Thursday, August 9, 2007

Many of the 23 Core Global Risks Have Worsened, Warns Report

In an increasingly complex and interconnected global environment, risks can no longer be contained within geographical or system boundaries. No one company, industry or state can successfully understand and mitigate global risks.

The World Economic Forum Global Risks 2007 report highlights a growing disconnect between the power of global risks to cause major systemic disruption, and our ability to mitigate them. The report suggests that many of the 23 core global risks explored in the report have worsened over the last 12 months, despite growing awareness of their potential impacts. In addition to specific risk mitigation measures, institutional innovations may be needed to create effective responses to a complex risk landscape.
Strategic global risks are one of the topics covered in Security Management Stage 3, 24 September - 5 October 2007.

Securing LNG Receiving Facilities

A report (issued in 2005 but still valid) into LNG receiving facilities security against terrorist attack presents the following conclusions:

1. Since attack frequency cannot be accurately determined, control of potential severity is paramount. Thus, siting of LNG receiving facilities near other critical infrastructure or near population centers should usually be avoided.

2. Siting of LNG facilities in areas with low densities at least four miles from population centers and at least two miles from major shipping channels to minimize the exposure of people and property to potential harm is strongly preferred in the regulatory approval process.

3. Full containment of facility tanks should be mandatory, and the potential for separation of the LNG receiving facility from the LNG ship dock facilities by use of a receiving jetty with mooring and berthing facilities should be considered, especially when siting in higher density areas is preferred for economic or other strategic purposes.

To download a copy of the report, click on:

http://www.usc.edu/dept/create/assets/001/50799.pdf

Useful Advice on Measures to Reduce the Impact of Protest Group Actions

A highly organised protest group will court media coverage, explains the Metropolitan Police website. If their cause is topical or high on the political agenda (e.g. genetically modified crops), it is likely that their protest could attract wide local, and possibly national media interest.

It is important to remember that the words and actions of staff may be recorded. Staff should be reminded of this fact, and should not be drawn into an argument or use bad language.

By acting professionally, and in accordance with the establishment's policy, it is easy to turn the voice of protest around so that a balanced view can be gained. If staff are approached by the media they should not get drawn into making any comment but politely refer them to the designated member of the management team.

For access to the site with further advice on a range of physical and procedural security measures arising from protest group activity click on:

http://www.met.police.uk/publicorder/protest_paper.htm

Why You Shouldn’t Pay for a Security Surveyor!

The five-day ARC Training Security Surveying and Design Course has been specially designed to give you the skills to competently carry out a security survey and produce a survey report.

Delivered by experienced security surveyor Peter Horsburgh CPP PSP, the course uses a real site to teach you how to carry out a security survey, to make recommendations based on security management best practice and to present survey results to a top management team.

The course is almost entirely practical, enabling you to return to your organisation and commence surveying immediately!

And if you need assistance in carrying out your own on-site survey once you return, an optional post-course coaching support is available for a small additional fee.

The next course runs from 17-21 September. Contact Janet for details or to reserve a place.

White Powder Sparks Security Alert - Useful Link for Advice on How to Respond to Suspicious Incident

Staff at a government office in Ipswich, UK, were evacuated on 7th August after a suspicious powder sparked a security alert, according to local press.The suspect powder, which was later confirmed as non-hazardous, was discovered around 7.40am – staff in the immediate area were evacuated, while other departments were allowed to stay in the building. Emergency services took control of the situation.

Useful advice on how to respond to a suspect powder incident can be found at:

http://www.hse.gov.uk/biosafety/diseases/anthrax.htm

To discuss bespoke mail handling security training requirements contact David.

More Details Released about 2006 Plot to Blow Up US-Bound Airliners

Terrorists who had planned to detonate gel-based explosives - disguised as bottles of sports drinks - on US bound flights from London last August would have achieved mass devastation, according to new information from US Homeland Security Secretary Michael Chertoff in an exclusive interview with ABC News.

Read the full story and watch the video at:

http://abcnews.go.com/WN/story?id=3451976&page=1

Protection against Explosive Devices is addressed in Security Management Stage 1, 19-30 November 2007, and is also available as a 1-day workshop.

The Corporate Response to Terrorism forms part of Security Management Stage 2, 15-26 October 2007, and is also available as a 1-day workshop.

For more information or to discuss a bespoke training requirement contact David.

Wednesday, August 8, 2007

Consultation Paper on New CCTV Code of Practice Available for Download

Read the consultation paper on the new CCTV Code of Practice. Even if this doesn’t apply to your jurisdiction, the downloadable CCTV data protection code of practice consultation draft provides useful advice on selecting and siting cameras, using equipment and best practice for storage of recored materials.

Downloadable from:

http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/ico_cctv_consultation_draft_final.pdf

Security Guard 'Hid Cash in Shoe'

A security guard stole £20,000 over the course of two years by hiding bank notes in his shoes, a court has heard.

Mathew Dixon, 21, of Ynyshir, Rhondda, was given a 12 month suspended sentence for stealing money meant for cash machines at banks and supermarkets. He was caught out when police were given an anonymous tip off about his spending, Cardiff Crown Court was told.

"Selecting a Guarding Contractor" will be one of a number of new sessions added to Security Management Stage 2 in 2008.

For the full story click on:

http://news.bbc.co.uk/1/hi/wales/6922492.stm

Al Qaeda Fight Will Last a Generation - Terrrorist Nuclear Attack a Future Possibility

New British Prime Minister Gordon Brown has reaffirmed comments made by senior police officers and politicians earlier this year that it will take at least a generation to stem al-Qaeda-inspired terrorism."We are in a generation-long battle against terrorist, against al-Qaeda-inspired terrorism and this is a battle for which we can give no quarter," Prime Minister Brown said.

Meanwhile, two new reports published this year conclude that terrorist groups are capable of constructing crude nuclear devices which could cause widespread damage and disruption to national infrastructure. For details click on:

http://www.ewi.info/tempPDF/tn7.pdf

http://www.chathamhouse.org.uk/publications/papers/view/-/id/434/

On 25 July Retired Air Force Lt. Gen. James Clapper, the US undersecretary of defense for intelligence, warned the US Congress that Al Qaeda is continuing to plan attacks against the United States and is seeking nuclear and other unconventional arms for the strikes.

Much Remains to Be Done to Address Food Industry BCM, Warns Cranfield University

Britain’s food industry supply chains remain susceptible to a range of disruptive events according to a report undertaken by Cranfield University for the Department for Environment, Food and Rural Affairs (Defra). Emergency planning has been under the spotlight since 9/11, but as New Orleans learned to its cost, serious disruptions to our way of life can come in many guises. As the findings of the year long study show, these do not have to be sudden onset events like a hurricane or terrorist attack.

Author of the report, Dr Helen Peck of Cranfield University, found that whilst the industry continues to make progress towards implementing robust business continuity management (BCM) much remains to be done. “While the UK is good at dealing with sudden onset emergencies such as the 7/7 bombings, we remain less well prepared for the less obvious or well understood phenomenon of ‘creeping crises”, she said.

For more information on this story click on:

http://www.globalcontinuity.com/current_headlines/food_industry_bcm_precarious

Crisis Management is presented as a one-day workshop in Security Management Stage 1, 19-30 November. The workshop is open to day delegates.

Business Continuity Management is presented as a one-day workshop in Security Management Stage 3, 24 September – 5 October. The workshop is open to day delegates.

Always Check Your Change – GPS Used to Track Bank Robbers

When police in Washington apprehended bank robber Thomas Fricks minutes after fleeing the scene of crime Fricks remarked: “You guys are good”. What Fricks didn’t know at the time was that one of the bundles of bills stuffed into a duffel bag was actually a disguised GPS transmitter.

The device, developed by 3SI in the US, has a realistic flex and feel and can be concealed in bundle of less than 100 notes.

GPS, and other developments in technology, will be addressed in ARC Training’s new Specifying Security Technology Course, due for 2008.
For another story relating to the successful use of the tracking device click on:

Do You Have a Confidential Data Control Policy? Company Fined Almost £1 Million for Inadequate Security Measures Following Laptop Theft

Since the introduction in the UK of the Data Protection Act in 2000, the responsibilities of companies relating to the destruction of confidential data have become more stringent.

Organisations must destroy, under secure conditions, any data containing personal information including names, addresses, financial and legal details. The Act covers information held in manual files, as well as information held on computers and portable media. Every company must have a data control policy.

This has implications not only for the disposal of office bin waste, but also for the disposal of obsolete computer equipment, including portable media. Regular readers of this blog will be aware that reformatting storage media does not permanently erase data.

Failure to comply with the Act may result in heavy fines, even if the loss of data occurs through theft. In February of this year the financial regulator fined Nationwide Building Society almost £1m following the theft of a laptop from an employee's home last year. The computer contained confidential customer information and may have put millions at risk of identity theft. The Financial Services Authority said Nationwide did not have adequate security procedures in place and was critical of the time it took to investigate.

For advice on how to reduce your exposure click on the following link to download the Information Security Now publication, and navigate to page 11.

New Corporate Manslaughter Act Fails to Address Extraterritoriality

Up until now it has been virtually impossible in the UK to prosecute large companies for management failures leading to deaths. All that is about to change as the UK Government’s Corporate Manslaughter and Corporate Homicide Act 2007 passes into law.

For security professionals the implications are unclear. What if a death occurs as a result of an incorrect security decision or a bad or non-existent security procedures?

Workplace Law has produced a primer on the Act, which can be purchased from their website at a cost of £41.11:

http://www.workplacelaw.net/eshop/product_info.php?product_id=601

A good explanation of the factors which led to the legislation can be found at:

http://news.bbc.co.uk/1/hi/business/4537053.stm

Critics argue that the Act fails to provide extraterritorial jurisdiction. This means there will be certain circumstances where corporate manslaughter legislation does not apply. If a company is managed in England and a fatality occurs on a site abroad, then the legislation will not apply. If the same way, if a British employee travelled to a foreign site and suffered a suffered a fatality, corporate manslaughter charges could not be brought.

A further problem with the legislation is that if an injury that causes death happens in the UK and the company is based abroad it is unlikely that a prosecution would occur. It is unlikely that managers would be extradited to face prosecution so corporate manslaughter charges would be avoided.

Tuesday, August 7, 2007

Remote CCTV Drones Take to the Sky over UK

The UK's first police remote control helicopter has taken off. Merseyside police are using the "spy drone", fitted with CCTV cameras, mainly for tackling anti-social behaviour and public disorder.

The machine is 1m wide, weighs less than a bag of sugar, and can record images from a height of 500m.

Originally used by the military, it is due to be operational by June for a full three-month trial, which is the "first of its kind" in the UK.

For the full story click on:



Fear Factor Driving Retailers to Implement Security Controls

As of this month, about 96% of the world's largest businesses that accept credit and debit cards for payment have confirmed that they are no longer storing magnetic stripe information on their systems. Magnetic stripe data, also known as "track data" in industry parlance, includes the security verification codes on the back of each payment card as well as personal identification number (PIN) data from merchant payment systems. Older retail payment systems often captured and stored this data by default, without the merchants even being aware of that the information was being retained.

By removing prohibited data from their payment systems, large and small businesses alike are denying hackers the data they covet for use in counterfeiting payment cards and are thus making their businesses and the payments system more secure.

For more on this story click on:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=17&articleId=9028542&intsrc=hm_topic

Real Time DNA Authentication for Personal Identification and Verification?

The inherent vulnerabilities of card-based access control systems are well known (and well exploited). Biometrics offer a more reliable alternative but even after fifteen years of development their use is not widespread.

But now the prospect of real-time DNA authentication will have civil liberty activists foaming at the mouth (behind their facemasks). For just $15,000 you can purchase a DNA reader that will analyse and deliver results in just 30 minutes.

The quest now is to develop the technology so that it can identify a person in seconds. According to one industry expert, Richard Gardner, “DNA will become the preferred means of authentication in real time, possibly even within the time allowed for payment card transaction – 15 seconds”.

Worried? With cyber security being likened to "a stupid security guard handing keys" at a major IT security conference this week you should be!

Reputation Is a Key Source of Competitive Advantage - Are You Contributing to Your Company's Reputational Risk Management Programme?

There's a cautionary tale of a company which, every year, asked its managers to rate the risks they feared on the basis of potential financial damage. Then one year, they added the reputational dimension.

The result: a list several times as long, and with impact several times as severe. And the company's response?

It ditched the reputation exercise. Some things, it seems, are just too scary to contemplate. Further reading can be obtained at:

http://www.theregister.co.uk/2006/05/22/reputational_risk/
http://news.bbc.co.uk/1/hi/business/4697854.stm
http://www.continuitycentral.com/feature0357.htm

Reputational risk management is just one of the diverse areas of corporate risk management addressed in the forthcoming Security Management Stage 3 (Strategic Skills) Course, 24 September - 5 October 2007.

Monday, August 6, 2007

The Idea That Your Personal Computer Can Receive Content That You Did Not Request and Cannot Authenticate Should Scare You!

Spam, phishing, and malware are far more than e-nuisances. These somewhat crafty schemes are signs and symptoms that anyone, anywhere, can not only plant – but execute – anything they desire on your IT network, or take control of your IT-controlled operating procedures (SCADA) to cause physical misoperation and sabotage of valves, switches, breakers, critical of life-safety operating processes etc.

The witted adversary can use your resources, your name, and, in many case, he can do whatever he wants on your computer. Code to control another computer is easy to download and install on another machine. Once an adversary gets access to your PC’s next instruction, he owns the future actions of that machine, and can usually go unnoticed by you, the machine owner.

Imagine that the adversary is not a person, but a company or government, seeking to obtain data from or impose damage upon another entity. The methods are fairly simple, the tools are readily available (botnet code can be downloaded and the slave machines can be “rented” more easily than cars). Computers are effectively a new form of soldier and electronic systems can do massive harm with little effort. Computers are fast, but they are not smart. They simply follow their list of instructions, with no regard to how those instructions were provided, or any sense of intent.
Read on if you dare.....


If Your Role Involves the Selection of CCTV, Intrusion Detection Systems or Access Control Systems Read on!

If your role involves the selection and procurement of security technology (CCTV systems, intrusion detection systems, access control systems etc. you should give serious consideration to studying for the ASIS International Physical Security Professional certification.

The PSP syllabus covers the key areas associated with the introduction of security technology to a facility, including:

Selection and capabilities of available technologies, including CCTV, access control systems and IDS; physical security assessments; threat assessments; risk analysis; security survey techniques; interpretation of building plans, drawings and schematics; selection of integrated physical security measures; system compatibility; cost and cost-benefit analysis; documenting recommendations; advantages and disadvantages of various measures; bid evaluation; implementation of measures; technical compliance criteria; project management; establishing testing criteria; final acceptance design.

The application deadline for the November 3rd 2007 examination is 1 September.

If you are interested in pursuing this excellent opportunity to increase your effectiveness and gain an internationally-recognised qualification, check you eligibility at the link below and contact Janet Ward immediately for advice on how to submit your application and examination preparation.

http://www.asisonline.org/certification/psp/pspeligibility.xml

"Inherently Safer Technologies" as an Alternative to Security?

As concerns mount over the security of the US’ 15,000 chemical manufacturing and storages sites – if targeted by terrorists many plants could release toxic chemicals or ignite deadly explosions – the US Government has legislated further security improvements for the chemical industry, which has already spent between $2 - $3 billion on security improvements since the 9/11 attacks.

One area of risk mitigation that is attracting interest is the use of inherently safer technologies (IST) as an alternative to security. Since perfect access control is an illusive goal, proponents of IST argue that in some cases dangerous chemicals can be replaced by less dangerous chemicals. While there is usually an increased cost involved, a carefully thought out plan may alleviate facilities from the expense of government-mandated security measures and remove the shadow of risk from local communities.

One example, according to the latest print edition of the ASIS Security Management magazine, is the Blue Plains Wastewater Treatment Facility in Washington. Blue Plains has replaced lethal chlorine gas with liquid bleach. Although this change has added $2 million to the annual operating bill, the facility has now found a way out of the financially burdensome security regulatory maze.

For more on chemical plant security in the US click on the following links:

http://www.security-int.com/categories/chemical-plant-security/chemical-plant-security.asp

https://www.csialliance.org/issues/chemicalplantsecurity/

The protection of critical facilities will be addressed in the new Securing Critical National Infrastructure Course, due for 2008.

Using RFID? US National Institute for Standards and Technology Develops Best Practice for Security

RFID is a form of automatic identification and data capture technology that uses electric or magnetic fields at radio frequencies to transmit information. An RFID system can be used to identify many types of objects, such as manufactured goods, animals, and people. Each object that needs to be identified has a small object known as an RFID tag affixed to it or embedded within it.

RFID technology enables organisations to significantly change their business processes to increase efficiency and effectiveness. This technology is complex and combines a number of
different computing and communications technologies. Both the changes to business process and the complexity of the technology generate risk, which can be broken down into the following headings:

- Business Process Risk
- Business Intelligence Risk
- Privacy Risk
- Externality Risk

An explanation of what these are, and the mitigation for each, can be found in new US Government-sponsored guidelines entitled Guidelines for Securing Radio Frequency Identification (RFID) Systems.

Email David in order to obtain a copy of the guidelines.

Keeping Tabs on Cargo Theft

Cargo theft happens throughout points of the distribution system, including warehouses, receiving and shipping platforms, storage areas, depots, distribution centres, terminals and piers. Estimates show that organised crime accounts for 15- 20% of the value of all cargo theft, with insiders posing a significant threat to cargo in transit.

One method of keeping tabs on tractors and trailers is to install an electronic proximity identification and reconciliation system. Each vehicle and trailer is fitted with a transponder or tag and each driver can be issued with a tag so that, when a vehicle passes a monitoring point, the identities of the tractor unit and trailer or of the driver and vehicle are detected by a reader or receiver and then recorded.

This makes it possible to keep a record of which tractor units are pulling which trailers when leaving a goods yard, to monitor which vehicles are being driven by which drivers at a terminal, etc.

This, and other developments in cargo security, will be addressed in Transport and Distribution Security, one of the subjects addressed on Security Management Stage 2, 15-26 October.

Sunday, August 5, 2007

Planned New US Maritime Cargo Legislation a Recipe for Chaos, Warns Shipping Industry

All cargo entering the US on ships would have to undergo thorough screening at foreign ports under new legislation agreed by key congressional committees - a move attacked last week by the shipping industry as a recipe for chaos.

The bill has been supported by US Congress members who believe previous legislation such as last year’s Safe Ports Act has been too weak in addressing the risk that a terrorist attack might be mounted on the US from within a shipping container.

It calls for all air freight to be examined within three years and all sea containers within five years, although it allows for extensions to the deadlines.

This, and other maritime security developments, will be discussed in the forthcoming Maritime Security Management Course, 13-17 August.

Transport and Distribution Security is one of the subjects addressed on Security Management Stage 2, 15-26 October.

Five Steps to an Effective Strategic Plan

1: Begin with the business's big-picture plan
2: Always do a risk assessment
3: Set measurable goals for your team, to keep your plan grounded
4: Recognize that there is no "correct" time frame
5: Stay flexible

Click on the following link to unravel what this all means!

http://www.csoonline.com/read/070105/fivesteps.html

ASIS Releases New Information Asset Protection Guideline

ASIS has released its new Information Asset Protection Guideline. Comprising 47 pages packed with invaluable advice on how to establish effective policies and practices to better safeguard information, this guideline can be downloaded free from the following link:

http://www.asisonline.org/guidelines/guidelinesinfoassetsfinal.pdf

“I-Cube” Radiation Attacks Pose Greater Danger that Dirty Bombs, Experts Warn

In the United States, commercial users lose about one radioactive source a day through theft, accidents or poor paperwork, reports the International Herald Tribune. Many of these losses are in quantities large enough to create an I-cube attack.

Most analysts believe that about 10 people would die from radiation poisoning after a dirty bomb attack. Others believe that the only people likely to receive a lethal dose of radiation from a dirty bomb would already be dead from the blast. An I-cube attack, on the other hand, would be almost certain to kill hundreds.

“I-cube” stands for ingestion, inhalation or immersion of radioactive material. Ingestion can be achieved by contaminating food sources. An inhalation attack would use radioisotopes that can be burned, vaporized or aerosolized, and in a confined space could contaminate the air and be inhaled. An immersion attack, which would drench victims with a radioactive solution, could kill with only a small fraction of a teaspoon. Just a few drops of contaminated water on the mouth are enough to cause radiation poisoning.

For more on this story click on:

http://www.iht.com/articles/2007/08/01/opinion/edzimmer.php

Defence against chemical, biological, radiological and nuclear terrorism is one of the topics covered in Security Management Stage 2. The session is delivered by Phil Wood MBE CPP, a former military CBRN subject matter expert. The next Security Management Stage 2 course takes place 15-26 October 2007.

Pew Global Attitudes Report – Brits Reaffirm Support for Palestinians; Middle East and Asia Divided on Iran’s Right to Acquire Nuclear Weapons

The US-based Pew Research Center has just released its annual Global Attitudes Report. As in previous years, the report makes uncomfortable reading not just for the US, but for many of its allies.

When used in conjunction with previous years’ Pew reports, trends and changes in the data can provide a very useful tool for strategic risk analysts.

To download the full report go to:

http://pewglobal.org/reports/display.php?ReportID=256

Half of All Employees Begin Their New Jobs Using Competitive Information Taken from Their Old Jobs, Report Alleges

In research carried out earlier this year 85% percent of employees claimed that they could easily download competitive information and take it with them to their next job, in spite of 74% of these companies having a policy that specifically states that company personnel are not allowed to take company information out of the office.

The main “crime facilitators” are laptops and USB data sticks, which, in many companies, are subject to few data protection controls. Advice on how to secure information on IT systems can be found in ARC Training’s new IT Security Handout, available free on request to all past delegates of Security Management Stage 1.

More on this story and advice on how to apply better security can be found at the following link
http://www.securitypark.co.uk/article.asp?articleid=27023&CategoryID=57

CCTV Facial Recognition - Coming of Age?

In recent trials of CCTV facial recognition at a major airport an 85% success rate was achieved. Logica, the company behind the trials, found that faces could be successfully identified in a crowd from a distance of several meters 85% of the time, even when volunteers disguised themselves.

During the trial, volunteers’ photographs were put on a database’s suspect list, along with thousands of other photographs. The volunteers mixed with passengers at the airport and a biometric identification algorithm was used to analyse the faces in the crowds for a match.

According to Logica, the technology could be used for airport and border control security. It also has a number of other possible applications - facial recognition technology is already used by casinos in Las Vegas to spot cheats.

Meanwhile, the BKA (German equivalent of the FBI) recently spent €200K on trials of L-1 Identity facial recognition CCTV technology at Mainz railway station. The system returned just a 30% success rate under normal lighting conditions and, according to Der Spiegel, was declared useless as an investigative tool.
The myths and realities of CCTV, and how to specify CCTV systems, will be one of the subjects addressed in the new Specifying Security Technology Course, due for launch in 2008. Contact David for details.

Email Monitoring Could Breach Human Rights Law

Earlier this year a college in Wales was found in breach of human rights law when it monitored an employee's email, web and telephone activity in 1998 and 1999; the employee who took the colleage to court was awarded 3000 euro in damages for stress and anxiety.

Nearly half of UK organisations risk breaching human rights legislation by monitoring employee emails without following proper policies. Up to 44 per cent of large UK companies are potentially breaching a range of laws governing email monitoring, including the Human Rights Act 1998, the Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000, and the Telecommunications Regulations 2000 because they monitor emails without explaining their reasons to staff.

If your organisation routinely monitors emails for discipline purposes, or you monitor "live" emails as part of your proactive secuirty management programme, you are advised to seek guidance from your legal and HR departments. Seizing computer evidence (including old emails) for analysis in investigations, however, is generally not a breach of legislation.

The legal implications of computer evidence is one of many subjects addressed on the forthcoming IT Security and Incident Response Course, 9-10 October, led by author and broadcaster Ed Wilding.

Copper Theft Rise Sparks Warning of Potential for $millions in Consequential Losses

Police across the world are warning of a dramatic rise in theft of copper, which has recently increased threefold in value, making it an attractive target for thieves. Copper ground wire is a particular target, and in some instance thieves have cut through high voltage cable!

The theft of a few hundred dollars worth of wire can have potential consequential losses in the millions of dollars. In 2006 hundreds of trains were disrupted in Italy and a quarter of a million passengers were disrupted when thieves stole copper wires serving signalling equipment.

In the US last week thieves stole copper pipe from a freezer at Indiana's largest food bank, wasting nearly half a million dollars worth of food for the poor.

Security managers are urged to identify any critical dependencies on copper, especially that which runs outside the perimeter, and take steps to better protect it with strong physical security and, where possible, anti-tampering technology to detect voltage changes associated with cutting.

Warning of Bogus Callers to Chemical Plants Attempting to Solicit Security Information

The FBI is investigating reports that a number of US chemical plants have received telephone calls from bogus callers claiming to be making a survey for an industry trade group. The American Institute of Chemical Engineers has issued an immediate warning not to divulge safety and security information to any caller.

The American Institute of Chemical Engineers warned its members on 27th July that in the light of recent terrorist activity this may be an attempt to determine security vulnerabilities in the chemical process. When traced, the numbers used by the callers were found to have been disconnected.

Spreading Security Management Best Practice

Fifteen security professionals from nine different countries (Azerbaijan, India, Kazakhstan, Nigeria, Qatar, Russia, Saudi Arabia, Switzerland and the UK) are currently studying corporate security management best practice at ARC Training under the guidance of the redoubtable Phil Wood MBE CPP.

Representing such diverse sectors as oil and gas, banking, police, civil service, agribusiness and security services provision, delegates have spent the first week of the two-week programme learning the key core skills areas of risk management, operations management, security design, perimieter and buildings security, personnel security, information security, CCTV and security surveying.

Week two of this university-accredited Security Management Stage 1 programme will focus on Protection against Explosive Devices, Crisis Management, Investigating Skills, Drug and Alcohol Misuse, Management and Leadership, and completion of the course project – a plan to secure a major critical infrastructure facility in a high-risk area.

By the end of the programme delegates should have mastered the key skills necessary to manage a security management programme in an international environment.

The next Security Management Stage 1 course takes place 19-30 November 2007. Contact Janet to reserve your place.