Your Security Journey, more for less during the COVID 19 pandemic

Your Security Journey, more for less during the COVID 19 pandemic

Thank you to our Head of Client Development ADVENT IM, Derek Willins.

The Original Article on the ADVENT-IM site can be accesses by clicking on the Logo:

As we endure societal lockdown in an effort to control the spread of COVID-19, thoughts turn to imagining what will change when it’s beaten. I suspect that business continuity, business resilience and risk management will be high on most agendas for a while, alongside the financial restrictions that will decide what gets done and when. Supply chains will be overhauled, as will working from home policies, and mobile equipment. Digitisation will increase, as will automation and complexity. Quite what all the ‘new normals’ will be in two or three years is too hard to call, but it will look different from today.

There is one certainty though. Online crime will continue to grow. Criminal activity has stepped up during the crisis with sophisticated health and virus-oriented phishing and ransomware campaigns; as well as heartless physical attacks on ambulances, and thefts of hospital oxygen cannisters. Our enemies are merciless and cruel. Unified and better-constructed security defences have to be part of the inevitable reviews which will happen. However, I suspect the usual objections to change will centre around finance (specifically ROI) and, how do we get more from less. This latter issue I want to address.

Advent IM’s long held philosophy has always been, that holistic security (one-team, information, IT, physical) is more efficient and effective than unconnected silo’s, and that excellence can be achieved with modest budgets.  Underpinning this philosophy is that people and process are the master, and technology is the servant. All too often in the search for quick solutions, the lure of expensive technical security solutions (without good people and process around it), has usually failed to deliver on expectations. A more balanced approach of people and process with technical support is the strategy which brings affordable effectiveness. It was a pleasure therefore, to discover some data which supports Advent IM’s philosophy.

A few months ago, a new report* was published, which caught my eye.  It’s a document providing us with a view of the current state of Information Security including current risks and trends, organization structures, and budgets.

There is an analysis of the respondent’s security budgets (as a % of their IT spend) and their security maturity status (based on 0-4: 4 being optimal). Each respondent is then put into 4 quadrants. The two axes are, the (group average) budget, versus the (group average) security maturity.

Advent im security spend vs maturity

Conclusions from the report;

  1. There is absolutely no correlation between security spend and security maturity.
  2. There are high security spenders, but with a low security rating (B), and some low-spenders with a high security-mature (A).
  3. The A group with strong maturity and low expenditure, are spread across different industries, and represent about 11% of organisations in the sample.

At face value then, the report tells us that security maturity (excellence, resilience) can be achieved, without massively high investment (less than 7.2% of IT budget). Clearly these organisations have something to teach everyone. Sadly, the analysis stops short of identifying their common attributes.  However, there are some inferences that can be made.

The security maturity measure starts at 0 (Non-existent) to 4 (Optimised. i.e. business enabler). On average the sample scored 2.06. This puts them in the ‘Defined’ level which means they have defined security formal process, roles and responsibilities and its all communicated. So far so good.

The next level up (3) is where the A group are getting close to. This means they measure and test that process is working effectively, KPIs are set, some automation is used, and regular reviews and audits are conducted. In short, the A group ensure their way of working is effective and adjust as they go – and all done at below the average expenditure of 7.2% of the IT budget. In our experience, only people and process supported by the right technology, make this happen.

Our experience tells us that most organisational leaders are satisfied that their security operation is currently fit for their purpose. It’s also true that the same people want security to be a bigger part of their business culture, but rarely have a plan to make this happen.  However, the evidence is clear that more can be achieved with reduced expenditure, and that all organisations, however confident, should be constantly reviewing and testing what they do. Partly because threats are constantly changing, and partly because great security is an enabler of innovation and productivity.

The financial circumstances post COVID-19 will demand that operational improvements are made. More cloud, more automation, more devices, more data, more risk. Security by design and default, means that planning for a more affordable and more effective security function in a post COVID-19 world starts now.


*Source; Capgemini Information Security Benchmark 2019. Based on 105 companies in EU across 4 large Private channels (Utilities, Finance, Consumer, Manufacturing). CISO’s and CIO’s views.

Contact the ADVENT-IM team by clicking below:

What are the COIVID19 tests?

What are the COIVID19 tests?

by Philip Ingram MBE

Some see a perceived lack of testing as the latest stick to beat the government up with the current COVID-19 crisis. The perception that is being left with the general public and with healthcare workers is that testing will provide some magic solution to the crisis.  The reality is, being blunt, it won’t; being more accurate, each test has its strengths and weaknesses and no one test is the complete answer, they will only help our understanding of the spread of the infection and help keep us safer.

The current test, which is the one being scaled up, is an ‘antigen’ test. Antigens are molecules capable of stimulating an immune response in the body and that immune response is the start of the production of antibodies.

The antigen test requires a swab to be taken, usually from the back of the throat.  That swab then needs to be sent to a laboratory where the antigen is scientifically amplified and compared with a reference to see if it is what they are looking for.  This test, called the Polymerase Chain Reaction (PCR), often referred to as real-time PCR (rt-PCR), or the quantitative PCR (qPCR) test, requires trained laboratory technicians, specialist equipment and time for each test, as well as an administrative burden matching tests to results and informing individuals of results.

The current PCR test is an excellent technology but leaves a window as it misses some early cases, at times not detecting infection until a period post symptoms, even though the person can be highly infectious during that time. The test is also manpower and equipment limited, needing people to take samples, technicians and scientists to process and interpret the tests and staff to deliver the results.

Of course, a negative test one day does not mean the individual could not become infected the next day, and this is why it is essential the complimentary Antibody test is further developed and rolled out to identify who has had the infection.

This is a much simpler test using a sample of blood taken from a finger pin prick and it is then put into a device like a pregnancy test kit, but the chemistry on the test stick is designed to look for antibody.  Antibodies (sometimes called immunoglobins (IgM and IgG)) are proteins produced by the body over the course of a week or two in response to an infection and are there to fight the infection. Each antibody is designed to recognise a specific part of the cause of the infection (the antigen), lock onto it and stop it replicating thereby fighting the infection.

With the antibody test, a solution is added, and the blood sample moves up the test paper stick, interacting with the chemistry on the stick and giving an indicator that the antibody is present.  This will tell someone that they have had the COVID-19 disease in some form and only takes a few minutes to carry out. It does not indicate early infection or necessarily that an individual currently has the infection.

There are other tests currently being offered to the fight against COVID-19 that will complement the PCR antigen and the antibody test. This test is similar in its physical form to the antibody test, but the chemistry is very different.  It detects a key very early marker of the activation of the immune system in the body produced from the very early stages of the infection. This happens as the infection enters the body and is active as the body produces certain ‘help’ molecules. A marker that has been identified, following a great deal of research activity into HIV and earlier SARS infections is called neopterin.

The neopterin test does not specifically identify that an infection is COVID-19, but it does detect that someone is suffering from an activation of their immune system and, as such can detect infection at a much earlier stage in the disease than any of the other tests. It is a very simple to use and understand lateral flow test (as a pregnancy test) and can be used and interpreted by health workers and the general public, requiring no specialist support. It is projected to be non-invasive by using only a small sample of saliva, with the test results showing a positive result with a red line in a few minutes only if the individual is suffering a current viral infection.

This new test is not yet part of the governments offering but would complement the other two allowing the resource and time-consuming PCR test to be used only on those who have a positive indication of a viral infection and, critically, detecting those that are too early in the course of infection to be detected by the PCR or antibody test. It could also be used much more frequently as part of a wider screening programme as it can be self-administered, self-interpreted and produces rapid results and allow more informed self isolation, thereby reducing cross infection, potentially dramatically.

What is important is that the strengths and limitations of each type of test are known and understood and that a range of complimentary tests are available to maximise the collection of results that will rapidly let the health system and public understand the risks.

This article was written by Philip Ingram MBE with the assistance of Professor Colin Self BSc, MB, BChir, PhD, DSc, FRSC, FRCPath who has developed the Neopterin test. Please use the contact us page if you want further details.

SIA Comment on security staff as critical workers

SIA Comment on security staff as critical workers

26 March 2020

- this link opens in a new window

On Monday, 23 March the Prime Minister announced further instructions to the British public to combat the spread of Coronavirus (COVID-19). His announcement can be viewed here. It places further restrictions on when people can leave their homes and limits travel for work to essential roles only.

- this link opens in a new window

I am able to confirm that the current definition of critical worker DOES include regulated (licence holding) security professionals, essential to national infrastructure, operating in roles under the 8 broad headings listed. This status is only directly relevant to the ability to access the school and childcare systems at this time. This critical worker definition does not affect whether or not you can travel to work – if you are not a critical worker, you may still travel to work where this absolutely cannot be done from home.

To prioritise pressure on the schools system, it does NOT extend to all licence holders. It is role dependent. The list may change over time.

Government advice is to stay at home whenever possible. It is to keep your children at home whenever possible – even if you are a critical worker. If, and only if, you are undertaking an essential role, supporting the nation’s COVID-19 response, which you can only do by accessing the school or childcare systems, should you do so as a critical worker.

This definition covers, amongst other areas, security provision in hospitals; schools; social care; courts; government estate; supermarkets and the food supply chain; the transport network; national infrastructure and utilities. If you are providing essential security to a service which itself remains critical and functioning, which attracts critical worker status, then you are likely to be covered. If in doubt, check with whoever contracts for your services.

Roles essential to supporting law and order, with the potential to reduce demand on policing, also meet the critical worker definition. This would include, amongst other areas, the guarding of empty or closed commercial, retail or office premises; the monitoring of similar through CCTV or other remote means; and the provision of alarm response centres including mobile units.

If your role does not clearly fall under the headings above then you may still travel to work, if that work absolutely cannot be done from home. Your aim should be to stay at home whenever possible. If this is not viable then assess whether you can deliver more services remotely e.g. through CCTV. If a physical presence is required then you should seek to minimise the number of staff deployed to the lowest safe level and ensure social distancing is applied.

Note that in any circumstance, critical worker or otherwise, the Prime Minister has been very clear that ensuring social distancing remains the responsibility of the employer.

These are difficult questions in unprecedented times. They are not easy and no-one else can answer them for you. You will need to apply judgement, with the aim of minimising social contact where possible. The words to focus on are ‘necessary’, ‘critical’ and ‘essential’, otherwise please stay at home and minimise the transmission risks for the benefit of your health, your families, the general public and the NHS.

Ian Todd
Chief Executive

Please access the SIA Site Here: https://www.sia.homeoffice.gov.uk/Pages/Coronavirus.aspx

UK Government COVID-19: support for businesses

UK Government COVID-19: support for businesses

as at 24th March 2020

Full post on teh Government website can be accesses here: https://www.gov.uk/government/publications/guidance-to-employers-and-businesses-about-covid-19/covid-19-support-for-businesses

The Chancellor has set out a package of temporary, timely and targeted measures to support public services, people and businesses through this period of disruption caused by COVID-19.

This includes a package of measures to support businesses including:

  • a Coronavirus Job Retention Scheme
  • deferring VAT and Income Tax payments
  • a Statutory Sick Pay relief package for small and medium sized businesses (SMEs)
  • a 12-month business rates holiday for all retail, hospitality, leisure and nursery businesses in England
  • small business grant funding of £10,000 for all business in receipt of small business rate relief or rural rate relief
  • grant funding of £25,000 for retail, hospitality and leisure businesses with property with a rateable value between £15,000 and £51,000
  • the Coronavirus Business Interruption Loan Scheme offering loans of up to £5 million for SMEs through the British Business Bank
  • a new lending facility from the Bank of England to help support liquidity among larger firms, helping them bridge coronavirus disruption to their cash flows through loans
  • the HMRC Time To Pay Scheme

Check the business support website for answers to frequently asked questions.

Local resilience forums: contact details:

Local resilience forums: contact details:

Resilience forums contact details

As at 25th June 2019 all from: 

https://www.gov.uk/guidance/local-resilience-forums-contact-details

England

Northwest

RegionContact details
CheshireCheshire Police Headquarters, Clemonds Hey, Oakmere Road, Winsford, Cheshire, CW7 2UA. Contact: Sheila Hand Tel: 01606 364 009 Cheshire LRF Community Risk Register
CumbriaCRF Secretariat, Resilience Unit, Penrith Community Fire Station, Carleton Avenue, Penrith, Cumbria, CA10 2FA. Contact: Emergency planning Tel: 01768 812 500 Cumbria LRF Community Risk Register
Greater ManchesterAGMA Civil Contingencies & Resilience Unit, c/o Greater Manchester Police, Openshaw Complex, Lawton Street, Openshaw, M11 2NS. Contact: Richard Battersby Tel: 0161 234 4444 Greater Manchester LRF Community Risk Register
LancashireLRF Secretary, Lancashire Constabulary, Headquarters, Saunders Lane, Hutton, Lancashire. Contact: Caroline Suart Tel: 01772 410528 M: 07535 529812  Lancashire LRFCommunity Risk Register
MerseysideMRF Secretariat, Merseyside Fire & Rescue Service HQ, Bridle Road, Bootle, Merseyside, L30 4YD. Contact: Contact: Diane Smith / Martine Corrigan or Ian Voce Tel: 0151 296 4536 or 0151 296 4773, Merseyside LRF Community Risk Register

Northeast

RegionContact details
ClevelandCleveland LRF Secretariat, Cleveland Police, Cleveland Emergency Planning Unit, Ash House, III Acre, Princeton Drive, Thornaby, Stockton on Tees TS17 6AJ. Contact: Cleveland LRF Tel: 01642 301 515 Cleveland Emergency Planning Unit Community Risk Register
Durham & DarlingtonDevon Lawton, County Durham and Darlington Fire & Rescue Service Service Headquarters, Belmont Business Park, Durham, DH1 1TW E: Devon Lawton, T: 0191 3755615, M: 07776 226388 Durham & Darlington LRF Community Risk Register
NorthumbriaNorthumbria LRF Coordinator, Newcastle City Council, Room 709, Civic Centre, Barras Bridge, Newcastle upon Tyne, NE1 8PB. Contact: Joe Gallant Tel: 0191 211 4993 or 07976 594 788 Northumbria LRF Community Risk Register

Yorkshire and Humber

RegionContact details
HumberHumber LRF Secretariat, County Hall, Cross Street, Beverley, East Riding of Yorkshire, HU17 9BA Contact: Jonathan Brown, Tel: 01482 393 055, Email,  Humber LRF Community Risk Register
North YorkshireEmergency Planning Manager & LRF Secretariat, North Yorkshire County Council, County Hall, Northallerton, North Yorkshire, DL7 8AD. Contact: Tom Knox Head of Resilience & Emergencies at NYCC and North Yorkshire Local Resilince Forum Secretariat, Tel: 01609 532 110 or 07891 587 376 North Yorkshire LRF Community Risk Register
South YorkshireSouth Yorkshire LRF, South Yorkshire Police Operations Complex, Europa Link, Sheffield, S9 1XX. Contact: Sarah Whatley Tel: 0114 220 2961 South Yorkshire LRF South Yorkshire Emergencies Community Risk Register
West YorkshireWest Yorkshire Resilience Forum, Room 2.17, Sovereign House, Carr Gate Complex, Bradford Road, Wakefield, WF2 0QD. Contact: Inspector Paul Akerman Tel: 07595 006719 West Yorkshire LRF Community Risk Register

West Midlands

RegionContact details
StaffordshireCivil Contingencies Unit, c/o Stafford Fire Station, Beaconside, Stafford, ST18 0DD. Contact: Bethan Morgan Staffordshire Prepared Community Risk Register Know your risks
WarwickshireWarwickshire Local Resilience Forum, c/o CSW Resilience Team, Communities, Warwickshire County Council, PO Box 43, Shire Hall, Warwick, CV34 4SX. Contact: Robert Coe and Samantha Ayton-Hill, Tel: 01926 412 060 Warwickshire PreparedCommunity Risk Register
West MerciaWest Mercia Local Resilience Forum, Ledbury Police Station, Worcester Road, Ledbury, Herefordshire, HR8 1PL. Contact: Steve Pooler or Vivian Howells (WMLRF Co-ordinators)Tel: 01905 747 205 West Mercia LRF Community Risk Register
West MidlandsWest Midlands Conurbation Local Resilience Forum, Events Control Suite, Tally Ho, Pershore Road, Birmingham, West Midlands, B5 7RN. Contact: Gregg Arrand Tel: 07920 275 579 West Midlands Conurbation LRF Community Risk Register. @WMidsPrepared@PreparedPanda

East Midlands

RegionContact details
Derby & DerbyshireEmergency Planning Division, Derbyshire County Council, County Hall, Matlock, Derbyshire, DE4 3AG. Contact: Elizabeth Partington Tel: 01629 538 364 Derbyshire LRF Community Risk Register
LeicestershireResilience Partnership – Leicester, Leicestershire & Rutland Local Resilience Forum, 1 Romulus Court, Meridian East, Meridian Business Park, Leicester, LE19 1YG. Contact: Julia Draycon Tel: 0116 305 6101 Leicestershire LRF Community Risk Register
LincolnshireHead of Emergency Planning & Business Continuity, Lincolnshire County Council, County Emergency Centre, South Park Avenue, Lincoln, LN5 8EL. Contact: Ian ReedTel: 01522 843409 or 07768 996083 Lincolnshire Resilience Forum Community Risk Register
NorthamptonshireLocal Resilience Forum Coordinator, Northamptonshire Police, Operations Department, Mere Way, Northampton, NN4 8BH. Contact: George Cooper Tel: 03000 111 222 (ext 776501) Northamptonshire LRF Community Risk Register
Nottingham and NottinghamshireNottingham and Nottinghamshire LRF Secretariat, Emergency Planning Team, Nottinghamshire County Council, County Hall, Loughborough Road, West Bridgford, Nottingham, NG2 7QP. Contact: Katie Harrison-Sharer Tel: 0115 977 3471 Nottingham and Nottinghamshire LRF Community Risk Register

East of England

RegionContact details
Bedfordshire & LutonBedfordshire Local Resilience Forum, c/o Central Bedfordshire Council, Priory House, Monks Walk, Chicksands, Shefford, SG17 5TQ. Contact: Bedfordshire Prepared Tel: 0300 300 4145 Bedfordshire LRF Community Risk Register
Cambridgeshire & PeterboroughCambridgeshire & Peterborough Local Resilience Forum, Cambridgeshire Fire and Rescue Service, Hinchingbrooke Cottage, Brampton Road, Huntingdon, PE29 2NA. Contact: Jane Ashwell Tel: 07715 076 679 Cambridgeshire & Peterborough LRFCommunity Risk Register
EssexEssex Resilience Forum, Essex County Fire & Rescue Service, Headquarters, Kelvedon Park, Rivenhall, Witham, Essex, CM8 3HB. Contact: ERF Secretariat Tel: 01376 576 375 Essex Resilience Forum Community Risk Register
HertfordshireHertfordshire LRF Secretariat, Hertfordshire County Council, County Hall, Pegs Lane, Hertford, SG13 8DE. Contact: Owen Tomlinson Tel: 01992 555 959 Hertfordshire LRFCommunity Risk Register
NorfolkNorfolk LRF Secretariat, Norfolk & Suffolk Constabulary, OCC, Falconers Chase, Wymondham, Norfolk, NR18 0WW. Contact: Gemma Bailey Tel: 01953 424866 Norfolk Prepared – Norfolk Resilience Forum Community Risk Register
SuffolkSuffolk LRF Secretariat, Suffolk Joint Emergency Planning Unit, Endeavour House (GFB3), 8 Russell Road, Ipswich, IP1 2BX. Contact: Karen Chambers Tel: 01473 265 316 Suffolk LRF Community Risk Register

South West

RegionContact details
Avon & SomersetAvon & Somerset LRF, Risk Intelligence Unit, Avon & Fire Rescue Service, P.O. Box 37, Valley Road, Portishead, Bristol, BS20 8QJ. Contact: Kelly Vince Tel: 0117 926 206 Avon & Somerset LRF Community Risk Register
DorsetDorset Local Resilience Forum, Civil Contingencies Unit Offices, Dorset Police HQ, Winfrith, Dorset, DT2 8DZ. Contact: Deborah Haynes Dorset LRF Community Risk Register
Devon, Cornwall & IoSDevon & Cornwall Police, Emergency Planning Unit, 7-9 Hamilton Drive, Middlemoor, Exeter, EX2 7HQ. Contact: Neil Hamlyn Tel: 0139 222 6469 or 07809 689 426 Devon & Cornwall LRF Community Risk Register
GloucestershireGloucestershire Tri-Service Centre, Waterwells Drive, Quedgeley, Gloucester, GL2 2AX. Contact: Matthew Steele Tel: 01452 888 768 Gloucestershire LRF Community Risk Register
Wiltshire & Swindonc/o Wiltshire Police, Police Headquarters, London Road, Devizes, Wiltshire, SN10 2DN. Contact: Paul Williams Tel: 01380 861 823 Wiltshire LRF Community Risk Register

South East

RegionContact details
Hampshire & IoWHampshire & Isle of Wight LRF, Hampshire County Council, Castle Avenue, Winchester, Hampshire, SO23 8UJ. Contact: Laura Edwards Tel: 01962 846 846 Hampshire LRFCommunity Risk Register
KentKent Resilience Team Support Team, Kent Fire and Rescue Service HQ, The Godlands, Straw Mill Hill, Tovil, Maidstone, Kent, ME15 6XB. Contact: KRT Support Tel: 01622 212 409 Kent LRF Community Risk Register
SurreySurrey Local Resilience Forum, Surrey County Council, Room 194, County Hall, Penrhyn Road, Kingston Upon Thames, Surrey KT1 2DN. Contact: Ian Good Tel: 0208 213 2800 Surrey LRF Community Risk Register
SussexSussex LRF Secretariat, Sussex Police Headquarters, Church Lane, Malling, Lewes, BN7 2DZ. Contact: Sussex LRF Tel: 01273 404 385 Sussex LRF Community Risk Register
Thames ValleyThames Valley LRF Secretariat, TVLRF, Joint Operations, Thames Valley Police, Headquarters South, Kidlington, OX5 2NX. Contact: Ben Axelsen or Emily Merritt. Tel: 01865 541650 Thames Valley LRF Community Risk Register

London

RegionContact details
LondonLondon Resilience Group, London Fire Brigade, 169 Union Street, London, SE1 0LL. Contact: London Resilience Forum Tel: 020 8555 1200 (ext 30175) London Prepared @LDN_PreparedCommunity Risk Register

Wales

The Welsh Assembly, emergency services, local authorities, health authorities and other emergency planning organisations work together to strengthen the resilience of services in Wales. The Wales Resilience website has more information.

RegionContact details
Wales Resilience Forum (pan-Wales forum)Head of Resilience Team, Welsh Government, Cathays Park, Cardiff, CF10 3NQ. Contact: Paul Critchley Paul.Critchley@gov.wales Tel: 0300 025 3593
Dyfed PowysDyfed Powys LRF Partnership Team, Strategic Co-ordination Centre, Dyfed Powys Police Headquarters, Llangunnor, Carmarthen, SA31 2PF. Contact: Peter Nicholas / Steve Roberts DPLRF.external@dyfed-powys.pnn.police.uk Tel: 01267 248454 / 01267 248452  Dyfed Powys LRF Community Risk Register
GwentGwent Local Resilience Co-ordinator, Monmouthshire County Council, County Hall, Rhadyr, Usk, Monmouthshire, NP15 1GA. Contact: Natalie Phillips Tel: 01633 644025 / 07891 416395 Gwent LRF Community Risk Register
North WalesNorth Wales Resilience Forum Secretariat, North Wales Police Headquarters, Colwyn Bay. Tel: 07884 068 032 Contact: nwrf@nwales-fireservice.org.uk Community Risk Register
South Wales Local Resilience ForumSouth Wales Local Resilience Forum Co-ordinator, Vale of Glamorgan Council, The Alps, Quarry Road, Wenvoe, CF5 6AA. Contact: Melanie Haman Tel: 07703 468901 Fax: 01685 387740 or SWLRF@valeofglamorgan.gov.uk Tel: 029 2067 3058 Community Risk Register

Scotland 

 

Details for Regional Resilience Partnerships (RRPs) in Scotland are on the website of the Scottish Executive.

Northern Ireland

Details for Emergency Preparedness Groups (EPGs) in Northern Ireland are available from the Northern Ireland Civil Contingencies Policy Branch.