More than half experienced a security breach this year.

As small businesses begin to depend on increasingly sophisticated technologies to run their operations, they are also leaving themselves wide open for security threats, according to a new survey by the Small Business Technology Institute and Symantec Corporation. Small businesses lack sufficient security controls over such basic systems as email (20 percent are not secured) and wireless networks (60 percent are not secured).

Exercise Triton 04 was the first national exercise of its kind and size, It took place in June and July 2004. The scenario covered an extreme event (up to one in 1000 year occurrence) and with extensive flooding affecting nearly half of England and Wales. The exercise tested the nation's ability to work together and deal with extensive flooding. The scenario deliberately tested systems that would not normally be planned for and identified valuable lessons for the Environment Agency and partners in improving: How we work together How we can improve our forecasting The plans and procedures that we use How we communicate The resources at our disposal And in understanding: How the Civil Contingencies Act will change the way we work.

Who took part? Over 60 organisations and agencies took part nationally, regionally and locally. Teams of people based at 35 locations were presented with the emergency scenario and asked to respond as they would if the events were real.

Half of the risk managers who responded to a recent survey believe that the insurance market is softening and that premium rates will reach their lowest point in 2007 and 2008.

Property and casualty rates are anticipated to drop more significantly than D&O and workers compensation, but despite this optimism, only about a third of those surveyed believe that their insurance spending will decrease in 2005 and 2006.

EAST MIDLANDS REGIONAL RESILIENCE FORUM, in conjunction with the Continuity Forum

A FREE ONE DAY SEMINAR

Date and Time

Thursday 7th July 2005
09:00 - 16:00

Location

Derbyshire Constabulary Headquarters
Butterley Hall
Ripley
Derbyshire
DE5 3RS

BUSINESS CONTINUITY MANAGEMENT

Practical Implementation

2004 saw the introduction of the Civil Contingencies Act that placed new responsibilities relating to Business Continuity Management (BCM) on organisations involved in civil contingencies work to ensure that they are able to continue their functions in the event of an emergency. However, BCM is not only essential to meet the legislative requirements under the Act but also reinforces a stable economy for commerce, industry and public services.

The aim of this event is to raise awareness of BCM and to inform organisations on the practical aspects of developing and implementing a business continuity plan.

WHO SHOULD ATTEND?

This seminar is of particular interest to employees or officers of:

Who is the centre for?

The centre is for all those affected by the events of 7th July. In particular it is for relatives and friends of those who have died, or are still missing, and survivors, whether or not physically injured. It has been set up by those responding to the disaster, as a single point of information and assistance. The centre is secure and private.

It is where:

• Information about those who have died, are missing or were injured can be given and received by the authorities
• Updates on the investigation are made available
• Those who have been affected can get access to support services such as financial, legal, emotional

What else is available?

• The opportunity for a personal meeting with a police family liaison officer
• Regular updated information
• Help with accommodation and travel can be arranged
• Assistance in making contact with appropriate agencies and resolving problems
• Multi-faith and multi-cultural contact
• Emotional support
• Internet and telephone facilities
• Refreshments
• Medical care and mobility aids
• Crèche
• Financial help
• Legal advice
• Information leaflets about bereavement and further sources of support

If you are coming to the Family Centre from out of town please note that accommodation can be arranged or made available through Transport for London Incident Care Team, tel 0791 700 6865.

The Family Assistance Centre has now relocated to:

Lindley Hall (Royal Horticultural
Halls and Centre)
80 Vincent Square
SW1P 2PE

Call (24-hours): 0845 054 7444

END

__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Thursday June 23, 08:51 AM

TOKYO (Reuters) - Japanese officials scrambled on Thursday to contain the public relations fallout from reports that confidential information about Japan's nuclear plants had leaked onto the Internet through a virus on a personal computer.

Japan's top government spokesman pledged to take steps to protect information after data on several nuclear plants appeared online, including photographs of their interiors, details of regular inspections and repair work and names of workers.

"Nuclear plants are important facilities in terms of anti-terrorist measures, security and what not, and therefore we would like to take full steps to ensure information management," Chief Cabinet Secretary Hiroyuki Hosoda told reporters.

Mitsubishi Electric Corp. said the information was leaked through a personal computer used by an employee of a Mitsubishi subsidiary that was in charge of inspecting the plants.
Mitsubishi Electric said the leak occurred at one of its subsidiaries and included information from seven Japanese electric power companies and five independent firms.

"We deeply apologise for causing trouble to many people including electric power companies," Mitsubishi Electric said in a statement. "We will do our utmost to prevent the recurrence of such an incident."

A trade ministry official in charge of the investigation said the information that was published was not directly linked to the "core part" of the nuclear plants.

"We believe the information allegedly leaked does not include data directly related to nuclear materials, which are kept under strict control," he said.

Since the September 11, 2001, attacks on the United States, Japanese police and coast guard forces have tightened security around the country's 52 nuclear reactors.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

MasterCard scandal: 40 million accounts could be compromised...

In what could be the largest data security breach to date, MasterCard International on Friday said information on more than 40 million credit cards may have been stolen.

Of those exposed accounts, about 13.9 million are for MasterCard-branded cards, the company said in a statement. Some 20 million Visa-branded cards may have been affected and the remaining accounts were other brands, including American Express and Discover.
MasterCard and Visa both say they have notified their member banks of the specific accounts involved so the banks can take action to protect cardholders.

James Van Dyke, principal analyst at Javelin Strategy & Research in Pleasanton, California, said: "In sheer numbers, this is probably one of the largest data security breaches."
The breach occurred at CardSystems Solutions in Tucson, Arizona, a third-party processor of payment data, according to a MasterCard statement. An intruder was able to use security vulnerabilities to infiltrate the CardSystems network and access the cardholder data, MasterCard said.

CardSystems is one of several companies that process transactions for banks and merchants. The security breach at the company was discovered using tools that monitor for credit card fraud, MasterCard said.

Though credit card numbers were compromised, the cards themselves do not hold social security numbers or dates of birth, MasterCard said. This information could be used for credit card fraud but not to steal identities.

A spokeswoman for credit card company Discover said the company is aware of the security breach and is working with law enforcement to investigate it. She noted that Discover Card holders would not be liable for any fraudulent transactions, should they occur.
Visa issued a statement saying it knows of the data security breach and is working with authorities and banks to monitor and prevent fraud. As with MasterCard and Discover, Visa noted that card users are not responsible for fraudulent transactions.

American Express could not immediately be reached for comment.

The credit card theft possibly occurred late last month, according to CardSystems. In a statement issued late on Friday, the company said that it identified a "potential security incident" on Sunday, 22 May and called in the FBI the next day. Visa and MasterCard were notified as well, CardSystems said.

Since the breach, CardSystems has undergone a security audit and is changing its security procedures as a result, it said.

The breach follows several high-profile data loss incidents that potentially exposed US consumers to identity theft. Last week, CitiFinancial said tapes containing unencrypted information on 3.9 million customers were lost by the United Parcel Service while in transit to a credit bureau. CitiFinancial is the consumer finance subsidiary of Citigroup.

In past months, data leaks have been reported by Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Friday June 24, 2005

Rail services on the East Coast Mainline have returned to normal after hundreds of passengers were trapped in overheated carriages for hours after a power failure.
Many endured great distress and were forced to break windows to escape as dozens fainted in the heat.

Yesterday, the 3.55pm GNER train from Newcastle to Kings Cross ground to a halt just outside Peterborough at 5.25pm due an overhead power failure.

Kevin Groves, spokesman for Network Rail, said the power failure meant no trains had been able to leave Kings Cross on the main route north since 5pm yesterday.

He said: "We have engineers working to fix the problem and they will work throughout the night in a bid to have trains running again by 6am."

A Cambridgeshire Fire and Rescue spokesman said eight passengers had been taken to hospital suffering from heat-related injuries.

Passengers were advised to check with National Rail on 0845 748 4950 before travelling today.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Britain's sizzling heatwave is set to come to an end with warnings of thunderstorms and even tornados.The erratic conditions could bring mayhem to parts of the UK as tennis fans flock to Wimbledon and thousands make the annual pilgrimage to the Glastonbury music festival.Storms moved into south Wales and some southern parts of England overnight, with prolonged outbreaks of rain expected throughout Wales and north-western England which could lead to local flash flooding.

PA WeatherCentre assistant manager Paul Knightly said the storms were likely to bring lightning and hailstones up to the size of golf balls.

"Winds in the upper atmosphere will be fairly strong, and this will promote the development of some severe thunderstorms.

"These may bring hailstones up to the size of golf balls, wind gusts up to 65 mph, extremely heavy rainfall leading to local flash flooding, and possibly isolated tornadoes.
"People should remember that with any thunderstorm, the main threat is cloud to ground lightning, and tomorrow's storms are likely to be very electrically active.

"If a storm approaches, try to get indoors quickly, and do not stand under trees."
The Tornado and Storm Research Organisation (TORRO), which is a privately funded group researching extreme weather phenomenon, predicted possible tornados.

The group was founded in 1974 and has been making severe weather forecasts for the last five years.
Britain experiences an average of 35 small scale tornados each year, mostly concentrated in the south and east of England

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

We are sorry that you have cancelled your transaction with us.

If you have experienced any difficulty, or are disatisfied in any way please do let us know directly +44 (0) 208 993 1599.

We take service very seriously indeed and if are in anyway unhappy with our response please mail Russell.price@continuityforum.org and he will get back to you as soon as possible.

The Continuity Forum is launching a series of of 6 bimonthly breakfast sessions aimed at bringing together the thought leaders from our sector. The Continuity Forum is heavily engaged with national and regional governent at the heart of the developing

Our sector is evolving rapidly across a broad range of topics and interests and in order to ensure that the the

The issue of security continues to be a major industry topic and understandably, especially as this is is one area of BCM that tends to have the highest profile . Many of the issues are closely linked to the increasing complexity and interoperability requirements of applications across a wide variety of Platforms. These problems are also compounded by the generally poor practices of many IT departments and internal users who continue to be a very weak link in the security chain.

Below we have assembled research to provide an at glance reminder that there is still a long way to go to 'secure' an organisations IT.

----------------------------

15% - The average increase in IT security spending in 2005, according to a survey of 1,300 CIOs by IT market research firm Gartner. At the same time, the respondents reported that their overall IT budgets would rise only 2.5 percent. Source: Secure Enterprise Magazine

56% - The share of security solution providers who say that it will take over six months for organizations that have deployed identity management products to see a return on the investment, according to a recent survey by IT business publication CRN. Additionally, 52 percent of those polled reported that only six percent or less of their business customers have adopted ID management solutions as part of their overall security strategy. Source: SecurityPipeline.com

10%- The maximum share of overall IT spending that's related to security patch management at an overwhelming majority -- 97 percent -- of companies polled by research firm InsightExpress. The survey, conducted on behalf of SupportSoft Inc., which develops update management software, found that patching takes a week or more to complete at about 25 percent of companies. Source: SecurityPipeline.com

54 - The average number of software vulnerabilities that security vendor Symantec detected per week in the second half of 2004. The company reported in its semi-annual Internet Security Threat Report that it documented 1,403 new vulnerabilities between July 1 and Dec. 31, 2004, and said that 48 percent of those were found in Web applications. Source: IDG News Service

35 - The number of IRS employees, out of 100 called by inspectors pretending to be internal help desk staffers, who gave up their network log-in names and changed their passwords to one suggested by the caller when told that it was necessary due to a network problem. On a positive note, the results of the anti-hacking test were better than in 2001, when 71 percent of the workers called agreed to change their passwords. Source: TechWeb

50% - The rate at which IM and P2P exploits are increasing monthly, according to the IMlogic Threat Center, an organization formed by IMlogic, McAfee, Symantec and Sybari Software to monitor instant messaging hacks. Source: SmallBizPipeline.com

224 - The average number of directory harvest attacks per day in February on enterprise email systems by spammers seeking valid addresses, according to email security services vendor Postini. Each attack brought an average of 166 invalid message delivery attempts, resulting in a total of 37,184 invalid delivery attempts per day. Source: SecurityPipeline.com

180% - The share of mobile phone users worldwide that have received spam, according to a survey of 1,659 mobile users and 154 wireless operators by the University of St. Gallen in Switzerland and emergency communications services vendor Intrado. Source: MobilePipeline.com

47.9%% - The share of email users who believe their employers have been effective at stopping spam, according to a January survey of 241 Internet users. Source: Osterman Research

25% - The expected spyware infection level on corporate PCs within the next 12 months, according to a new report entitled "Spyware Adoption in 2005" from Forrester Research. Source: Networking Pipeline

750 - The number of confirmed cases of identity theft directly linked to the network security breach at credit card data company ChoicePoint, which has acknowledged that hackers culled private data on at least 145,000 people. Source: CNET News.com

69% - The share of 163 companies surveyed by the Ponemon Institute that reported their data security breaches came at the hands of company insiders -- the result of either malicious employee activities or innocent employee mistakes. Source: NetworkingPipeline.com

17,000,000 - The number of American adults that have been spimmed -- sent unsolicited commercial instant messages, or the equivalent of spam in the IM realm, according to a survey conducted January 13 to February 9 by the Pew Internet & American Life Project. Source: InternetNews.com

2560 - The number of unique phishing Web sites reported in January, a 47 percent increase over the number of sites reported in December. Source: Anti-Phishing Working Group

36% - The share of consumers surveyed by Forrester Research who said they had curbed online purchases because of the rise in security breaches at credit card companies, banks and other businesses. Source: CNET News.com

60,442,655 - The total number of Web sites as of March, representing a gain of 1.34 million sites over the previous month, the biggest monthly increase since April 2004. The number of sites has grown each month for 25 consecutive months. Source: Netcraft

Ends

_________________________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Thousands of threatening emails sent to cripple police computers...

A UK police chief has been bombarded with thousands of threatening emails in a denial of service attack aimed at crippling his force's computer systems.

At one point just before the bank holiday weekend, 2,000 emails an hour were being sent to Greater Manchester Police (GMP) chief constable Michael Todd.

The attacker spoofed some of the email addresses to show US president George Bush as the sender, while other emails warned that the attacker knew where Todd and his family lived.

GMP said the attack was an attempt to crash the force's computer systems through the volume of emails being sent. It has launched an investigation.

A statement issued said: "GMP has been subject to a cyber attack using emails in an attempt to disrupt GMP's service to the public. However, safeguards in place were effective and prevented any disruption to the force."

Cambridgeshire Police were subject to a similar denial of service attack almost two years ago when thousands of spam emails told recipients their credit cards were about to be charged for an iPod they had just bought unless they phoned a customer service number.
The customer service number turned out to be the switchboard at Cambridgeshire police, which was deluged by thousands of people who had received the hoax email, although the culprit was eventually tracked down and arrested.

Continuity Forum Note

It is important to stress that under the Civil Contingencies Act Category One Organisations such as the police and other emergency services must verify that sufficient measures are in place to ensure Continuity of Operations.

Whilst the attack on the GMP was managed though a variety of measures, attacks of this type are rising and it is prudent to point out that 'denial of service' attacks such as this one are a serious matter affecting the ability of the organisation to communicate. Whilst not strictly speaking covered by the detailed requirements of the CCA, this instance is a timely reminder of the diligence that is required.

Source Silicon.com

End

_________________________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

IT failure on this project will put lives in danger, says union

The Fire Brigades Union (FBU) is threatening strike action over a £1bn government project to replace 46 local fire service operations rooms with nine new high-tech regional control centres.

The nine regional centres are scheduled to be up and running by the middle of 2008 as part of the FireControl project being run by the Office of the Deputy Prime Minister (ODPM).

The existing local control centres use different technology systems that are currently unable to talk to each other and FireControl aims to create a common system across the new regional centres.

The ODPM says benefits include automatic caller location for control operators and the ability to mobilise the nearest available fire crew more easily. The control centres will also be linked into a new secure digital radio system that is currently in the middle of a separate procurement process.

But the FBU points to the government's track record on high-profile IT projects and claims a similar disaster on FireControl will lead to cuts in fire services, push up council tax and put lives in danger.

FBU general secretary Matt Wrack said in a statement: "The government's track record on large scale technology projects is very poor. Their record suggests this project will be very expensive and fraught with difficulty. It's expensive, risky and won't save a single life."

The FBU said it will oppose the project "by all means possible" and will look at balloting its members on industrial action if ministers press ahead.

A spokeswoman from the ODPM said: "The government hopes to work constructively with the new FBU leadership and other trade unions in taking forward the modernisation of the fire service."

source Silicon.com

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org

Corporate manslaughter: the issues

The new law will be controversial as fresh from an election victory, the Labour government is widely expected to introduce a corporate manslaughter bill.

The government has invited consultation and comment on a proposed bill by 17 June 2005.

The present law

Under English law, there are two general homicide offences:

· murder
· manslaughter

If someone kills without intending to cause death or serious injury, but was blameworthy in some other way, then this is often referred to as involuntary manslaughter.

Within the various categories of manslaughter, there is also the concept of gross negligence manslaughter. According to the Crown Prosecution Service, it has to be established that:

· there was a duty of care owed by the accused to the deceased
· there was a breach of the duty of care by the accused
· the death of the deceased was caused by the breach of the duty of care by the accused
· the breach of the duty of care by the accused was so great as to be characterised as gross negligence and therefore a crime

However, the problem lies in that for a company to be prosecuted for manslaughter, including gross negligence manslaughter, it is necessary to identify a "controlling mind" who is also personally guilty of manslaughter.

It is not possible under the present law to add up the negligence of several individuals to show the company as grossly negligent. A specific individual has to be identified as a controlling mind for corporate manslaughter to be proven.

The Government's Proposals

After nearly five years of talking about it, the Home Office this spring finally published a document entitled "Corporate Manslaughter: The Government's Draft Bill for Reform".

The law will affect companies supplying services, as well as employers and occupiers of land, which will include premises and building sites

Under the proposed legislation, an organisation is guilty of the offence of corporate manslaughter if the way in which any of the organisation's activities are managed or organised by the senior managers a) causes a person's death; and b) amounts to a gross breach of a relevant duty of care owed by the organisation to the deceased.

A person is a "senior manager" of an organisation if he plays a significant role in the making of decisions about how the whole or a substantial part of its activities is to be managed or organised; or the actual manager or organiser of the whole or a substantial part of those activities.

A gross breach is a breach of a duty of care by an organisation that falls far below what can reasonably be expected of the organisation in the circumstances.

To decide that question, the jury must consider whether the evidence shows that the organisation failed to comply with any relevant health and safety legislation or guidance.

The Draft Bill does set out a number of other factors which the jury will also have to consider, such as whether or not senior managers sought to cause the organisation to profit from its failure, ie that they deliberately cut corners to reduce costs or boost profits.

Critics of the proposed legislation are already concerned that such additional factors will make obtaining a conviction difficult.

The law will affect companies supplying services, as well as employers and occupiers of land, which will include premises and building sites.

So, do we actually need a Corporate Manslaughter Law?

Those in favour of further legislation argue:

1. There have been a number of accidents, in the transport sector and in the workplace, which have provoked demands for the use of the law of manslaughter. However failures to successfully prosecute corporations have led to a perception that the law is inadequate. There is a further public perception that the leaders of major corporations should be made personally liable for the failings of that organisation.

2. It would also address the overwhelming public concern expressed over the leniency shown to workplace deaths compared to other forms of homicide occurring outside the workplace.

3. From a practical point of view one can argue that the law must be made to fit the modern commercial environment so that it is much more straightforward to bring corporations to account for their actions. It will also improve safety standards across a wide range of organisations and afford workers and the public at large better protection

4. There are then the moral issues. There are those who argue that society is entitled to seek retribution on behalf of the relatives of those who have died, either in accidents or at work, by making corporations and their leaders more accountable under the law of manslaughter as well as under the health and safety legislation. Furthermore, a corporate manslaughter law will provide the required deterrent.

Those opposed to further legislation argue:

1. That in the work context, Britain has one of the best safety records in the world. It also has one of the poorest rehabilitation rates. Time, energy and resources would be better spent improving the rehabilitation of those hurt and producing better "no fault" compensation schemes.

2. A corporate manslaughter law will not be properly effective unless it targets the activities of individuals. The drafting and framing of this law has already proved extremely difficult but specifically excludes the acts of individuals. Unless the business leaders can be prosecuted, what is the guarantee that the proposed legislation will successfully target the guilty?

3. What does this bill add by way of penalties? The Health & Safety at Work Legislation gives the Heath & Safety Executive wide powers and the law provides for unlimited fines. Stiff fines are the most effective deterrent or sanction when used against corporations and the proposed sanctions under the Corporate Manslaughter bill add little to the present regulatory framework.

4. The effort in bringing this law into effect is taking up too much time. There are too many regulations already; more money spent on frontline regulatory activity would produce far better results. The resource presently being utilised, if instead directed to the Health & Safety Executive, an already effective regulatory organisation, would be given a far greater reach.

5. Over-regulation is gradually making the more hazardous business activities (demolition etc) uninsurable and, as a result, costs will greatly increase.

6. It is questionable whether retribution for its own sake is desirable or likely to produce a safer society.

7. At this point in time there seems to be too little real consensus between industry, the unions and interested pressure groups about how the proposed legislation should look, or indeed, whether it should be introduced at all.

Continuity Forum Comment

As can be seen there is still some distance to go in the debate concerning ‘Corporate Manslaughter’, but one thing is clear the government is committed to correcting what many see as an injustice within the Legal System whereby there are few penalties imposed upon companies whose actions (or inaction) may have contributed to a death.
We have little doubt that whilst many in Business will oppose these proposals, many others will welcome them and see them as a major step forward in aligning those with responsibility for safety within the organisation, particularly at senior level with the outcomes of the measures in place to protect the Business, its staff and stakeholders.

Taken with other measures we are clearly seeing a steady increase in the level of accountability executives have for the Business and the way it is operated, as well as a tightening of related Regulation and Legislation.

This particular development though is yet another powerful driver for Business Continuity Management whereby the organisation management can specifically benefit from embedding effective programmes within its operations with the BCM process easily demonstrating the steps taken to protect workers and stakeholders as well as illustrating the regular review of risks and the measures in place to mitigate them.

We have had discussions with a number of Barristers and almost all felt that Business Continuity Management had an important role to play to improve both the liability and consequences of a death in the workplace. A few pointed out that just by being able to point to an effective and properly constructed BCM plan would go some considerable way to demonstrating that an organisation and its management took a proactive and positive approach to Risk Minimisation and others added that all BCM programmes should recognise the potential cost of the proposed litigation in Human and Financial terms. The legal recommendation given was that all Boards should treat this legislation very seriously and urgently consider the full adoption of a complete BCM programme within their organisations, one which specifically includes the issues raised by the proposed government legislation and the addresses the potential effect of personal and individual liability on Senior Executives.

Our view is that the government will use this proposed legislation vigorously and that in the future organisations WILL be held to account against a far higher standard and that means that the ‘executive’ will need to review the current situation very careful to ensure that both they and their personnel are full protected.

END
__________________

If you have any comments on this article or would like to find out more about the work of the Continuity Forum please contact Sara McKenna, John Sharp or Russell at the Continuity Forum directly on 020 8993 1599 or info@continuityforum.org