Tuesday, March 4, 2008

The Insider Threat, Terrorism Funding and the Taser – What’s the Connection?

The insider threat, terrorism funding, modern policing tactics against terrorism and public order, and the use of the Taser – these will be the topics under discussion at the forthcoming ASIS UK Spring Seminar in London on 19th March.

Taking the podium will be Chief Superintendent Alex Robertson, Detective Chief Inspector Richard Jack and Detective Constable Michael Rees.

Non-ASIS member are most welcome and registration should be made directly to Jude Awdry.

The event, which is held under Chatham House Rules, provides a unique opportunity to be briefed by front-line police officers and commanders on some very topical issues in terrorism and public order. And there is always time built in for difficult questions from the audience!

The insider threat is an issue which is currently vexing elements of the UK’s Critical National Infrastructure, and the CPNI have posted special guidelines on their web site.

Creeping deployment of the Taser stun gun is attracting controversy, especially in light of recent university research from the US which suggests this device is not as safe as its manufacturers have been claiming.
Posted by at

Welcome to a New Member of Staff (and another Cresswell!)


The blog would like to extend a warm welcome to Faith, who has joined the ARC team on a temporary 6-month assignment. Faith is David’s daughter and will be providing direct support to this much overworked MD!!
One of Faith’s first tasks has been to compile a searchable index of all (to date 470) blog articles. If you would like a copy of this ‘xls spreadsheet, please contact Faith direct by email.

Another task that she will take on is to provide additional support to those of you who are writing your post-course essays. If you need a particular topic researched, or if you would like your essay draft proofed, you may contact her and she will be pleased to assist.

She is also working on an ARC PSP Certification Study Guide, which it is hoped to complete in the next few weeks.

Finally, she is responsible for the new ARC web site, which we hope to have up and running in April.
Posted by at

The Most Popular Security Management Course in the World?

The university-accredited Security Management Stage 1 Course is arguably the most popular security management course in the world, having been attended by hundreds of delegates from literally around the globe, representing many of the world’s most successful companies.

The syllabus, which has been fully updated for 2008, includes:

Security Risk Management
Security Operations Management
Security Policies & Procedures
Security Design
Introduction to Investigations
Introduction to Security Surveying
Perimeter & Buildings Security
Access Management
Workplace Crime Prevention
Protection against Explosive Devices
Manpower Selection & Deployment
Leadership & Motivation
Information Security & TSCM
IT Security
Protection of At-Risk Personnel
Crisis Management
Change Management
Course Project

The next course takes place 31 March – 11 April in the Thames Valley. Contact Janet for more information.
Posted by at

Monday, March 3, 2008

The Spy in Your Server

Who is spying on whom, and how? This 10th August 2000 article, written by veteran investigative journalist Duncan Campbell, is probably uncomfortably close to the truth, if the accuracy of Campbell’s previous 25 years of state eavesdropping exposes are anything to go by. Read on at:


How to protect your company's data from prying eyes (of competitors or foreign states) is one of many subjects covered in detail on Security Management Stage 1, 31 March - 11 April 2008. Contact Janet for more information.
Posted by at

Download the 10th Annual Ernst and Young Global Information Security Survey

The 10th annual Ernst and Young Global Information Security Survey makes interesting reading.

The report draws particular attention to the growing integration of information security into enterprise risk management, an area in which physical and operational security practitioners should already be very active.

Unlike physical security, however, the key driver for infosec integration is regulatory compliance, as the following extract from the report explains:

A powerful message from this year’s survey is the proportion of respondents who acknowledge they have partially or fully integrated their information security functions with risk management operations (82%, compared with 40% in 2005 and 43% in 2006) with regulatory compliance as a major integration stimulus, the proportion of organisations that have fully integrated both functions nearly doubled, from 15% in 2006 to 29% in 2007.

Is this an indicator that information security will no longer be a part of the IT function? Ernst and Young don’t think so. Rather, this result substantiates a growing trend to integrate the information security function along strategic/governance lines for regulatory compliance and architectural lines within the IT function.

For a copy of the report click here or email David.
Posted by at

The Downside to Dynamic Return on Security Investment

The Security Management Stage 2 session on Integrating and Specifying Security Technology addresses many key issues to do with new security technology, including how to create dynamic return on security investment – the ability of a new security system to provide enterprise-wide value-added benefits.

An example of dynamic return on security investment is where a new enterprise-wide IP CCTV project is integrated with voice-over-Internet protocol (VoIP) telephony. In some cases, organisations with particularly heavy telephony usage are able to recover the costs of the CCTV installation in just one year from savings in traditional landline call charges.

But there is a downside to VoIP, as identified recently in Communications News, which predicts no less than five VoIP-associated threats:

1. Denial-of-service (DoS) and distributed DoS attacks on VoIP networks will become an increasingly important issue.

2. HTTP or other third-party data services running on VoIP end-points will be exploited for eavesdropping and other attacks.

3. The hacking community, experienced with exploiting the vulnerabilities in other Microsoft offerings, will turn its attention and tools toward Microsoft OCS.

4. Hackers will set up more IP PBXs for vishing/phishing exploits. Vishing bank accounts will accelerate, due to ease of exploit and the appeal of easy money.

5. VoIP attacks against service providers will escalate, using readily available, anonymous $20 SIM cards. Service providers are, for the first time, allowing subscribers to have direct access to mobile core networks over IP, making the spoofing of identities and use of illegal accounts to launch attacks easier.
Posted by at

Airport Demonstrations Show Security Gaps

The UK media this week reported two separate demonstrations by environmental activists against the extension of airports and the construction of additional runways. The demonstrators managed to ensure the highest possible profile for their activities by breaching security at Heathrow Airport (climbing onto a BA aircraft tail) and the Houses of Parliament. In addition to the considerable embarrassment for security forces at both sites, questions will no doubt be raised about the methods and routes of access for the demonstrators:

- Had they carried out surveillance?
- Were they aided by insiders?
- What could have happened if they had been terrorists?

Incidents such as this throw up serious concerns for the security professional. And such groups appear to be stepping up their activities. Could it be your CEO’s 4x4 next? Or even his residence?

We discuss responses to threats such as these in detail during our courses. For more information contact Janet.
Posted by at
Subscribe to: Posts (Atom)