Thursday, May 31, 2007

Record Breakers!

Fifteen of the twenty delegates attending the university-accredited Security Management Stage 1 Course in the Bangladesh capital Dhaka scored distinctions in the end-of-course examination on 31 May, smashing all previous Security Management Stage 1 records.

The delegates, from as far away as Africa and South Korea, have been undertaking the Middlesex University-accredited two-week training course as part of a long-term competency development programme which will culminate with the award of an MSc Work-Based Learning Studies (Corporate Security Management). Upon graduation, many subsequently plan to further augment their academic credentials by undertaking the ASIS International CPP certification.

The Security Management series of courses taking place in Bangladesh are part of a concerted effort by the business community to capitalise on the economic and political stability which is now evident in the country, and to provide overseas multinational investors with the confidence that their investments and assets are in secure, qualified hands. The courses are also open to security managers from outside Bangladesh.

Commenting on the training, the Inspector General of the Bangladesh Police remarked that the course will not only add considerable value to corporate security management but will provide a secured platform for both business growth and national development.
Pictured left is delegate Charles Man, China Security Manager, British American Tobacco, receivng his certificate from Inspector General Nur Mohammad.

Global Terrorism Database at Your Fingertips

The word ‘terrorism’ covers many different types of activity from bombings and kidnap to cyber attacks and hacking. For the first time, START: a Centre of Excellence of the U.S. Department of Homeland Security, has made available the Global Terrorism Database (GTD).

This comprehensive online resource has been compiled to cover all terrorist events worldwide since 1970 and includes almost 80,000 cases to date. The GTD gives information on the date and location of the incident, the weapons used and nature of the target, the number of casualties, and -- when identifiable -- the identity of the perpetrator. The idea behind this is to improve understanding of historical and emerging threats and, as the GTD will be continually updated, to identify terrorism trends.

The GTD is a valuable and interesting resource for those who need to analyse such information and include it in their security risk analysis for their own businesses and organisations. Access to the Database is free. Follow the link to the START homepage:

http://www.start.umd.edu/data/gtd/

Wednesday, May 30, 2007

“Business Organisations Can Contribute Significantly in Shaping the National Security Environment” – Inspector General, Bangladesh Police

Wednesday evening marked the closing ceremony of the Security Management Stage 1 (Core Skills) Course in the Bangladesh capital, Dhaka. Twenty delegates from seven different countries were presented with their certificates by guest of honour, Nur Mohammad, the Inspector General of the Bangladesh Police.

Inspector General Nur Mohammad congratulated the course participants on their achievements and stressed the importance that corporate security plays in shaping the national security environments of countries like Bangladesh. Importantly, the Inspector General noted that this was a two-way process and that security can only be achieved by responsibilities being shared. “The Bangladesh Police is highly committed towards maintaining a secured environment for all, especially the business sector,” remarked Inspector General Nur Mohammad.

The certificates were presented in the presence of an audience of invited guests including business leaders of multinational companies and the Deputy High Commissioner of the British High Commission.

Further South Asia regional courses planned for Bangladesh include:

Security Management Stage 3 (Strategic Skills), 2-13 December 2007
Security Management Stage 2 (Advanced Skills) Q4, 2008

No Jargon! No ‘PTZ’, no ‘Bandwidth’, No ‘BLT’

Recently, ARC Training International Ltd was commissioned by a leading multinational to provide security guidelines and standards for their 66,000 employee, $26 billion per year business.

Their global security organisation is ‘lean and mean’. They had the concept of what they wanted but not the time to do it.

Unusually, these guidelines were directed not at their security professional team but at the line management and those who act as security focal points at their locations.

Peter Horsburgh CPP, PSP, summed up the requirements for the success of this project:

“No Jargon! No ‘PTZ’, no ‘Bandwidth’, No ‘BLT’. Common sense and a writing style that suits those for whom English is a second language. The target audience are intelligent and dedicated but not security professionals. We had to provide this documentation in a short, usable format which would be fit for purpose. Client input is vital to success and so we constantly consult with them to produce some 40 separate documents and have these meet with the client’s approval.”

Peter’s closing words “It’s easy enough to teach best practice and to put it in the manual but you have to convince line management to use it. They won’t use it if it does not make sense!”

Tuesday, May 29, 2007

Kidnap Hostages Beheaded in Philippines

Refusals to pay ransom demands for the release of kidnap victims can cost dearly, as a recent case from the Philippines evidences. According to the latest Clayton Kidnap Monitor (May edition) a breakaway faction of a group called the Moro National Liberation Front -- believed to have joined forces with the Abu Sayyaf Group (ASG) -- in April beheaded seven civilians whom they had been holding hostage. Six of the victims were working on a government road project in the area while the seventh victim was a worker at a fish processing factory. A Philippines military official stated that the company which employed the road workers had refused to pay a demanded ransom.

Kidnap Risk Reduction workshops are held twice yearly at ARC Training or on-site upon request. Business Travel Security workshops are held three times a year. Forthcoming events are as follows:

Business Travel Security Monday 9th July, Monday 22nd October

Kidnap Risk Reduction & Response Wednesday 26th September

For details on how to receive the free monthly Clayton Kidnap Monitor directly to your desktop go to:

http://www.claytonconsultants.com/

Pirated Security Software Loaded with Trojans and Spyware

The plethora of software available on the Internet can offer bargains to the potential customer, but beware of pirated software copies! Apart from the risk that it will not function correctly there is the risk of the software corrupting or crashing systems and introducing viruses, Trojans or spyware.

Security Watch at e-week highlighted these risks in a recent article, quoting one source as saying that ‘It's the same problem that's plagued name brand or copyrighted industries that produce high-end products, such as handbags’. Most victims are individuals looking for cheap software, but we should all remember the risks of introducing corrupt or infected files into our employers’ systems – where the potential direct and consequential losses could be substantial. Security Watch offers tips and reminders for buying software to help minimize the risks – but the best advice is that if you cannot be sure of the source, don’t buy it!

Follow this link to Security Watch’s report:

http://securitywatch.eweek.com/phishing_and_fraud/pirated_security_software_worse_than_none_at_all.html


The new ARC Training Security Management Stage 1 IT Security Handout is almost complete and detials of how to obtain this 40-page easy-to-understand guideline to more secure computing will be published on the blog shortly. The handout will be free as a PDF file to all past delegates of Security Management Stage 1 or SMAP.

Saturday, May 26, 2007

Jane's Reignites Debate about Terrorist Threat to LNG Tankers

Jane’s Information Group, the most respected international source for information on the subjects of defence, geopolitics, transport and police, has this month again highlighted the risk of an LNG tanker being deliberately targeted by terrorists. The two scenarios advanced are a) hijacking and taking into a port for detonation and b) ramming while in port with a small boat laden with explosives. The former allows for the greater possibility of success of loss of containment since terrorists would be able to accurately position their explosives. However, monitoring of LNG vessels movements would hopefully ensure that any tanker set on such a course would be quickly identified by coastguards and destroyed while still at sea. The latter is conceivably easier to achieve, but the chances of causing a rupture is less easy to predict. Nevertheless, a damaged LNG tanker sitting on the bed of a port would probably would warrant a major response and cause enduring disruption.

Opinions as to the feasibility of the success of such an attack differ, and predictions of 1 kiloton-equivalent explosions are quickly dismissed by oil industry experts. The US Foreign Policy Research Institute, however, draws attention to a 2004 Sandia Laboratories report which estimated that an intentional attack on an LNG tanker, while not causing an immediate explosion, would result in “a vapor cloud of explosive gas spread over a radius of almost 2 miles from the ship. Any source of ignition within that vapor cloud would instantly cause an explosion of devastating proportion and horrific effect,” a view which is supported by James Fay, professor at the Massachusetts Institute of Technology.

This, and other maritime security issues, together with measures to secure maritime assets against such threats, will be addressed during the forthcoming Maritime Security Management Course, which takes place 13 – 17 August. Contact Janet for details.

To read the contents of the FPRI report click on the following link:

http://www.fpri.org/enotes/20050321.americawar.husickgale.seaborneterroristattack.html

Wednesday, May 23, 2007

A Third of UK Company Directors Have Stolen Confidential Information from Their Employers - Survey Alleges

Delegates from SE Asia and Africa attending the Security Management Stage 1 (Core Skills) Course in Bangladesh have been studying ways in which sensitive corporate information is compromised, learning that threat sources to information include both outsiders and insiders -at any level in the business hierarchy.

At the top end of the scale, a YouGov poll suggests that 1/3 of UK company directors had taken with them confidential information when they left their employment. Drawing attention to the risks at the lower end of the employment scale, Justin King, a respected information security investigations consultant revealed in a BBC interview that there have been instances of unsupervised cleaners who have been bribed to steal information for as little as £20.

Key areas of information at risk identified by the course participants included research and development; pricing strategy; customer databases; specific and strategic plans; budget and financial information; product formula; drilling, reserves and seismic data (oil companies); future expansion, downsizing or relocation plans; investment plans; acquisition and merger plans and information relating to legal or litigation issues.

The ARC Information and IT Security Seminar is available as a one-day workshop, running three times a year or on-site as required.


To see the above reports in full click on the following links:





Tuesday, May 22, 2007

Don't Loiter Landside!

The past week has thrown into stark relief the vulnerabilities of public transport systems to terrorism. Last Friday three people were killed after a bomb exploded at a bus station in the southern Philippines. On Monday, Indian police defused a bomb found on a train in the eastern city of Kolkata. Yesterday five people were killed in the Turkish capital, Ankara, by an explosive device apparently left at a bus stop.

For business travellers the risks associated with public transport systems are probably most acute on the land side of airports, in the area of the check-in queues. Throughout the history of terrorism there have been a number of such attacks, and many airports remain extremely vulnerable to check-in area bombs, especially in consideration of the trend toward “walk-in” suicide bombers.

Travellers are advised, wherever possible, to avoid the long queues associated with economy travel and to select airlines which allow for Internet check-in. The time spent in the check-in area can be further reduced by taking the minimum necessary check-in baggage. The objective should be to proceed to the secure air side as quickly as possible.

Sensible precautions should also be applied upon arrival at airports, and standing amongst large groups of people "landside" should be avoided.

Much best practice on business travel security can be found on the new Security Management Stage 2 Business Travel Security handout, which is available free to all past delegates of Security Management Stage 2 and Senior Security Management courses. Business travel security workshops are held twice yearly at ARC Training.

Alternatively, ARC would be happy to visit your company to conduct a bespoke business travel security workshop for your travelling staff.

Strong Perimeter – Weak Controls

The results of a recent survey of over 900 managers across industry show that companies are mistakenly expending effort on physical security defences whilst ignoring the potentially more damaging effects of insider information theft. The survey, conducted by online survey services provider Zoomerang, says that weak controls and a laissez-faire attitude to this threat are responsible for the imbalance in protection. Interestingly, many respondents seem aware of the threats and outcomes of information loss but are unable or unwilling to put controls in place. The intangibility of information can make it difficult to implement effective measures but until those responsible for using and protecting it fully realise the dangers the losses will continue to grow both in amount and seriousness.

Link to Continuity Central report:

http://www.continuitycentral.com/news03259.htm

Monday, May 21, 2007

Delete Immediately Warning!

As more and more consumers become aware of the dangers from email “phishing” scams, the criminal gangs behind this worldwide fraud are redoubling their efforts to lure us into revealing our online banking secrets. And it is no longer necessary to enter confidential log-on details in order to fall victim. On 8th May the Australian Bankers Association issued a warning to consumers that a simple click on the embedded link in the hoax emails out of curiosity may be enough to download onto your computer malicious software which can log your keystrokes.

This has particular implications for information security corporate networks which allow employees to undertake routine personal email transactions, such as online banking, using workstations or laptops.

For more information on this threat and the full text of the warning visit the website of the Australian High Tech Crime Centre at http://www.ahtcc.gov.au/ or contact David.

ASIS Launches PSP Study Guide

Security technology is becoming ever more complex. With this comes a need for security managers to become skilled in the art of security equipment specification to ensure that their organisations are installing the most appropriate equipment, cost-effectively, with due consideration to systems reliability, longevity and future proofing. This was the rationale for the launch of the ASIS International Physical Security Professional certification in 2003.

The certification covers such subjects as assessment of risk; physical security survey; using risk analysis to develop countermeasures; selecting physical security measures; cost analysis; outlining, documenting and presenting proposals; implementation of solutions; acceptance testing and monitoring.

Such has been the popularity of this certification that the ASIS International Bookstore has now produced a 337-page PSP study guide to help prepare candidates for the examination.

Study Guidebook Contents:

Chapter 1 Risk Analysis
Chapter 2 Physical Security Survey
Chapter 3 Exterior Physical Protection Measures
Chapter 4 Interior Physical Protection Measures
Chapter 5 Integrated Systems Concepts
Chapter 6 Implementation of Physical Protection Systems
Chapter 7 Project Management for Security Systems
Chapter 8 Installation and Operation of Phys. Prot. Systems

In the UK the examination is held each year during the first week in November, hosted by ARC Training. Distance learning preparation begins in July, culminating in a one-week Skills for Security-accredited preparation course in the days immediately before the examination (Physical Security Management, 29 October – 2 November 2007).

For details of the PSP certification, the Study Guide and the Physical Security Management course contact Janet.

Wi-Fi CCTV Fails Security Penetration Tests

With wireless IP addressable CCTV cameras becoming ever more popular, the BBC has uncovered a major flaw in the security of some wi-fi camera units. A regional BBC news team found that with a cheap gadget, available on the High St, they were able to tune into and intercept images inside pubs, supermarkets, positions above tills, and even private homes. The report comes amongst increasing public concern about the health risks of radiation and wi-fi transmission sources.

Bengali Tiger

For delegates familiar with Security Management Stage 1, the term Sumatran Tiger conjures up images of long evenings debating with colleagues in front of a computer screen to put together a security strategy for a notional oil extraction and production operation deep in the heart of SE Asia.

Delegates attending the Security Management Stage 1 Course in the Bangladeshi capital Dhaka were for the first time today introduced to “the tiger” and enthusiastically set about identifying the risks, actual and potential, which might befall this huge foreign investment project.

Typically for a group of South Asian security managers, this course is bursting at the seams with talent and enthusiasm, and the project results are likely to reflect this. Three of the five syndicates have each have one retired Brigadier-General at the helm, ensuring the solution remains strategic, and with almost half the 20 delegates possessing an MBA or studying for such, the solutions are sure to be business commensurate.

FCO Slow to Alert Travellers to Lebanon to Deteriorating Security Situation

Amidst renewed violence in Lebanon, reported to be the most serious since the ending of the civil war 17 years ago, the British Government has been slow to review its travel advice, and almost two days after the violence began there have been no amendments to the FCO website. This highlights the weakness of depending for business travel advice on open sources, which cannot be assumed to be current.

In contrast, the equivalent Australian service, operated by http://www.dfat.gov.au/ and which prides itself on timely delivery of overseas travel advice, has been monitoring the situation closely and is urging travellers to reconsider their need to travel at this time. A useful extension of the Australian web site is a free email notification service, alerting subscribers to security changes within countries.

The clashes have occurred near the northern city of Tripoli between the Lebanese Army and radical militants belonging to the Fatah Al Islam group, a Palestinian splinter group which is alleged to have ties with Al Qaeda.

Oxford Analytica Warns of Multiple Indicators that Al Qaeda is “Flourishing”

In a recent summary report Global Strategic Analysis Group Oxford Analytica warns that there are multiple signs that Al-Qaeda is flourishing, concluding that reconstruction of Al Qaeda’s infrastructure renders increasingly likely another major attack on US territory, and more destructive attacks in Europe. Drawing attention to what analysts call a “dysfunctional Iraq policy”, the reports identifies four key negative consequences of US military engagement Iraq as:

1. Foreign jihadists in Iraq accelerating radicalisation
2. Jihadists learning urban warfare techniques
3. The US presence in Iraq reinforcing Muslim perceptions of a hegemonic, hostile predisposition towards Islam
4. Unilateral US stubbornness against the dismay of allies and partners

For a full copy of the 3-page report, contact David.

Sunday, May 20, 2007

Don't Underestimate Al Qaeda, Deputy High Commissioner Warns ARC Delegates in Keynote Regional Risks Presentation

The Deputy British High Commissioner to Bangladesh, Stephen Bridges, in a keynote speech to mark the opening of the Security Management Stage 1 Course in Dhaka, warned delegates of the dangers of complacency over the threat posed by the Al Qaeda network. In particular the Deputy High Commissioner drew delegates’ attention to the level of ingenuity of those who have taken up arms in support of the Al Qaeda cause. “These people are often a lot smarter than we give them credit for, and this poses significant challenges for security managers”, remarked the Deputy High Commissioner.

Having been the target of a terrorist plot while previously an ambassador, the Deputy High Commissioner - a political analyst by training - understands the threat better than most.

His warning comes amidst reports of a consolidation of the Al Qaeda presence in Europe’s soft underbelly, US legislation imposing strict physical antiterrorism security standards on the US petrochemical industry and comments by Lord Stevens, the former Metropolitan Police Commissioner, that the number of Al Qaeda operatives and active supporters in the UK may be as high as 4,000 - twenty times higher than Lord Stevens' 2005 estimate.

Regional Security Management Training in S Asia

Twenty security managers from Bangladesh, China, South Korea, Nigeria, Democratic Republic of Congo and Sri Lanka have gathered in Dhaka, the capital of Bangladesh, to attend a two-week Security Management Stage 1 Course. The programme, which follows on from a successful pilot course last year, will provide delegates not only with core skills knowledge in security management best practice, but will importantly set delegates off on a study programme which will lead to the award of a work-based learning MSc with Middlesex University.

Frank Fodstad, Deputy Managing Director of Grameenphone, which, together with BAT Bangladesh is co-hosting the course, opened the programme by reminding delegates that integrated security management of the highest international standards is essential to organisations such as global communications leader Telenor. Telenor has a $1 billion investment in Grameenphone, and is one of Bangladesh’s biggest private sector investors.

During the two weeks delegates will study security risk management, operations management, physical security, personnel security, protection against terrorism, information and IT security, security surveying, crisis management, investigations and leadership.

Further Asia-region courses are being planned in Bangladesh. Contact Janet for details.

Seven out of the World’s Top Ten Multinationals Have Chosen ARC Training

Seven out of the world’s top ten (Fortune 500) corporations have selected the ARC Training International Academy for Security Management to train their security managers. This number includes all top five UK multinationals, four out of the top five US-based companies, and the world’s largest integrated oil and gas project, Sakhalin Energy, of which the major shareholder is Russia’s largest company, Gazprom.

Thursday, May 10, 2007

The Phantom USB Menace!

A US survey of 370 IT professionals has confirmed USB data sticks (so-called “thumb drives”) as the greatest security concern, posing a very serious threat to sensitive corporate data. 80% of respondents admitted that their companies had no effective controls in place and just 8.6% of respondents’ companies had total bans on such devices.
“Thumb drives are becoming increasingly difficult to identify as many are taking on disguises such as watches, small Star Wars figurines, key fobs etc.” comments David Cresswell of ARC. For information on how to manage this growing threat contact David.