In these straightened times, are you having trouble getting a budget for your business continuity plan?
Dilbert feels your pain
Thursday, October 30, 2008
Friday, October 17, 2008
Breaking news
News comes to The Crisis Lounge that the UK Tripartite Authorities have decided to reschedule the Market Wide Exercise 2008, which was due to take place between 18th and 26th November. According to the FSA, the decision “has been taken in light of global market conditions and feedback from the industry”.
The exercise is now expected to take place in early 2009, but a definite date will be published ‘in due course’.
The original plan for the Market Wide Exercise scenario was to cover a scenario of severe weather, including flooding, and to revisit “some of the more challenging issues raised during the pandemic exercise of 2006”. This is expected to remain as the focus for the exercise, with the FSA website stating: "Exercise preparations will continue in line with the original schedule, so that the exercise will be substantially ready for implementation as and when financial market conditions are judged to be conducive."
The exercise is now expected to take place in early 2009, but a definite date will be published ‘in due course’.
The original plan for the Market Wide Exercise scenario was to cover a scenario of severe weather, including flooding, and to revisit “some of the more challenging issues raised during the pandemic exercise of 2006”. This is expected to remain as the focus for the exercise, with the FSA website stating: "Exercise preparations will continue in line with the original schedule, so that the exercise will be substantially ready for implementation as and when financial market conditions are judged to be conducive."
Monday, October 13, 2008
Master of Disaster
The Crisis Lounge's very own Master of Disaster, Yasir, has put together a new Incident Database.
Date: 09/10/08
Location: Leicester, UK
Type: Report
Category: Pandemic Flu
Description: A vaccine is currently being tested which doctors believe could be vital to saving lives in the event of a flu pandemic.
A jab against one strain of avian flu, given years earlier, may "prime" the immune system to fight a wide range of bird flu strains.
Researchers believe that when a pandemic arrives, "pre-vaccinated" people could then be given a booster shot, and be protected far quicker.
Comment: Pandemic flu was called the ’gravest threat’ to the UK in a recent government study. If bird flu mutates allowing for rapid human-to-human transmission there are fears the virus could spread around the world in a matter of weeks.
Click here for more
Date: 10/10/08
Location: London, UK
Type: Incident
Category: Data Loss / Reputation
Description: The MoD confirmed reports from its main IT provider, EDS that it has lost a 1TB portable hard drive from its secure site at Hook in Surrey.
The drive is said to contain information on the names, addresses, passport numbers, dates of birth and driving licence details of about 100,000 people.
This accounts for approximately half of the armed forces. According to protocols EDS Managing Director Sir Robert Fry, stated that as the device was in a secure site it is not required to be encrypted.
Knowledge of its loss became apparent during an inventory. EDS were unable to confirm when the device went missing.
Comment: This is a further example of the need to protect data. Protocols must state that devices will be encrypted even at secure sites.
Click here for more
Date: 10/10/08
Location: London, UK
Type: Incident
Category: Data Loss / Reputation
Description: The theft of a Deloitte laptop last month contained the details of up to 100,000 pension scheme members.
The accountancy firm confirmed that the incident had taken place, when a thief stole a laptop from an employee’s bag.
The data includes names, National Insurance numbers and salaries of scheme members from companies such as BSkyB, Network Rail and British Transport Police.
Deloitte assured clients that the loss represents a "very low risk" of the details being accessed, due to their security measures, which include a start up password, operating system user ID/password authentication and encryption.
Comment: Thefts occur, but in this case the information seems to have been safeguarded. Although a reputational issue remains, the key aspect is the data was protected.
Click here for more
Date: 09/10/08
Location: Leicester, UK
Type: Report
Category: Pandemic Flu
Description: A vaccine is currently being tested which doctors believe could be vital to saving lives in the event of a flu pandemic.
A jab against one strain of avian flu, given years earlier, may "prime" the immune system to fight a wide range of bird flu strains.
Researchers believe that when a pandemic arrives, "pre-vaccinated" people could then be given a booster shot, and be protected far quicker.
Comment: Pandemic flu was called the ’gravest threat’ to the UK in a recent government study. If bird flu mutates allowing for rapid human-to-human transmission there are fears the virus could spread around the world in a matter of weeks.
Click here for more
Date: 10/10/08
Location: London, UK
Type: Incident
Category: Data Loss / Reputation
Description: The MoD confirmed reports from its main IT provider, EDS that it has lost a 1TB portable hard drive from its secure site at Hook in Surrey.
The drive is said to contain information on the names, addresses, passport numbers, dates of birth and driving licence details of about 100,000 people.
This accounts for approximately half of the armed forces. According to protocols EDS Managing Director Sir Robert Fry, stated that as the device was in a secure site it is not required to be encrypted.
Knowledge of its loss became apparent during an inventory. EDS were unable to confirm when the device went missing.
Comment: This is a further example of the need to protect data. Protocols must state that devices will be encrypted even at secure sites.
Click here for more
Date: 10/10/08
Location: London, UK
Type: Incident
Category: Data Loss / Reputation
Description: The theft of a Deloitte laptop last month contained the details of up to 100,000 pension scheme members.
The accountancy firm confirmed that the incident had taken place, when a thief stole a laptop from an employee’s bag.
The data includes names, National Insurance numbers and salaries of scheme members from companies such as BSkyB, Network Rail and British Transport Police.
Deloitte assured clients that the loss represents a "very low risk" of the details being accessed, due to their security measures, which include a start up password, operating system user ID/password authentication and encryption.
Comment: Thefts occur, but in this case the information seems to have been safeguarded. Although a reputational issue remains, the key aspect is the data was protected.
Click here for more
Wednesday, October 1, 2008
Plug and play
At the Crisis Lounge, data loss, whether it be government computer discs or carelessly mislaid laptops, is one of the hot topics.The Lizard was interested to see a new twist to the tale.
Andrew Mason from security firm Random Storm bought some network hardware from auction site eBay for 99p.
When he switched it on and plugged it in, the device automatically connected to the internal network of Kirklees Council in West Yorkshire.
Kirklees council called the discovery "concerning" (the Lizard can only imagine what was actually said in private) but said its data had not been compromised.
For under a pound Mason bought what is known as a virtual private network (VPN) server made by the firm Cisco Systems that automates all the steps needed to get remote access to a network.
Mason expected he’d have to input network settings to make the devise work. Not a bit of it – it connected up straight away.
Subsequent investigation found that the internet address to which it connected was owned by Cap Gemini – government outsource provider.
"It is like having a long ethernet cable (directly into) the Council office,” said Mason.
A connection such as this allows privileged access to networks. In the wrong hands, such as criminally minded hackers, it would allow them to conduct reconnaissance and find out if the network had any vulnerabilities worth exploiting.
Internal network access permitted credit card detail theft from retailers TK Maxx last year and Cotton Traders in June.
A spokesman for consulting firm Cap Gemini said it managed Kirklees Council's network from 2000 to the end of May 2005. At that point, he said, control was handed back to the council, which had decided to manage the network itself.
Just shows you can get anything on eBay!
Subscribe to:
Posts (Atom)