Source: www.nationalterroralert.com
In the 7½ years since America’s worst bioterror attack — when letters laced with anthrax spores killed five people, closed Congress and the Supreme Court and crippled mail service for months — U.S. agencies have spent more than $50 billion to beef up biological defenses.
No other anthrax attacks have occurred. But a flood of hoaxes and false alarms have raised the cost considerably through lost work, evacuations, decontamination efforts, first responders’ time and the emotional distress of the victims. That, experts say, is often the hoaxsters’ goal.
“It’s easy, it’s cheap and very few perpetrators get caught,” said Leonard Cole, a political scientist at Rutgers University in Newark, N.J., who studies bioterrorism. “People do it for a sense of power.”
Among the recent targets:
• Nearly all 50 governors’ offices
• About 100 U.S. embassies
• 52 banks
• 36 news organizations
• Ticket booths at Disneyland
• Mormon temples in Salt Lake City and Los Angeles
• Town halls in Batavia, Ohio, and Ellenville, N.Y.
• A funeral home and a day-care center in Ocala, Fla.
• A sheriff’s office in Eagle, Colo.
• Homes in Ely River, N.M.
The FBI has investigated about 1,000 such “white-powder events” as possible terrorist threats since the start of 2007, spokesman Richard Kolko said. The bureau responds if a letter contains a written threat or is mailed to a federal official.
Advice on what your organization can be preparing to do for such an eventuality can be found at:
www.hse.gov.uk/biosafety/diseases/anthrax.htm
Tuesday, April 14, 2009
Flash Drives - Greatest Threat to Sensitive Corporate Data?
Flash drives are probably the greatest menace to sensitive corporate data. They can store vast amounts of data and are plug-and-play in most computers.
Convergence and technical evolution means that the same functionality is being afforded to mp3 players and mobile phones, significantly multiplying the number of personally-owned devices which can siphon critically important company data through an unprotected USB port.
Software to protect USB ports, and to detect when an unauthorised UBS connection attempt is made, is available and inexpensive (for a single PC, just $30), but most organisations are not using it across the enterprise, and especially not on laptops, which are arguably the most sensitive - and the most vulnerable.
The following is recommended:
a. All employees reminded that unauthorised data copying may be regarded as theft for disciplinary purposes.
b. Software installed across the network to block, and alert to, the connection of unauthorised flash drives and other memory storage devices.
c. Personal flash drives banned from the workplace.
d. Charging of personal devices such as mp3 players and mobile phones via computer USB ports banned.
e. Those who are issued with flash drives are issued with such for a valid reason, and they may not be used on any computer except their own, without express permission.
f. Issued flash drives to be encryptable, so that data is protected in the event of loss.
g. Express permission required to copy certain types of data.
What’s more, personal USB devices are one of the most common sources of virus attack.
See http://www.zdnetasia.com/news/security/0,39044215,62052730,00.htm?scid=nl_z_ntnw
Convergence and technical evolution means that the same functionality is being afforded to mp3 players and mobile phones, significantly multiplying the number of personally-owned devices which can siphon critically important company data through an unprotected USB port.
Software to protect USB ports, and to detect when an unauthorised UBS connection attempt is made, is available and inexpensive (for a single PC, just $30), but most organisations are not using it across the enterprise, and especially not on laptops, which are arguably the most sensitive - and the most vulnerable.
The following is recommended:
a. All employees reminded that unauthorised data copying may be regarded as theft for disciplinary purposes.
b. Software installed across the network to block, and alert to, the connection of unauthorised flash drives and other memory storage devices.
c. Personal flash drives banned from the workplace.
d. Charging of personal devices such as mp3 players and mobile phones via computer USB ports banned.
e. Those who are issued with flash drives are issued with such for a valid reason, and they may not be used on any computer except their own, without express permission.
f. Issued flash drives to be encryptable, so that data is protected in the event of loss.
g. Express permission required to copy certain types of data.
What’s more, personal USB devices are one of the most common sources of virus attack.
See http://www.zdnetasia.com/news/security/0,39044215,62052730,00.htm?scid=nl_z_ntnw
Thursday, April 9, 2009
Microsoft PowerPoint Warning
On 3 April Microsoft announced that it was investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. At this time, the UK Govt is aware only of limited and targeted attacks that attempt to use this vulnerability.
The UK’s Centre for the Protection of National Infrastructure has advised that additional care be exercised when using Microsoft Powerpoint.
Company IT departments will eventually patch a solution, once it is provided by Microsoft, but it should be emphasised that unsolicited PowerPoints (or those found on the Internet) should never be opened.
Some former ARC delegates on special occasions circulate self-extracting PowerPoints containing greetings or words of wisdom. These may inadvertently be used to transmit malicious payloads and should always be deleted without opening, and the sender advised of the dangers – and the need to get their own PC checked for the presence of malware.
The UK’s Centre for the Protection of National Infrastructure has advised that additional care be exercised when using Microsoft Powerpoint.
Company IT departments will eventually patch a solution, once it is provided by Microsoft, but it should be emphasised that unsolicited PowerPoints (or those found on the Internet) should never be opened.
Some former ARC delegates on special occasions circulate self-extracting PowerPoints containing greetings or words of wisdom. These may inadvertently be used to transmit malicious payloads and should always be deleted without opening, and the sender advised of the dangers – and the need to get their own PC checked for the presence of malware.
Wednesday, April 8, 2009
Terrorism - Identifying Suspicious Activity
Templates for guidance on what to do if employees spot suspicious activity, possibly indicative of terrorist planning, can be found at:
http://www.nationalterroralert.com/suspicious-activity/
and
http://cms.met.police.uk/news/publicity_campaigns/new_campaign_urges_londoners_to_report_suspicious_activity
http://www.nationalterroralert.com/suspicious-activity/
and
http://cms.met.police.uk/news/publicity_campaigns/new_campaign_urges_londoners_to_report_suspicious_activity
Tuesday, April 7, 2009
Managing the Risk of Piracy at Sea
The US Department of Transportation Maritime Administration posts useful advice on its website on how to deter piracy attacks, based on experiences off the coast of Somalia. The advice includes:
- An awareness that most attacks occur in daylight.
- Vessels moving at less than 16 knots and with a low freeboard (less than 6 metres) are at high risk.
- Establishing a secure and pre-designated area for crew members to muster.
- Establishing a secure alternative steering location.
- Preparing a list of contact numbers and email addresses for assistance.
- Posting more security personnel and establishing roving watches, and 360 degree surveillance.
- Establishing duress codes for staff.
- Staging of anti-piracy equipment, such as fire hoses and spotlights.
- Removal of any equipment hanging over the side that could be used to gain access.
- Practice anti-piracy drills.
- Using established safe corridors.
- Transiting dangerous areas at maximum possible speed.
- Fullest possible utilization of radar.
- A single point of entry into the house.
- Securing deck lighting, except for mandatory navigation lights.
If under attack:
- Muster, man high pressure hoses etc., and provide a visible deterrent.
- Alter course, fire flares, turn on all lights if at night.
- Sound alarm signals.
- Activate SSAS.
- Notify nearest centre.
If pirates open fire:
- Change course repeatedly if unable to outrun pirate vessel.
- Hose team to remain behind cover until it can be used effectively.
- Use hoses to prevent boarding.
- Remainder of crew to secure location.
- If pirates succeed in boarding, cease resistance.
The link to the site, and other resources on Maritime Security, can be accessed by clicking on:
http://www.arc-tc.com/pages/resources_publications.asp#M
ARC Training offers a one-week course in Maritime Security, in accordance with the ISPS Code, during the period 5-9 October 2009. For more information contact Janet or go to
http://www.arc-tc.com/pages/other_accredited_sm.asp#s3
ARC is an approved TRANSEC (UK Government Agency) maritime training provider.
How Exposed Are You to Fraud?
The Association of Certified Fraud Examiners has produced a useful checklist that tests your company’s “fraud health”. You can access this document at the following link:
http://www.arc-tc.com/pages/resources_publications.asp#F and clicking on ACFE Company Fraud Health Check
ARC Training’s 3-day Investigating Fraud in the Workplace course takes place 20-22 July. For full course details contact Janet or go to
http://www.arc-tc.com/pages/accredited_investigation.asp#f3
http://www.arc-tc.com/pages/resources_publications.asp#F and clicking on ACFE Company Fraud Health Check
ARC Training’s 3-day Investigating Fraud in the Workplace course takes place 20-22 July. For full course details contact Janet or go to
http://www.arc-tc.com/pages/accredited_investigation.asp#f3
Monday, April 6, 2009
Guide to Emergency Management
The US Federal Emergency Management Agency produces an excellent guide to emergency management.
The guide provides step-by-step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities or any organization where a sizable number of people work or gather.
Whether you operate from a high-rise building or an industrial complex; whether you own, rent or lease your property; whether you are a large or small company; the concepts in this guide will apply.
Go to http://www.arc-tc.com/pages/resources_publications.asp#E
...and click on the link to FEMA Emergency Management Guide for Businesses.
The guide provides step-by-step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities or any organization where a sizable number of people work or gather.
Whether you operate from a high-rise building or an industrial complex; whether you own, rent or lease your property; whether you are a large or small company; the concepts in this guide will apply.
Go to http://www.arc-tc.com/pages/resources_publications.asp#E
...and click on the link to FEMA Emergency Management Guide for Businesses.
Global Spy Network
An electronic spy network, based mainly in China, has infiltrated computers from government offices around the world, Canadian researchers say. They said the network had infiltrated 1,295 computers in 103 countries. They included computers belonging to foreign ministries and embassies. There is no conclusive evidence China's government was behind it, researchers say.
For more go to:
http://news.bbc.co.uk/2/hi/americas/7970471.stm
The World’s Most Dangerous Countries (and the UK is to Blame!) According to US Company Forbes
To determine the world's most dangerous countries, Forbes combined rankings provided by iJet and fellow risk-assessment firm Control Risks, giving equal weight to each set of data. Both firms compiled their rankings by evaluating countries by categories including crime rate, police protection, civil unrest, terrorism risk, kidnapping threat and geopolitical stability.
For the full article, click on the link below:
http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20090305/Dangerous_Countries_090307/20090307
Business Travel Security is a full-day module on Security Management Stage 2, 29 June - 10 July 2009. For details of the full programme, go to:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
For the full article, click on the link below:
http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20090305/Dangerous_Countries_090307/20090307
Business Travel Security is a full-day module on Security Management Stage 2, 29 June - 10 July 2009. For details of the full programme, go to:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
Thursday, April 2, 2009
Al Qaeda Kidnap Update
Confusion continues over the fate of two Canadian diplomats, and four western tourists, kidnapped in Mali during recent months. Al Qaeda's North Africa branch (AQIM) has claimed it is holding the two Canadians along with four European tourists kidnapped in January.
But Niger's President Mamadou Tandja has blamed Fowler's abduction on a rebel group from the northern Niger ethnic minority of Tuareg nomads who are battling the government. Tuareg rebels from the Front For Forces of Redress retracted their initial statement claiming responsibility for the kidnapping, saying their website had been hacked. But some western intelligence officials believe the Tuaregs may have traded the hostages to al Qaeda.
Travellers are urged to check the website of the UK FCO before travelling to unfamiliar destinations. On Mali and Niger, for example, the site offers the following advice:
There is a high threat of kidnapping in both Mali and Niger. Travel in can be difficult and conditions are poor for overland travel. You should take all necessary steps to protect your safety, especially outside of main urban areas. You should have confidence in your individual security arrangements and maintain a high level of vigilance.
Kidnap Risk Reduction and Response is a full-day workshop on the forthcoming Security Management Stage 3 Course, 11-22 May 2009.
The full programme includes:
- Corporate Risk Management
- Corporate Social Responsibility
- Adding Strategic Value to Security Management
- Setting a Vision for Corporate Security
- Kidnap Risk Reduction & Response
- Illicit Trade & Counterfeiting
- Product Tampering & Extortion
- Investigating Information Leaks
- Security Project Management
- IT Security – Managing Strategic Risks
- Terrorism – Future Trends and Responses
- External Liaison & Stakeholder Engagement
- Business Expansion – Security Considerations
- Security Intelligence
- Dealing with Protest Activity
- Strategic Security Management Exercise
- Multi-Site Security Management Project
Contact Janet for more information and to book a place.
But Niger's President Mamadou Tandja has blamed Fowler's abduction on a rebel group from the northern Niger ethnic minority of Tuareg nomads who are battling the government. Tuareg rebels from the Front For Forces of Redress retracted their initial statement claiming responsibility for the kidnapping, saying their website had been hacked. But some western intelligence officials believe the Tuaregs may have traded the hostages to al Qaeda.
Travellers are urged to check the website of the UK FCO before travelling to unfamiliar destinations. On Mali and Niger, for example, the site offers the following advice:
There is a high threat of kidnapping in both Mali and Niger. Travel in can be difficult and conditions are poor for overland travel. You should take all necessary steps to protect your safety, especially outside of main urban areas. You should have confidence in your individual security arrangements and maintain a high level of vigilance.
Kidnap Risk Reduction and Response is a full-day workshop on the forthcoming Security Management Stage 3 Course, 11-22 May 2009.
The full programme includes:
- Corporate Risk Management
- Corporate Social Responsibility
- Adding Strategic Value to Security Management
- Setting a Vision for Corporate Security
- Kidnap Risk Reduction & Response
- Illicit Trade & Counterfeiting
- Product Tampering & Extortion
- Investigating Information Leaks
- Security Project Management
- IT Security – Managing Strategic Risks
- Terrorism – Future Trends and Responses
- External Liaison & Stakeholder Engagement
- Business Expansion – Security Considerations
- Security Intelligence
- Dealing with Protest Activity
- Strategic Security Management Exercise
- Multi-Site Security Management Project
Contact Janet for more information and to book a place.
Wednesday, April 1, 2009
Achieving Recognition as a Competent Security Management Professional
Security managers from all top five UK companies, and four out of five of the top companies in the world, have attended ARC courses. Find out what makes their security departments so successful by joining one of the following courses:
Security Management Stage 1 (Postgraduate University Accredited)
“The course is EXCELLENT content & procedure wise. A MUST for the Security Manager.” Corporate Security Manager, Manufacturing Company
20-31 July, Kuala Lumpur
3-14 August, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
***
Security Management Stage 2 (Postgraduate University Accredited)
“The SM2 was challenging ….overall a very successful programme and highly recommended for security professionals..” Security Manager, Multinational Oil Company
29 June – 10 July, UK
12 – 23 October, UK
9-20 November, Kuala Lumpur
6-17 December, Qatar
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
***
Security Management Stage 3 (Postgraduate University Accredited)
“Excellent presentation of topics. Leant a lot, especially when focussing on the more strategic elements.” Security Manager, Logistics Company
11–22 May 2009, UK
7-18 September 2009, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
***
Security Coordination and Management
“Not only a learning experience, but one of the most enjoyable courses I’ve been on.”Company Fire Prevention & Security Manager, Manufacturer
28 September – 2 October 2009, UK
25-29 October 2009, Oman
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1b
***
Advanced Investigation Techniques
“It was a very interesting and useful training course.”
1-5 June 2009, UK
http://www.arc-tc.com/pages/accredited_investigation.asp#f2
***
Crisis Management and Business Continuity
*New Course*
23-25 June 2009, UK
http://www.arc-tc.com/pages/other_accredited_sm.asp#CMBC
For details on any ARC course, or to make a booking, contact Janet, and quote BLOG4 to qualify for a discount.
Many more courses can be found at http://www.arc-tc.com/
Security Management Stage 1 (Postgraduate University Accredited)
“The course is EXCELLENT content & procedure wise. A MUST for the Security Manager.” Corporate Security Manager, Manufacturing Company
20-31 July, Kuala Lumpur
3-14 August, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
***
Security Management Stage 2 (Postgraduate University Accredited)
“The SM2 was challenging ….overall a very successful programme and highly recommended for security professionals..” Security Manager, Multinational Oil Company
29 June – 10 July, UK
12 – 23 October, UK
9-20 November, Kuala Lumpur
6-17 December, Qatar
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
***
Security Management Stage 3 (Postgraduate University Accredited)
“Excellent presentation of topics. Leant a lot, especially when focussing on the more strategic elements.” Security Manager, Logistics Company
11–22 May 2009, UK
7-18 September 2009, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
***
Security Coordination and Management
“Not only a learning experience, but one of the most enjoyable courses I’ve been on.”Company Fire Prevention & Security Manager, Manufacturer
28 September – 2 October 2009, UK
25-29 October 2009, Oman
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1b
***
Advanced Investigation Techniques
“It was a very interesting and useful training course.”
1-5 June 2009, UK
http://www.arc-tc.com/pages/accredited_investigation.asp#f2
***
Crisis Management and Business Continuity
*New Course*
23-25 June 2009, UK
http://www.arc-tc.com/pages/other_accredited_sm.asp#CMBC
For details on any ARC course, or to make a booking, contact Janet, and quote BLOG4 to qualify for a discount.
Many more courses can be found at http://www.arc-tc.com/
Tuesday, March 31, 2009
Non-Lethal Ray Gun Enters Testing – Could This Be Used to Protect against Maritime Piracy Attacks?
The device fires a 1 mm radio wave, which penetrates the top 1/64th of an inch of skin and just down to the nerve endings. When hit, the target moves away from the beam and the sensation ceases. The sensation at the target is akin to taking a heat blast from an opened “oven door,” according to Marine Corps. Col. Kirk Hymes. In most cases there is no permanent injury.
For more, go to: http://www.designnews.com/article/12709-Military_s_Active_Denial_System_is_First_True_Ray_Gun.php
For more, go to: http://www.designnews.com/article/12709-Military_s_Active_Denial_System_is_First_True_Ray_Gun.php
USB Memory Sticks – Don’t Let Them Get under your Skin!
A Finnish computer programmer who lost one of his fingers in a motorcycle accident has made himself a prosthetic replacement with a USB drive attached. Jerry Jalava uses the 2GB memory stick, accessed by peeling back the "nail", to store photos, movies and programmes.
For the full story go to: http://news.bbc.co.uk/2/hi/europe/7949018.stm
Securing IT Hardware (Including Laptops) against Theft
ARC doesn’t usually recommend specific products, but this website has some good ideas for securing IT hardware:
http://www.lapsafe.com/catalogue/laptop-and-pc-security/
Terrorism Overview
Read what the UK government has to say about terrorism. Detailed information can be found on the website of The Security Service MI5, beginning at:
http://www.mi5.gov.uk/output/terrorism.html
http://www.mi5.gov.uk/output/terrorism.html
Economic Downturn Causing Data Theft Deluge - How to Manage the Threat
Source: http://www.contingencytoday.com/online_article/Data-loss-deluge-during-downturn-/1814
A leading provider of IT security systems is warning organisations to prepare themselves for a data loss deluge during the economic downturn. Citing an increase in transient staff, higher staff turnover and a growing black market hungry for information, Overtis Systems is urging UK organisations to update their data access procedures to counter these threats with a Ten Point Plan.
Several drivers are responsible for the increase in data leakage over the past year. There has been a surge in the use of casual staff, with companies using more contractors and outsourcing core operations. This in turn has lead to greater fluidity of data and a heightened risk of security compromise. Meanwhile, temporary and permanent members of staff, uncertain of the future, are purloining data to further their own careers. Others, concerned about their own finances, are selling sensitive information to a burgeoning black market. And an increase in redundancies is also causing problems, with dismissed members of staff more likely to steal data either for their own ends or to cause their former employer operational problems.
Overtis recommends organisations adopt the following Ten Point Plan to prevent data leakage:
1. Implement a strong employee joining and exit process – email and network access needs to be revoked quickly and mobile devices recovered when an employee leaves. New members of staff need only be given access to the resources they need to perform their role.
2. Educate staff – ensure data is only accessible to staff on a need-to-know basis or push data to relevant individuals.
3. Avoid remedial action – Don't seek to address a security breach with a point security product but take a systematic approach to the whole enterprise. Controls need to be in place between the user and the data not on the network or gateway.
4. Identify assets and information flows – Address potential pain points by mapping all of the intellectual property you have and modes of access.
5. Restrict the manipulation of data – Plan who needs access and whether they have the authorisation to print, change or export data over email, IM or to removable devices. It's also now possible to apply restrictions to specific content within a document or by time and location.
6. Watch the gatekeepers – System administrators and privileged users should be subject to the same change management and critical server file integrity checks.
7. Don't overlook the obvious – Do put in place procedures to prevent the export of data to USB sticks, MP3 players etc. Do scan outgoing email for confidential attachments. Do restrict copy and paste over Instant Messenger and other social networking media.
8. Use encryption – Where you do permit data export to mobile devices and removable media, ensure it is encrypted.
9. Use two-factor authentication – Don't rely on passwords; they are often written down and are relatively simple to crack. Always combine a password with a secondary method of authentication. Sophisticated systems such as finger vein readers are simple and cannot be easily subverted.
10. Combine your security arsenal – While many organisations have biometric access systems, CCTV and even RFID, few have taken the logical step of joining these together with the IT security system. Integrating the physical with the virtual can provide the requisite evidence of a data breach, for example marrying a screenshot of a file being exported with CCTV footage of the perpetrator. Evidence can also be used to enhance staff productivity, by illuminating how data is used.
A leading provider of IT security systems is warning organisations to prepare themselves for a data loss deluge during the economic downturn. Citing an increase in transient staff, higher staff turnover and a growing black market hungry for information, Overtis Systems is urging UK organisations to update their data access procedures to counter these threats with a Ten Point Plan.
Several drivers are responsible for the increase in data leakage over the past year. There has been a surge in the use of casual staff, with companies using more contractors and outsourcing core operations. This in turn has lead to greater fluidity of data and a heightened risk of security compromise. Meanwhile, temporary and permanent members of staff, uncertain of the future, are purloining data to further their own careers. Others, concerned about their own finances, are selling sensitive information to a burgeoning black market. And an increase in redundancies is also causing problems, with dismissed members of staff more likely to steal data either for their own ends or to cause their former employer operational problems.
Overtis recommends organisations adopt the following Ten Point Plan to prevent data leakage:
1. Implement a strong employee joining and exit process – email and network access needs to be revoked quickly and mobile devices recovered when an employee leaves. New members of staff need only be given access to the resources they need to perform their role.
2. Educate staff – ensure data is only accessible to staff on a need-to-know basis or push data to relevant individuals.
3. Avoid remedial action – Don't seek to address a security breach with a point security product but take a systematic approach to the whole enterprise. Controls need to be in place between the user and the data not on the network or gateway.
4. Identify assets and information flows – Address potential pain points by mapping all of the intellectual property you have and modes of access.
5. Restrict the manipulation of data – Plan who needs access and whether they have the authorisation to print, change or export data over email, IM or to removable devices. It's also now possible to apply restrictions to specific content within a document or by time and location.
6. Watch the gatekeepers – System administrators and privileged users should be subject to the same change management and critical server file integrity checks.
7. Don't overlook the obvious – Do put in place procedures to prevent the export of data to USB sticks, MP3 players etc. Do scan outgoing email for confidential attachments. Do restrict copy and paste over Instant Messenger and other social networking media.
8. Use encryption – Where you do permit data export to mobile devices and removable media, ensure it is encrypted.
9. Use two-factor authentication – Don't rely on passwords; they are often written down and are relatively simple to crack. Always combine a password with a secondary method of authentication. Sophisticated systems such as finger vein readers are simple and cannot be easily subverted.
10. Combine your security arsenal – While many organisations have biometric access systems, CCTV and even RFID, few have taken the logical step of joining these together with the IT security system. Integrating the physical with the virtual can provide the requisite evidence of a data breach, for example marrying a screenshot of a file being exported with CCTV footage of the perpetrator. Evidence can also be used to enhance staff productivity, by illuminating how data is used.
UK Law Resources
For an at-your-fingertips guide to UK criminal law acts, go to:
http://www.wikicrimeline.co.uk/index.php?title=Category:Acts
http://www.wikicrimeline.co.uk/index.php?title=Category:Acts
Number of Infected Web Sites Increases Sharply: Are You Being Spied On?
Source: www.nextgov.com
The number of seemingly legitimate Web sites infected with malicious code that enables hackers to steal passwords to access computer networks is increasing, with one organization reporting an 827 percent jump in compromised sites in 2008.
The number of crimeware-infected URLs, which are Web sites containing malicious code designed to steal users' passwords by tracking their keystrokes, increased more than 163 percent in just one month, from 11,834 in November 2008 to 31,173 in December 2008, reported the Anti-Phishing Working Group, a coalition of industry and law enforcement agencies fighting identity theft from malware. In January 2008, just 3,363 sites were infected, according to the group.
For more information, go to:
http://www.nextgov.com/nextgov/ng_20090323_9103.php
Or attend Security Management Stage 1, 3-14 August 2009, which covers the core areas of security management, including information and IT security:
Course Content:
Security Risk Management, Security Operations Management, Security Policies & Procedures, Security Design, Introduction to Investigations, Introduction to Security Surveying, Perimeter & Buildings Security, Access Management, Workplace Crime Prevention, Protection Against Explosive Devices, Manpower Selection & Deployment, Leadership & Motivation, Information Security & Technical Surveillance Countermeasures, IT Security, Protection of At-Risk Personnel, Crisis Management, Change Management, Course Project.
For details contact Janet.
The number of seemingly legitimate Web sites infected with malicious code that enables hackers to steal passwords to access computer networks is increasing, with one organization reporting an 827 percent jump in compromised sites in 2008.
The number of crimeware-infected URLs, which are Web sites containing malicious code designed to steal users' passwords by tracking their keystrokes, increased more than 163 percent in just one month, from 11,834 in November 2008 to 31,173 in December 2008, reported the Anti-Phishing Working Group, a coalition of industry and law enforcement agencies fighting identity theft from malware. In January 2008, just 3,363 sites were infected, according to the group.
For more information, go to:
http://www.nextgov.com/nextgov/ng_20090323_9103.php
Or attend Security Management Stage 1, 3-14 August 2009, which covers the core areas of security management, including information and IT security:
Course Content:
Security Risk Management, Security Operations Management, Security Policies & Procedures, Security Design, Introduction to Investigations, Introduction to Security Surveying, Perimeter & Buildings Security, Access Management, Workplace Crime Prevention, Protection Against Explosive Devices, Manpower Selection & Deployment, Leadership & Motivation, Information Security & Technical Surveillance Countermeasures, IT Security, Protection of At-Risk Personnel, Crisis Management, Change Management, Course Project.
For details contact Janet.
Oil and Gas Sector Security Management
In July 2009 ARC will be offering a new course specifically tailored to its oil and gas sector clients, entitled: Managing Security Risks in the Oil and Gas Sector. The course will take place 24-28 August and will cover the core areas of:
Security Risk Analysis in the Oil & Gas Sector, Corporate Social Responsibility, Human Rights, and Community Management, Managing Activism, Managing Acts of Militancy and Terrorism against the Oil/Gas Sector, Oilfield and Pipeline Security, The Security of Refineries and other Production Facilities, Maritime and Offshore Security.
For further details contact Janet.
Community management, and stakeholder engagement are core to the programme. Community engagement and security management in such situations are two sides of the same coin. During its community engagement phase, Angola LNG pooled the best practices of Sonangol, Chevron, BP, Total and ENI, and put together an Environmental and Social Impact Assessment report of no less than 10,000 pages, which has been made available at the following link http://www.angolalng.com/project/eshia06.htm
Security Risk Analysis in the Oil & Gas Sector, Corporate Social Responsibility, Human Rights, and Community Management, Managing Activism, Managing Acts of Militancy and Terrorism against the Oil/Gas Sector, Oilfield and Pipeline Security, The Security of Refineries and other Production Facilities, Maritime and Offshore Security.
For further details contact Janet.
Community management, and stakeholder engagement are core to the programme. Community engagement and security management in such situations are two sides of the same coin. During its community engagement phase, Angola LNG pooled the best practices of Sonangol, Chevron, BP, Total and ENI, and put together an Environmental and Social Impact Assessment report of no less than 10,000 pages, which has been made available at the following link http://www.angolalng.com/project/eshia06.htm
Producing an Operational Requirement for Security Systems – Guideline
The UK’s Centre for the Protection of National Infrastructure (CPNI) has made available on its website a useful and detailed template for producing an Operational Requirement for physical (technical) security systems.
An Operational Requirement (OR) is a statement of need based upon a thorough and systematic assessment of the problem to be solved, and the hoped-for solutions. The aim of the CPNI Guide is to ensure that appropriate security measures are recommended to manage the risk to a level acceptable to all stakeholders. It introduces the concept of a structured methodology for determining the security requirements for specific sites.
To download a copy of the guide, go to: http://www.cpni.gov.uk/Docs/measures-operational-requirements-guide.pdf
Specifying security systems is covered in overview on Security Management Stage 2 (29 June – 10 July 2009), and in detail on Specifying Security Technology (13-17 July 2009).
For more information, contact Janet, or go to:
Security Management Stage 2
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
Specifying Security Technology
http://www.arc-tc.com/pages/other_accredited_sm.asp#s4
Emergency Management (Natural Disasters) Resources
Commencing business operations in new countries is often characterised by uncertainty. Recently a delegate contacted ARC to ask for advice on where to find best practice resources which he could use as a basis for constructing plans for a range of natural disasters in an overseas country.
This is an area in which the US is quite well advanced, and the following links contain excellent guidance:
http://www.fema.gov/business/guide/index.shtm
http://www.disastersafety.org/text.asp?id=commlines
http://www.ready.gov/business/publications/index.html
http://www.ready.gov/business/_downloads/readybusiness-brochure.pdf
Business Expansion – Security Considerations is one of the core subjects covered in Security Management Stage 3, which takes place in the UK, 11-22 May 2009. Contact Janet for details or go to http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
STOP PRESS - April 1st Protests Could Break out Anywhere, Not Just London - Direct Action Examples
In recent years April 1st has been designated "Fossil Fools Day" by environmental activists, and has become a day of multiple disruption actions. In 2008 150 direct action events were staged. While the world’s attention is focussed on demonstrations today around the G20 Summit, there is a risk of environmentalist/anti-capitalist direct actions against the following types of facilities worldwide:
- Coal-fired power stations
- Oil refineries, including biofuels facilities
- Lock-ons and barricades at petrol stations
- Aviation facilities
- Gas installations (eg LNG import facilities)
- Pipelines and pipeline construction sites
- Mines
- Financial targets (eg RBS) – possibly even local bank branches as a symbolic protest
- High-profile media events involving energy companies
- Road construction sites
Types of actions include:
- Protests outside buildings
- Attempts to occupy buildings
- Banner drops
- Lock-ons
- Leaflet distribution
- Power switch off (eg petrol stations, cola conveyors at power stations
- Dumping outside HQ buildings
- Actions against directors’ residences
- Hoax press releases to media companies – it is very easy to spoof your email addresses
- Billboard poster replacement
- Bicycle takeover of roads
- IT attacks
Security staff should be advised to look for the unusual behaviour, such as a sudden gathering of media, or a group of people dressed in fancy dress, such as clowns, “biohazard” suits or polar bears.
- Coal-fired power stations
- Oil refineries, including biofuels facilities
- Lock-ons and barricades at petrol stations
- Aviation facilities
- Gas installations (eg LNG import facilities)
- Pipelines and pipeline construction sites
- Mines
- Financial targets (eg RBS) – possibly even local bank branches as a symbolic protest
- High-profile media events involving energy companies
- Road construction sites
Types of actions include:
- Protests outside buildings
- Attempts to occupy buildings
- Banner drops
- Lock-ons
- Leaflet distribution
- Power switch off (eg petrol stations, cola conveyors at power stations
- Dumping outside HQ buildings
- Actions against directors’ residences
- Hoax press releases to media companies – it is very easy to spoof your email addresses
- Billboard poster replacement
- Bicycle takeover of roads
- IT attacks
Security staff should be advised to look for the unusual behaviour, such as a sudden gathering of media, or a group of people dressed in fancy dress, such as clowns, “biohazard” suits or polar bears.
Monday, March 23, 2009
Record Breaking Security Managers!
Stellenbosch, South Africa, was the setting for the recent Security Management Stage 1 Course, attended by 15 security managers from South Africa, Botswana, Democratic Republic of Congo, and Senegal.
The course, which was delivered by David Cresswell, covered the core skills areas of corporate security management, and included a detailed security design project, which all delegates completed to a very high standard indeed. The course concluded with a closed-book examination, which all delegates passed, with over half scoring 100% - a first for any Security Management Stage 1 Course.
One delegate remarked that it was the best security course he had attended in 30 years!
Meanwhile, in the UK, a new Security Management Stage 1 course begins today under the tutorship of Phil Wood MBE, who plans to lead the 16 delegates attending to similar successes. Representing a wide range of sectors and countries including UK, France, Belgium, Switzerland, Nigeria, Thailand, Qatar, Greece and Kazakhstan, the delegates are sure to have a very interesting and beneficial two weeks sharing best practice.
The next Security Management Stage 1 (UK) takes place 3-14 August 2009; contact Janet for details or click on the link below.
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
Thursday, March 19, 2009
Tuesday, March 17, 2009
Climate Change and Crisis Management
The 15 delegates attending the Security Management Stage 1 Course in Stellenbosch, South Africa, have been studying Crisis Management as part of the intensive 10-day curriculum. In addition to identifying crises specific to their organisations and countries, delegates examined some of the external factors that could cause future crises, including severe adverse whether phenomena as a result of climate change.
Delegates were shown a report by Lord Stern, UK government advisor on climate change, who has recently admitted that he underestimated the scale of climate change in his report two years ago. Lord Stern Warns of catastrophic effects if temperatures continue to rise beyond 2 degrees; the figure most politicians hoped we could keep to by 2100. “But we now face risks of 4, 5, or 6 degree increases, sometime towards the end of this century. 5 degrees centigrade is a temperature the world has not seen for 30 to 50 million years."
Scientists warn that a rise of even 3 degrees could be enough to devastate whole areas, turning much of Southern Europe into desert. Under this scenario the consequences for Africa long before 2100 are dire.
Delegates were shown a report by Lord Stern, UK government advisor on climate change, who has recently admitted that he underestimated the scale of climate change in his report two years ago. Lord Stern Warns of catastrophic effects if temperatures continue to rise beyond 2 degrees; the figure most politicians hoped we could keep to by 2100. “But we now face risks of 4, 5, or 6 degree increases, sometime towards the end of this century. 5 degrees centigrade is a temperature the world has not seen for 30 to 50 million years."
Scientists warn that a rise of even 3 degrees could be enough to devastate whole areas, turning much of Southern Europe into desert. Under this scenario the consequences for Africa long before 2100 are dire.
Monday, March 16, 2009
Does Africa Risk Being Plunged into Conflict?
African leaders gathering in London this week have warned that the dire effects the economic downturn is beginning to have on the African continent could plunge many African countries into conflict. Citing half a million copper mining workers made redundant in Zambia, the halving of cotton prices, drop in tourism income, and reduction on remittances from Africans working overseas, leaders have warned that several countries risk instability.
This dire prediction runs contrary to The World Economic Forum 2009 Global Risks Report, which predicted that Africa would be less exposed to the effects of the economic downturn than areas such, for example, Asia. The report asserted that African countries have relatively fewer financial and real assets, and thus lower exposure to asset bubbles. Even their overall exposure to economic risks is small, reflecting in part their lagging integration into global markets. (For a copy of the WEF report contact David.
Strategic security risk assessment and security risks associated with expansion into new markets are subjects that are addressed in detail during Security Management Stage 3. The course presents a number of templates to identify and analyse strategic risks, and discusses how these can then be distilled into forecasting security risks at the operational level.
The next Security Management Stage 3 takes place 11-22 May 2009. Details can be found at:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
This dire prediction runs contrary to The World Economic Forum 2009 Global Risks Report, which predicted that Africa would be less exposed to the effects of the economic downturn than areas such, for example, Asia. The report asserted that African countries have relatively fewer financial and real assets, and thus lower exposure to asset bubbles. Even their overall exposure to economic risks is small, reflecting in part their lagging integration into global markets. (For a copy of the WEF report contact David.
Strategic security risk assessment and security risks associated with expansion into new markets are subjects that are addressed in detail during Security Management Stage 3. The course presents a number of templates to identify and analyse strategic risks, and discusses how these can then be distilled into forecasting security risks at the operational level.
The next Security Management Stage 3 takes place 11-22 May 2009. Details can be found at:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
Retail Theft Problems Set to Worsen
Source: red24
Retail theft in the form of shoplifting is an established and global problem. According to the Global Retail Theft Barometer - an annual survey of 920 of the leading international retailers, with combined sales of US$814 billion, conducted by the Centre for Retail Research – retail theft or ‘shrinkage’ (stock loss from crime and wastage) cost retail companies in the 36 countries examined approximately US$104.4 billion in 2008. This is equivalent to 1.34 percent of total retail sales. Although employees accounted for a significant portion of thefts, shoplifting and organised retail crime remains the largest source of this loss, representing more than 41 percent of the total and equating to some US$43 billion in the 36 countries surveyed. The current financial crisis and the accompanying global economic downturn is likely only to compound the problem of retail theft. As the fallout from the financial crisis starts to take hold, increasing unemployment and reducing disposable incomes, it is likely that a larger numbers of individuals will engage in unlawful activity as a means of securing a range of retail products. Furthermore, as companies’ profit margins are squeezed, security budgets are frequently cut, just as the threat becomes heightened. As a consequence, the next 12 to 18 months are likely to witness a sharp increase in retail theft.
For a copy of the full red24 report, contact David.
Retail theft in the form of shoplifting is an established and global problem. According to the Global Retail Theft Barometer - an annual survey of 920 of the leading international retailers, with combined sales of US$814 billion, conducted by the Centre for Retail Research – retail theft or ‘shrinkage’ (stock loss from crime and wastage) cost retail companies in the 36 countries examined approximately US$104.4 billion in 2008. This is equivalent to 1.34 percent of total retail sales. Although employees accounted for a significant portion of thefts, shoplifting and organised retail crime remains the largest source of this loss, representing more than 41 percent of the total and equating to some US$43 billion in the 36 countries surveyed. The current financial crisis and the accompanying global economic downturn is likely only to compound the problem of retail theft. As the fallout from the financial crisis starts to take hold, increasing unemployment and reducing disposable incomes, it is likely that a larger numbers of individuals will engage in unlawful activity as a means of securing a range of retail products. Furthermore, as companies’ profit margins are squeezed, security budgets are frequently cut, just as the threat becomes heightened. As a consequence, the next 12 to 18 months are likely to witness a sharp increase in retail theft.
For a copy of the full red24 report, contact David.
Lasers: Unconventional Weapons of Criminals and Terrorists
Source: Police Chief Magazine
With lasers becoming more commonplace and more easily accessible, the danger of individuals or groups using them to inflict harm—ranging from distraction and camera flash–like afterimages to permanent damage to the field of vision—has risen. Injuries have been reported both to the cornea (the front of the eye) and to the retina (the back of the eye).
Read more at:
http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display&article_id=1731&issue_id=22009
With lasers becoming more commonplace and more easily accessible, the danger of individuals or groups using them to inflict harm—ranging from distraction and camera flash–like afterimages to permanent damage to the field of vision—has risen. Injuries have been reported both to the cornea (the front of the eye) and to the retina (the back of the eye).
Read more at:
http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display&article_id=1731&issue_id=22009
Thursday, March 12, 2009
The Perils of Disposing of (or Loosing) Your Cellphone
Source: Checkmyfile.com
The ever-increasing role that mobile phones play in our day-to-day lives is making it much easier for identity thieves.
Long gone are the days of simply talking on the phone. Most new generation mobiles now allow users to browse the internet, send and receive email, and even bank online. As a result, more personal data than ever is stored on our phones.
Around 125,000 mobiles are left in London taxis alone each year and hundreds of thousands more are stolen. This is in addition to more legitimate markets for second hand mobiles, such as eBay.
There has also been a surge in the popularity of mobile ‘recycling’ websites that pay cash for unwanted handsets. Many people simply don’t realise that most of these phones are refurbished rather than recycled and then sent to Africa and Asia – hotspots for identity fraudsters.
Whilst wiping the memory of your phone completely is difficult, there are some basic steps you can take. First, remove any SD cards or other removable memory devices - don't send them with the phone. Remove the SIM card. You should also delete the phone's internal memory using the ‘Restore Factory Settings' or 'Clear Memory' functions. If in doubt, have a look at your phone handbook if you still have it. If not, search online, or ask your local phone shop to do it for you.
Without careful monitoring, you may well be completely unaware that your identity has been stolen – until you are unexpectedly turned down for credit, or contacted about a debt that isn’t yours.
The ever-increasing role that mobile phones play in our day-to-day lives is making it much easier for identity thieves.
Long gone are the days of simply talking on the phone. Most new generation mobiles now allow users to browse the internet, send and receive email, and even bank online. As a result, more personal data than ever is stored on our phones.
Around 125,000 mobiles are left in London taxis alone each year and hundreds of thousands more are stolen. This is in addition to more legitimate markets for second hand mobiles, such as eBay.
There has also been a surge in the popularity of mobile ‘recycling’ websites that pay cash for unwanted handsets. Many people simply don’t realise that most of these phones are refurbished rather than recycled and then sent to Africa and Asia – hotspots for identity fraudsters.
Whilst wiping the memory of your phone completely is difficult, there are some basic steps you can take. First, remove any SD cards or other removable memory devices - don't send them with the phone. Remove the SIM card. You should also delete the phone's internal memory using the ‘Restore Factory Settings' or 'Clear Memory' functions. If in doubt, have a look at your phone handbook if you still have it. If not, search online, or ask your local phone shop to do it for you.
Without careful monitoring, you may well be completely unaware that your identity has been stolen – until you are unexpectedly turned down for credit, or contacted about a debt that isn’t yours.
Wednesday, March 11, 2009
Security in a Multi-Tenant Building
In many locations around the world companies find themselves in the setting of one of many company occupants in a multi-tenant building. The security implications of this are significant. Contract guarding in such situations is frequently inadequate and there are numerous loopholes that can be exploited by a potential adversary.
Delegates attending the Premises Security session of the Security Management Stage 1 Course currently underway in Stellenbosch, South Africa, looked at some of the questions that should be asked, including:
1.Who are the other tenants and what risk do they attract?
2.How effective is the contract security team? Are they trained and vetted? Are they poorly paid? Is it easy to confuse them due to the range of building occupants? Do they have very limited jurisdiction? Is there a quick response force and is it adequate? Have the guards been trained and exercised in threat response?
3.Is the security team provided by a reputable company?
4.Is there good liaison with local law enforcement?
5.Do the guard team staffing levels match the threats, or simply the occupant peak inflows/outflows?
6.Does the entire security “system” match your security risk analysis?
7.Is the property boundary commensurate with the assessed risk, and is it clearly demarcated?
8.Is there a comprehensive building emergency plan and a communications system? Is this shared with building occupants? Is there a practised (and compulsory) evacuation procedure? What life safety systems are in place? Are there sufficient emergency exits and is the assembly area safe?
9.Has the building been constructed to be resistant to catastrophic or progressive collapse in the event of an explosion? Are there potentially dangerous design features that could exacerbate blast enhancement?
10.Are there standard access control procedures for staff, visitors, service and maintenance personnel? Are they applied, are they complied with, and are they effective?
11.How easy is it to drive a suicide VBIED into the front vestibule?
12.How easy is it to leave a VBIED in the loading bay?
13.How effective are the vehicle and material delivery security procedures?
14.What is the exterior construction of the building? Does it pose a fragmentation hazard in the event of an explosion?
15.Where is the central security post? Would it be neutralised in the event of a frontal terrorist attack? Does it have ballistic protection?
16.Where are the critical building systems located?
17.Are the air intakes (HVAC) protected, or at least elevated away from easy access?
18.Does the building have strengthened glazing?
19.Do those responsible for security of individual occupying companies liaise? Is there a security committee? Are there weak links?
20.Is parking close to the building? Is it underground? Is there an exclusion zone close to the building for only pre-authorised or searched vehicles?
21.Is there fuel delivery and does this pose a threat?
22.Are the building security systems linked to an uninterruptable power supply?
23.What are the vehicle identification procedures? Do all vehicles require passes?
24.Who manages the CCTV system? Is the surveillance effective and is there a credible response? Are the images recorded and, if so, for how long are they retained?
25.What are the arrangements for intrusion detection and response?
26.What are the access control arrangements by day and night? What are the working patterns of other occupant companies? Do these cause security vulnerabilities?
27.Who has keys to what and how is key control managed?
28.What are the arrangements for cleaners? Is it compulsory to use the building owner’s cleaners, and if not, what security threats are posed by cleaners independently hired by other occupying companies?
29.Are the emergency exits secure and alarmed? Are they misused by smokers?
30.How accessible is the roof from adjacent structures?
31.Are roof apertures protected?
32.Are ground and first floor windows structurally protected against intrusion? Does this violate any life safety codes?
33.To what extent is the building (and its critical systems) redundant?
34.How effective is the standby power for security systems?
35.What are the emergency services response times?
36.Does the exterior design of the building allow for good surveillability (human and CCTV) by day and night, or are there blind spots and overgrown vegetation? Are the grounds well maintained or untidy? Is there sufficient illumination at night?
37.Is there appropriate signage to deter potential adversaries?
38.What have been the experiences of other tenants with the property owner?
39.How is the building constructed? If it is made up of pre-cast concrete or steel framed structures with open-web joists, it is likely to collapse if exposed to blast pressures.
40.What are the insurance arrangements? Who is responsible for reinstatement in the event of a serious security incident incurring building damage?
41.What are the procedures and is the security team is underperforming or performing inappropriately? Do buildings tenants have access to, in input into, the security procedures?
42.What provision is there for responses to a rise in the security operating level?
43.Can in-house intrusion detection technology be monitored by the site security team?
Delegates attending the Premises Security session of the Security Management Stage 1 Course currently underway in Stellenbosch, South Africa, looked at some of the questions that should be asked, including:
1.Who are the other tenants and what risk do they attract?
2.How effective is the contract security team? Are they trained and vetted? Are they poorly paid? Is it easy to confuse them due to the range of building occupants? Do they have very limited jurisdiction? Is there a quick response force and is it adequate? Have the guards been trained and exercised in threat response?
3.Is the security team provided by a reputable company?
4.Is there good liaison with local law enforcement?
5.Do the guard team staffing levels match the threats, or simply the occupant peak inflows/outflows?
6.Does the entire security “system” match your security risk analysis?
7.Is the property boundary commensurate with the assessed risk, and is it clearly demarcated?
8.Is there a comprehensive building emergency plan and a communications system? Is this shared with building occupants? Is there a practised (and compulsory) evacuation procedure? What life safety systems are in place? Are there sufficient emergency exits and is the assembly area safe?
9.Has the building been constructed to be resistant to catastrophic or progressive collapse in the event of an explosion? Are there potentially dangerous design features that could exacerbate blast enhancement?
10.Are there standard access control procedures for staff, visitors, service and maintenance personnel? Are they applied, are they complied with, and are they effective?
11.How easy is it to drive a suicide VBIED into the front vestibule?
12.How easy is it to leave a VBIED in the loading bay?
13.How effective are the vehicle and material delivery security procedures?
14.What is the exterior construction of the building? Does it pose a fragmentation hazard in the event of an explosion?
15.Where is the central security post? Would it be neutralised in the event of a frontal terrorist attack? Does it have ballistic protection?
16.Where are the critical building systems located?
17.Are the air intakes (HVAC) protected, or at least elevated away from easy access?
18.Does the building have strengthened glazing?
19.Do those responsible for security of individual occupying companies liaise? Is there a security committee? Are there weak links?
20.Is parking close to the building? Is it underground? Is there an exclusion zone close to the building for only pre-authorised or searched vehicles?
21.Is there fuel delivery and does this pose a threat?
22.Are the building security systems linked to an uninterruptable power supply?
23.What are the vehicle identification procedures? Do all vehicles require passes?
24.Who manages the CCTV system? Is the surveillance effective and is there a credible response? Are the images recorded and, if so, for how long are they retained?
25.What are the arrangements for intrusion detection and response?
26.What are the access control arrangements by day and night? What are the working patterns of other occupant companies? Do these cause security vulnerabilities?
27.Who has keys to what and how is key control managed?
28.What are the arrangements for cleaners? Is it compulsory to use the building owner’s cleaners, and if not, what security threats are posed by cleaners independently hired by other occupying companies?
29.Are the emergency exits secure and alarmed? Are they misused by smokers?
30.How accessible is the roof from adjacent structures?
31.Are roof apertures protected?
32.Are ground and first floor windows structurally protected against intrusion? Does this violate any life safety codes?
33.To what extent is the building (and its critical systems) redundant?
34.How effective is the standby power for security systems?
35.What are the emergency services response times?
36.Does the exterior design of the building allow for good surveillability (human and CCTV) by day and night, or are there blind spots and overgrown vegetation? Are the grounds well maintained or untidy? Is there sufficient illumination at night?
37.Is there appropriate signage to deter potential adversaries?
38.What have been the experiences of other tenants with the property owner?
39.How is the building constructed? If it is made up of pre-cast concrete or steel framed structures with open-web joists, it is likely to collapse if exposed to blast pressures.
40.What are the insurance arrangements? Who is responsible for reinstatement in the event of a serious security incident incurring building damage?
41.What are the procedures and is the security team is underperforming or performing inappropriately? Do buildings tenants have access to, in input into, the security procedures?
42.What provision is there for responses to a rise in the security operating level?
43.Can in-house intrusion detection technology be monitored by the site security team?
Monday, March 9, 2009
Security Experts Gather in South Africa
Fifteen security professionals from across Africa and representing industries as diverse as diamond mining, oil and gas, tobacco, banking, security services, and gold/copper mining have gathered in the mountain setting of Stellenbosch, South Africa, to begin a two-week Security Management Stage 1 Course, led by David Cresswell CPP PSP.
This is the first of a series of university-accredited courses planned for South Africa. Later in 2009 it is intended to hold Security Management Stage 2 in Stellenbosch.
Wednesday, March 4, 2009
Join Hundreds of Security Managers Worldwide in Achieving Recognition as a Competent Professional
Security Management Stage 1 (Postgraduate University Accredited)
“The course is EXCELLENT content & procedure wise. A MUST for the Security Manager.” Corporate Security Manager, Manufacturing Company
23 March – 3 April, UK
20-31 July, Kuala Lumpur
3-14 August, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
***
Security Management Stage 2 (Postgraduate University Accredited)
“The SM2 was challenging ….overall a very successful programme and highly recommended for security professionals..” Security Manager, Multinational Oil Company
29 June – 10 July, UK
12 – 23 October, UK
9-20 November, Kuala Lumpur
6-17 December, Qatar
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
***
Security Management Stage 3 (Postgraduate University Accredited)
“Excellent presentation of topics. Leant a lot, especially when focussing on the more strategic elements.” Security Manager, Logistics Company
11–22 May 2009, UK
7-18 September 2009, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
***
Security Surveying and Design
Learn how to survey on a practical course using a real site, and dispense with the expense of external surveyors! "The course has been really useful. I have not met such a professional (trainer) in security business before."
20-24 April 2009, UK
http://www.arc-tc.com/pages/other_accredited_sm.asp#s2
***
Security Coordination and Management
“Not only a learning experience, but one of the most enjoyable courses I’ve been on.”Company Fire Prevention & Security Manager, Manufacturer
30 March – 3 April 2009, Nigeria
28 September – 2 October 2009, UK
25-29 October 2009, Oman
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1b
***
Advanced Investigation Techniques
“It was a very interesting and useful training course.”
1-5 June 2009, UK
http://www.arc-tc.com/pages/accredited_investigation.asp#f2
For details on any ARC course, or to make a booking, contact Janet, and quote BLOG3 to qualify for a discount.
Many more courses can be found at http://www.arc-tc.com/
“The course is EXCELLENT content & procedure wise. A MUST for the Security Manager.” Corporate Security Manager, Manufacturing Company
23 March – 3 April, UK
20-31 July, Kuala Lumpur
3-14 August, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
***
Security Management Stage 2 (Postgraduate University Accredited)
“The SM2 was challenging ….overall a very successful programme and highly recommended for security professionals..” Security Manager, Multinational Oil Company
29 June – 10 July, UK
12 – 23 October, UK
9-20 November, Kuala Lumpur
6-17 December, Qatar
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
***
Security Management Stage 3 (Postgraduate University Accredited)
“Excellent presentation of topics. Leant a lot, especially when focussing on the more strategic elements.” Security Manager, Logistics Company
11–22 May 2009, UK
7-18 September 2009, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
***
Security Surveying and Design
Learn how to survey on a practical course using a real site, and dispense with the expense of external surveyors! "The course has been really useful. I have not met such a professional (trainer) in security business before."
20-24 April 2009, UK
http://www.arc-tc.com/pages/other_accredited_sm.asp#s2
***
Security Coordination and Management
“Not only a learning experience, but one of the most enjoyable courses I’ve been on.”Company Fire Prevention & Security Manager, Manufacturer
30 March – 3 April 2009, Nigeria
28 September – 2 October 2009, UK
25-29 October 2009, Oman
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1b
***
Advanced Investigation Techniques
“It was a very interesting and useful training course.”
1-5 June 2009, UK
http://www.arc-tc.com/pages/accredited_investigation.asp#f2
For details on any ARC course, or to make a booking, contact Janet, and quote BLOG3 to qualify for a discount.
Many more courses can be found at http://www.arc-tc.com/
ARC Training Expands to SE Asia with an Exciting Programme of Courses
ARC Training is pleased to announce that it will be offering the following courses in Kuala Lumpur in conjunction with its local representative Kavaq:
- Security Management Stage 1, 20-31 July 2009
- Managing Security Risks in the Oil and Gas Sector, 3-7 August 2009
- Security Management Stage 2, 9-20 November 2009
- Security Management Stage 3, 18-29 January 2010
Delegates can expect the same quality courses as delivered in the UK, with the same ARC trainers.
- Security Management Stage 1, 20-31 July 2009
- Managing Security Risks in the Oil and Gas Sector, 3-7 August 2009
- Security Management Stage 2, 9-20 November 2009
- Security Management Stage 3, 18-29 January 2010
Delegates can expect the same quality courses as delivered in the UK, with the same ARC trainers.
Sunday, March 1, 2009
Cellphone Standardisation Will Significantly Increase Risks to Company Data
Three facts:
1. Most companies do not control which peripherals can be successfully connected to the USB ports of computers and laptops, despite software to perform this function being readily available.
2. Plugging a USB flash drive into a company computer’s port is one of the easiest ways to steal data; there is virtually no crime scene and the flash drive can be encrypted so as to make the evidence literally irretrievable.
3. In surveys about workplace data theft, employees consistently admit to copying sensitive company information for personal purposes (future employment elsewhere).
Data theft is one area in which, in the majority of cases, the threats are significantly greater than the countermeasures, and where companies are negligent in discharging their duty to protect this most essential asset.
With employees seemingly free to walk in and out of the workplace with personal flash drives, and precious few controls to stop them from using the drives for nefarious purposes, the situation is about to get a whole degree worse.
The GSM Association, the lead body of the mobile phone industry, has announced that by 2012 the majority of phones shipped around the world will use a universal mini-USB charger, the implications of which will be:
1. All employees will be walking around with devices that connect directly to company computers.
2. Employees will be tempted to charge their phones directly from desktop computers and laptops.
3. Data theft will be achieved by a simple sliding of the mouse between folders.
What’s more, in three years time many of us could be carrying our mobile phone on our wrists, in the form of a GSM wristwatch.
1. Most companies do not control which peripherals can be successfully connected to the USB ports of computers and laptops, despite software to perform this function being readily available.
2. Plugging a USB flash drive into a company computer’s port is one of the easiest ways to steal data; there is virtually no crime scene and the flash drive can be encrypted so as to make the evidence literally irretrievable.
3. In surveys about workplace data theft, employees consistently admit to copying sensitive company information for personal purposes (future employment elsewhere).
Data theft is one area in which, in the majority of cases, the threats are significantly greater than the countermeasures, and where companies are negligent in discharging their duty to protect this most essential asset.
With employees seemingly free to walk in and out of the workplace with personal flash drives, and precious few controls to stop them from using the drives for nefarious purposes, the situation is about to get a whole degree worse.
The GSM Association, the lead body of the mobile phone industry, has announced that by 2012 the majority of phones shipped around the world will use a universal mini-USB charger, the implications of which will be:
1. All employees will be walking around with devices that connect directly to company computers.
2. Employees will be tempted to charge their phones directly from desktop computers and laptops.
3. Data theft will be achieved by a simple sliding of the mouse between folders.
What’s more, in three years time many of us could be carrying our mobile phone on our wrists, in the form of a GSM wristwatch.
Tuesday, February 24, 2009
Pandemic Resources
Using temperature scanners in airports to try to identify and block entry of sick travellers during a disease outbreak is unlikely to achieve the desired goal, a report by French public health officials suggests.
Their analysis, based on a review of studies on temperature screening efforts like those instituted during the 2003 SARS outbreak, says the programs may be of limited use in the early days of a flu pandemic, when governments might be tempted to order screening of incoming travellers to try to delay introduction of the illness within their borders.
For a wealth of resources on Avian Flu and Pandemics, go to the ASIS Pandemic Toolkit, which can be accessed from the following link:
http://www.arc-tc.com/pages/resources_publications.asp#P
Sunday, February 22, 2009
World Oil Transit Chokepoints
World oil transit chokepoints are a critical part of global energy security. In 2007global seaborne oil trade was approximately 43 million barrels per day or about half of world oil production.
Click on the link below for a useful US Government site on oil transit chokepoint:
http://www.eia.doe.gov/cabs/World_Oil_Transit_Chokepoints/Background.html
The new Managing Security in the Oil and Gas Sector, 24-28 August 2009, covers many of the security issues surrounding oil security. Drawing on case studies from around the world, it addresses some of the more complex risks associated with oil and gas operations in various environments and includes many practical exercises.
The full list of topics can be found at:
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1
Click on the link below for a useful US Government site on oil transit chokepoint:
http://www.eia.doe.gov/cabs/World_Oil_Transit_Chokepoints/Background.html
The new Managing Security in the Oil and Gas Sector, 24-28 August 2009, covers many of the security issues surrounding oil security. Drawing on case studies from around the world, it addresses some of the more complex risks associated with oil and gas operations in various environments and includes many practical exercises.
The full list of topics can be found at:
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1
Keeping Track of Maritime Piracy
Stories of piracy in the Gulf of Aden are almost a daily occurrence; and last week there was a resurgence of piracy in the Malacca Straits, through which a substantial percentage of the world’s oil flows.
A useful site to keep track on piracy events is provided by Lloyds. Click on the following tab and you will find the latest Piracy News stories listed on the right:
http://www.lloydslist.com/ll/news/malacca-strait-pirates-capture-tug-crew/20017620560.htm
A useful site to keep track on piracy events is provided by Lloyds. Click on the following tab and you will find the latest Piracy News stories listed on the right:
http://www.lloydslist.com/ll/news/malacca-strait-pirates-capture-tug-crew/20017620560.htm
Friday, February 20, 2009
India Hotel Attackers Had 320 Worldwide Targets – The Guardian
The plotters behind the Mumbai attack, which left more than 170 people dead, had placed India’s financial capital on a list of 320 worldwide locations as potential targets for commando-style terror strikes, the UK newspaper The Guardian has learned.
It suggests that Lashkar-e-Taiba, the outlawed terror group that planned much of the attack from Pakistan, had ambitions well beyond causing mayhem in India.
According to the newspaper Western intelligence agencies have accessed the computer and email account of Lashkar's communications chief, Zarar Shah, and found a list of possible targets, only 20 of which were in India.
For more, read:
http://www.guardian.co.uk/world/2009/feb/19/mumbai-attacks-list-targets
It suggests that Lashkar-e-Taiba, the outlawed terror group that planned much of the attack from Pakistan, had ambitions well beyond causing mayhem in India.
According to the newspaper Western intelligence agencies have accessed the computer and email account of Lashkar's communications chief, Zarar Shah, and found a list of possible targets, only 20 of which were in India.
For more, read:
http://www.guardian.co.uk/world/2009/feb/19/mumbai-attacks-list-targets
Banks again become the Target of Terrorists - AQ Urges Use of Explosive Gas Bombs
This week Greek police defused a car bomb that was left outside the offices of a leading US-based international bank, in a suburb of the capital, Athens.
Police described the device as "powerful", adding that it consisted of explosives packed into gas cylinders and linked to a timer. A security guard at the bank apparently alerted the police after seeing three people park the car next to the building and then make off. No warning was given. A new and possibly more dangerous generation of Greek extremists is escalating attacks against police and symbols of capitalism.
Gas-bottle bombs have long been a favourite of domestic terrorists in Greece, and were also used by Islamist extremists in 2007 in the UK in their foiled attacks in London and Glasgow Airport. Recently, according to CBS News, a member of a militant Islamist Internet forum who uses the name Abul Baraa al Masri, posted information about an easy and cheap alternative to the usual car bomb commonly used by militants in Afghanistan and other places. Al Masri, who is very active in the military sections of the Internet forum, explained that the bomb consists of a well-sealed tanker to be filled with a mix of 25% Gas and 75% Oxygen and a detonator.
The Protection against Explosive Devices is a full-day subject on the forthcoming Security Management Stage 1 Course. Forthcoming courses are:
South Africa: 9-20 March 2009. Click here for details.
UK: 23 March - 3 April 2009. Click here for details.
Police described the device as "powerful", adding that it consisted of explosives packed into gas cylinders and linked to a timer. A security guard at the bank apparently alerted the police after seeing three people park the car next to the building and then make off. No warning was given. A new and possibly more dangerous generation of Greek extremists is escalating attacks against police and symbols of capitalism.
Gas-bottle bombs have long been a favourite of domestic terrorists in Greece, and were also used by Islamist extremists in 2007 in the UK in their foiled attacks in London and Glasgow Airport. Recently, according to CBS News, a member of a militant Islamist Internet forum who uses the name Abul Baraa al Masri, posted information about an easy and cheap alternative to the usual car bomb commonly used by militants in Afghanistan and other places. Al Masri, who is very active in the military sections of the Internet forum, explained that the bomb consists of a well-sealed tanker to be filled with a mix of 25% Gas and 75% Oxygen and a detonator.
The Protection against Explosive Devices is a full-day subject on the forthcoming Security Management Stage 1 Course. Forthcoming courses are:
South Africa: 9-20 March 2009. Click here for details.
UK: 23 March - 3 April 2009. Click here for details.
Al-Qaeda Kidnap Risk in North / West Africa
According to media, Al-Qaeda's North Africa network (al-Qaeda of the Islamic Maghreb) has now claimed responsibility for the abduction last December of two Canadian diplomats, one of them a United Nations envoy, and more recently, four European tourists in Niger, al-Jazeera television reported. "We are happy to bring our Islamic nation the good news of the mujahedeen’s success in carrying out two quality operations in Niger," the group's spokesperson said in an audio tape aired on the pan-Arab channel this week. "[The Mujahedeen] reserves the right to deal with the six captives under Islamic sharia [law]."
Kindap Risk Reduction and Response is a full-day module on the forthcoming Security Management Stage 3 Course in the UK, 11-22 May 2009. For details, click on:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
Kindap Risk Reduction and Response is a full-day module on the forthcoming Security Management Stage 3 Course in the UK, 11-22 May 2009. For details, click on:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
Information Theft in Asia
One of the topics covered by delegates attending the recent Security Management Stage 3 Course in Kuala Lumpur, Malaysia, was Investigating Information Leaks and Information Theft.
Although not considered to be a “high profile” crime in SE Asia, the extent of information theft in the region is high, with employees routinely copying business information onto personal flash drives for future personal use, and problem is set to become worse as employees fear job insecurity, and organisations continue to fail to plug this major exposure.
The group identified the following as potential information theft adversaries and tactics:
- Moles ([planted agents, informants, and those who are leaking information under duress)
- Buggists (possibly contract workers such as guards and cleaners)
- Physical keystroke logger planters (possibly contract workers such as guards and cleaners)
- Social engineering (tricking unwary individuals into disclosure)
- Bin raiding (searching through an organisation’s trash
- Access to sensitive information by third party contractors or JV partners
- Employees (especially those anticipating leaving)
If you have a regional / overseas training requirement you would like to discuss with ARC, please contact David.
Although not considered to be a “high profile” crime in SE Asia, the extent of information theft in the region is high, with employees routinely copying business information onto personal flash drives for future personal use, and problem is set to become worse as employees fear job insecurity, and organisations continue to fail to plug this major exposure.
The group identified the following as potential information theft adversaries and tactics:
- Moles ([planted agents, informants, and those who are leaking information under duress)
- Buggists (possibly contract workers such as guards and cleaners)
- Physical keystroke logger planters (possibly contract workers such as guards and cleaners)
- Social engineering (tricking unwary individuals into disclosure)
- Bin raiding (searching through an organisation’s trash
- Access to sensitive information by third party contractors or JV partners
- Employees (especially those anticipating leaving)
If you have a regional / overseas training requirement you would like to discuss with ARC, please contact David.
Sunday, February 15, 2009
British Personal Data Protection Standard Is Published
Source: Out-Law.com
A set of instructions on how organisations can stay within the Data Protection Act (DPA) while storing personal information has been published by British Standards (BSI).
National standards body the BSI wants its instructions to become a standard and has asked for comments on a published draft. It wants the eventual standard to help organisations to store personal information legally.
"This standard is the first of its kind in the area of Data Protection and is expected to be used widely by both public and private sector organizations," said Gordon Wanless, chairman of BSI's data protection forum.
A set of instructions on how organisations can stay within the Data Protection Act (DPA) while storing personal information has been published by British Standards (BSI).
National standards body the BSI wants its instructions to become a standard and has asked for comments on a published draft. It wants the eventual standard to help organisations to store personal information legally.
"This standard is the first of its kind in the area of Data Protection and is expected to be used widely by both public and private sector organizations," said Gordon Wanless, chairman of BSI's data protection forum.
Saturday, February 14, 2009
Preventing 3rd Parties from Stealing your Most Sensitive Information
One of the topics under discussion at this week’s Security Management Stage 3 Course, in Kuala Lumpur, Malaysia, has been how to protect sensitive company information against exfiltration (or theft by 3rd parties, including contractors.
The US Government has long recognised that groups such as cn-site contract workers pose a significant threat to information such as that relating to processes and R&D.
The UK’s Centre for the Protection of National Infrastructure has useful guidance at the following link on how to manage this problem, including how to tread a “safe” course through the legal minefield. This can be found at:
http://www.cpni.gov.uk/WhatsNew/3692.aspx
Designed to help you formulate security management policy at regional or corporate level,the next Security Management Stage 3 Course will be held in the UK during the period 11-22 May 2009; details can be found at:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
The US Government has long recognised that groups such as cn-site contract workers pose a significant threat to information such as that relating to processes and R&D.
The UK’s Centre for the Protection of National Infrastructure has useful guidance at the following link on how to manage this problem, including how to tread a “safe” course through the legal minefield. This can be found at:
http://www.cpni.gov.uk/WhatsNew/3692.aspx
Designed to help you formulate security management policy at regional or corporate level,the next Security Management Stage 3 Course will be held in the UK during the period 11-22 May 2009; details can be found at:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
Thursday, February 12, 2009
Security Professionals Storm Ahead
Meanwhile, Security Professionals from several countries are currently undergoing Security Management Stage 2 in the UK. Against a background of unusually cold and wet weather in the middle of the European winter, the delegates are considering, arguing and debating some challenging and thought provoking subject matter, including emerging security technologies and the convergence of IT and Physical Security. Extolling the virtues of disussing issues in depth, one of the delegates expressed the view that such an approach is critical to expanding ability and confidence in security professionals.
Wednesday, February 11, 2009
Asian Security Managers Develop their Strategic Skills
The postgraduate university-accredited Security Management Stage 3 Course, currently taking place in the centre of cosmopolitan Kuala Lumpur, Malaysia, is a two-week advanced security management programme looking at how security management integrates with business management at strategic level, and examines ways in which the security manager can increase his/her overall contribution to the organisation.
One of the sessions on day 2 of the course addressed the issue of Corporate Social Responsibility (CSR), and the proactive effect that this can have on security risk mitigation, especially in the extractive sector. CSR is about creating sustainability and improvement to the local environment (social, economic, healthcare and sanitation, education, etc), especially in areas where the corporate footprint is significant and where government-funded infrastructure may be very basic. In such environments, companies that don’t take account of their local footprint, and which don’t become a driver for local improvement, often suffer increased security incidents.
In community engagement in particular, it is often the security manager who is the best-known community local company point of contact, so an understanding of CSR is essential. In fact, a CEO of a major oil and gas national company, addressing an ARC course last year, declared that CSR and security management were “two sides of the same coin”.
One delegate’s company has a simple rule when it comes to CSR: “energy received, energy returned; aspiring people everywhere.” Not surprisingly, the company is a rapidly globally expanding standard bearer in the energy sector.
The course includes security managers from Africa and Asia, from a wide range of sectors including security systems integration, manufacturing, solar power and a multinational cement company. Three of the security managers are CPP certified, and are using the course to earn their full term of recertification credits! Others are using the course as a part of their MSc studies.
The next Security Management Stage 3 Course takes place in the UK, 11-22 May 2009. Click here for details.
Thursday, February 5, 2009
State Intrusion - Too Much Security?
Nation-states and their constituents face a bewildering array of threats, both natural and malicious, with a wide range of risks to national security. The state has a duty to protect its citizens in the face of such threats; however, in the face of serious and growing concerns about the legitimate rights of governments to impinge upon personal privacy, governments must work hard in their attempts to justify intrusions. This has been again highlighted by the UK’s House of Lords, who have challenged the Government’s use of DNA, CCTV and planned interception of communications as an intrusion too far. Use this link http://news.bbc.co.uk/mobile/bbc_news/top_stories/787/78724/story7872425.shtml for an article from BBC News.
Wednesday, February 4, 2009
Emerging Risks – Are You Prepared?
Risks don’t stay the same for ever – they change, mutate and migrate. The World Economic Forum recognises this fact and produces annually a report covering assessed Global Risks. This year’s areas of concern are grouped as follows:1. Economic
2. Geopolitical
3. Environmental
4. Societal
5. Technological
Whilst you may think that you have assessed all of the risks to your organisation, this report may give you some food for thought about those which you may have missed. You can download a copy here http://www.arc-tc.com/pages/documents/2009.pdf
ARC’s Security Management Courses and Risk workshops cover risks in terms of the holistic threats to business rather than simply in terms of criminolgy and asset protection and there is no doubt, as the WEF Report indicates – that the range and types of global risks are difficult to predict. If you want to learn more – contact Janet
Maritime Security - Piracy Focus
Recent extensive media coverage of events on the high seas has shown that maritime piracy remains a prevalent threat in some areas. An excellent report by the ICC International Maritime Bureau has assessed the instances locations and methods of piracy attacks for 2008 and provides a good overview of the issues worldwide. It is worth noting its contents – because if any of your business, or that of your suppliers, passes through the locations detailed in the report – then they are potentially at risk. You can access the report here via the ARC Website.
Tuesday, February 3, 2009
Employees File Sharing? You Could Be Held Responsible!
Lots of people file share - it is illegal in many cases and breaches copyrights worldwide. Those who conduct such activities often think that they will not be detected and even use their employer’s IT systems to share files. The UK Government is taking a new approach which will force Internet Service Providers to disconnect repeated file sharers and to enable legal action. If file sharers are using your systems then there is a risk that you will be disconnected or even sued – both of which will expose your business to unacceptable risk. Follow the link to an internet report on this issue: File Share
Thursday, January 29, 2009
Achieving Recognition as a Competent Security Manager
Security Management Stage 1 (Postgraduate University Accredited)
“The course is EXCELLENT content & procedure wise. A MUST for the Security Manager.” Corporate Security Manager, Manufacturing Company
9 – 20 March, Cape Town
23 March – 3 April, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
***
Security Management Stage 2 (Postgraduate University Accredited)
“The SM2 was challenging ….overall a very successful programme and highly recommended for security professionals..” Security Manager, Multinational Oil Company
10 – 20 February, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
***
Security Management Stage 3 (Postgraduate University Accredited)
“Excellent presentation of topics. Leant a lot, especially when focussing on the more strategic elements.” Security Manager, Logistics Company
9 – 20 February, Kuala Lumpur (Discounted Fee)
11 – 22 May, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
***
Security Coordination and Management
“Not only a learning experience, but one of the most enjoyable courses I’ve been on.”Company Fire Prevention & Security Manager, Manufacturer
23 – 27 February
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1b
***
Investigating and Interviewing Skills
“An excellent course, that met my needs very well….. that is, to have sufficient understanding to conduct investigations, and to commission investigations by another party.”
2 – 5 March 2009
http://www.arc-tc.com/pages/accredited_investigation.asp#f1
For details on any ARC course, or to make a booking, contact Janet.
If you book a UK course before 31 January you will be entitled to a 10% discount.
Many more courses can be found at http://www.arc-tc.com/
Monday, January 26, 2009
Can You Be Sued for not Having Adequate Security?
The general assumption would be no, unless there is a statutory or legal requirement to do so. But lawyers representing the parents of a young man shot dead as he was closing a restaurant at a US retail and leisure complex last year think differently. They have filed a lawsuit alleging security negligence against the complex's owners. The complex, for its part, has responded with plans to upgrade its cameras to provide facial recording and number plate recognition.
This case raises some interesting issues for security professionals. Was the complex prior to the incident the subject of a security review, and was this carried out by a qualified (certified) security professional. The security profession is awash with individuals offering such services, but precious few are formally qualified to do this work.
In the case of litigation, where does the buck stop? With an establishment that contracts in an unqualified consultant to carry out a security review? Or with the consultant himself, or herself, in promoting professional services without professional certification?
In the UK, many leading security consultancy companies have foreseen this litigation exposure, and are busy getting their consultants professionally credentialed by undertaking either the ASIS CPP or PSP certification. For more information on how to certify as a security professional, contact David.
Sunday, January 25, 2009
Should IT Take over Physical Security?
As convergence drives CCTV to be not only multi-functional (delivering dynamic return on investment) but also IP-based, the debate is heating up over who should be leading on new CCTV projects. Can the traditional hegemony of the security manager over all things CCTV - and all things physical security - be taken for granted, or should IT now lead on such projects? CCTV expert John Hononvich suggests that IT leadership may be a “when” and not “if”. And what then will be the implications for the traditional security manager as other IP-based physical security technologies emgerge (and converge!)
Read the online debate here and be prepared for some interesting viewpoints!
http://ipvideomarket.info/report/should_it_take_over_physical_security
Terrorism, Radicalisation and the Internet
Download the Chatham House report here:http://www.chathamhouse.org.uk/publications/papers/view/-/id/656/
Recording Your Every Word.......
A visitor to the US Consumer Electronics Show (CES) this year reported that a number of booth personnel were wearing cameras on their chests that recorded video & audio of every person they talked to the entire day. The cameras had enough quality to pick up the names on the badges of the people they talked with. According to one booth occupant, the camera allowed him to focus on talking with the person and not wasting time getting his/her badge information.
Will we see this trend at security exhibitions? Will we even be able to detect the tiny buttonhole cameras? Should we lobby organisers of security exhibitions not to allow this potential threat to confidentiality?
Will we see this trend at security exhibitions? Will we even be able to detect the tiny buttonhole cameras? Should we lobby organisers of security exhibitions not to allow this potential threat to confidentiality?
Technology Focus: IP-Based Voice Communications
Security managers face an increasingly complex technological landscape in which a detailed technical knowledge is becoming ever more important to making sound decisions about the purchase of security equipment. Convergence and dynamic return on investment are key considerations.
One area that is increasing in complexity is that of the introduction of IP (internet protocol). Many security managers are now aware that return on investment for new IP CCTV systems can be achieved dynamically - and rapidly - by installing in parallel a business-wide voice over IP telephony system. The ROI is achieved by savings in telephony call charges.
VoIP telephony (replacing traditional packet-switched telephony with new IP-based telephony) is one application of this new technology, but VoIP extends far beyond telephony. Now, portable hand radios are becoming IP-based, in part or in whole, making it necessary for managers of security teams to make difficult purchasing decisions based often on a rudimentary understanding of the technology.
A recent article in Police Chief magazine, written by Motorola, goes some way to explaining the options available. See: http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=1634&issue_id=102008
Convergence and IP-based security systems are one of many subjects covered in the new Specifying Security Technology Course, 13-17 July 2009. For details go to: http://www.arc-tc.com/pages/other_accredited_sm.asp#s4 . The course will also be held in Dubai, 31 May – 4 June. Contact Janet for details.
Friday, January 23, 2009
Glossary of Crime Terms and Phrases
No guide to crime would be complete without definitions for all the terminology associated with all aspects of criminal activity, including statistics, descriptions of offences, punishments, the judiciary process, sentencing, law enforcement information and crime reduction strategies.
Here you'll find a complete A to Z of all the jargon you may come across when dealing with the subject, from phrases like "Absolute Discharge" to terms such as "Zombie", along with everything in between.
Click on:
Wednesday, January 21, 2009
JI Trial Reveals Plans to Attack Singapore Airport
Mohammed Hassan, a Singaporean Jemaah Islamiyah (JI) member, has admitted during his trial in Jakarta that he had planned to hijack an aircraft in Bangkok and crash it into Singapore’s Changi Airport, according to global risk specialists Stirling Assynt. The scheme was, however, abandoned six years ago when Thai security agencies discovered it. Although by no means an indicator of current tactics, the admission nonetheless illustrates JI’s ambition to emulate the spectacular attacks of al-Qaeda.Critical infrastructure nodes, especially those associated with transportation, remain a favourite terrorist target due to obvious spectacluar and disruptive consequences of an attack. The protection of critical infrastructure is addressed in the new ARC Training Course, Protecting Critical Infrastructure, 17-21 August 2009. For details go to: http://www.arc-tc.com/pages/other_accredited_sm.asp#s5
Kidnap Focus - SE Asia
Three International Committee of the Red Cross (ICRC) workers - a Filipino, a Swiss and an Italian national - were kidnapped by the Abu Sayyaf Group in Jolo, in the southern archipelago on 13 January,according to global risk consultants Stirling Assynt. The authorities are investigating whether their abduction was linked to the escape of thirteen inmates, including some ASG members, from a prison in Sulu on the same day.
Kidnap Risk Reduction and Response forms part of the postgraduate university-accredited Security Management Stage 3 Course, which takes place as follows:
Malaysia, 10-20 February
UK, 11-22 May
Contact Janet for more information.
Kidnap Risk Reduction and Response forms part of the postgraduate university-accredited Security Management Stage 3 Course, which takes place as follows:
Malaysia, 10-20 February
UK, 11-22 May
Contact Janet for more information.
Security Managers Start the New Year Running
ARC has welcomed a new group of security professionals to our rapidly growing family through their attendance on our Security Management Stage 1 Course, currently taking place in Bahrain. This, the first such course of 2009, involves security managers from a range of disciplines and business sectors who are either looking to improve their current ability or to start along the path of academic and security credibility by earning their MSc.The delegates, from critical national infrastructure, finance, oil and gas, transportation and security operations sectors have been discussing the importance of risk analysis as an underpinning security principle and through their deep involvement in the course project, ‘Sumatran Tiger’, are exploring the multiple facets of security management and planning.
The group is attacking the course content with relish and Phil is looking forward to an excellent performance in the project and to presenting the delegates with their course certificates which will demonstrate their commitment and professionalism in a rapidly changing security environment.
Dates for forthcoming Security Management Stage 1 courses are:
South Africa, 9-20 March 2009
http://www.arc-tc.com/pages/reg_train.asp
UK, 23 March – 3 April 2009
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
Contact Janet for details.
OSAC and the Terrorism Risk for US Business
Source: Security Director
Terrorism loomed as one of the top security concerns of 2008 for U.S. businesses, nongovernmental organizations and academic institutions operating overseas, according to private sector constituents of the Overseas Security Advisory Council. Terrorist attack against the United States and other Western interests in northern Africa, the Arabian peninsula, Afghanistan, Pakistan and Turkey have targeted not only U.S. government facilities and personnel, but in some cases U.S.-based businesses and non-governmental organizations, said Todd Brown, OSAC executive director and U.S. State Department Bureau of Diplomatic Security special agent.
For more go to: http://www.securitydirectornews.com/article/sd200901iBqTLT/OSAC:%20Terrorism%20main%20risk%20for%20private%20sector%20in%202008
Terrorism loomed as one of the top security concerns of 2008 for U.S. businesses, nongovernmental organizations and academic institutions operating overseas, according to private sector constituents of the Overseas Security Advisory Council. Terrorist attack against the United States and other Western interests in northern Africa, the Arabian peninsula, Afghanistan, Pakistan and Turkey have targeted not only U.S. government facilities and personnel, but in some cases U.S.-based businesses and non-governmental organizations, said Todd Brown, OSAC executive director and U.S. State Department Bureau of Diplomatic Security special agent.
For more go to: http://www.securitydirectornews.com/article/sd200901iBqTLT/OSAC:%20Terrorism%20main%20risk%20for%20private%20sector%20in%202008
Tuesday, January 20, 2009
Terrorism Monitor
A number of informative publications can be accessed free at the site of the US-based Jamestown Foundation:
http://www.jamestown.org/programs/gta/
Monday, January 19, 2009
Business Continuity: US Homeland Security Says Country Not Prepared for Pandemic Flu
The US Committee on Homeland Security released a majority staff report examining the nation’s state of preparedness and response capabilities in the event of a pandemic influenza outbreak. The report identifies current weaknesses and provides recommendations for what Congress, the incoming administration and the public and private sectors can do to achieve national readiness to combat this threat.
For more:
http://ehstoday.com/health/news/nation_not_ready_pandemic_flu_2244/
For more:
http://ehstoday.com/health/news/nation_not_ready_pandemic_flu_2244/
Sunday, January 18, 2009
Free-to-Download Security Management Resources
Sign up for free-to-download security management resources at:
http://www.arc-tc.com/extranet/login.asp
http://www.arc-tc.com/extranet/login.asp
Excellent Reports and Views on Terrorism from LLoyds
An excellent collection of reports on terrorism and business can be downloaded from:
http://www.lloyds.com/News_Centre/360_risk_project/The_debate_on_terrorism_and_political_risk/Reports_and_views_on_terrorism.htm
http://www.lloyds.com/News_Centre/360_risk_project/The_debate_on_terrorism_and_political_risk/Reports_and_views_on_terrorism.htm
What Makes a Cyber Criminal?
Cyber crime - internet banking and credit card fraud - is now the fastest growing sector of global organised crime, increasing at a rate of about 40% per year. With Brazil thought to have by far the largest number of cyber criminals, Misha Glenny, reporting for the BBC World Service's How Crime Took On The World, went to meet some of those trying to profit from the $100bn (£51bn) industry.
Read on here:
http://news.bbc.co.uk/1/hi/world/americas/7403472.stm
Read on here:
http://news.bbc.co.uk/1/hi/world/americas/7403472.stm
Friday, January 16, 2009
Biometrics Identification System News
First introduced about 15 years ago, biometrics systems are now rapidly being introduced as a means of identification and access control. As with the phenomenal expansion of CCTV, privacy concerns are being swept aside as the need for foolproof identity recognition systems becomes absolute. For the latest news on biometrics visit http://www.prosecurityzone.com/Customisation/News/Biometrics/
Biometrics is one of many subjects covered on the university-accredited Security Management Stage 1 Course, which has been attended by hundreds of security managers from literally all over the world.
Forthcoming Security Management Stage 1 dates include:
UK, 23 March – 3 April http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
South Africa, 9 – 20 March http://www.arc-tc.com/pages/reg_train.asp
For more information, contact Janet.
New Police Unit to Tackle Metal Theft
The UK Government has announced the setting up of a pilot specialist police unit to tackle the problem of scrap metal theft, which has increased by about 150% in the last two years and cost the UK around £360m.
London Train Passengers to Be Searched?
Passengers who buy a London train or tube ticket would automatically be giving their consent to be searched for knives and other weapons, under proposals now under consideration, according to the Guardian Unlimited. For the full story go to: http://www.guardian.co.uk/uk/2009/jan/13/knife-crime-police-gang-violence
Tuesday, January 13, 2009
Developing Your Security Management Skills
Security Management Stage 1 (Postgraduate University Accredited)
“The course is EXCELLENT content & procedure wise. A MUST for the Security Manager.” Corporate Security Manager, Manufacturing Company
18 – 29 January, Bahrain
9 – 20 March, Cape Town
23 March – 3 April, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
***
Security Management Stage 2 (Postgraduate University Accredited)
“The SM2 was challenging ….overall a very successful programme and highly recommended for security professionals..” Security Manager, Multinational Oil Company
9 – 20 February, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
***
Security Management Stage 3 (Postgraduate University Accredited)
“Excellent presentation of topics. Leant a lot, especially when focussing on the more strategic elements.” Security Manager, Logistics Company
9 – 20 February, Kuala Lumpur
11 – 22 May, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
***
Security Coordination and Management
“Not only a learning experience, but one of the most enjoyable courses I’ve been on.”Company Fire Prevention & Security Manager, Manufacturer
23 – 27 February
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1b
***
Retail and Supply Chain Security Management
New Course - Conducted by Barry Vincent MSc, MA and Mike Goodman MSc - former heads of security with leading international retailers and specialists in supply chain and distribution
27 – 29 January
http://www.arc-tc.com/pages/other_accredited_sm.asp#s6
***
For details on any ARC course, or to make a booking, contact Janet.
Many more courses can be found at www.arc-tc.com
Retail Security Focus
Worsening economic conditions and job insecurity will undoubtedly lead to an increase in employee-perpetrated thefts in the retail sector. The ARC Retail and Supply Chain Security Management Course, 27-29 January 2009, aims to teach you the following:
- How to appreciate the key competencies required for security management in the retail sector
- To carry out security risk assessments appropriate to the retail sector
- To evaluate the importance of shrinkage and the impact that this has on the business
- To apply an analytical approach to inventory management
- To set KPIs and measure the effectiveness of security measures
- To explain in detail how theft and fraud affect their respective organisations
- To carry out a security review of their respective supply chains to ascertain vulnerabilities and exposures
- To develop appropriate approaches to mitigate risks, while demonstrating sensitivity to individual business cultures
- To appreciate how the law influences the application of security measures and responses
- To conduct a tender process and identify manned guarding and security service/product needs
- To write a business security plan
Delivered by two of the foremost retail security experts in the UK, both former senior managers with leading UK retailers, this three-day programme is sure to stimulate thought!
Contact Janet for more information.
Subscribe to:
Posts (Atom)