Upon investigation, the Navy found that the laptop contained "high risk" personally identifiable information on only eight people. And the external hard drives were either still in their boxes or encrypted when taken. 

The incident emphasizes the importance of security policies and continued vigilance over insider threats, according to Navy department of the CIO privacy team lead  who disclosed the breach in a blog post on the Navy CIO's Web site.

"External hard drives are becoming as vulnerable as thumb drives," Muck wrote. "A best practice should be to physically secure them at the end of each work day."

The Navy Privacy Offices advised employees to never store personally identifiable information or unencrypted user names and passwords on government computers. And he reminded of the importance of inventory control policies.

There is little doubt of the importance of an effective backup plan if a natural or man-made disaster destroys your business records. Many companies, however, still have yet to implement a Disaster Recovery plan, believing that the chance of it happening to them is too slim.

The reality is that an organization may declare a disaster for a number of reasons, including:

• Extreme weather conditions
• Prolonged power or communications failure
• Robbery or other criminal activity
• Civil unrest
• Terrorist acts

According to Toronto, Canada-based technology provider, 77 percent of the organizations it surveyed are running Windows XP SP2 on 10 percent or more of their PCs. Nearly 46 percent of the 280,000 business computers they analyzed rely on the aged operating system.

Local disk-based data protection strategies improve backup efficiency and reliability over tape-based ones. Consolidation of edge data to the core data center may introduce further efficiencies. Data de-duplication can drive both backup-to-disk and consolidation adoption.

HTML5 is the emerging standard for next generation of Web pages and applications. It remains a draft specification and isn't expected to be finalized for years.

Apple has been promoting HTML5 as an alternative to Flash, which company CEO Steve Jobs has spent the past few months deriding as slow, power-hungry, insecure, ill-suited for touch-based devices, and deleterious to the progress of the iPhone OS platform.

Apple's crusade against Flash continues in its HTML5 Showcase with its observation that HTML5, as a standard, isn't an add-on to the Web (like Flash).

• How many/much of the organization's resources could be lost?
• What are the total costs?
• What efforts are required to rebuild?
• How long will it take to recover?
• What is the impact on the overall organization?
• How are customers affected, what is the impact on them?
• How much will it affect the share price and market confidence?

This business risk strategy guide is designed to help midsize businesses identify and mitigate those risks, thus reducing those costs.  Infrastructure is a key componet to a solution.

If you add terroist attacks at infrastructure that can cause widespread environmental damage like the oil rig explosion in the gulf, the events to be considered are almost infinate.

A Yellowstone eruption, which would be a super volcand, would make the ash problems from the Icelandic volcano look like a minor event.  It would impact the entire US except Calfinoria. According to the Yellowstone Volcano Observatory the last supervolcanic eruption occurred 74,000 years ago at the Toba Caldera in Sumatra, Indonesia. Other known supervolcanoes around the world, include Long Valley in eastern California, Toba in Indonesia, and Taupo in New Zealand. In addition other potential supervolcanoes include large caldera volcanoes of Japan, Indonesia, and South America.

Janco provides and update service for all of its templates which guarantees its clients have the all of the information they need to meet mandated requirements.

With this new version a fully indexed PDF copy of the template is now provided in addition to the two versions of WORD (2003 and 2007). 

 The updates to the template included:

• Added Pandemic Coordinator job description
• Added Business Pandemic Planning Checklist
• Updated organization chart to include Pandemic Coordinator
• Updated backup and backup retention section
• Updated style sheet to be CSS Style sheet format
• Added Disaster Recovery Business Continuity General Distribution Information 
  • What to do after an explosion / terrorist attack
  • How to clean up after a disaster
• Defined generic metrics for DR/BC success
• Business & IT Impact Analysis Questionnaire Updated
• Updated references to DRP card
• Updated formatting to meet WORD 2007 requirements

The version history for updates to template can be seen at http://www.e-janco.com/drpversion.htm and the full Table of Contents with sample pages can be downloaded at http://www.e-janco.com/Register_drp.asp .

Federal agencies have taken some steps to implement the goals of the Federal Desktop Core Configuration (FDCC), which are to improve overall security and reduce IT operating costs across the federal government.
None, however, have fully implemented all the configuration settings on applicable PCs, citing a number of challenges to doing so, according to the report, published last month.

The FDCC was established by the OMB in 2007 to provide a baseline for security across federal workstations. The OMB based the FDCC on settings developed by the Air Force in partnership with the National Security Agency, Defense Information Systems Agency, the National Institute of Standards and Technology (NIST) and representatives from the Army, Navy, and Marines.

To become compliant with FDCC, agencies were supposed to first submit an implementation plan, and then configure Windows XP and Vista PCs according to the common security settings required by the initiative by February 2008.

They also were required to document any changes from the OMB's recommended settings and have them approved by an accrediting authority; acquire a specified NIST-validated tool for monitoring implementation of the settings; ensure that future IT acquisitions comply with the configuration settings; and submit a status report to NIST.

To protect sensitive data, enterprises need an effective data loss prevention (DLP) solution that monitors potential information loss at the point of use. However, the explosion of messaging systems, wireless networking, and USB storage devices has made the protection of critical enterprise data difficult. As a result, enterprises are experiencing an increase in the loss or theft of data assets by employees or contractors who accidentally or maliciously leak data.

As you go up the spectrum of age brackets, the numbers consistently rise: 53 percent of workers 45 and older have younger bosses; as do 69 percent in the 55-or-over age bracket.

"As companies emerge from this recession, it is important for employees to work together and move the business forward, regardless of their age," said a vice president of Human Resources. "With so many different age groups present, challenges can arise. Younger and older workers both need to recognize the value that each group brings to the table."

Part of the reason is the evolution of the workforce, but also the sheer size of the baby-boom generation. A 2007 Bureau of Labor Statistics study found that between 2000 and 2005, the number of workers over 55 increased 30 percent. In that same time period, younger workers between 25 and 54 increased only 1 percent.

Mobile computing and global networking cast a new light on data security issues as, in response, organizations reassess the technologies in use within their IT infrastructures and reconsider the ways in which staff members, customers and partners communicate. Solutions that do not provide the appropriate balance between protection and usability must be discarded in favor of solutions that effectively minimize risks of data theft or loss achieve compliance with existing regulations and equip personnel with tools that help them work productively and securely.

The facts are that business processes today rely on vastly different methods of data storage and data exchange than even a few years ago. These changes in the computing landscape make it essential that companies adopt a very different approach to security. According to the a research report by a leading IT think tank, 90% of organizations say that data security is "important" or "very important" and would get high priority in 2009.

Those claims have alarmed the ACLU and other civil liberties groups, which have opposed the Justice Department's request and plan to tell the U.S. Third Circuit Court of Appeals in Philadelphia that Americans' privacy deserves more protection and judicial oversight than what the administration has proposed.

Not long ago, the concept of tracking cell phones would have been the stuff of spy movies. In 1998's "Enemy of the State," Gene Hackman warned that the National Security Agency has "been in bed with the entire telecommunications industry since the '40s--they've infected everything." After a decade of appearances in "24" and "Live Free or Die Hard," location-tracking has become such a trope that it was satirized in a scene with Seth Rogen from "Pineapple Express" (2008).

Once a Hollywood plot, now 'commonplace' - Whether state and federal police have been paying attention to Hollywood, or whether it was the other way around, cell phone tracking has become a regular feature in criminal investigations. It comes in two forms: police obtaining retrospective data kept by mobile providers for their own billing purposes that may not be very detailed, or prospective data that reveals the minute-by-minute location of a handset or mobile device.

FBI Director supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

The FBI is not alone in renewing its push for data retention. A survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. An Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting.

The chief of the FBI's digital evidence section, said that the bureau was trying to preserve its existing ability to conduct criminal investigations. Federal regulations in place since at least 1986 require phone companies that offer toll service to "retain for a period of 18 months" records including "the name, address, and telephone number of the caller, telephone number called, date, time and length of the call."

IT Service Management (ITSM) and Service-Oriented Architecture (SOA) have gained great acceptance as the change management discipline has grown over the last several years. The percentage of participants using a structured approach to manage change has grown from 55% to 75%.

.

A January 2010 survey of 1,586 CIOs, however, puts actual IT spending budgets for the year at 2005 levels or flat.

Mobile application developers will see job demand grow sharply in 2010 as Google's Android mobile operating system extends with the introduction of the Nexus One, and the leading Internet mobile device--Apple's iPhone--reaches 300,000 applications by the end of the year. It is predicted that mobile apps for Android to reach the 100,000 level by the end of 2010--a number that was reforecast from an initial estimate of 75,000.

Developers with knowledge of mobile operating systems including Symbian, Android, Windows Mobile and the iPhone are in the cat bird seat. The rapid growth of the netbook category from 2009--very small, ultra-portable laptops-- will carry over into 2010 with demand for developers who can create device-specific applications as well as skills in synchronization.

When it comes to cloud computing, it is predicted that a very big year with an expansion in the enterprise of private cloud offerings that take the best aspects of the public cloud--pre-built application and hosting infrastructure, a pay as you go model--with a customer's infrastructure in a more secure, private cloud similar to what you might find in the private "dark fiber networks" that many companies lease now from telecommunications companies and ISPs.

As businesses continue to have concerns about cloud security, availability, and performance, 2010 will be a big year for the announcement of private cloud offerings from virtually all major IT suppliers. This is not surprising: a brand-new (not yet published) IDC survey shows a strong preference by businesses for private clouds over public clouds, and vendors will act accordingly. One important implication: since clouds typically package infrastructure, platforms, and applications together, look for these announcements to drive many strategic partnerships, joint ventures, and acquisitions/mergers.

It's not only the private cloud that is expected to expand in the enterprise. The market for cloud appliances, cloud accessories and hybrid cloud management tools is predicted to see growth in 2010.

Dell, IBM, HP, Sun, Fujitsu, Hitachi - and Intel and AMD -  will partner with software vendors for "applianced" versions of traditional on-premise packaged software. Particularly once the EU approves Oracle's acquisition of Sun, Oracle will certainly be an aggressive cloud appliance player.

At the same time, information is one of the greatest sources of risk for organizations today. Whether through intentional or inadvertent means, breaches of data security can expose organizations to regulatory fines or legal actions, reduce a companyÂ’s competitive advantage and undermine customer confidence. In recent years, lawmakers worldwide have responded to data security breaches with more rigorous data privacy laws.

As data privacy mandates continue to multiply, so too can the risk. Eliminating the risk altogether, however, is not the goal. Were that the case, the solution would be easy: simply lock down both the data and access to it -  thus also shutting down the vital link to employees, customers, business partners and suppliers that makes innovation and collaboration possible.

A more sophisticated information security strategy takes a risk management approach that balances risk and reward - availability vs. the confidentiality and integrity of data. This strategy requires the ability to identify and classify sensitive data and mission-critical information within the enterprise and determine the various points of access to this information and the security posture of those access points - all while tracking who has accessed that data and understanding what they have done with it.