The DataGuard Data Protection Newsletter
September, 2005
To subscribe: Click Here
Newsletter archives: Click Here
Suggestions, comments: Click Here

Welcome!

If there are any topics you would like to see discussed in the future or if you have any comments, please contact me at JoeT@HighCaliber.com

Top

Bullet Points

  • Big Happenings in Continuous Data Protection

    Both Microsoft and Symantec made Continuous Data Protection (CDP) product announcements last week. Microsoft System Center Data Protection Manager (DPM) is designed to integrate disk-based backup with a shorter window to recover data than has been generally available outside of expensive enterprise solutions.

    Symantec Backup Exec 10d for Windows Servers software including the Backup Exec Continuous Protection Server, and LiveState Recovery Suite 6.0, provide a number of industry firsts, including Web-based recovery and hardware independence, that should do well with customers, said Julie Parrish, vice president of enterprise, midmarket and channel marketing at Symantec. Key benefits include eliminating backup windows and enabling end-user file retrieval with an easy-to-use, Google-like interface.

    Top

  • Cyber Crime is on the Rise

    "So far this year, companies reported 862 incidents, up 22.4 percent from 704 during the same period in 2004, according to an annual study released by IDG and PricewaterhouseCoopers. Cyber crime seems to be on the upswing, with 22 percent of companies surveyed reporting financial losses from attacks on their systems, up from only 7 percent in 2004. The study surveyed more than 8,200 information security executives in 63 countries. What's new is that threats from employees inside companies emerged as a significant problem in 2005.

    Current employees accounted for 33 percent of the threats, up from 28 percent last year. The increase in the threats has led to a rise in security spending. According to the study, security spending in enterprises was 13 percent of the company revenue this year, up from 11 percent in 2004. The full article is in Redherring magazine.

    Top

  • Internet Explorer Phishing Filter

    Mary Jo Foley of Microsoft Watch says a phishing filter, a major feature of Internet Explorer version 7 (which is now in beta testing) is going to be available for previous versions of IE before the launch of IE 7.0. The filter detects fraudulent Web sites used to trick users into entering their credit card numbers, bank account numbers and other personal identification information. The service automatically notifies users of phishing sites.

    Top

  • Internationalized Domain Names Pose Phishing Risks

    Attackers may be able to take advantage of internationalized domain names to initiate phishing attacks. Because there are certain characters that may appear to be the same but have different ASCII codes (for example, the Cyrillic "a" and the Latin "a"), an attacker may be able to "spoof" a web page URL. Instead of going to a legitimate site, you may be directed to a malicious site, which could look identical to the real one. If you submit personal or financial information while on the malicious site, the attacker could collect that information and then use and/or sell it.

    How can you protect yourself?

    1. Type a URL instead of clicking a link. By doing this, you are more likely to visit the legitimate site rather than a malicious site that substitutes similar-looking characters.
    2. Keep your browser up to date. Older versions of browsers made it easier for attackers to spoof URLs, but most newer browsers incorporate certain protections.
    3. Check your browser's status bar. If you move your mouse over a link on a web page, the status bar of your browser will usually display the URL that the link references. If you see a URL that has an unexpected domain name (such as one with the "xn--" string mentioned above), you have likely encountered an internationalized domain name.

    Top

  • Identity Theft FAQ's

    Click Here

    Top

Evacuation Strategies and Planning

Business continuity plans are an essential element of the modern business and most organisations are taking a serious look at such measures as fire prevention, physical security, structural integrity, emergency response, escape routes and assembly areas.

Over the years, business continuity planners have looked at emergency and contingency plans for such diverse threats as fires, floods, hurricanes, typhoons, tornadoes, earthquakes, terrorist activity, riots, demonstrations and military coups. In all of these situations there is a basic question of how best to ensure the safety of the people. Often there is a choice of whether or not to evacuate the building. Sometimes it is safer to remain indoors than attempt to run away into the face of danger. There may not be sufficient warning to allow a proper choice to be made.

When looking at evacuation plans, there are five main areas of concern:

  1. Site review process; highlighting risks and identifying opportunities
  2. Evacuation and invacuation; looking at the options and making the choices
  3. Emergency assembly areas; selection of safe sites and safe routes
  4. Emergency response timing; what is realistic versus desirable or needed
  5. Test and rehearse; making sure it works and people know what to do

Site Review

A site review for emergency evacuation planning includes the whole of the neighborhood and the neighbors. We need to identify any risks to people’s safety throughout their progress from their place of work to the probable points of safety. Bear in mind the likely circumstances that would trigger the emergency evacuation and the numbers of people that could be involved. Many of the potential threats would apply to most of, if not all of, the buildings in the immediate vicinity.

Pay particular attention to the exit points from the building. There must be at least two emergency exits each offering different aspects or escape routes. Ideally, people should be able to exit in any direction, i.e. through a front, rear or side exit. All escape points should be equipped with a strong canopy or covered walkway so that members of staff are protected from falling debris as they move away from the building.

Safe spaces

The second objective of the site review is to identify a number of safe spaces to be considered as potential emergency assembly areas. Look for two types of assembly area - internal refuges and safe open spaces. An internal refuge must be within the core of the building and not exposed to any external windows. Flying glass is one of the key dangers in many emergencies. Internal refuges must also be proof against internal damage to the building. You may need to seek the advice of a structural engineer.

A safe open space will be at some distance from the home location and will not be in line of sight of the likely target. This is a precaution against flying debris. The assembly area should also be a safe distance from nearby buildings to avoid the hazard of falling debris. Finally, the area should be at least 500 yards away or within about 5 minutes walking distance.

Once some safe spaces have been identified, safe escape routes need to be identified from the various exit points to the external assembly areas. There should be at least two alternative routes to each of the assembly areas so as to be able to avoid unexpected crowds, obstacles or additional dangers.

You need to establish whether your building can be considered as a safe refuge in the event of an emergency. If there is enough really safe space within the building, invacuation can be regarded as an available option. On the one hand there is the advantage that nobody has to expose themselves to any external dangers as they escape. This has to be balanced against the possibility of finding themselves trapped inside the building.

Test and rehearsal

The evacuation process will involve a series of steps which must be taken in quick succession. No plan of action has any value until it has been proven. Plans must be tested to see how well they work. We must also challenge the assumptions about timings. Once we are reasonably confident that the plans should work a dress rehearsal should be done to make sure everyone knows what to do and how to do it. Over time they will either have forgotten or they will have been replaced. This means we should carry out practice evacuations on a fairly regular basis, otherwise plans could cause chaos rather than save lives.

Top

To subscribe to this newsletter: Click Here
DataGuard archives: Click Here
Related Services from High Caliber Solutions:
    Data Protection Services
    Disaster Planning
    Email Archiving