News comes to The Crisis Lounge that the UK Tripartite Authorities have decided to reschedule the Market Wide Exercise 2008, which was due to take place between 18th and 26th November. According to the FSA, the decision “has been taken in light of global market conditions and feedback from the industry”.
The exercise is now expected to take place in early 2009, but a definite date will be published ‘in due course’.
The original plan for the Market Wide Exercise scenario was to cover a scenario of severe weather, including flooding, and to revisit “some of the more challenging issues raised during the pandemic exercise of 2006”. This is expected to remain as the focus for the exercise, with the FSA website stating: "Exercise preparations will continue in line with the original schedule, so that the exercise will be substantially ready for implementation as and when financial market conditions are judged to be conducive."
Friday, October 17, 2008
Monday, October 13, 2008
Master of Disaster
The Crisis Lounge's very own Master of Disaster, Yasir, has put together a new Incident Database.
Date: 09/10/08
Location: Leicester, UK
Type: Report
Category: Pandemic Flu
Description: A vaccine is currently being tested which doctors believe could be vital to saving lives in the event of a flu pandemic.
A jab against one strain of avian flu, given years earlier, may "prime" the immune system to fight a wide range of bird flu strains.
Researchers believe that when a pandemic arrives, "pre-vaccinated" people could then be given a booster shot, and be protected far quicker.
Comment: Pandemic flu was called the ’gravest threat’ to the UK in a recent government study. If bird flu mutates allowing for rapid human-to-human transmission there are fears the virus could spread around the world in a matter of weeks.
Click here for more
Date: 10/10/08
Location: London, UK
Type: Incident
Category: Data Loss / Reputation
Description: The MoD confirmed reports from its main IT provider, EDS that it has lost a 1TB portable hard drive from its secure site at Hook in Surrey.
The drive is said to contain information on the names, addresses, passport numbers, dates of birth and driving licence details of about 100,000 people.
This accounts for approximately half of the armed forces. According to protocols EDS Managing Director Sir Robert Fry, stated that as the device was in a secure site it is not required to be encrypted.
Knowledge of its loss became apparent during an inventory. EDS were unable to confirm when the device went missing.
Comment: This is a further example of the need to protect data. Protocols must state that devices will be encrypted even at secure sites.
Click here for more
Date: 10/10/08
Location: London, UK
Type: Incident
Category: Data Loss / Reputation
Description: The theft of a Deloitte laptop last month contained the details of up to 100,000 pension scheme members.
The accountancy firm confirmed that the incident had taken place, when a thief stole a laptop from an employee’s bag.
The data includes names, National Insurance numbers and salaries of scheme members from companies such as BSkyB, Network Rail and British Transport Police.
Deloitte assured clients that the loss represents a "very low risk" of the details being accessed, due to their security measures, which include a start up password, operating system user ID/password authentication and encryption.
Comment: Thefts occur, but in this case the information seems to have been safeguarded. Although a reputational issue remains, the key aspect is the data was protected.
Click here for more
Date: 09/10/08
Location: Leicester, UK
Type: Report
Category: Pandemic Flu
Description: A vaccine is currently being tested which doctors believe could be vital to saving lives in the event of a flu pandemic.
A jab against one strain of avian flu, given years earlier, may "prime" the immune system to fight a wide range of bird flu strains.
Researchers believe that when a pandemic arrives, "pre-vaccinated" people could then be given a booster shot, and be protected far quicker.
Comment: Pandemic flu was called the ’gravest threat’ to the UK in a recent government study. If bird flu mutates allowing for rapid human-to-human transmission there are fears the virus could spread around the world in a matter of weeks.
Click here for more
Date: 10/10/08
Location: London, UK
Type: Incident
Category: Data Loss / Reputation
Description: The MoD confirmed reports from its main IT provider, EDS that it has lost a 1TB portable hard drive from its secure site at Hook in Surrey.
The drive is said to contain information on the names, addresses, passport numbers, dates of birth and driving licence details of about 100,000 people.
This accounts for approximately half of the armed forces. According to protocols EDS Managing Director Sir Robert Fry, stated that as the device was in a secure site it is not required to be encrypted.
Knowledge of its loss became apparent during an inventory. EDS were unable to confirm when the device went missing.
Comment: This is a further example of the need to protect data. Protocols must state that devices will be encrypted even at secure sites.
Click here for more
Date: 10/10/08
Location: London, UK
Type: Incident
Category: Data Loss / Reputation
Description: The theft of a Deloitte laptop last month contained the details of up to 100,000 pension scheme members.
The accountancy firm confirmed that the incident had taken place, when a thief stole a laptop from an employee’s bag.
The data includes names, National Insurance numbers and salaries of scheme members from companies such as BSkyB, Network Rail and British Transport Police.
Deloitte assured clients that the loss represents a "very low risk" of the details being accessed, due to their security measures, which include a start up password, operating system user ID/password authentication and encryption.
Comment: Thefts occur, but in this case the information seems to have been safeguarded. Although a reputational issue remains, the key aspect is the data was protected.
Click here for more
Wednesday, October 1, 2008
Plug and play
At the Crisis Lounge, data loss, whether it be government computer discs or carelessly mislaid laptops, is one of the hot topics.The Lizard was interested to see a new twist to the tale.
Andrew Mason from security firm Random Storm bought some network hardware from auction site eBay for 99p.
When he switched it on and plugged it in, the device automatically connected to the internal network of Kirklees Council in West Yorkshire.
Kirklees council called the discovery "concerning" (the Lizard can only imagine what was actually said in private) but said its data had not been compromised.
For under a pound Mason bought what is known as a virtual private network (VPN) server made by the firm Cisco Systems that automates all the steps needed to get remote access to a network.
Mason expected he’d have to input network settings to make the devise work. Not a bit of it – it connected up straight away.
Subsequent investigation found that the internet address to which it connected was owned by Cap Gemini – government outsource provider.
"It is like having a long ethernet cable (directly into) the Council office,” said Mason.
A connection such as this allows privileged access to networks. In the wrong hands, such as criminally minded hackers, it would allow them to conduct reconnaissance and find out if the network had any vulnerabilities worth exploiting.
Internal network access permitted credit card detail theft from retailers TK Maxx last year and Cotton Traders in June.
A spokesman for consulting firm Cap Gemini said it managed Kirklees Council's network from 2000 to the end of May 2005. At that point, he said, control was handed back to the council, which had decided to manage the network itself.
Just shows you can get anything on eBay!
Monday, September 29, 2008
Cybersquatters
There's nothing Crisis Lounge regulars like better than a new take on the financial meltdown...So called cybersquatters are registering domain names for many of the merging banks.
Lloydstsbhbos.com has been snapped up, and the domain bankofmerril.com is already attracting £1,000 on eBay.
Domain names are big money - at a recent auction huge sums were paid for the new .mobi extension. For example flowers.mobi sold for €200,000 while fun.mobi fetched €100,000.
But as far as making money out of domain names goes, the champion must be Chris Clark who sold the name pizza.com for over $2.6 million in April having bought it fourteen years ago for only $20.
Blue light special
Over the years the Lizard has done quite bit of work with the Emergency Services – particularly the fire service. The Lizard thoroughly enjoys his trips up to the Fire Service College just outside Chopping Norton where he is assured of a warm reception and a delicious lunch. Well, one of those statements is true.All of which is a long winded intro to tell you that the Emergency Services Show is held this year at Stoneleigh Park Coventry between the 19th and 20th November.
Turn on the blue light and hurry along.
Click here for more
Thursday, September 25, 2008
Credit crunch
The Credit Crunch – why does it keep reminding me of breakfast cereal?
Over time we’ve done quite a bit of work for one of the banks that’s just been caught up in the financial tsunami – in fact they engaged up to deliver several major crisis simulations.
At Crisis Solutions we pride ourselves on the reality of our scenarios, in fact some of our consultants like to joke that if they dream them up they usually happen.
At this particular bank we tested them with pandemic flu and then on another occasion with terror attacks – bombs and anthrax as I recall.
Frankly to start with they struggled, but over time they honed their crisis skills.
We might not have known about sub-prime loans when we conducted their training, but a crisis is a crisis and their ability to withstand this financial turmoil has been impressive.
Crises come in many guises and some may be impossible to predict, but if the right plans are in place and those plans have been tested then the organisation involved has a much greater chance of thriving and surviving.
Monday, September 8, 2008
Actress demands screen test
The Lizard remembers a time when computers took up a whole room and were operated by strange geeky men in white coats. Now we can’t do without them. If the Lizard’s broadband connection goes down for five minutes then wailing and gnashing of teeth is heard throughout the land and if you listen carefully you can hear the Lizard’s wife telling him to put a sock in it.
All of which is a pre-cursor to this story, sent in by a Crisis Lounge regular. Thank you Richard.
A Canadian actress and playwright has been charged with holding a computer expert hostage after losing her internet connection.
Carol Sinclair lost her connection with ISP Aliant and, by her own account, spent days trying to fix it.
She said, “I was polite the first 20 times I talked to them. But each one gave me the same routine, 'Is the modem connected? Are the lights blipping?' And then they would tell me it must be a fault with my computer.”
Finally Sinclair said she resorted to impersonating a man's voice and got a repairman sent out the next day, a "huge, strapping young man", 21 year-old David Scott.
Sinclair said that when he couldn't fix the problem she asked him to stay until a second technician was sent.
However, local police disagree with the woman's version of the events.
"She told the technician, in a tirade, that he was not leaving until her internet was working and she told him she was keeping him hostage," said Constable Jeff Carr. "She implied that she had a gun, although he didn't see one."
The technician claimed he could fix the problem, but needed to retrieve a disc from his van. When he got to the van he jumped in and drove off.
Sinclair denies the charges, and says she was shocked at her arrest by five officers. "I'm a Buddhist," she said. I'm a wimp. I'm a pacifist."
She has been charged and banned from speaking to Aliant or any of its employees.
All of which is a pre-cursor to this story, sent in by a Crisis Lounge regular. Thank you Richard.
A Canadian actress and playwright has been charged with holding a computer expert hostage after losing her internet connection.
Carol Sinclair lost her connection with ISP Aliant and, by her own account, spent days trying to fix it.
She said, “I was polite the first 20 times I talked to them. But each one gave me the same routine, 'Is the modem connected? Are the lights blipping?' And then they would tell me it must be a fault with my computer.”
Finally Sinclair said she resorted to impersonating a man's voice and got a repairman sent out the next day, a "huge, strapping young man", 21 year-old David Scott.
Sinclair said that when he couldn't fix the problem she asked him to stay until a second technician was sent.
However, local police disagree with the woman's version of the events.
"She told the technician, in a tirade, that he was not leaving until her internet was working and she told him she was keeping him hostage," said Constable Jeff Carr. "She implied that she had a gun, although he didn't see one."
The technician claimed he could fix the problem, but needed to retrieve a disc from his van. When he got to the van he jumped in and drove off.
Sinclair denies the charges, and says she was shocked at her arrest by five officers. "I'm a Buddhist," she said. I'm a wimp. I'm a pacifist."
She has been charged and banned from speaking to Aliant or any of its employees.
Subscribe to:
Posts (Atom)