Hrvoje Pernar

What to do if swine flu (or any other disease) hits your employees? Or more dangerously – what to do if your employees get vaccinated and there’s no business continuity plan whatsoever? After all, you had enough time to prepare – to update your business continuity plans ( back in spring this year all the news were about expected winter season pandemic swine flu). However, if you did not prepare your organisation’s plans for dealing with swine flu, there is still something you can do in just a few days: 1)      Compile a list of all employees 2)      Compile a list of all business unit managers 3)      Create assessment table (xls): Collumn 1 – all employees (name, surname) Collumn 2 – what does each employee do (in terms of processess / activities) Collumn 3 – criticality of processess / activities that particular employee is responsible for (high, medium, low for ... (more)

Information Security Strategy

Security Track at Cloud Expo Have you ever Googled "information security strategy“? Try it yourself and see the results. What you get is bunch of mixed-up terminology, most of it does not (should not) fit into what information security strategy really is (or should be). Major misconception is this – information strategy is risk treatment (mitigation) plan. In some way it is true, but let’s consider some major limitations with that approach. According to wiki, „strategy“ is „a plan of action designed to achieve a particular goal.“ So you have a business strategy, which is a plan o... (more)

Definition of Information Security

Security Track at Cloud Expo According to wikipedia, information security means „protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction“. Another definition could be  – „managing the process of mitigating (transfering, reducing, avoiding) unacceptable information security risks“. And yet another – „the implementation of programs and practices that protect the integrity and safety of computer programs and information“. Of course, there are variations on the common theme. And this theme without any doubt is ... (more)

5 reasons why your company should get certified compliant with ISO/IEC 27001

1) At the moment there’s more than 6000 ISO 27001 certified organisations worldwide. Organisation which is ISO 27001 certified tends to do business with other organisations that are certified. Lack of ISO 27001 certificate may be just the thing that drags you down. In many cases, if your company is not ISO 27001 certified, then as a supplier you wont even get a chance to bid. Just ask japanese ICT service providers. If other vendors are certified, then you have to get certified as well if you want to survive. 2) ISO 27001 certificate is a powerful marketing weapon. It makes diffe... (more)

Disaster recovery site selection – the distance problem

Anyone who’s reading this entry of mine has doubtless asked this question (when speaking of disaster recovery sites)- what is the right distance from primary to secondary company (disaster recovery) site? Is there any law, regulation, standard, best practice or anything else that defines the „right“ distance? If so, what is it?  10 miles, 50 miles, 100 miles or more? Or less? Is there any universally acclaimed methodology for determining the „right“ distance? Well, … the answer is NO. There is no such document that defines the minimum distance from primary to secondary site. The... (more)