Thursday, June 7, 2007

Building Security - An Architect's Guide

A little old, but still some very useful advice, for example:

"Waiting until the last stages of the design process to begin thinking about security system requirements can spell trouble for budgets and construction schedules, and is a sure way to guarantee that the system installed will be less than optimal.

Without attempting to make a complete list of the security-related issues architects should be aware of at the outset of a design, let us mention several of the most important. First, effective security is always an interplay of three elements: natural and architectural barriers, including anything from landscaping strategies that discourage access, to the number, location, size, and type of doors and windows; human security, including the protection provided by guards and other personnel; and electronic security, provided by any one of the array of systems now available.......... "
Read on at:



Posted by at

"Protect - Detect - React"

When next preparing security policies it may be worth paying a visit to the website of the New Zealand “Security in the Government Sector” for some basic hints on what to include.

Primarily focused on government sector security, the site nevertheless has some useful pointers to essential security considerations, especially, but not exclusively, those to do with information and personnel security.

The site can be found at:

http://www.security.govt.nz/sigs/html/index.html

ARC Training is pleased to announce that it has established a Security Consultancy Services division to assist you in writing policies and procedures, carrying out security surveys, security risk analyses, security vulnerability assessments etc. Contact David for details.
Posted by at

40% of Companies Don't Monitor Their Databases, Survey Reveals

Despite all the data losses that are filling the headlines and leaving hundreds of thousands of people exposed to identity theft, 40% of companies don't monitor their databases for suspicious activity, according to a study released this week.

And it's not that IT managers don't realize how sensitive the information in these databases really is. Seventy-eight percent of those polled said their databases are either critical or important to their business, with customer data most commonly contained within them.

In an increasingly precarious balancing act, IT professionals said their companies are caught between trying to protect data from misuse by external and internal threats, while at the same time giving greater access to the same data in order to drive business initiatives.


The full article can be accessed at:


Posted by at

And Staying on the Subject of the Police.......

A Northern Ireland police station which was targeted by burglars had been left with its windows open and its alarm switched off, it has emerged. The station in Ballynahinch, County Down, was broken into last month. Assistant Chief Constable Duncan McCausland told the Policing Board officers went on patrol and forgot to lock up properly.

Northern Ireland Assembly member Alex Maskey wondered if perhaps "the 20 unopened bottles of milk" on the doorstep had tipped off the burglars"!
Posted by at

It's a Funny Old World!

Extra police officers are to patrol the streets of Brighton on nights when there is a full moon. It follows research by the Sussex police force which concluded there was a rise in violent incidents when the moon was full - and also on paydays.

Inspector Parr of Sussex Police told the BBC: "From my experience, over 19 years of being a police officer, undoubtedly on full moons, we do seem to get people with, sort of, stranger behaviour - more fractious, argumentative.
The legend that people can become violent, or even turn into werewolves, can be traced back to ancient times.

Follow the following link to the full story:



Posted by at

Friday, June 1, 2007

Physical Security Alone Isn't Sufficient to Protect You against Sabotage, Warns MI5

SCADA (Supervisory Control and Data Acquisition) is the term given to IT systems which control essential processes such as electric power generation, transmission and distribution, water management systems, mass transit systems, manufacturing systems, oil and gas sector manufacturing and pipeline processes, supply chain management and logistics network management etc.

SCADA systems are vulnerable to hacking, misoperative and sabotage (eg loss of containment) attacks, both by criminals and terrorists. Alarmingly, many delegates attending security management courses at ARC Training are not aware of the term SCADA, let alone the inherent vulnerabilities of SCADA. This in indicative of a lack of liaison between those responsible for IT security on the one hand and physical/operational security on the other.

According to MI5’s Centre for the Protection of National Infrastructure, threats to such IT-based systems continue to escalate and the fact that many systems are remotely supported by vendors increases their exposure to hacking and virus attacks. MI5 concludes that there may be insufficient security measures to keep such systems safe.

For further information navigate to:

http://www.cpni.gov.uk/ProtectingYourAssets/ElectronicSecurity/scada.aspx

For additional information on how to protect SCADA systems contact David.
Posted by at

Many Corporate Wi-Fi Networks Still at Risk from Hacking - ARC Publishes New Handout on IT Security

One year ago almost 40% of wi-fi networks in London’s business districts were operating without encryption, according to Kaspersky Lab - a developer of secure content management solutions - in its latest wireless security report. Since then the situation has been gradually improving. This year the survey has indicated:

- 31% of wireless networks in London as a whole are failing to encrypt traffic.

- 35% of wireless networks in Canary Wharf are failing to encrypt traffic.

The report drew particular attention to the unsatisfactory situation in Canary Wharf, which is home to many companies high on hackers’ targeting lists.

The full report can be found on:

http://www.viruslist.com/en/analysis?pubid=204791945

The vulnerabilities of wi-fi networks are just one of the topics covered in ARC Training’s Information and IT Security Workshop, which is held three times a year or on-site, by request.

For delegates who have attended Security Management Stage 1, or SMAP, a new IT Security Handout is now available on request.
Posted by at
Subscribe to: Posts (Atom)