Daily Archives: 29/06/2016

Dates announced for next Corporate Risk Associates Risk Forum

One of the UK’s leading independent risk management consultancies is inviting risk safety professionals, academics and peers in the industry to its highly acclaimed annual Risk Forum. Corporate Risk Associates (CRA) will be hosting its seventh annual conference entitled ‘To Automate or Not to Automate’ on 5-6 October at the Stratford Manor Hotel in Stratford Upon Avon.

Chaired by Jasbir Sidhu, CEO and founder of CRA, the two-day event will focus on the increasing prevalence of the use of automation in safety critical industries. The company wants to energise interest around whether the reduction of human input with the introduction of increasingly complex automated systems will be either ‘friend or foe’.

With high profile professionals and leading academics due to attend, the event promises to deliver in-depth content that will be both stretching and stimulating. The speakers will also be available for further discussions during the event.

CRAJasbirSidhu

Jasbir Sidhu: CEO and founder of Corporate Risk Associates

Sidhu very much believes that the risk management profession should have a strong voice. He said: “The CRA Risk Forum has evolved year on year as we react to what people in the industry are telling us they would like to know more about. We’re delighted to have provided this platform which creates an opportunity for experts to share Best Practice, while also transferring valuable and insightful knowledge as we all endeavour to be the best we can possibly be in our chosen profession.”

Sidhu added: “We’ve selected extremely high calibre speakers that we know will deliver expert advice in what is such a complex area. It’s going to be extremely interesting to see what the general consensus will be on automation after all of the speakers have delivered their insights with feedback shared in our open discussions.”

No less than 110 delegates attended last year’s event, with people travelling from as far afield as the West Coast of the USA and New Mexico to engage with leaders in the industry.

Sidhu continued: “We’ve always been greatly impressed by the turnout of each event we have hosted. We now run into our seventh year and, with a fantastic programme planned for the two days, we anticipate that this will be our most successful CRA Risk Forum to date both in terms of attendance and knowledge sharing.”

Established 16 years ago, CRA specialises in managing safety, reliability and risk across the nuclear, oil and gas, transportation and defence industries. The business was recently awarded the industry accolade of Risk Management Specialist of the Year by industry body Continuity Insurance and Risk (CIR). CRA is also proud to have been awarded the Institute of Physics’ Best Practice in Professional Development Award.

Advertisements

Leave a comment

Filed under Risk UK News, Uncategorized

“Wireless security skills need to prepare for the IoT age” urges SANS Institute

The proliferation of new wireless communication technologies within consumer electronics and smart devices is overtaking the skills harboured within the information security industry. That’s the considered opinion of Larry Pesce, a leading expert in the field and a SANS Institute instructor.

“There’s a great deal of disparity between the security of the different wireless standards, and particularly so when you compare the 802 family that were predominately built for business use and emerging technologies that came from the consumer landscape such as Bluetooth, Zigbee and Z-Wave,” explained Pesce, who co-authored the books entitled ‘Linksys WRT54G Ultimate Hacking’ and ‘Using Wireshark and Ethereal’.

“For example, Bluetooth has some solid maths around encryption, but many of the security decisions are left in the hands of the users which means things can go horribly wrong. Zigbee has a poor design for how it handles passphrase and replay packets which are highly vulnerable, while security in some of the proprietary formats like Z-Wave offers almost non-existent security.”

blank template 450x450 RGB

Pesce, who also develops real-world challenges for the Mid-Atlantic Collegiate Cyber Defence Challenge, is complementary about newer wireless protocols such as 802.15.4 and Zigbee which uses baseline profiles to help deliver enhanced security, but comments: “The technology is probably ahead of the skill sets out in the field. The problem is also somewhat underestimated.”

Pesce also highlights the privacy issues that wireless-enabled devices are starting to hit against. “If we look forward, a large number of devices in the workplace and the home will be wirelessly enabled and communicating autonomously between each other and back to manufacturers. Unless more consideration is given towards securing both the devices and the communication links, there are likely to be breaches that will burrow into this Internet of Things infrastructure and start to gather private information or act as a staging post for more damaging attacks.”

Wireless Ethical Hacking, Penetration Testing and Defences

Pesce will be teaching the SANS course SEC617: Wireless Ethical Hacking, Penetration Testing and Defences at SANS London in July. The hands-on course takes an in-depth look at the security challenges of many different wireless technologies, exposing students to wireless security threats through the eyes of an attacker.

Using readily available and custom-developed tools, students navigate through the techniques attackers use to exploit Wi-Fi networks, including attacks against WEP, WPA/WPA2, PEAP, TTLS and other systems.

The course also examines the commonly overlooked threats associated with Bluetooth, ZigBee, DECT and proprietary wireless systems.

“We’re at a crossroads from a standards perspective,” concluded Pesce. “The vendors are still mostly obsessed with ‘bigger and faster’, but there’s also increased pressure from a privacy perspective and many are having a hard time figuring it out. For information security professionals, the skills needed to secure these new types of wireless connections are in high demand.”

*More information on SANS London Summer 2016 is available at: http://www.sans.org/london-in-the-summer-2016

Leave a comment

Filed under Risk UK News, Uncategorized

Thames Water extends security contract with Zaun to May 2017

The UK’s largest water and waste company has renewed the appointment of security and perimeter fencing systems manufacturer and specialist solutions designer Zaun on a multi-million pound framework agreement for a further year to May 2017.

Thames Water Utilities retains the option to extend the deal for a further two years to 2019 at the end of the current Asset Management Programme (AMP6).

Thames Water originally selected Zaun as one of four appointed contractors on its framework agreement for the supply and installation of security fencing and gates, and one of three for ongoing maintenance. It hoped to save almost £500,000 with the framework agreement, as well as reaping the benefits of dedicated account management, certified and experienced perimeter protection designers, engineers and technicians, access to new and innovative products and robust management reporting linked to an exacting Service Level Agreement.

Thames Water manages more than 4500 sites, the majority of them unmanned, that require security to protect the water supply for over 14 million people. Accidental pollution, the safety hazards of sewage, the potential for theft and even mindless vandalism all mean that site safety and security is paramount.

ZaunThamesWaterContractRenewal

Zaun first proved its reputation with Thames Water during its multi-billion pound London Tideway improvements to create a cleaner and healthier River Thames. This entailed work on sites of Critical National Infratructure (CNI) near to the London 2012 Olympic Park at Stratford where Zaun also provided security fencing.

For AMP6, Thames Water set about a “complete transformation” of the way in which it delivers capital investment through a ‘super alliance’ including MWH Global as programme manager that expects to carry out between £2 billion and £3 billion of work, with £200 million set aside for security, in turn bringing its estate up to Defra standards and rendering it fully prepared for any security eventualities.

Thames Water has often turned to Zaun to deliver full turnkey security solutions of integrated perimeter fencing, CCTV and access control systems. Indeed, Zaun has installed its most intruder-resistant product, ArmaWeave, around secure compounds.

Chris Plimley, Zaun’s head of sales, stated: “We’re delighted to have our relationship with Thames Water extended for another year and look forward to continuing to help the client upgrade both its estate and overall security regime with the very best integrated perimeter protection systems available on the market.”

Leave a comment

Filed under Risk UK News, Uncategorized

“Faster response times needed to combat cyber threat” finds BCI survey

Two thirds of respondents to a global survey carried out by the Business Continuity Institute report that they had experienced at least one cyber incident during the previous twelve months, while 15% stated they had experienced at least ten incidents during the same period.

The frequency of these cyber incidents demonstrates exactly why it’s so important for organisations to have plans in place to mitigate them or otherwise lessen their impact.

The Cyber Resilience Report, conducted by the BCI and sponsored by Crises Control, found that there was a wide range of response times for cyber incidents. Almost a third of organisations (31%) stated that they responded within one hour. However, one fifth (19%) take a worrying four hours or more in responding to a cyber event, while almost half (44%) take more than two hours to respond. This has clear implications for the time taken to return to business as usual, and the ultimate cost of the incident to the host organisation.

IntelligenceLedSecurity2

Even if businesses wish to respond immediately to a cyber attack, the nature of the attack may render them unable to do so. The research finds that phishing and social engineering are the top causes of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months and 37% attacked by way of spear phishing.

The BCI has discovered that 45% of companies were hit by a malware attack and 24% by a Distributed Denial of Service episode. All these forms of attack will, in different ways, render an organisation’s own network either contaminated or inoperable. Their website may have been taken down and they may well have to switch off their Internet connection until they can secure themselves from further attack.

A detailed study of 369 business continuity and resilience professionals from across the world, the research also reveals that the costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

David James-Brown FBCI, chairman of the BCI, commented: “This piece of research is one of the most timely, insightful and relevant the BCI has ever produced. Cyber attacks tend to target the weakest links of an organisation. That calls for a greater awareness of cyber crime. As the cyber threat evolves, it’s crucial to stay on top of it, building long-term initiatives and regularly updating recovery plans.”

Rickie Sehgal, chairman of Crises Control, added: “Rapid communication with employees, customers and suppliers is vital for any company in terms of responding effectively to a major business disruption event such as a cyber attack. When your business is at risk, even a one-hour delay in responding to an incident can be too long. Taking more than two hours to respond, as almost half of companies appear to do, is simply unacceptable.”

Leave a comment

Filed under Risk UK News, Uncategorized

LOCKEN UK achieves official ‘seal of approval’ with globally recognised ISO 9001 certification

LOCKEN UK has just achieved ISO 9001:2008 certification for its cable-free access control solution and services.

This official ‘seal of approval’ bears testament to the strategy that the company has spearheaded ever since its inception in 2003. Certification demonstrates the LOCKEN Group’s commitment to deliver service excellence and reflects the quality of the solution, while enabling the company to affix a recognised hallmark to its expertise.

“This success is down to the involvement of the entire team,” commented Arnaud Flecchia, the company’s CFO. “Their engagement during the process clearly demonstrates that our ability to offer high-quality services is also driven by the synergies and effective communication in place within the company.”

LOCKENISO9001

The backbone of LOCKEN’s quality policy revolves round four pillars which aim at constantly enhancing customer satisfaction and the effectiveness of its organisational structure, encouraging mutually-beneficial relationships with partners, winning over new markets, gaining competitive advantage through innovation and obtaining superior performance through an entrepreneurial internal mindset.

In conversation with Risk UK, Arnaud added: “We’re very pleased to obtain ISO 9001 certification as it represents an additional strategic element that serves as an official testimony of quality and thereby enables us to better pursue our business development with major multi-site operators and large corporations.”

Stéphane Conreux, LOCKEN’s CTO, stated: “This external recognition symbolises our organisation’s ability to deliver superior performance for our customers and offers a strong guarantee of the excellence of our daily operational work in satisfying their needs.”

Created by the International Organisation for Standardisation, ISO 9001 is the most internationally recognised standard for Quality Management Systems, representing almost 72% of the total number of certificates issued on a global basis. The standard ratifies and guarantees that a given organisation’s products and services are among the best in the world.

SGS – the inspection, verification, testing and certification company – was chosen by LOCKEN to certify the company’s performance as it’s recognised as the global benchmark for quality and integrity.

Leave a comment

Filed under Risk UK News, Uncategorized

Buckinghamshire New University security graduate named Student of the Year at CIR Business Continuity Awards

A Buckinghamshire New University graduate in security and business continuity has been named Student of the Year at the CIR Business Continuity Awards.

Roger Payne studied for an MSc in Business Continuity, Security and Emergency Management, and was duly recognised at the London Marriott Hotel ceremony – where the awards were hosted – for the high quality of his dissertation.

The dissertation was an investigation into the human factors such as ‘Groupthink’, Abilene Paradox, stress, gut feel, cognitive strain and other symptoms that impact how effectively incident management teams respond during crisis periods.

RogerPayneBucksNewUniversity

Roger Payne

Motivating factor

A senior business continuity manager at RBC Capital Markets, Payne told Risk UK: “I was really surprised and overjoyed to be recognised by my peers in the industry. More important for me, however, was the fact that I decided to finally study for my MSc shortly after my father passed away. His passing acted as both a motivation and a catalyst in my life, and my MSc degree is one of the important markers of my progress.”

Speaking about his qualification at Buckinghamshire New University, Payne added: “I believe my understanding of my chosen field of expertise has grown exponentially. Despite being in the arena of business continuity management since 2004, I believe there are always ways in which to improve one’s knowledge. The MSc degree course has enabled me to begin to align previously ‘siloed’ departments and have a more risk-based approach towards organisational resilience in all of its guises.”

On his dissertation, Payne explained: “The study clearly shows that these issues are not exclusive to incident management teams, but are issues confronted by almost all teams across almost all organisations when faced with stressful situations that don’t fit into the normal understanding of business as usual.”

Fantastic achievement

Head of School and course leader Phil Wood stated: “This is a fantastic achievement by a committed and extremely capable student. Roger is a prime example of the type of people who thrive on our Organisational Resilience and postgraduate programmes. Before joining us, he was already highly proficient in his industry and his success on the MSc is both vindication of that proficiency and of the value of education in helping students towards further career goals and success.”

Wood concluded: “Roger is the latest in a series of academic award winners for dissertations in our Master’s degree. The whole team here at Buckinghamshire New University is proud of Roger and of this recognition by a demanding industry sector.”

Leave a comment

Filed under Risk UK News, Uncategorized