Sunday, June 22, 2008

Surviving Disasters

Natural disasters, fires, bomb attacks and any number of other types of crisis can strike at any time – usually when unexpected and unanticipated. But is there anything that you can do to increase your chances of survival? A recent article in the UK’s Times newspaper outlined some theories and practices which may increase the chance of escaping alive when catastrophe strikes. Amongst the panic and chaos which usually arises, training and familiarity with your surroundings may be your best hope. Does your organisation train its people to respond when things go wrong? Do you carry out emergency drills? When you enter the unfamiliar surroundings of an aircraft or a hotel, do you assess the routes of escape – do you even know where they are? It is worth thinking about. Read the article here:

http://women.timesonline.co.uk/tol/life_and_style/women/the_way_we_live/article4149935.ece

Friday, June 20, 2008

Risk and its Benefits

Those who have attended ARC’s courses know that we are strong advocates of integrated risk management as the sensible and profitable way to ensure that business progresses in a competitive marketplace. The ability to assess risks and to take action whilst remaining secure and observing compliance offers organisations a distinct advantage. BT Global Services have carried out exhaustive research and data collection on modern risk issues, accessible through this link:

http://www.btglobalservices.com/business/global/en/products/security_and_compliance/risk_in_the_global_economy.html

This site is also worth navigating around as it has interesting video articles included and various white papers and reports. If you want to join ARC’s courses, where risk management is treated in depth throughout – contact Janet or visit the ARC homepage at http://www.arc-tc.com/ .

IT and Information Security Focus

The pace of modern life is hectic and the need for people to be online and available via various communications means continues to grow. As far as data transfer and storage is concerned, the USB or ‘flash’ drive has become an indispensable piece of business and personal equipment for many of us. The fact that these devices can hold large amounts of information and can upload and download data rapidly, combined with their portability makes them particularly useful. Unfortunately, it also makes them ideal weapons for information thieves and for the introduction of malware. ENISA, the European Network and Information Security Agency, has just published a report on security for flash drives, accessible here: http://www.enisa.europa.eu/doc/pdf/publications/Secure%20USB%20drives_180608.pdf

If you want to know more about this subject, it is covered in various ARC courses. Contact Janet for details or visit or the ARC homepage at www.arc-tc.com

Thursday, June 19, 2008

IT and Information Security Focus

Information enters and leaves your organisation by various routes, these days probably the bulk through IT systems. But IT is not the only medium for information storage and movement and neither should information security be the sole responsibility of the IT department. An information availability (IA) plan, properly implemented at all levels of the organisation, is an important enhancement to information security systems and it makes good sense to put in place if you do not have one already.

Read on here: http://www.continuitycentral.com/feature0585.htm

Wednesday, June 18, 2008

Security on Private Jets

Many millions of people fly all over the world every year – and we all know that security is tighter at airports than it has ever been. Unless, it seems, you have a private jet. An article, recently published in the US, highlights some interesting security arrangements experienced by its author during his travels. You can access the article via this link:

http://www.redorbit.com/news/business/1437744/wealth_buys_a_pass_through_air_security/

Tuesday, June 17, 2008

Certification Focus – CPP™ and PSP™

With the next CPP™ and PSP™ examinations taking place in November this year, the pre-course distance learning programmes are filling up quickly. For both certifications, Phil (CPP™) and Peter (PSP™) will set a series of tasks and projects for candidates to carry out over the months between July and November which will culminate in a week-long study programme at the examination venue immediately prior to the exam.

These study packages have proven to be not only popular but also successful in preparing certificants for the exams and with both CPP™ and PSP™ becoming increasingly popular as preferred industry qualifications, demand is high.

If you would like to join this year’s courses, please contact Janet for further information and enrolment guidance.

Monday, June 16, 2008

Information Security – Watch out for disgruntled staff!

From the United States comes the tale of a disgruntled employee who caused real damage to his company’s computer network and who also by his actions threatened the health of the patients of the community clinic where he worked. The cause of the problem appears to have been his dissatisfaction with his job appraisal and, vitally, he left a trail of forensic evidence which led to his arrest by the FBI. The story is here:

http://www.theregister.co.uk/2008/06/13/it_manager_rampage_sentence/

We cover information and IT security at various levels in many of our courses and workshops – visit the website http://www.arc-tc.com/ for details!

Information Security – Data Breach Report

The risk to businesses caused by data breaches, inadvertent or otherwise, is by now well understood by most security professionals. However, these breaches continue. A new report, published by Verizon Business Security Solutions, covers four years and more than 500 investigations and shows that, surprisingly, 73 percent of breaches resulted from external sources as opposed to only 18 percent from insider threats. This interesting and useful report also provides recommendations on preventing breaches within businesses and mitigation advice. You can access the report through this link:

Friday, June 13, 2008

Protest Activity News

Earlier this year we warned of the promise of protest activity for 1st April, which was labelled Fossil Fools Day, with the aim of disrupting the power industry and its coal supplies. Today, 13th June has seen a major demonstration at the UK’s Drax power station by a group which is opposed to open cast coal mining.

In common with many such activities, the protest has been well planned, rehearsed and conducted, with protesters planning to stay in place for several days. Read the BBC News report here: http://news.bbc.co.uk/1/hi/england/north_yorkshire/7452395.stm

Business Continuity - Fuel Problems

For us here in the UK another problem with fuel is looming. A strike by road tanker drivers has begun and already panic buying has started at filling stations. Of course, the lack of fuel will have consequential effects: people will not be able to travel to work; food and other important supplies may not reach logistics hubs and retail sites – and of course, industries which require logistic support may be hampered.

The potential for industrial disputes such as this to cause serious social disruption should not be underestimated by businesses. Do you have a business continuity plan to deal with this type of problem and are you sure that your suppliers have such a plan?

Business continuity needs thought and anticipation so that your organisation can survive major disruptions. ARC runs business and crisis management training sessions within our security management courses and also as stand alone in-house workshops tailored to your requirements. Already this year we have delivered such training in various locations worldwide and this pattern looks set to continue as global events and emerging threats become more worrying for major companies. For more information on ARC’s ability to assist you in your preparation, look at the website or contact Phil.

Investigations – Locard’s Exchange Principle

Edmond Locard was the director of the world’s first crime laboratory in Lyon, France. The techniques that he developed proved useful to the French Secret Service during World War I, when he was able to determine where soldiers and prisoners had died by examining the stains on their uniforms. Locard's Exchange Principle states that with contact between two items, there will always be an exchange of some substance or other. This is the basis of trace evidence collection at a crime scene and is used in investigations worldwide daily.

Often, investigators use this principle as the basis for investigations and record not only physical evidence but also the interaction between people. In the words of one investigator ‘Everyone leaves a footprint’. A short article on this investigator is at the following link:

http://www.ft.com/cms/s/0/0549499e-1008-11dd-8871-0000779fd2ac.html?nclick_check=1

Investigation is covered in several ARC courses, either subject specific or as part of a broader security management course. Take a look at the website or contact Janet for further details.

Metal Theft and Infrastructure Security

Theft of metals such as lead and copper from buildings, utilities and railways are on the increase as global demand places a heavy burden upon legitimate sources. The results of thefts can lead not only to degradation of infrastructure but also power and transportation disruption. On many occasions thefts have led to deaths and injuries to either the perpetrators or to innocent victims. There are of course severe financial penalties for those organisations and businesses which cannot prevent loss of their materials.

The Office of Electricity Delivery and Energy Reliability of the U.S. Department of Energy published a report on mitigation processes for utility companies which provides interesting background information and guidance on protecting assets. The document can be downloaded here: http://www.oe.netl.doe.gov/docs/copper042707.pdf

Intrusion Detection – The Way Ahead

There are many different types of intrusion detection system on the market, some are very good; others less so. For the uninitiated, the array of various systems available and their potential combinations (and conflicts) can be confusing. As a security professional, do you know where to deploy PIDS, BIDS, volumetric and object sensors, do you understand the uses of fibre optic, microwave and infra-red systems and their linkages into alarm systems?

If you feel a little intimidated by all of this terminology you can either learn about it and be better equipped to manage its specification and installation - or you can allow unscrupulous vendors to sell to you whatever they like at an inappropriate cost.

ARC’s Specifying Security Technology course, which takes place from 21st to 25th July could be the answer to all your technology nightmares - where all of this technology, and its properties, will be made clear! See the website for more details.

Wednesday, June 11, 2008

Security Managers - Improving Performance and Value

There is great debate within the security profession at the moment concerning the value of training security managers specifically for their role rather than relying solely upon their past experiences, perhaps as a military or police officer. There is also a case for training business professionals from other disciplines in the skills required to allow them to provide real value to the organisational security effort. There are many routes to take in order to achieve increased performance, not least of these is the ASIS™ CPP™ certification, details of which can be found on the ARC website.

Another source of information, particularly valuable to those managers requiring an introduction to the range of subjects and issues facing modern security organisations, is ARC’s Security Coordination and Management (SCM) course. The programme’s sessions include risk management; physical, IT and information security; terrorism and protection of personnel amongst others and provide an ideal basis for further personal development and the application of subject matter towards your organisation’s security concerns.

The next SCM takes place in the UK from 1-5 September 2008. We can also deliver the course to you at your location if required. Follow this link for more information or contact Janet.

Tuesday, June 10, 2008

Investigation & Interviewing Skills in Nigeria

ARC was recently invited to Nigeria to deliver a four day Investigation & Interviewing Skills (IIS) course for delegates from a major multinational oil and gas company and associated security suppliers.

The IIS course has been designed and developed according to current UK occupational standards for investigators, however course content was amended to fit specific Nigerian requirements.
Areas covered included: investigations as part of a corporate risk management strategy, investigation objectives & options, Criminal & Civil Law, disciplinary practice & procedure, investigation methodology, evidence gathering, interview techniques and how to present a case.

The course was well-received and positive feedback given, in particular with regard to the interactive nature of the course and its scenario based training.

If you would like to discuss your specific requirements for investigation training, please contact Janet to discuss programme contents. Click the following links for information available on the ARC website:

Aviation Security – Glasgow Airport

Still in the aviation world, Glasgow Airport, which was subjected to an attempted terrorist attack last year, has been awarded ‘Most Effective Recovery of the Year’ award at the recent Business Continuity Awards 2008. The Airport handles over 8 million passengers a year and its resilience planning stood the organisation in good stead when a vehicle bomber attempted to cause major human and infrastructure damage. Once the emergency was under control, the Airport authorities faced a huge challenge to restore operations rapidly and efficiently – their success was based upon preparation and planning, which is at the core of any effective business continuity capability. This link will take you to a case study on the Glasgow response from the Business Continuity Journal: http://www.continuitycentral.com/glasgowairportcasestudy.pdf

If you would like to know more about Crisis and Business Continuity Management, it is covered in our courses and we can also provide bespoke training based on your organisation’s requirements. Contact Phil for details.

RFID Tracking – Lost bags a thing of the past?

Radio Frequency Identification (RFID) is becoming more prevalent on a daily basis and is proving to be a real asset to retailers and logistics organisations who need to keep track of assets and their movements. Another emerging application for RFID is to embed its hardware into luggage tags which are used for baggage management at airports. The technology is now in use at Hong Kong International Airport and in time it is anticipated that RFID will completely replace the current barcode systems. One drawback is that the new tags are more expensive than the printed tags currently in use, and this may hamper worldwide introduction until prices can be reduced. However, if this can be overcome, RFID promises a more efficient and accurate method of tracking luggage. RFID and other asset management technology will be covered in detail during the forthcoming ‘Specifying Security Technology’ course. Go to the ARC Website http://www.arc-tc.com/pages/other_accredited_sm.asp#s4 for further details.

Monday, June 9, 2008

***Retail and Supply Chain Management - New Dates***

Due to demand from prospective delegates the forthcoming Retail and Supply Chain Management course has been moved to later in the year, and will now take place on 8-10 September 08. This three-day course is aimed at both retail security managers, and those in the logistics sector responsible for supply chain security. For more information contact Janet or click here.

Information Loss – Printing Errors

How many printers are there in your offices? Do you know their features and capabilities concerning data storage and retention? Are they PIN-protected? Are they networked and uncontrolled? Printers are potentially a major source of information loss within the workplace and are often forgotten when constructing security measures, with many managers focusing only on the computer hardware and communications networks. The European Network and Information Security Agency (ENISA) recently published a report concerning the threat of information loss via printers and the routes for information loss. The report can be accessed via this link: http://www.enisa.europa.eu/doc/pdf/ENISA_secure_printing.pdf

Terrorism Risk Assessment

Security managers and the companies that employ them face a difficult task when considering the threat of terrorist attacks and the risks that they engender. Trying to anticipate what is coming next can be tricky and is complicated by the fact that potential attackers are both unpredictable and often ingenious in their planning and conduct of operations. Risk assessment is fundamental to effective security management across all departments and functions of a business, and can be used effectively when attempting to plan protection against terrorism. ‘Continuity Central’ recently published a short article concerning terrorism risk and mitigation here: http://www.continuitycentral.com/feature0587.htm

ARC covers risk assessment in depth on many of our courses and workshops, in addition to specific sessions on terrorism risks. Contact Janet for further details or visit our website at http://www.arc-tc.com/.

Friday, June 6, 2008

ARC in South Africa

ARC was recently invited to South Africa to deliver a successful two-day security management awareness programme for delegates from a major multinational oil and gas company.

The programme provided a unique opportunity for managers from across the Southern Africa region to get together to discuss security problems of common interest. Subjects included:

Security Design Principles, Perimeter and Buildings Security, Access Control, CCTV, Information Security, Crime Prevention, Pre-Employment Screening, Managing Workplace Violence, Guardforce Selection and Management, Incident Management, and Business Travel Security.

If you would like to discuss your requirement for local security management awareness training, please contact Janet to discuss programme contents.

ARC will be conducting its first open Security Management Stage 1 (university accredited) in Cape Town, South Africa, during the period 9-20 March 2009. For more information contact Janet.

London – Capital of Laptop Theft

Londoners had more than 15,000 laptop computers stolen in 2006. That figure is equal to one laptop stolen in the Metropolitan Police area for every 500 Londoners.


For a list of 25 laptop security measures, contact David.

Visitor Secrecy and Other Confidentiality Agreement Templates

MODEL POLICY STATEMENT ON THE PROTECTION OF PROPRIETARY INFORMATION

EMPLOYMENT NONCOMPETITIVE AGREEMENT REGARDING PROTECTION OF LIMITED INFORMATION

VENDOR OR SUPPLIER SECRECY AGREEMENT

VISITOR SECRECY AGREEMENT

These are examples of templates included in Chapter 15 (Part 2) of the ASIS International POA Manual, the seminal reference for security professionals, covering almost every conceivable security management subject. Available from ASIS International, it is the main reference source for the CPP certification, the leading international certification in advanced security management.

Study for the November 1st CPP (and PSP) certification examinations begins in June. Click here for details.

Wednesday, June 4, 2008

Around the Clock, Around the World - Regional Training with ARC

ARC Trainers have been “deployed” overseas again this week to meet the growing demand for international “regional” training and consultancy.

Peter Horsburgh has been in Switzerland, in the final stages of a security design consultancy project for a major multinational manufacturer, that has seen Peter out of the UK for most of the first half of 2008.

Phil Wood MBE is delivering Crisis Management and Business Continuity Management to the ASIS International Chapter in Hong Kong, and will be then staying on to attend the Asian Securitex Conference, to which he has been invited to speak about Training Standards.

ARC Associate Angus Darroch-Warren is in Nigeria conducting investigations training in conjunction with ARC’s local Nigerian partner Cardinal.

And David Cresswell is in Prague with ARC’s Czech partner OrangeGroup, where he is delivering a four day programme in Information and IT Security for a mix of government and corporate sector clients. Drawing on his previous career in the British Army’s Intelligence Corps, David will be explaining some of the “tricks of the trade” now used by the corporate sector, the various ways in which employees assume ownership of data that isn’t theirs, and the many varied tactics to successfully manage this risk.

If you have a local training requirement, contact Janet.

CPP Glossary

David Cresswell is currently working on putting together a CPP Glossary, which is far from complete but which he is willing to share with you if you are working for the CPP, or involved in preparing other candidates for CPP.

So far the glossary is just 12 pages long, but it will serve as an excellent starting point for building your own glossary, a very useful CPP study aid memoir. Contact David to be emailed a copy.

Note that enrolment for the 1 November UK CPP and PSP certification examinations is taking place now. Contact Janet for more information.

Bugging Hotel Rooms

It is sometimes said that "All hotel rooms abroad are bugged for audio and visual surveillance." Of course it is not true that all of them are bugged, but a great many are -- especially in major hotels frequented by foreign business and government travelers. To maintain an adequate level of security awareness while conducting business abroad, you must operate on the assumption that your hotel room conversations are being monitored. If you are an active target who is known to pick up local women, you could also be filmed by a concealed camera.

Most foreign security and intelligence services have various means of screening incoming visitors to identify persons of potential intelligence interest. They also have well-established contacts with the hotels that commonly host conferences and meetings with international participation. For convenience, some even maintain permanent offices within the largest hotels. If the local intelligence service considers you a significant intelligence target, it may arranged for you to be assigned a room that is already prepared for the desired monitoring.
For detailed resources on Information Security click on:
For detailed resources on Business Travel Security click on:

Hong Kong Update


Phil’s week in Hong Kong is developing nicely with a very successful start on Monday and Tuesday. The Crisis Management workshop involved a total of 22 security professionals and local ASIS Chapter members in a testing and thought provoking treatment of what should be a fundamental skill for practitioners in our industry.

Buoyed by the good delegate feedback Phill waded through the monsoon rain to the Asian Securitex 2008 where he is manning the ARC stand. He also took part on Wednesday in a panel discussion at the security conference entitled ‘Keeping Pace through Personal Development’ where he discussed with delegates the need for security professionals to be properly trained and certified in accordance with corporate expectations.

Sunday, June 1, 2008

Forthcoming Courses

Advanced Investigation Techniques
23 – 27 June 2008
This advanced, police-developed programme is designed to equip participants with the skills and knowledge necessary to carry out complex workplace investigations
http://www.arc-tc.com/pages/accredited_investigation.asp#f2

Security Management Stage 2
30 June – 11 July 2008
A 10-day university accredited programme which assumes delegates have a thorough understanding of the core-skills security management subjects taught on Stage 1, and focuses on developments in security risk management, addressing some of the more complex issues of corporate security management.
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2

Fraud Risk Reduction and Detection
14 – 16 July
This workshop style course introduces participants to the types of fraud typically encountered in the workplace, and the procedures and tools to deal with those who are suspected of fraud.
http://www.arc-tc.com/pages/accredited_investigation.asp#f3

Protecting Critical Infrastructure
14 – 18 July 2008
A new programme intended for those security managers who are charged with managing the security of those sectors which fall into the category of critical infrastructure, such as energy, communications, water, finance, food, healthcare and transport sectors.
http://www.arc-tc.com/pages/other_accredited_sm.asp#s5

Specifying Security Technology
21 – 25 July 2008
A new programme intended for those security managers who are required to specify and select technical security systems, focussing on developments in technology, systems integration and convergence.
http://www.arc-tc.com/pages/other_accredited_sm.asp#s4

Security Management Stage 1
4 – 15 August 2008
A detailed and interactive university-accredited programme designed to give participants a thorough understanding of how to manage security in an organisation. Designed for both experienced and non-experienced managers, the course covers the key core-skills areas of security management.