[INFOCON] - OCIPEP DAILY BRIEF Number: DOB02-110 Date: 25 July2002
DAILY BRIEF Number: DOB02-110 Date: 25 July 2002 http://www.ocipep.gc.ca/DOB/DOB02-110_e.html NEWS Possible Lessons for Ottawa from September 11 Ottawa's fire, police and ambulance branches rely on telephones for inter-service communication. Steve Kanellakos, the city's manager of emergency protective services, says that this is a problem and would like to see the three services sharing a single communications centre with a common radio system. (Source: Ottawa Citizen, 25 July 2002) Click here for the source article Comment: Recent media reports concerning the response of emergency personnel on September 11 to the World Trade Center state that a lack of communications between fire and police services may have led to the deaths of many firefighters. IN BRIEF Web TV Users Rerouted to 911 Services An e-mail with the subject line NEAT has led Web TV users to download a program that re-sets their dial-up number to call 911 emergency services. (Source: CNET News.com, 23 July 2002) Click here for the source article Asteroid Monitored for Potential Impact with Earth Astronomers are monitoring a newly sighted two-kilometre-wide asteroid after initial calculations suggested that there is a chance it could hit the Earth. NASA's Near Earth Object program ranked the asteroid as meriting careful monitoring, but not concern. (Source: CBC News, 24 July 2002) Click here for the source article Survey: Major Cyber Attack Very Likely A recent survey conducted by the Business Software Alliance concluded that nearly half of the U.S. security professionals surveyed believe that a major cyber attack will happen in the coming year. The survey indicates that only 19 percent of businesses in the U.S. have taken the necessary precautions for a major Internet attack and that 45 percent were unprepared. (Source: CNET News.com, 24 July 2002) Click here for the source article Comment: The report, U.S. Business Cyber Security Study, can be viewed at: http://www.bsa.org/security/resources/1 Public Safety Wireless Network Conference Report The ninth annual LI NYC (Long Island/NYC) Emergency Management Conference reviewed the events of 11 September 2001 in New York City. The subsequent report highlights, among other themes, the ways in which increased interoperability of wireless networks can save lives. The report can be viewed at: http://www.pswn.gov/library/docs/lessons_WTC.doc Scientist to Market Hacker-Proof Hard Disk A Japanese scientific researcher claims that a new hard drive with two heads may make it impossible for hackers to access and rewrite data on systems. (Source: PC WORLD.COM, 22 July 2002) Click here for the source article Comment: The hard disk is not going to stop all types of web site defacements or exploits. For example, Code Red did not access the hard-disk, it changed the web sites' home pages in the system memory. Pentagon Relinquishes Wireless Frequencies The Pentagon has agreed to shift some military communications to other frequencies, freeing up space for advanced mobile phones and other wireless products. (Source: CNN.com, 24 July 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Sophos reports on WM97/Pri-AE, which is a Word 97 Macro virus that propagates via Outlook e-mail. It arrives with the subject line Message From username and the message body This document is very Important and you've GOT to read this !!!. http://sophos.com/virusinfo/analyses/wm97priae.html Trend Micro reports on WORM_URICK.A, which is a worm that propagates via Outlook e-mail. It arrives with the subject line A Windows Trick and the attachment %Variable filename%. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_URICK.A Computer Associates reports on Assilem.M, which is a Word97 and 2000 macro virus that does not have an overly destructive payload. On the 23rd of any month, it displays a Chinese message. http://www3.ca.com/virusinfo/virus.asp?ID=12628 Vulnerabilities SecurityFocus reports on a remotely exploitable vulnerability in PHP Interpreter versions 3.0 thru 4.2.2 that could allow an attacker to cause a denial-of-service. No known patch is available at this time. http://online.securityfocus.com/bid/5280/discussion/ CERT/CC reports on a remotely exploitable buffer overflow vulnerability in Sun iPlanet and ONE Web Servers' search engine versions 4.1 6.0 that could allow an attacker to execute arbitrary code on the system. Follow the link for patch information. http://www.kb.cert.org/vuls/id/612843 SecurityFocus reports on a locally exploitable vulnerability in Sun PC NetLink 1.0, 1.1 and 1.2 that could allow an attacker to gain access to sensitive files. View the Solution tab for a workaround. http://online.securityfocus.com/bid/5281/discussion/ http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F27807 Additional vulnerabilities were reported in the following products: Pablo
[INFOCON] - Special NCMS Report - Business Continuity Planning
[I would recommend to read the Business Continuity Planning interview with David Spinks as David is very knowledgeable in this area. http://trust.ncms.org/interviewCO0702.htm WEN] To: MfgTrust; MfgTrustIG Subject: Special NCMS Report - Business Continuity Planning Dear NCMS Alliance Partners: We thought this month's Corner.Office article, interview, and resources pages on Business Continuity Planning were especially relevant to the theme of the NCMS InfraGard Manufacturing Industry Association. So, we decided to share them with you this month, and not restrict distribution to members only, as is the usual case with Corner.Office features. You are invited to view the article below. To access the accompanying expert interview and Resources pages on Business Continuity Planning, please go to http://trust.ncms.org, Publications Index tab. John Sheridan July 2002 Corner.Office Corner.Office is a monthly exclusive members-only feature of the NCMS InfraGard Manufacturing Industry Association Infrastructure assurance for manufacturers Powered by NCMS This month -BUSINESS CONTINUITY PLANNING (BCP) A safety net for businesses Editor's Preface Every business faces minor downtimes, and major unknowns; hence it is important to have plans in place which guarantee business contingency. Before the September 2001 attack on America quite a few business people said that they saw BCP as an inefficient use of resources, i.e. an expenditure which does not bring any return on investments. But statistics tell a different story, and events like 9-11 serve as drastic reminders that it is vital for every company to have plans in place to ensure business continuity, and the continuity of our suppliers and logistics - especially as globalization and our interdependence continues to grow. BCP cost relatively little in comparison what the company could potentially lose in a major incident. Therefore it seems highly prudent that organizations of all sizes seriously research and develop a plausible and efficient BCP. This month's Corner.Office features a special in-depth interview with David Spinks, Director - Information Assurance for Europe, Middle East and Africa at EDS (http://www.eds.com). He is responsible for EDS' portfolio of Information Assurance services across all those markets. Mr. Spinks is also chairman of the E-commerce Security Special Interest Group, an active member of the Guild of Security Controllers, a member of the British Computer Society Committee and co-author of the guide E-commerce - a World of Opportunity. He has spoken to audiences all over the world on subjects such as the impact of e-commerce on the supplier chain, business continuity planning after year 2000 and information security: the real threats. Because we thought this article, interview, and resources pages were especially timely and relevant, we will be sharing them broadly this month. Thus, you will find these materials posted on our public web site (http://trust.ncms.org, Publications Index tab), and not just on the NCMS members-only site. John Sheridan ([EMAIL PROTECTED]) BUSINESS CONTINUITY PLANNING According to the Info Security News Magazine (2000), an effective BCP and disaster recovery plan can reduce losses by 90% in the event of an incident. According to another study 81% of CEOs indicated their company plans would not be able to cope with a catastrophic event like the September 2001 attacks. There are numerous examples of companies suffering due to poor Business Contingency Planning. In the 1993 World Trade Center bombing, 150 companies went out of business (out of 350 affected)-scarcely an encouraging statistic. But an incident does not need to be a dramatic terrorist attack to have a massive impact on an organisation. For instance, in the case of fires, 44% of businesses fail to reopen and 33% of these failed to survive beyond 3 years. The examples could be continued endlessly. The bottom line is businesses need to have plans in place to cope with incidents (whether they be major terrorist attacks or a minor hardware problem) and thereby avoid major business interruptions. The Business Continuity Management Process Before even starting to create a Business Continuity Plan it is of vital importance to get the full support of the management and governance of your organization. Without it will be very difficult push BCP plans through the entire company. Furthermore directors should be involved in the strategic design of the BCP as it will help to create a realistic plan which will be focused on the business interests of the company. After that one should start to man the team which will be responsible for designing the BCP and to initiate the business continuity management process. This is important as the team will serve as central focus point during the entire Business Continuity Management Process. It is also important to set a time scale for the BCP