The latest group of security professionals to convene at our training centre for Security Management Stage 3 has been busy studying and debating the nuances and implications of the subject and the global nature of corporate business. In particular, the group (which represents oil, gas, transport and production industries) has focused on risk assessment for a notional business which requires a strategic 7-year security plan to support planned global expansion and restructuring.
This week, the course will accelerate with intensive study of information leakage and the risks and problems facing corporate organisations against the background dynamics of the modern world. Our current and past alumni will also know that the group is facing the challenge of the course project presentation which takes place on the final day of the course.
Already, the delegates are seeing the benefits of the world view discussed during SM3 – one has already provided input into an important company initiative using the subject material that he has covered.
The next Security Management Stage 3 takes place in Kuala Lumpur, Malaysia, 9 - 20 February 2009. Contact Janet for details.
Tuesday, September 30, 2008
Transport Security Focus – Fooling a GPS Navigation System
Many companies use GPS systems to track and direct their vehicles and assets. Reliance on these systems is increasing and will no doubt increase further as technology develops. Of course, and as usual, criminals will exploit any technological weaknesses in order to intercept transported assets and conduct robberies or thefts. A recent report indicates that GPS technology can now be ‘spoofed’ or manipulated to redirect vehicles from planned routes and thus lead them to vulnerable locations.GPS tracking is one of the aspects of transport security covered in the forthcoming Security Management Stage 2 Course and the report is available through this link: GPS Report
Monday, September 29, 2008
Ten Baseline Security Standards for Home PC Security
Policeman sacked after P2P data leak
The officer, who worked for the Metropolitan Police Department in Tokyo, accidentally revealed the details via peer-to-peer (P2P) file-sharing software on his PC.He had allegedly installed the Winny file-sharing software on to his machine and was unaware that sensitive data was being made available to other users via the P2P network.According to reports, the personal details of 12,000 people related to criminal investigations have been spread across the net from the officer’s computer and around 6,600 police documents have been compromised, including interrogation reports, victim statements, and classified locations of automatic licence plate readers.
The story above illustrates the inherent risks of allowing unapproved software to install itself on PCs. Most P2P software installs itself via the Internet, often accompanying a downloaded media file. P2P software is used extensively among teenagers to share media files.
Business sensitive information can be exposed when employees are allowed to use home PCs to process business data. Discussions on ARC Training courses reveal that this practice is more common than many companies realise, the essential problem being that businesses are failing to communicate to their employees that this is expressly forbidden. And there are serious compliance and liability exposures when company holdings of personal private data are processed on home PCs.
At very least, home PCs should be protected to the following 10 baseline standards:
1. ANTI VIRUS SOFTWARE Up-to-date anti virus software should be installed. (Free at http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html
2. AUTHENTIC WINDOWS The system should use a registered (legal) copy of Windows, which should be updated (patched) automatically – in some parts of the world, over 50% of households are using bootleg Windows, which can expose data to extreme risk.
3. FIREWALL The system should have a firewall stronger than the one provided by Windows. Zone Alarm is recommended (Free at www.zonealarm.com)
4. SPYWARE PROTECTION The system should be protected against, and regularly scanned for data-stealing spyware. (Free from www.SpySearchDestroy.com)
5. P2P There should be no P2P file sharing software installed.
6. PASSWORDS The system should be protected by a strong (alphanumeric) password. A Windows password is good; a boot-sector password is better. Individual MS Office document passwords can be broken in minutes using web-based tools.
7. ENCRYPTION The system should include an encrypted area. (Free from www.truecrypt.org), or folders at least should be password protected. (Free from www.folder-password-expert.com).
8. WI-FI If wi-fi is used, it should be secured to WPA standard. (An earlier encryption standard, WEP, has many weaknesses).
9. VPN AND ENCRYPTED EMAIL – Two considerations for secure communications.
10. HARD DRIVES Even after deleting or reformatting hard drive data remains recoverable. Hard drives, upon disposal, should therefore be degaussed, disintegrated or wiped using special software. You should never simply delete data and send to local recycling, as your bank details may end up with a scammer on the other side of world! (Try the free Eraser tool to irretrievably delete data http://www.heidi.ie/node/6 )
Sunday, September 28, 2008
Selecting Perimeter Intrusion Detection Systems
With a nuisance alarm rate of 3% and a probability of detection of >95%, RFI immunity and one of the lowest per metre costs, fiber optic perimeter intrusion detection systems may seem the ideal choice to provide early warning of intrusion into large sites. See:
http://cim.pennnet.com/display_article/319242/27/ARTCL/none/none/1/Fiber-optic-technology-updates-old-fashioned-security-/
But what are the drawbacks and the alternatives, and do they work well with a rattly chain link fence? This, and many other subjects are covered during the core skills Security Management Stage 1 Course, a postgraduate-level, university-accredited programme which takes place in the UK during the period 17-28 November 2008. Click on the link below for full programme details.
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
This course may be used to obtain credits towards the Middlesex University Work-Based Learning Studies MSc (Corporate security Management).
http://cim.pennnet.com/display_article/319242/27/ARTCL/none/none/1/Fiber-optic-technology-updates-old-fashioned-security-/
But what are the drawbacks and the alternatives, and do they work well with a rattly chain link fence? This, and many other subjects are covered during the core skills Security Management Stage 1 Course, a postgraduate-level, university-accredited programme which takes place in the UK during the period 17-28 November 2008. Click on the link below for full programme details.
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
This course may be used to obtain credits towards the Middlesex University Work-Based Learning Studies MSc (Corporate security Management).
Saturday, September 27, 2008
CCTV Headcams
Door supervisors at entertainment facilities in the UK are being equipped with portable CCTV headcams. Headcams have been used by police in the UK for some time, but reductions in cost make these devices now within the reach of private security staff. Within the corporate context, they are particularly useful when “policing” protests.The unit comprises a pocket-sized storage and viewing system, linked to a camera worn at the side of the head with the aid of a strap. It is described as an Archos Gen 5 Helmet Camera, and is connected to an Archos Gen 5 Portable Media Player. Together, the two units cost less than $500.
The press article about door supervisors and headcams can be found at:
http://www.kent-online.co.uk/kol08/article/default.asp?article_id=48491
Thursday, September 25, 2008
Responding to Pharmaceutical Counterfeiting
Pharmaceutical companies face the dilemma of how to respond to well-organized criminal groups that manufacture, transport, and distribute counterfeit medicines indiscriminately. Several innovative multinational manufacturers took the lead by establishing PSI, the world’s only organization devoted exclusively to the collection and analysis of information on pharmaceutical crime. PSI collects data on such illicit activities as counterfeiting, illegal diversion, and theft. A full report on PSI can be found in the latest edition of Police Chief Magazine. http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=archivecontents&issue_id=82008The management of illicit trade and counterfeiting is one of many advanced security management topics covered in Security Management Stage 3 (SM3). The next SM3 course is due to take place in Kuala Lumpur, Malaysia, 9th – 20th February 2009. Contact David for details.
If You Want an Automatic Notification Each Time a New Story Is Posted….
Go to http://www.changedetection.com and sign up for their free service
Subscribe to:
Posts (Atom)