that much better, as the code is just going up and down the keypad.

Security policies and procedures are a must to help set up the first line of defense.