ASIS Security Management Certification

With the 2007 ASIS certification examinations looming in the UK, it is never too early for those who have not yet earned an internationally recognised professional certification in security management to begin thinking about the 2008 examinations.

Registration for the May 3 2008 CPP examination begins in January, and the distance learning PSP Preparation Programme begins in June. Click here to enquire about either.

The PSP certification is based on the premise that today's employers want highly-trained, suitably qualified, professionals who have solid, hands-on experience with both current and emerging security technologies and solutions. This means that there are multiple areas in which physical security specialists must be knowledgeable.

ASIS rightly argues that the Physical Security Professional certification will separate those who have this technical background from those who do not, giving them that professional edge. Organisations which recognise the importance of the PSP certification and which are investing in the future of their physical security systems by putting their managers through the UK PSP examination in 2007 include the Bank of England, Orange, the Swiss-based World Intellectual Property Organization, Control Risks, Lloyds TSB, the UK Government, Camelot, Control Risks Group, Thailand’s, leading oil and gas company PTT, and Diageo.

The physical security examination is targeted at security professionals whose responsibility includes conducting threat surveys; designing integrated security systems that include equipment, procedures, and people; or installing, operating, and maintaining those systems. The test comprises a multiple choice question paper. Details can be found online by clicking here.

Begin your preparation for the PSP now. Register your interest with Janet Ward, download one of the course books for free - US Army Field Security Manual - and click here to order David Patterson’s excellent PSP Study Guide from the ASIS Bookstore.

When Good Employees Go Bad

Sophisticated crimes such as fraud and information theft often involve the use of a computer, or computer media. For a security manager investigating a case of employee misconduct where a computer is involved it is extremely easy to miss crucial evidence or to render evidence inadmissible, if some basic first response principles aren’t followed closely.

ARC Training has teamed up with Data Genetics International, a specialist computer forensic and technical investigation organisation, to deliver a course designed to help security managers avoid the pitfalls of investigating computer evidence. Emphasis is placed on interactive, realistic training where attendees, working in teams, are required to investigate a number of cases that are based on real incidents.

The course runs from 24-25 January 2008, and includes a scenario-based exercise. The programme is led by subject-matter expert, author and broadcaster, Ed Wilding. For details contact Janet.

Can’t wait to get started? Whet your appetite with this still valid 2001 publication by the US Department of Justice:

http://www.ncjrs.gov/pdffiles1/nij/187736.pdf

What Drives Young People to Radicalization - A New York Police View

A fascinating New York Police Department study into the “Jihadist Radicalisation” process is available for download at:

http://sethgodin.typepad.com/seths_blog/files/NYPD_Report-Radicalization_in_the_West.pdf

The report focuses on the domestic threat to the US posed by radicalised citizens, a segment of the population euphemistically labelled by the British Government as “international terrorism”.

You may not agree with all of the perceptions and arguments presented in the report, and if you are a Muslim reader you may find the agenda of the report in failing to link US/UK overseas policy with the growth of radicalism rather too predictable, but it is nevertheless a worthwhile read, especially in its assertion that European countries fare somewhat worse than the US in integrating into mainstream society 2nd and 3rd generation Muslims.

And if you do feel that the report has completely misunderstood what drives young men onto the path of radicalisation I am sure the NYPD will be only too pleased to have the benefit of your informed view!

Spanning the Globe with Travel Security Management Training

ARC Training’s Business Travel Security Workshop has been conducted on both sides of the World this week.

On Monday Phil Wood MBE delivered the workshop to delegates attending the Security Management Stage 2 Course, while on Thursday David Cresswell conducted the same workshop for a group of security managers and travel management specialists in the Russian Far East.

In addition to looking at risks in specific countries, the workshop covers the essential elements necessary in order to put together an effective business travel and expatriate security management programme, drawing on the best practices of multinational organisations worldwide.

The following websites provide useful up-to-date risks and background information on a country-by-country basis (click on each to be taken to the site):

UK Foreign and Commonwealth Office
US State Department
Australian Government
Canadian Government

Please contact Janet to discuss how ARC can help your organisation in raising travel security management awareness.

Security Management in the Russian Far East

David Cresswell remains in the Russian Far East where he is continuing his two-week training assignment at Sakhalin Energy, the world’s largest combined oil and gas project, crucial to securing Russia’ s position as global energy supplier.

To view Sakhalin Energy’s highly informative website with details of Russia's first ever LNG plant - set to meet 8% of world demand - click on the link below:

http://www.sakhalinenergy.com/en/

The ARC Training International Academy for Security Management is proud to be able to serve this world-class project.

“It Takes 20 Years to Build a Reputation and Five Minutes to Ruin It. If You Think about That You’ll Do Things Differently.”

Risk management training is an essential element of ARC courses. Security Management Stage 1 presents a standard model for security risk management, since adopted by many organisations across the world. Stage 2 compares and contrasts different security risk management methodologies, while Stage 3 looks examines the broader concept of enterprise risk management.

One facet of enterprise risk management is the management of reputation risk. It has been said of corporate reputation that it takes 20 years to build, and just five minutes to destroy.

The art of good reputation risk management is ensuring that stakeholder expectations are positive and their expectations are well managed all of the time. A good reputation makes people more likely to want to transact with an organisation, whether as a customer, client, investor or stakeholder.

An excellent, informative and easy-to-understand guide to reputation risk management can be downloaded from:

http://www.senatecommunications.co.nz/files/Reputation_Management_Report-FINAL.pdf

Getting Security Right - Creating a Security Management Culture at the Heart of the Business

“The security of the city depends less on the strength of its fortifications than on the state of mind of its inhabitants,” – a quote which is famously attributed to ancient Greek historian Thucydides.

With this in mind Phil Wood MBE recently set off to Athens to assist BP's European Regional Security Advisor in delivering specialist training to BP’s Greece-based Business Security Representatives.

BP, one of the world's largest and most famous energy companies, is a leader in of the concept of embedding security into “the line” by training non-security specialist business managers in security to enable departments to better understand and implement the type of security advocated by Thucydides. Once trained, the managers are given the official title "Business Security Representative," and thereafter lead on day-to-day security issues within their respective businesses.

This was a lively and interesting course for all concerned and a significant step forward for BP's regional security capability. All 14 delegates worked hard throughout and fully earned their end-of-course certificates.

This is the seventh year of cooperation between ARC and BP in delivering business-embedded security training, in a project which has taken ARC trainers to Dubai, India, Pakistan, South Africa, Greece, Germany, Holland, Egypt and Spain.

Survey Reveals 14% of Laptop Thefts Occur at Airports or Inside Aeroplane Cabins

Twenty-nine percent of all stolen laptops are taken from offices, with thefts from cars responsible for another 25 percent of laptop losses, according to survey data from CREDANT Technologies, a security software provider. Some of the 283 executives who responded to the survey noted that office laptops had been stolen despite being locked or even glued to desktops. Only 10 percent of the units had a full-disk encryption solution in place, and 82 percent of the stolen laptops were never recovered. (Security Management Online)

Click here to obtain a copy of the full report.

Measures on how to better protect laptops are addressed in the Information and IT Security Workshop, 26 November, which, for those wishing to undertake a university-accredited path of study, forms part of the Security Management Stage 1 Course, 19-30 November 2007.

UK Experienced 122 Bank Robberies in 2006, While Italy Suffers a 26% Increase This Year

Source: Security Management Online

Italy has the busiest bank robbers in Europe, a report from the country’s banking federation says. Italian bank robbers held up a record 1,565 banks in the first half of this year, according to the banking federation. The report says bank robberies increased by more than 26 percent between January and June.


The report says Italy accounts for half of Europe’s bank robberies. Last year, Italy had 2,735 bank robberies - more than three times the number in Germany, which had 728 robberies. The UK had just 122 bank robberies in 2006.


On average, Italian bank robbers take 20,000 euros in each assault – about a quarter of the amount more productive robbers take from banks in Switzerland or the Netherlands.

American bank robbers are even less accomplished than their Italian colleagues. Almost 7,000 banks were hit up in 2006 and bank robbers made off with $70 million in cash, according to F.B.I data. That’s about $10,000 on average for each heist.

Consultancy in Security Management - What ARC Can Offer You

Peter Horsburgh will be travelling to Mainland Europe this week to conduct security consultancy and surveying for one of the world’s leading providers of satellite services.

This will be Peter’s fourth major security consultancy project this year (the others have been in the Middle East, Cyprus and the UK), and marks a migration of the best practice taught on ARC courses to the practical field of providing clients with on-site support services.

ARC can offer a wide range of security support services with best practice closely aligned to that which is taught on our courses. All consultants are qualified to CPP level, or hold specialist qualifications. Some examples of what we can offer you include:

• Full site security surveys
• Security risk assessments

• Security project management
• Security audits of your security management system
• Writing procedures, assignment instructions, security manuals, contingency plans
• Security consultancy for special events
• Crisis management consultancy, plan writing, tensting and exercising

• Business continuity planning and audits

• Perimeter pemetration testing

• Business impact analyses
• Systems installation project management
• Penetration testing
• Bomb countermeasures audits
• Confidential investigations - fraud, information breaches, Forensic IT
• Evacuation contingency planning

• Expatriate and business traveller security planning
• Maritime security consultancy, surveying and audits
• Security awareness programmes
• Tender document preparation for security services
• Security systems installation design (access control, CCTV etc)

• Malicious product contamination reponse

• Consultancy and response support to extortion

• Kidnap risk reduction planning and reponse support

• Anti-terrorism planning and consultancy

Contact Janet for details.

Security Managers from World's Biggest Combined Oil and Gas Project Get Trained in Specifying Security Technology

Security managers from the world’s biggest combined oil and gas project in Russia have just spent two days studying how to specify security technology. The course, which was delivered on site by David Cresswell, ARC’s Director of Training, included detailed sessions on perimeter and building intrusion detection systems, developments in digital CCTV, and concluded with a workshop on how to set about specifying such systems.

A number of the delegates have already attended ARC courses in the UK. This new programme was designed to build on the knowledge gained during previous courses, and is taken from the syllabus of the new Specifying Security Technology Course, 21-25 July 2008. For details contact David.

Plot to Attack UK Football Match Using a Light Aircraft

The US-based National Terror Alert Response Center reported on 13 October that the UK government is aware of an Al-Qaeda plot to bomb a Premier League soccer game on live TV.

A “top-placed” UK security source is reported to have said: “We have concrete intelligence that Al-Qaeda is planning an attack that would be seen live on television. We understand they’re targeting a Premiership stadium, probably by a suicide pilot flying a light aircraft right into the stand while a match is being broadcast.”

The story can be found at:

http://www.nationalterroralert.com/updates/2007/10/13/britain-al-qaeda-plotting-to-bomb-soccer-game-on-live-tv/

In the UK security controls over access to light aircraft parked at aerodromes are non-existent, many sit on the tarmac at weekends ready fuelled, passenger can take to the skies in light aircraft in the company of an instructor with no need to present ID (in the guise of an “experience” or “birthday gift” flight), and it is unlikely that the theft of a light aircraft would prompt an immediate RAF response. If a passenger were to kill the instructor there are dual controls in the passenger’s seat, air traffic controllers would probably not become suspicious provided the hijacker used correct radio protocol, and light aircraft are generally allowed to fly at an altitude of 150m over most stadia in any case. A horrifying vulnerability if you think too long about it!

The UK National Counterterrorism Security Office has published a useful guideline for those whose responsibility includes the security of sports stadia against terrorist attack. Click here to download.

Advanced Security Managers Convene

The latest stage of security management training has begun for another group of international security professionals at the ARC International Academy.

The Security Management Stage 2 (SM2) course, designed to cover more advanced security management issues, began its first week on 15th October with 13 delegates from the oil, tobacco, aerospace and banking sectors and includes subjects as diverse as Business Integrated Security Operations Management and Transport Security. The course culminates in one of ARC's renowned project tasks, Exercise Digilife.

Phil Wood, the Course Director, reports that the group is 'keen, capable, and ready for the challenge'...

If you would like to join the upcoming SM1, 2 or 3 courses in 2007 and 2008, please contact Janet for more details.

Gaining Competitive Edge in Contract Guarding

In a forward looking move, one UK guarding company has decided to have six of its managers trained and certified as Port Facility Security Officers.

Deciding that this certification would provide added benefit for their customers, they commissioned ARC Training to run an in-house course for some of their senior staff. The UK government approved course was run on the company premises, saving them travel and accommodation costs, simultaneously allowing their maritime team to gather and exchange experiences.

Although the certification is not mandatory for contractors, the managing director said “I believe that the course allows us to provide value added service and enhances out reputation in the market place.”

To discuss your maritime security training requirements contact Janet.

Aviation Security – Some Thoughts (or Moans?)

There are rumours that airlines are planning to lift restrictions on liquids. On the face of it, this seems a good idea. Certainly the rules aren’t being applied consistently. One ARC trainer, passing recently through an airport security checkpoint in Moscow was relieved of his half bottle of rather delicious sparkling apple drink. Another ARC trainer at the same checkpoint, however, was allowed to keep his 1 litre bottle of whisky claiming it was for medicinal purposes!

It is premature to consider allowing liquids through to airside. While the immediate threat of liquid explosives may have receded, there are frequent reports that terrorists will seek to initiate a poison gas release inside a cabin; this usually requires two substances (at least one of which would normally be a liquid) to be mixed together to form a binary chemical agent. My daughter is doing a chemistry degree at university. She tells me that there are enough unsecured binary agent components in her laboratory to gas the entire campus!

Even the most seemingly innocuous liquids can cause havoc inside a cabin. Take, for example, the lithium ion batteries supplied with most laptops (I took three onto two recent long-distance flights, unchallenged). If the plastic were to be peeled back a very serious fire could ensue, as lithium, when in contact with something as basic as water, burns violently.

If airlines weren’t so tight and gave us “mains” laptop power at our seats as standard, this risk could be eliminated. And while they are at it, can I have in-cabin broadband as well?

How Likely Is a Nuclear Attack by Terrorists?

Andrew Bieniawski, who leads the US National Nuclear Security Administration’s efforts to “lock down” nuclear materials and prevent them from falling into terrorist hands, concedes that it may not be ultimately possible to prevent terrorists from detonating a device.

"My personal view” states Bieniawski, “is that there is a likelihood in our lifetime there will be a radiological dispersal device or an improvised nuclear weapon." In risk analysis terms, this means that such a catastrophic 5/5 impact event, when mapped over a 30-year period, could conceivably be allocated a probability of 3/5, dependent on location.

This poses questions over the wisdom of locating corporate HQs in potential target areas, such as major Western cities. In the UK, for example, such an event in London would be devastating since the nerve centres of so many major businesses are concentrated in such a small geographical area.

The United States, conversely, has much better inherent redundancy – and is therefore of much less utility to a terrorist seeking to inflict a nationally devastating blow - due to the distributed nature of corporate HQs across the country.

Read about Bieniawski's race against the terrorists at:

http://www.latimes.com/news/nationworld/nation/la-na-duo27sep27,0,5478886.story?page=1&coll=la-home-center

Security Planning and Preparedness in the Oil Pipeline Industry

For an update on latest pipeline security initiatives in the US, click on:


http://www.api.org/aboutoilgas/sectors/pipeline/securitypreparedness.cfm

Pipeline security will be one of the subjects addressed in the new Protecting Critical Infrastructure Course, 14 - 18 July 2008. The full syllabus is as follows:

Defining Critical Infrastructure
The Current Threat Assessment to Critical Infrastructure
Risk and Vulnerability Assessment Methodologies
Establishing Baseline Security Criteria for Critical Infrastructure
Port and Transportation Security
Food and Drink Supply Chain Security
The Energy Sector – Special Considerations
Pipeline and Offshore Security Management
Security of Water Supplies
Securing Critical Infrastructure SCADA (Supervisory and Data Acquisition) Systems
Protecting Critical Infrastructure against Terrorist Attacks
Emergency Planning
Intelligence and Government Liaison
Crisis Management Exercise
Course Project

For more information on this course contact David.

Companies Failing Business Travellers Warns Report

More than half of British business travellers (59%) have little confidence that their company would be able to give reliable advice in the event of an emergency while they were abroad.

• Almost two-thirds (61%) of British business travellers have no clear travel security policy at their firm and 56% get no security support from their firm at all.
  
  These are two of the many findings in a new Control Risks report on Business Travel Security. Contact David to obtain a copy.
  
  Business Travel Security is covered as a one-day module on the Security Management Stage 2 Course. It can also be attended as a stand-alone one-day workshop.
  
  If you have a requirement for in-house business travel security briefings or workshops for overseas travelling staff or expatriates, contact the ARC Team. All members of the team are not only security educational specialists, but also have a wealth of personal experience in international travel to the more distant parts of the world!

The Case for Low Resolution CCTV

A 24-year-old man was arrested in Pennsylvania for holding up a convenience store wearing nothing but a hat. CCTV footage showed Carl Wagner entering the Carbondale convenience store naked and covering his manhood with his hands.

The store clerk refused to give Wagner any money and instead dialled 911. Wagner then fled the store empty handed (well, almost).

Full story at:

http://www.metro.co.uk/weird/article.html?in_article_id=67365&in_page_id=2

How to Investigate - **New Course**

Managers and supervisory staff are increasingly being called upon to conduct malpractice investigations within the workplace. The purpose of the investigation may be to establish that a crime has been committed, prior to calling the police, or it may be in support of potential litigation and/or internal disciplinary procedures.

The new 4-day INVESTIGATING AND INTERVIEWING SKILLS developed by Linx International on behalf of ARC Training will provide the essential skills necessary to undertake fair, legally compliant and effective internal investigations. The programme is highly interactive with many practical elements including how to maintain an investigations diary, how to take statements and manage interviews etc. The course is based on UK law.

Content: Investigation Objectives & Options; Criminal & Civil Law; Disciplinary Practice & Procedure; Investigation Methodology; Information, Intelligence or Evidence? Interview Techniques; Presenting a Case.

The first course takes place 5 – 8 November 2007. Contact Janet urgently if you would like more information, or to reserve a place.

Desktop Users Remain Biggest IT Security Threat

Businesses still consider desktop users to be the biggest security risk to their networks, despite increased concern over outsourced labour and remote users, according to a new survey by Sophos.

Such users were considered the greatest threat to security by 44 percent of respondents.

While office bound employees have consistently topped the list of those thought most likely to compromise network security in past surveys, they have lost ground to remote and mobile employees, who are considered to be a greater security threat by 31 percent of respondents.
Other users considered to be a threat to network security include contractors and outsourced labour, at 14 percent, and guests, 11 percent.

Record Numbers Undertake Security Management Certification

A record 49 candidates will converge on ARC training to take the CPP and PSP certification examinations in November.

In an environment where internationally-recognised professional qualifications for security management are being seen as increasingly necessary and relevant, the CPP and PSP are clearly the qualifications of first choice.

For information on how to study and register for the 2008 certification examinations contact David Cresswell.

Likely Terrorist Bombing Targets

India is often, sadly, a barometer of terrorist tactics. Train bombings are almost a regular occurrence and there have been numerous bombs at religious sites, shopping areas and business districts. The recent terrorist bombing of a cinema in India is a stark reminder of the types of targets that other countries, inclusing the West, can expect to be bombed in the future.

In examining the range of targets susceptible to a possible terrorist attack, the ARC Security Management Stage 3 course identifies the following:

• Mass assembly or mass occupancy (shopping malls, large office blocks, hotels and night clubs, sports arena, entertainment events etc)
• Essentials in emergencies (hospitals, police, emergency response services)
• Symbolic and famous structures (monuments, iconic properties, religious institutions, cultural centres, museums)
• Sites with dangerous contents ( hazmat production, storage and transfer, nuclear power plants, dams, water utilities etc)
• Occupant vulnerability sites (hospitals, schools, emergency shelters, prisons etc)
• Special vulnerability structures (buildings with limited structural flexibility or those with nearby exacerbating factors)
• Economically crucial sites (manufacturing, financial districts, refineries, banks etc)
• Government crucial sites (judiciary, legislative, political, military, investigative, intelligence, communications, police)
• Infrastructure nodes (bridges, airports, stations, ports, power plants, major intersections)
• Distinctive in network (a building or structure on which a collection of buildings hinges)

Also:

• Being located in a prominent city, eg a capital
• Visibility – overtly large and imposing
• Accessibility – a site to which many people have unrestricted access
• Having been discussed in open literature as a possible target
• Having previously been the target of attack
• Identified by intelligence sources as in a threatened sector
• Having been identified by intelligence sources as a specific target

Kidnap Warning to Westerners in East Africa

On 28 September, the U.S. Embassy in Nairobi issued a Warden Message regarding a threat of kidnapping on Kiwayu Island. The message reads as follows: “U.S. Embassy Nairobi has received information that extremists in southern Somalia may be planning kidnapping operations inside of Kenya. There are indications that extremists based in Somalia may be planning to target Westerners, especially American citizens, in the Kiwayu Island tourist area and other beach sites frequented by Western travelers on the northeast coast near Somalia. All U.S. citizens in these areas should exercise extreme caution and remain vigilant at all times.

A full-day kidnap awareness, risk reduction and response workshop is one of the modules that David is delivering in-house to a major oil and gas company in the Russian Far East, as part of a two-week programme of courses and workshops, in which the client has “picked and mixed” elements from ARC’s standard courses in order to meet its specific requirements.

To discuss your requirement contact David.

US Organizations Lose an Estimated 5% of Annual Revenues to Fraud - Download the ACFE Annual Report

According to research conducted by the Association of Certified Fraud Examiners (ACFE), U.S. organizations lose an estimated 5 percent of annual revenues to fraud. Based on the estimated U.S. Gross Domestic Product for 2006 – $13.037 trillion – this percentage indicates a staggering estimate of losses around $638 billion among organizations, despite increased emphasis on anti-fraud controls and recent legislation to combat fraud.

The ACFE's Report to the Nation on Occupational Fraud & Abuse details the survey results of 1,134 Certified Fraud Examiners (CFEs) throughout the US who were asked to provide specific information on one fraud case he or she had personally investigated that met the following criteria:

-The case involved occupational fraud;
-The fraud occurred within the last two years;
-The investigation of the fraud was complete; and
-The CFE was reasonably sure that the perpetrator had been identified.

The end result is a comprehensive report that sheds light on occupational fraud and abuse while offering stark lessons and valuable insights about its prevention and detection.

Download the report at:

http://www.acfe.com/documents/2006-rttn.pdf

ARC Training’s Tim Salt ( Former Chairman National Fraud Forum and Former Head West Midlands Police Fraud Squad) is in the Russian Far East this week to conduct three days of on-site fraud awareness training for one of Russia's best-known and biggest companies.

For details of how to arrange in-house fraud awareness training with Tim for your management contact David.

Remote Security Management!

The recent “electronic honesty box” internet sale of the new Radiohead album has reignited interest in human nature and honesty. Despite not being required to pay anything for the download, fans paid an average of £4 each.

Last year in the UK behavioural biologist Dr Melissa Bateson led a study based on an honesty box. During alternate time periods, a picture of a pair of eyes or a picture of flowers were placed above the box. Wildly differing sums of money were deposited in the box.

"When we had the picture of eyes on the wall it was nearly three times as much money. Eyes give people the feeling that they are being watched by other people. "If people think they can get away with it they will usually behave selfishly and not pay, but if you think you are being watched you know the consequences can be quite bad."

So when we dutifully put our coins in the honesty box, it may not just be out of our respect for a fair society, it may also be out of a purely selfish desire not to be punished or looked down on by our peers.

There is obviously a security implication in this, and pictures of eyes could conceivably be used in areas where crime may be a problem, but where cameras are unsuitable, such as locker/changing rooms.

Cardboard cut-outs have also been experimented with, although recently a cardboard cut-out of a policemen erected in a UK store to deter thieves was itself stolen!

For a deeper analysis of this strange phenomenon, click on:

http://news.bbc.co.uk/1/hi/magazine/7041447.stm

Weapons Screening Checkpoints Less than 50% Effective

If you are operating an x-ray and metal detecting search point at your facility, you must ensure that staff are trained regularly and are subject to spot checks. If they are contract staff, it is not enough to assume they have been trained by the contractor.

Figures released by the TSA in America show that in 2002 American screeners missed 70 percent of knives and 60 percent of false explosives sent through X-ray machines by testers.Improvement is slow. NBC News reported last year that federal agents smuggled materials needed to make homemade bombs through security checks at 21 airports. Six months ago, the Newark Star-Ledger reported that 20 out of 22 weapons got by screeners at Newark's Liberty International Airport.

Media Giant Bertelsmann and Encryption - A Case Study

Interest in encryption is growing, but few companies are doing it to the extent of media giant Bertelsmann, which has begun encrypting the computer work, including some e-mails, of its high-level executives to give them an extra measure of safety, according to CNN. Bertelsmann, whose far-flung holdings include publisher Random House, half of Sony, BMG Music Entertainment, and a slew of TV and publishing interests in Europe, has been troubled by strategy leaks.

Encryption is one way to bolster defenses against leaks and corporate espionage, says Tom Goschutz, chief technology officer for the company's corporate center. Encryption scrambles words and data so they can only be read by the proper parties, which have passwords used to unscramble the material.

Bertelsmann is focussing on protecting the most sensitive group of people. That is, board members, top management, etc. This means a combination of encryption of email and files, and restricting access to data.

Goschultz adds: “What we're using today is of course e-mail encryption, and we use device encryption, what (Palo Alto, Calif.-based vendor PGP Corp.) calls Whole Disk. We are just starting to introduce NetShare, which is the file server encryption, because this is where files are created. The basic three functions -- e-mail, file server and device (PC/laptop hard disk) encryption -- were the most important parts for us. As a nice b-product, we are a heavy user of instant messaging, and PGP secures that.

How To Detect Hidden Weapons

As the carrying of weapons becomes an ever increasing problem in the UK, the online security products magazine, Securezine, takes a look at what hand-held eqiuipment is available to detect weapons:

http://www.securizine.com/Features/Detectors.html

TSA to Test New Thermal Cameras in Railway Stations

The U.S. Transportation Security Administration will test new heat-sensing cameras that can be used to screen people at a train or bus station without requiring a mandatory wait at a security checkpoint.

The 10-inch cameras can be placed anywhere in a station, where they will be able to screen people as they walk by. The cameras can take a thermal image of the body from up to 20 yards away, highlighting materials colder than body temperature, signifying objects such as metals, plastics and ceramics.

Experts are sceptical about the cameras, claiming that the technology is not advanced enough and will result in the search of innocent people. ‘

The Profile of the Average Terrorist is Changing

The profile of the average terrorist is changing, Dr Marc Sageman - a former CIA field officer and now internationally respected terrorism expert and author - told a conference in Australia.

Five years ago, the average terrorist was in his mid-20s, married with kids, university-educated, middle-class, psychologically stable and probably an engineer. Today, he's more likely to be poor, of limited education and a second- or third-generation product of the culture he is attacking.

The well-educated young men who were radicalised while studying in the West (engineering was the most common degree) and who conducted the 9/11 attacks, had been replaced by self-trained, self-recruited and, thanks to the welfare state, self-financed "terrorist wannabes", in their early 20s and who recruited mostly on the internet.

Dr Sageman said there were "potentially thousands" of these "new" terrorists,
In strark contrast to a recent Washington Post story about the reemergence of a strong centralised Al-Qaeda (Al Qaeda Has Reconstituted into an Organised, Centrally-Driven Organisation, Warns Washington Post) , Dr Sageman said al-Qaeda's leaders had been all but cut off from the current crop of jihadists and comprised no more than two dozen people.

Kinship bonds were the glue that held most terror cells together, rather than ethnicity, religion or ideology, he said.

Logistics Security - Priorities

RFID and other tracking technologies, smart containers, data protection and cyber security, and personnel screening – these are all security measures on a “to do” list revealed in a recent survey of North American cargo companies.

When asked which area of security is considered the greatest challenge for the respondents’ organisations, 50% said “reducing cargo theft across the supply chain”, compared to 41% in last year’s survey. This seems to reflect the apparent industry concerns about the increase in organised cargo theft.

While almost half of all respondents agreed that the biggest security challenge was “reducing cargo theft across the supply chain”, 34% of the 2007 respondents put “safeguarding against a terrorist threat” at the top of their list. This is a significant elevation of perceptions of the terrorist threat when compared with 2006 results, in which just 22% rated it top.

For a copy of the survey, contact David.

Transport and Distribution Security is part of the Security Management Stage 2 syllabus. Forthcoming Security Management Stage 2 dates are as follows:

15 – 26 October 2007, UK

18 – 29 February 2008, Kuala Lumpur

30 June – 11 July 2008, UK
13 – 24 October 2008, UK

Get Better Buy-In to Your Security Programmes

Despite high profile campaigns, TV programmes galore and endless articles in the press and on the internet, it seems that the general public, at least in the UK, still hasn’t got the message about identity fraud. Recent polls suggest that around 80% of people still throw away paperwork that could be used to steal their identity.

Do ensure that you use the security pages of your corporate website to warn employees of this growing risk. By providing advice on personal security issues such as ID fraud you will encourage employees to read the security pages of your Intranet and get better staff buy-in to your corporate security programme.

Creating greater staff buy-in to security is one of the topics covered on the forthcoming Security Management Stage 1 Course, 19 – 30 November 2007.

For details contact Janet.

Indonesia - The Changing Nature of the JI Threat

The fragmentation of the militant Indonesian group Jemaah Islamiah poses a major new security threat for Indonesia and its neighbours, according to Sidney Jones, director of the International Crisis Group's South-East Asian office. Jones ' perception is now that JI is no longer the biggest threat to Western targets and civilians, there have emerged several splinter groups capable of causing serious attacks.

"The risk of an attack on civilians endorsed by the JI leadership is now very low," Jones told The Australian , a national daily newspaper."The biggest threat now is that the younger militants of JI could be used as a recruiting pool for splinter groups like that of (Bali bomber) Noordin Top.

Jones told The Australian that Top and his followers were still interested in launching attacks on Westerners. Since the 2002 Bali attack, more than 400 members of JI are reported to have been arrested across four countries.

Warnings of Suicide Attacks in India

Police in the Indian city of Hyderabad have been searching crowded buses and trains and frisking passers by at major junctions as part of ‘Red Alert’, declared following the Intelligence Bureau’s warning of possible attacks by suicide bombers, according to the Gulf-based Khaleej Times.

Police have gone on high alert especially around the major mosques following intelligence warnings that four to five suicide bombers were planning to strike before the end of the holy month of Ramadan on October 14.

Warning - Hotel Key Cards

Information courtesy of Queensland (Australia) Police

Ever wonder what is on your magnetic key card issued by hotel reception? Answer: a. Customer's name B. Customer's partial home address c. Hotel room number d. Check-in date and out dates e. Customer's credit card number and expiration date!

When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a lapop computer and go shopping at your expense.

Simply put, hotels do not erase the information on these cards until an employee reissues the card to the next hotel guest. At that time, the new guest's information is electronically "overwritten" on the card and the previous guest's information is erased in the overwriting process.But until the card is rewritten for the next guest, it usually is kept in a drawer at the front desk with YOUR INFORMATION ON IT!

The bottom line is: Keep the cards, take them home with you, or destroy them. NEVER leave them behind in the room or room wastebasket, and NEVER turn them into the front desk when you check out of a room. They will not charge you for the card (it's illegal) and you'll be sure you are not leaving a lot of valuable personal information on it that could be easily lifted off with any simple scanning device card reader.

For the same reason, if you arrive at the airport and discover you still have the card key in your pocket, do not toss it in an airport trash basket. Take it home and destroy it by cutting it up, especially through the electronic information strip! If you have a small magnet, pass it across the magnetic strip several times. Then try it in the door, it will not work. It erases everything on the card.

If there is a blog reader from the hotel security community willing to reply to this post to put the hotel sector's case, it would be much appreciated.

ARC Training at the House of Lords!

David Cresswell and Janet Ward were amongst a group of ASIS officers to visit the House of Lords this week, at the invitation of Baroness Henig, Chair of the Security Industry Authority (Image – front left).

The event was part of a series of functions to honour Mike Cummings, ASIS “No 2”, who has been on a week long visit to the UK ASIS Chapter. Baroness Henig is a fervent supporter of security management professional development and takes a keen interest in accredited security management training and certification.

The picture was taken on the House of Lords Terrace - the only place where cameras are allowed (unless you are the BBC).

How to Create a Return on Security Investment with New Technology

The concept of a fully-converged, multi-application voice and data network has become increasingly compelling over recent years, as IP costs continue to fall and network resilience, performance and quality of service delivery all continue to improve. Adding IP CCTV to the existing network is the next logical step for many businesses, as it not only boosts the scope of surveillance but also centralises security operations and maintenance, eliminates the need for laying additional cables and removes the issue of buying (and then storing) video cassettes.

Many organisations already have in place an IP network infrastructure that serves their telephony and computer networks, Point-of-Sale, ATM and credit card detail acquiring systems, in addition to other key business applications. It’s a simple and low cost process to add a network access point to install a camera and link it with the business network. There are none of the support and re-cabling costs associated with the non-digital alternative. Given the readiness and availability of power-over-Ethernet products, directing power to the devices is easier, too.

Interested? Read on at:

http://www.info4security.com/story.asp?sectioncode=10&storycode=4115124

IP CCTV will be one of the subjects addressed in the new Specifying Security Technology Course, 21 – 25 July 2008. The programme is intended for those security managers who are required to specify and select technical security systems. The course will focus on developments in technology, especially convergence and the migration of traditional discrete security systems to common IT-based platforms, and is designed to help the security manager to reach rational and cost-effective decisions about the employment of new technology. The course will address the following areas:

- Technology Convergence – Upside and Downside
- Creating Dynamic Return on Investment though Convergence
- Integration of Physical and IT Security Systems
- IT Networking of Physical Security Systems
- IT Network Security Overview
- Systems Specification, Project Management and Testing
- Selecting between Installers, Integrators and Consultants
- Automated Access Control Systems
- Integrating Physical and Logical Access Control (the Single Card Initiative)
- Electronic Systems for Asset Management (GPS, RFID, EAS etc)
- Developments in Digital CCTV and Specification Implications
- Video over IP
- Power over Ethernet Considerations
- Intrusion Detection Systems

For further information contact David.

ASIS Chapter 208 (UK) Sets 2008 Exam Dates

ASIS Chapter 208 (UK) has announced a new certification programme that will see it conducting CPP examinations in May and November of 2008. The chapter, Europe’s largest, will be running condensed one-week ‘crammer’ courses in conjuntion with ARC Training immediately before the exams but applicants will be able to begin learning four months earlier using a distance learning package.

The programme will be managed by ARC Training International, in collaboration with MFD International. Details are as follows:

Examination 1/2008
Distance study begins: End of January

Preparation programme: 28th April – 2nd May

Examination: 3rd May

Examination 2/2008
Distance study begins: End of July

Preparation programme: 27th – 31st October

Examination: 1st November

The subsidised Region 25 ASIS members' cost of the package, including accommodation, is £1225 + VAT. Applicants outside Region 25 should contact Janet Ward at ARC.

For details on how to register, contact the professional certification representative, David Cresswell. Upon registration and receipt of payment you will be sent a copy of the CPP Study Guide.

Please note that there is no change to the PSP certification schedule:

Distance study begins: End of July

Preparation programme: 27th – 31st October

Examination: 1st November

A record number of candidates are expected to sit the CPP examination in November of this year, which ASIS says demonstrates the importance of the qualification. Candidates can check their eligibility at:

http://www.asisonline.org/certification/cpp/cpphow.xml

To book your place on one of the 2008 review programmes contact Janet.

Guide to Closed Circuit Television (CCTV) Destruction!

Learn how anarchists and activists might try to destroy your CCTV systems so that you can take the necessary countermeasures:

http://www.schnews.org.uk/diyguide/guidetoclosedcircuittelevisioncctvdestruction.htm

Nearly All CCTV Systems in Britain Are Operating Illegally

Nearly all CCTV systems in Britain are operating illegally, a consultant has warned. Bernie Brooks of consultancy firm Datpro told Out Law Radio that less than five per cent of the buildings he had surveyed met basic data protection laws.

The warning comes amidst growing fears over privacy and just months before the Security Industry Association begins CCTV licensing in Scotland - potentially rendering thousands more systems illegal.

“If a system is non-compliant,” Brooks warned, “it could invalidate the usefulness of the evidence in a court of law.”

“You could, in theory, walk in [to a business] and say 'I would like a copy of my images from yesterday'. “I tell you now, if you went and did that, 75 per cent of the businesses out there – if not 95 per cent – wouldn’t know what you were talking about and wouldn’t know how to handle it.”

For the full story click on:

http://www.info4security.com/story.asp?sectioncode=9&storycode=4114943

How to Better Protect Yourself against ID Theft

Identity theft has become big business for organised criminal gangs and terrorist groups seeking new sources of finance. A survey for the UK Information Commissioner's Office (ICO) shows that about 20% of people had been victims of identity theft crime.

For blog readers in the UK, the Home Office has posted some useful personal guidance on how to reduce your risk to this threat on the following link:

http://www.identity-theft.org.uk/protect-yourself.htm

If you can, it is well worth putting this link on the security pages of your corporate website, as part of your comprehensive security service to employees.

Police Hunt Cardboard Cut-Out Thief

A life-size cardboard cut-out of a policeman that was intended to deter theft at a Derbyshire supermarket has in fact been stolen itself. A man aged between 35 and 40 was caught on CCTV stealing the paper policeman as he left a Co-op store in Long Eaton. However, he did pay for his own shopping.

Inspector Andy Picken said: "We were using the cut-out as a way of engaging more with the local community, so the theft is a bit disappointing. "But the project has not been hampered by this incident."

Al-Qaeda Pursuing Weapons of Mass Destruction: US

Regular readers of the blog will note that articles regarding the threat from terrorist use of chemical, biological and radiological weapons feature regularly on the site - the previous posting is one such example - and there has been much academic research into this area in recent months.

This week, according to AFP, the war between the US and Al-Qaeda got a little hotter with a new White House report on national security asserting that Osama bin Laden's Al-Qaeda network remains bent on getting nuclear and biological weapons to unleash apocalyptic destruction.

The report, which calls for redoubled anti-terror coordination at all levels of government, said Al-Qaeda remains "the most serious and dangerous manifestation" of extremist threats against the United States.

"We also must never lose sight of Al-Qaeda's persistent desire for weapons of mass destruction, as the group continues to try to acquire and use chemical, biological, radiological, or nuclear material," it said.

Chemical Agents Appeal as Weapons of Terror, Warns Report

Hardly a day goes by without talk of - or a TV drama about - terrorist use of CBRN (Chemical, Biological, Radiological and Nuclear) weapons. The following is an extract from a paper presented to the CRRN Terrorism Conference in UK earlier this year:

“Classic chemical warfare agents” are readily available from most scientific labs, can be easily dispersed and could be used in a public place such as a shopping mall. Such attacks are present difficulties for the police and first responders, and for this reason these agents appeal as weapons of terror.

“Industrial chemicals” involves a real possibility of large industrial plants being targeted by an attack. Information about the location of these sites is readily available over the internet, security on these sites can be minimal, and it is very difficult to police the sites due to their large number, dispersion and ease of accessibility. Attacks on these sites could cause considerable casualties as they are large and the possibility of contamination is high. Any attack requires minimal amount of training to orchestrate.

For a copy of the full paper contact David.

CBRN preparedness is covered in the Security Management Stage 2 Course.

New Report on Threat and Security Perceptions in Logistics Sector

RFID and other tracking technologies, smart containers, data protection and cyber security and personnel screening – these are all security measures on a “to do” list revealed in a recent survey of North American cargo companies.

When asked which area of security is considered the greatest challenge for the respondents’ organisations, 50% said “reducing cargo theft across the supply chain”, compared to 41% in last year’s survey. This seems to reflect the apparent industry concerns about the increase in organised cargo theft.

While almost half of all respondents agreed that the biggest security challenge was “reducing cargo theft across the supply chain”, 34% of the 2007 respondents put “safeguarding against a terrorist threat” at the top of their list. This is a significant elevation of perceptions of the terrorist threat when compared with 2006 results, in which just 22% rated it top.

For a copy of the survey, contact David.

Transport and Distribution Security is part of the Security Management Stage 2 syllabus. Forthcoming Security Management Stage 2 dates are as follows:

15 – 26 October 2007, UK
18 – 29 February 2008, Kuala Lumpur
30 June – 11 July 2008, UK
13 – 24 October 2008, UK

Record Numbers of Delegates Attending ARC Training

Sixteen delegates from across the world will gather at the ARC Training International Academy for Security Management during 15-26 October 2007 to attend the Security Management Stage 2 Course under the guidance of Phil Wood MBE CPP and Peter Horsburgh CPP PSP. The course focuses on developments in security risk management and addresses some of the more complex issues of day-to-day security management and crime prevention.

A similar number of security managers, representing many different countries and business sectors, have registered for the 19-30 November 2007 Security Management Stage 1 Course, which is a detailed and interactive programme designed to give delegates a thorough understanding how to manage security within an organisation.

David, meanwhile, will be in the Russian Far East, delivering a two-week advanced-level programme to one of Russia’s most important energy companies.

Almost 40 candiates are preparing to sit the ASIS CPP certification with ARC Training on 3 November, with a further 10 planning to sit PSP. A 3-day review programme to prepare candidates for the examination is being conducted by Barry Walker. Concurrently, Peter Horsburgh will be delivering a PSP review programme.

For those who have completed Security Management Stages 1 and 2, and who can’t wait until the next UK Security Management Stage 3 (12 – 23 May 2008), ARC Training is pleased to announce that an extra Security Management Stage 3 is being scheduled for Dhaka, Bangladesh, over the period 2-13 December 2007.

Remotely-Controlled Toys – A Terrorism Risk

US airport inspectors are honing in on remote-controlled toys in passengers' luggage after warnings by the country's Homeland Security Department, the Transportation Security Administration said.

In an announcement Monday, the assistant secretary at the Department of Homeland Security in charge of aviation security, said US travellers can expect to see more scrutiny of toys as they pass through inspection gates at airports.

The New York Times has reported that there is "credible specific information" about terrorist tactics involving remote-control toys. However, there isn't intelligence on a specific plot, but DHS and TSA are taking the necessary precautions, including patting down children carrying remote-control toys.

Toy remotes have been used before by terrorists as a detonation device.

Understanding Digital and Networked CCTV

Surveillance technology has undergone a revolution in the past several years, reports ASIS International Security Management Online. Systems once made up of low resolution analogue cameras hooked up to VCRs and monitors now consist of analogue and IP cameras attached to encoders, networks, and ever-evolving digital video recorders (DVR) and network video recorders (NVR). These advances create not only great potential but also problems, including increased demands on unprepared corporate networks and unheard of bandwidth and storage needs. This overview looks at some integral aspects of video surveillance systems to help managers make more informed decisions about the system features that will best meet their needs.

Security Management Online features a 5-page web article on advances in CCTV surveillance technology, designed to help security managers make better informed decisions about how to employ digital CCTV:

http://www.securitymanagement.com/article/decoding-digital-picture

Peer-to-Peer File Sharing Networks Expose Companies to Inadvertent Data Compromise

Many employees process sensitive business information on home computers. Many more store sensitive information on laptops. The proliferation of file sharing, especially music files, through a process known as peer-to-peer (P2P) sharing, has lead to a situation where sensitive corporate information is stored on PCs and laptops which also have P2P software installed, allowing for the inadvertent compromise of sensitive data, and possible exposure to lawsuits, fines or reputational damage.

This is an area of business risk exposure which is largely unchecked in most companies, since there is usually no single person who is responsible for ensuring that sensitive company data does not reside on PCs or laptops alongside P2P software.

A recent report by the Center for Digital Studies, Dartmouth College, USA, draws attention to this problem. The report, which should be essential reading for all who are serious and professional about their commitment to information security, can be downloaded from:

http://weis2007.econinfosec.org/papers/43.pdf