Enabling Safe Business

‘Enabling Safe Business’ is a series of events looking at the relationship between information security and the operations of the region’s public service organisations.

Key themes that have been explored include:

  • Cyber resilience and business continuity
  • Public Services Network (PSN) compliance
  • Changes in data protection legislation
  • Cloud security
  • The cyber security threat landscape
Enabling Safe Business: Understanding and managing your supply chain cyber risk16th February 2024, Newcastle Civic CentreAn in-person event where public sector procurement, IT security and business continuity experts learned about the impact of supply chain failures caused by cyber incidents, how to mitigate risks, practical tools that can help monitor suppliers and how not all cyber risks are technical.
This builds on previous work around cyber resilience and incident management.
Enabling Safe Business – North East Regional Civic Cyber Resilience Workshop18th September 2019
Littlehaven Hotel, South Shields		This event was organised as a workshop to bring together people in a range of roles within organisations with responsibilities under the Civil Contingencies Act 2004.  These responsibilities include responding to cyber incidents.  The objective was to network, share knowledge and experience and progress the civic cyber resilience conversation forward in the north east region.The key messages and findings are applicable to all organisations:
  • Turn the ‘cyber’ conversation from being about IT security towards being about operational risk. Discuss likely impact of a cyber incident.
  • Talk with system owners, business managers and information asset owners. Involve colleagues from information security, information governance, information assurance, emergency planning / resilience, business continuity and business recovery.  Don’t forget web teams and ‘digital’ sections.
  • Cyber incidents need not be cybercrime, nor malicious.
  • A cyber incident timeline consists of inter-related phases:
    • Business as Usual – Incident (and levels of escalation) – Business Continuity – Business Recovery and New Norm
  • Plan for common consequences rather than causes. For cyber these are:
    • Loss of data and voice communications
    • Loss of key line of business apps (including remote plant, boiler control etc.)
    • Compromised data / systems (including remote plant, boiler control etc.)
  • A Cyber Incident Response Plan should use the same framework as your other incident response plans. Think about:
    • When to escalate an incident
    • Who to alert (see https://neict.org/isnortheast/cyber-attack-reporting-guidance/)
    • Key contact details (include your suppliers and key customers)
    • Who is involved in each phase and what they’ll do
    • Who can spend money
    • Governance
    • Prioritised list of services / systems / data to restore
    • Testing your Plan
  • Think about potential vulnerabilities in your extended supply chain.
  • Network with colleagues in other organisations – make contacts now for when you need them later.
  • Participate in cyber resilience awareness and training.
  • This is a developing narrative; don’t be afraid to join – you are where you are.
 
Enabling Safe Business  – resilient public services19th September 2018
Stadium of Light, Sunderland		summary

who should attend?

  • public service managers (especially those for vulnerable people)
  • information asset owners
  • elected Members and managers responsible for IT, resilience, IT security, business continuity, elections, registrars

from

  • councils
  • health
  • emergency services
  • charities and third sector organisations delivering public services
  • universities
  • LRF partners in the private sector

..in Durham, Tees Valley, Northumberland and Tyne and Wear.

planned programme includes

  • Feedback from Northumbria LRF Exercise Skynet
  • National cyber security programme and civic resilience, MHCLG and Emergency Planning College (confirmed)
  • Supporting councils with civic cyber resilience, LGA  (confirmed)
  • An overview of LRFs and key processes / language
  • What’s the private sector doing locally? Dynamo North East (confirmed)
  • Vulnerabilities from consumer technology and social media, Mark Johnson, TRMG (confirmed)
  • Start at home – changing the organisation’s culture around cyber resilience
  • Current cyber threat landscape
  • Tools available to public sector

register here

 
Enabling Safe Business  – disaster recovery19th July 2017
Ramside Hall Hotel, Durham
Experience and Lessons Learned from unplanned outages
  • NHS Business Services Authority: Nick O’ Reilly
  • Sunderland City Council: Scott Butler and Richard Wright
  • Round the room – one per organisation
    • Who you are, where from
    • An overview of one of your unplanned outages
    • Share a couple of lessons learned, especially anything “remarkable”

Q&A
Table discussions: exploration of the issues
  • Factors that might help eg O365 / cloud
  • Factors that might hinder eg O365 / cloud
 
What might good look like?
  • Approaches to Disaster Recovery Plans: Mark Brett
  • Working with service management colleagues: James Maughan and Dave Patterson, South Tyneside Council

Discussion / Q&A
Table discussions: what next?
  • Regional actions
  • Local actions
 
Enabling Safe Business  – a closer look at Cloud18th March 2016
Sunderland Software Centre		More and more services used by public services are being provided in the cloud and accessed online.  We used to call these hosted systems – it’s all the same.With the growth of the ‘apps economy’ it is easier than ever for colleagues to process data using online services, sometimes without the knowledge of IT, information security or data protection colleagues.

“Enabling Safe Business: a closer look at cloud” is a half-day, free-to-attend workshop which aims to bring together key players from north east public services to explore:

  • Context
    • Trends towards cloud and types of cloud service
  • Risks
    • Impact on business of cloud failures
    • Risks from the growth of Shadow IT (including that nothing is ever FREE)
  • Mitigation
    • Information Security and Data Protection considerations of cloud
    • Ensuring we procure cloud services taking into account of the risks involved

The workshop will be held at a central location in the Region and should be of interest to

  • Senior Information Risk Owners (SIROs)
  • Information Asset Owners
  • Heads of IT
  • Data Protection Officers
  • Information Security officers
  • Procurement officers
  • School Business Managers
  • Elected Members
  • School Governors
 
Enabling Safe Business ‘1511th June 2015
Sunderland Software Centre
  • Introduction
  • Threats to the business
  • Keeping services safe
  • Supporting risk management
  • Making sure the Public Service Network (PSN) works for us
Introductory VideoPhil Jackman’s introduction

Youtube playlist of useful videos

Enabling Safe Business11th July 2013
Sunderland Software Centre
  • So what’s stopping us?
  • What should we do?
  • Why worry?
  • What must we do?
  • Keeping systems safe – simply and cost effectively
  • PSN CoCo compliance
  • Information classification and Government Protective Marking
  • Managing information on mobile devices
  • Panel Question and Answer session