Preventing 3rd Parties from Stealing your Most Sensitive Information

One of the topics under discussion at this week’s Security Management Stage 3 Course, in Kuala Lumpur, Malaysia, has been how to protect sensitive company information against exfiltration (or theft by 3rd parties, including contractors.

The US Government has long recognised that groups such as cn-site contract workers pose a significant threat to information such as that relating to processes and R&D.

The UK’s Centre for the Protection of National Infrastructure has useful guidance at the following link on how to manage this problem, including how to tread a “safe” course through the legal minefield. This can be found at:

http://www.cpni.gov.uk/WhatsNew/3692.aspx

Designed to help you formulate security management policy at regional or corporate level,the next Security Management Stage 3 Course will be held in the UK during the period 11-22 May 2009; details can be found at:

http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3

Security Professionals Storm Ahead

Meanwhile, Security Professionals from several countries are currently undergoing Security Management Stage 2 in the UK. Against a background of unusually cold and wet weather in the middle of the European winter, the delegates are considering, arguing and debating some challenging and thought provoking subject matter, including emerging security technologies and the convergence of IT and Physical Security. Extolling the virtues of disussing issues in depth, one of the delegates expressed the view that such an approach is critical to expanding ability and confidence in security professionals.

Asian Security Managers Develop their Strategic Skills

The postgraduate university-accredited Security Management Stage 3 Course, currently taking place in the centre of cosmopolitan Kuala Lumpur, Malaysia, is a two-week advanced security management programme looking at how security management integrates with business management at strategic level, and examines ways in which the security manager can increase his/her overall contribution to the organisation.

One of the sessions on day 2 of the course addressed the issue of Corporate Social Responsibility (CSR), and the proactive effect that this can have on security risk mitigation, especially in the extractive sector. CSR is about creating sustainability and improvement to the local environment (social, economic, healthcare and sanitation, education, etc), especially in areas where the corporate footprint is significant and where government-funded infrastructure may be very basic. In such environments, companies that don’t take account of their local footprint, and which don’t become a driver for local improvement, often suffer increased security incidents.

In community engagement in particular, it is often the security manager who is the best-known community local company point of contact, so an understanding of CSR is essential. In fact, a CEO of a major oil and gas national company, addressing an ARC course last year, declared that CSR and security management were “two sides of the same coin”.

One delegate’s company has a simple rule when it comes to CSR: “energy received, energy returned; aspiring people everywhere.” Not surprisingly, the company is a rapidly globally expanding standard bearer in the energy sector.

The course includes security managers from Africa and Asia, from a wide range of sectors including security systems integration, manufacturing, solar power and a multinational cement company. Three of the security managers are CPP certified, and are using the course to earn their full term of recertification credits! Others are using the course as a part of their MSc studies.

The next Security Management Stage 3 Course takes place in the UK, 11-22 May 2009. Click here for details.

State Intrusion - Too Much Security?

Nation-states and their constituents face a bewildering array of threats, both natural and malicious, with a wide range of risks to national security. The state has a duty to protect its citizens in the face of such threats; however, in the face of serious and growing concerns about the legitimate rights of governments to impinge upon personal privacy, governments must work hard in their attempts to justify intrusions. This has been again highlighted by the UK’s House of Lords, who have challenged the Government’s use of DNA, CCTV and planned interception of communications as an intrusion too far. Use this link http://news.bbc.co.uk/mobile/bbc_news/top_stories/787/78724/story7872425.shtml for an article from BBC News.

Emerging Risks – Are You Prepared?

Risks don’t stay the same for ever – they change, mutate and migrate. The World Economic Forum recognises this fact and produces annually a report covering assessed Global Risks. This year’s areas of concern are grouped as follows:
1. Economic
2. Geopolitical
3. Environmental
4. Societal
5. Technological
Whilst you may think that you have assessed all of the risks to your organisation, this report may give you some food for thought about those which you may have missed. You can download a copy here http://www.arc-tc.com/pages/documents/2009.pdf
ARC’s Security Management Courses and Risk workshops cover risks in terms of the holistic threats to business rather than simply in terms of criminolgy and asset protection and there is no doubt, as the WEF Report indicates – that the range and types of global risks are difficult to predict. If you want to learn more – contact Janet

Maritime Security - Piracy Focus

Recent extensive media coverage of events on the high seas has shown that maritime piracy remains a prevalent threat in some areas. An excellent report by the ICC International Maritime Bureau has assessed the instances locations and methods of piracy attacks for 2008 and provides a good overview of the issues worldwide. It is worth noting its contents – because if any of your business, or that of your suppliers, passes through the locations detailed in the report – then they are potentially at risk. You can access the report here via the ARC Website.

Employees File Sharing? You Could Be Held Responsible!

Lots of people file share - it is illegal in many cases and breaches copyrights worldwide. Those who conduct such activities often think that they will not be detected and even use their employer’s IT systems to share files. The UK Government is taking a new approach which will force Internet Service Providers to disconnect repeated file sharers and to enable legal action. If file sharers are using your systems then there is a risk that you will be disconnected or even sued – both of which will expose your business to unacceptable risk. Follow the link to an internet report on this issue: File Share