The device fires a 1 mm radio wave, which penetrates the top 1/64th of an inch of skin and just down to the nerve endings. When hit, the target moves away from the beam and the sensation ceases. The sensation at the target is akin to taking a heat blast from an opened “oven door,” according to Marine Corps. Col. Kirk Hymes. In most cases there is no permanent injury.
For more, go to: http://www.designnews.com/article/12709-Military_s_Active_Denial_System_is_First_True_Ray_Gun.php
Tuesday, March 31, 2009
USB Memory Sticks – Don’t Let Them Get under your Skin!
A Finnish computer programmer who lost one of his fingers in a motorcycle accident has made himself a prosthetic replacement with a USB drive attached. Jerry Jalava uses the 2GB memory stick, accessed by peeling back the "nail", to store photos, movies and programmes.
For the full story go to: http://news.bbc.co.uk/2/hi/europe/7949018.stm
Securing IT Hardware (Including Laptops) against Theft
ARC doesn’t usually recommend specific products, but this website has some good ideas for securing IT hardware:
http://www.lapsafe.com/catalogue/laptop-and-pc-security/
Terrorism Overview
Read what the UK government has to say about terrorism. Detailed information can be found on the website of The Security Service MI5, beginning at:
http://www.mi5.gov.uk/output/terrorism.html
http://www.mi5.gov.uk/output/terrorism.html
Economic Downturn Causing Data Theft Deluge - How to Manage the Threat
Source: http://www.contingencytoday.com/online_article/Data-loss-deluge-during-downturn-/1814
A leading provider of IT security systems is warning organisations to prepare themselves for a data loss deluge during the economic downturn. Citing an increase in transient staff, higher staff turnover and a growing black market hungry for information, Overtis Systems is urging UK organisations to update their data access procedures to counter these threats with a Ten Point Plan.
Several drivers are responsible for the increase in data leakage over the past year. There has been a surge in the use of casual staff, with companies using more contractors and outsourcing core operations. This in turn has lead to greater fluidity of data and a heightened risk of security compromise. Meanwhile, temporary and permanent members of staff, uncertain of the future, are purloining data to further their own careers. Others, concerned about their own finances, are selling sensitive information to a burgeoning black market. And an increase in redundancies is also causing problems, with dismissed members of staff more likely to steal data either for their own ends or to cause their former employer operational problems.
Overtis recommends organisations adopt the following Ten Point Plan to prevent data leakage:
1. Implement a strong employee joining and exit process – email and network access needs to be revoked quickly and mobile devices recovered when an employee leaves. New members of staff need only be given access to the resources they need to perform their role.
2. Educate staff – ensure data is only accessible to staff on a need-to-know basis or push data to relevant individuals.
3. Avoid remedial action – Don't seek to address a security breach with a point security product but take a systematic approach to the whole enterprise. Controls need to be in place between the user and the data not on the network or gateway.
4. Identify assets and information flows – Address potential pain points by mapping all of the intellectual property you have and modes of access.
5. Restrict the manipulation of data – Plan who needs access and whether they have the authorisation to print, change or export data over email, IM or to removable devices. It's also now possible to apply restrictions to specific content within a document or by time and location.
6. Watch the gatekeepers – System administrators and privileged users should be subject to the same change management and critical server file integrity checks.
7. Don't overlook the obvious – Do put in place procedures to prevent the export of data to USB sticks, MP3 players etc. Do scan outgoing email for confidential attachments. Do restrict copy and paste over Instant Messenger and other social networking media.
8. Use encryption – Where you do permit data export to mobile devices and removable media, ensure it is encrypted.
9. Use two-factor authentication – Don't rely on passwords; they are often written down and are relatively simple to crack. Always combine a password with a secondary method of authentication. Sophisticated systems such as finger vein readers are simple and cannot be easily subverted.
10. Combine your security arsenal – While many organisations have biometric access systems, CCTV and even RFID, few have taken the logical step of joining these together with the IT security system. Integrating the physical with the virtual can provide the requisite evidence of a data breach, for example marrying a screenshot of a file being exported with CCTV footage of the perpetrator. Evidence can also be used to enhance staff productivity, by illuminating how data is used.
A leading provider of IT security systems is warning organisations to prepare themselves for a data loss deluge during the economic downturn. Citing an increase in transient staff, higher staff turnover and a growing black market hungry for information, Overtis Systems is urging UK organisations to update their data access procedures to counter these threats with a Ten Point Plan.
Several drivers are responsible for the increase in data leakage over the past year. There has been a surge in the use of casual staff, with companies using more contractors and outsourcing core operations. This in turn has lead to greater fluidity of data and a heightened risk of security compromise. Meanwhile, temporary and permanent members of staff, uncertain of the future, are purloining data to further their own careers. Others, concerned about their own finances, are selling sensitive information to a burgeoning black market. And an increase in redundancies is also causing problems, with dismissed members of staff more likely to steal data either for their own ends or to cause their former employer operational problems.
Overtis recommends organisations adopt the following Ten Point Plan to prevent data leakage:
1. Implement a strong employee joining and exit process – email and network access needs to be revoked quickly and mobile devices recovered when an employee leaves. New members of staff need only be given access to the resources they need to perform their role.
2. Educate staff – ensure data is only accessible to staff on a need-to-know basis or push data to relevant individuals.
3. Avoid remedial action – Don't seek to address a security breach with a point security product but take a systematic approach to the whole enterprise. Controls need to be in place between the user and the data not on the network or gateway.
4. Identify assets and information flows – Address potential pain points by mapping all of the intellectual property you have and modes of access.
5. Restrict the manipulation of data – Plan who needs access and whether they have the authorisation to print, change or export data over email, IM or to removable devices. It's also now possible to apply restrictions to specific content within a document or by time and location.
6. Watch the gatekeepers – System administrators and privileged users should be subject to the same change management and critical server file integrity checks.
7. Don't overlook the obvious – Do put in place procedures to prevent the export of data to USB sticks, MP3 players etc. Do scan outgoing email for confidential attachments. Do restrict copy and paste over Instant Messenger and other social networking media.
8. Use encryption – Where you do permit data export to mobile devices and removable media, ensure it is encrypted.
9. Use two-factor authentication – Don't rely on passwords; they are often written down and are relatively simple to crack. Always combine a password with a secondary method of authentication. Sophisticated systems such as finger vein readers are simple and cannot be easily subverted.
10. Combine your security arsenal – While many organisations have biometric access systems, CCTV and even RFID, few have taken the logical step of joining these together with the IT security system. Integrating the physical with the virtual can provide the requisite evidence of a data breach, for example marrying a screenshot of a file being exported with CCTV footage of the perpetrator. Evidence can also be used to enhance staff productivity, by illuminating how data is used.
UK Law Resources
For an at-your-fingertips guide to UK criminal law acts, go to:
http://www.wikicrimeline.co.uk/index.php?title=Category:Acts
http://www.wikicrimeline.co.uk/index.php?title=Category:Acts
Subscribe to:
Posts (Atom)