Thursday, September 4, 2008
If You Want an Automatic Notification Each Time a New Story Is Posted….
Go to http://www.changedetection.com and sign up for their free service
Carjacking Risk Management
Urban myth would have it that carjacking is only a South African problem, but there are alarming statistics from places as diverse as the US and India to suggest that this is a risk that exists almost everywhere. There are a number of basic precautions that security managers can advise staff to follow to reduce this risk. These include:Be aware of car-jacking hotspots, and areas at night such as ATMs, self-service petrol pumps, fast food drive-throughs. By day, take care at remote tourist lay-bys (pullouts).
Before leaving, plan a route to avoid dangerous areas. If you need to drive in unfamiliar areas, try not to drive alone, especially at night. The majority of carjackings occur between 2000 – 2300 hrs, and at weekends.
Always drive with your windows up and car doors locked. Regularly check your mirrors and scan ahead for potentially dangerous situations.
When you’re coming to a stop at a junction, leave enough space to manoeuvre around other cars. If you sense trouble, this will allow you the room needed to get away.
Carjackers sometimes hit a car from behind and then pull a weapon when the victim gets out to investigate. If you think you have been bumped intentionally, try not to don't leave your car.
If a suspicious-looking person approaches your car, drive away carefully. In extreme situations, you might even consider going through a red light.
Don’t assist other motorists in low traffic areas who appear to have broken down. .
Use caution when you enter or leave a parking lot. Park in well lit areas where you can see and be seen by others. When getting in or out of your vehicle always be aware of what is going on around you.
Wednesday, September 3, 2008
Human Rights, Community Engagement and Operating in Conflict Areas – Resources for the Oil and Gas Sector
A range of useful free-to-download resources on community engagement, operating in areas of conflict, and human rights considerations can be found at the following link:
http://www.ipieca.org/activities/social/social_publications.php#6
The resources are specifically aimed at the oil and gas sector. Community engagement, operating in areas of conflict, and human rights considerations are amongst the many subjects currently being studied by delegates attending a special oil and gas-focussed Security Management Stage 1 Course in Delhi. The course will be repeated during the period 22 September – 3 October 2008. Contact Janet for details.
ID Fraud: Managing the Insider Threat
Historically, companies found it relatively easy to protect data stored as hard copy. Then along came computers and the advantage shifted to the adversary. But the range of adversaries was relatively confined, since there had to be a clear objective in targeting corporate sensitive information – it had no value to the average criminal.
Now the landscape has changed dramatically with the computerisation of personal private (employee and customer) data, and the concerted efforts by organised criminal gangs to get their hands on it. Credit card details, home addresses, national insurance numbers are all being targeted.
Sold on, such data can cause huge damage to individual victims. At the “basic” end of the scale credit cards details can be sold on to fraudsters. At the more sophisticated end of the scale entire identities can be cloned for the purpose of gaining credit with banks, or financing activities such as gambling. Recently, a victim lost both his family and job after his identify was cloned fraudulently from an on-line shop and used to access child pornography websites. It was month’s before the police cleared him. And there are estimated to be thousands of innocent victims in the UK not aware that they have an illegal "twin"!
Wall Street Technology online magazine has recently published five basic steps that companies should take in order to manage this risk. In brief they are:
1. Establish policies. Companies must put in place policies that define authorized and unauthorized access to sensitive data.
2. Provide training. "You have to train employees as to what's acceptable and unacceptable, and what kinds of things are just considered bad practice, such as leaving spreadsheets on an unattended file server."
3. Enforce policies with technology. Many companies have policies but they don't have a way to enforce them.
4. Institute oversight processes. You have to make sure that if you're creating audit reports and generating real-time alerts that there's an established process to review these exceptions and address them.
5. There must be high-level support for data security to be effective.
Data security is covered in detail during Security Management Stage 1, 17-28 November. Full details of this course, which has been attended by hundreds of security managers from almost as many countries, can be found at http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1.
Now the landscape has changed dramatically with the computerisation of personal private (employee and customer) data, and the concerted efforts by organised criminal gangs to get their hands on it. Credit card details, home addresses, national insurance numbers are all being targeted.
Sold on, such data can cause huge damage to individual victims. At the “basic” end of the scale credit cards details can be sold on to fraudsters. At the more sophisticated end of the scale entire identities can be cloned for the purpose of gaining credit with banks, or financing activities such as gambling. Recently, a victim lost both his family and job after his identify was cloned fraudulently from an on-line shop and used to access child pornography websites. It was month’s before the police cleared him. And there are estimated to be thousands of innocent victims in the UK not aware that they have an illegal "twin"!
Wall Street Technology online magazine has recently published five basic steps that companies should take in order to manage this risk. In brief they are:
1. Establish policies. Companies must put in place policies that define authorized and unauthorized access to sensitive data.
2. Provide training. "You have to train employees as to what's acceptable and unacceptable, and what kinds of things are just considered bad practice, such as leaving spreadsheets on an unattended file server."
3. Enforce policies with technology. Many companies have policies but they don't have a way to enforce them.
4. Institute oversight processes. You have to make sure that if you're creating audit reports and generating real-time alerts that there's an established process to review these exceptions and address them.
5. There must be high-level support for data security to be effective.
Data security is covered in detail during Security Management Stage 1, 17-28 November. Full details of this course, which has been attended by hundreds of security managers from almost as many countries, can be found at http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1.
Security Management Talent Development
Security professionals have been working hard this week during the latest Security Coordination and Management Course. The group, including managers from retail, oil and gas, power and security guarding disciplines have been looking at fundamental security management issues, based on risk assessment and analysis.Although their experience and knowledge levels vary, the group approaching the course with vigour and determination and its members are learning rapidly from each other the range of matters which can arise in security operations globally.
Having made this excellent start, we expect the delegates to be able to establish themselves within their organisations as innovative and thinking security professionals, who can add real human and financial value to the businesses aims and objectives.
If you are interested in the challenges and benefits that ARC’s courses can provide, please check our website http://www.arc-tc.com/ for details or contact Janet.
Tuesday, September 2, 2008
Crisis Readiness - New Report for Download
Source: HStoday.us
Like individuals, organizations often define themselves by how they respond and perform in crisis situations. While no two organizations (or individuals) respond to crises in quite the same way, there are, according to a new report from New York University’s (NYU) Center for Catastrophe Preparedness and Response (CCPR) and The Public Entity Risk Institute (PERI) titled Predicting Organizational Crisis Readiness, a common set of core characteristics which can allow us to predict which corporations and public agencies, whether large or small, will be most capable of resilience when faced with managing crisis or catastrophe.
The first core characteristic of a crisis-ready organization, is awareness and alertness towards the external environment. Crisis ready organizations, says the report, “closely observe their environment so as to be able to predict crises BEFORE they affect the organization.”
Another core quality of resilient organizations is that they have developed a culture “that welcomes error reporting,” and “establishes processes that reward error discovery and reporting and a continual search for system improvement.”
Crisis-ready organizations most often cited by sources additionally were said to have systems in place that help organizations determine what is working and what is not by using objective systems to benchmark, test and measure progress.
ARC Training’s 1-day Crisis Management Workshop takes place on 25th November. For more information on this, or to discuss in-house bespoke crisis management training and exercising, contact Janet Ward.
For a link to the full copy of the NYU report, click below:
https://www.riskinstitute.org/peri/images/file/POCR-finalreport.pdf
What Can Be Done to Better Protect USB Memory Sticks Following the UK Prisoner Details Data Loss Blunder?
Recently the UK government was forced to admit that files containing details of every UK prisoner have been lost in a new data blunder. A contractor working for the Home Office mislaid a memory stick with the information as it was being moved between computers. The files contain the names addresses and dates of birth of 33,000 prolific offenders who have committed at least six serious crimes in the last year.For many organizations USB memory sticks and data loss are a public humiliation incident in the waiting, since the majority of companies do not exercise proper care and control over such devices. And this latest incident, one of many thousands, will be sure to focus the attention of the media on this growing problem.
To put sensitive data unencrypted onto a memory stick is regarded by the UK’s Information Commissioner as negligence. It could also be argued that for an organization to fail to address this problem by failing to make available encryption for memory sticks and controlling their use with corporate systems could also be a breach of duty. Spectacular fines have been inflicted on companies for data loss in the past, such as Nationwide, which suffered the theft of an unencrypted laptop from an employee’s home, and lost not only the data, but £1 million in a subsequent fine.
Various simple encryption options are available for memory sticks, including Steganos (for a fee) and TrueCrypt (free). For details click on the links or search on Google. If you need help in setting up an encrypted drive on a USB datastick using TrueCrypt email David.
Subscribe to:
Posts (Atom)