Friday, September 21, 2007

Could We Require Employees to Accept Under-the-Skin RFID Tracking Chips? California Moves to Ban the Procedure.

In 2006 US Ohio security firm CityWatcher.com raised eyebrows when it requested that some of its employees be “chipped,” or implanted with grain-size subcutaneous RFID tags for access to certain rooms – a sort of high-tech key. According to published reports, only two employees got the implants before the company dropped the programme. CityWatcher.com has since shut down.

Elsewhere in the US, Alzheimer’s patients have been implanted with the tiny tracking devices.

Now California is taking the bizarre step, already taken by two other US States, to have to ban the human implanting of these chips without a person’s consent!

Unlike Global Positioning System (GPS) technology, which is used for constant, real-time tracking, RFID tags are scanned at close range – usually from a few feet to a few inches. The tags are tracked by scanners installed at checkpoints, such as office doors or warehouse loading docks. The systems are also commonly used in highway toll collection and as theft protection in car keys.

A May 2006 story in Wired Magazine featured Jonathan Westhues, a 24-year-old engineer who demonstrated how he could (and did) covertly scan a company’s RFID employee badge and break into the office – all with a cheap, homemade reader. He’s since posted detailed instructions on how to make the reader on his Web site. Mr. Westhues likens RFID chips to “a repurposed dog tag”.

RFID will be addressed in detail during the new ARC Course Specifying Security Technology, 18-22 August 2008.

For the full story on the US debate on subcutaneous RFID implants go to:

http://www.centralvalleybusinesstimes.com/stories/001/?ID=6398

or put the kettle on, make a cup of tea and Google "subcutaneous RFID"!

Advice on How to Mitigate Armed Robbery

While in some parts of the UK, especially Northern Ireland, so-called “Tiger Kidnap” robberies proliferate (where a bank manager or family is taken hostage at home in order to coerce the manager into opening the bank), traditional bank hold-ups are still relatively common in many parts of the world.

Excellent advice on how to mitigate this staff-distressing event can be found in the following downloadable publications:

www.brc.org.uk/aabc/downloads/preventing_robbery.pdf

http://www.hampshire.police.uk/NR/rdonlyres/C20DE15D-A7EB-4C47-BD5D-2A869F5C8CAA/0/prevent_robbery.pdf

Has Your ID Been Stolen Yet? At What Point Would You Know if It Had? When the Police Knock on Your Door to Arrest You?

ChoicePoint, a consumer data vendor, hands over personal information on at least 145,000 people to criminals posing as small businesses.
  • Hackers swipe the personal information of 32,000 people who use the database Lexis-Nexis.

  • Bank of America loses backup tapes containing 1.2 million federal employee records.
Every day, it seems, a new identify theft incident is reported.

The lines above were written in 2005, and the situation has got much worse as only now do we become aware of the scope of the threat posed by identity thieves. With the worsening situation have come much greater fines - sometimes in the millions of dollars - just as a result of an employee loosing a laptop with employee personal details on the hard drive.

The full text of the article can be found at:


Email and the Law - How Not to Be Fined Thousands of Pounds

Any manager responsible for corporate communication would be reckless to ignore the need to comply with current regulations, warns the website InfoSecurity. Liability concerns regarding employee communications have never been greater; lawyers are using computer records, email logs and, increasingly, instant message content, as evidence in court. Cases relate to discrimination, harassment, fraud and antitrust claims, among others.

In recent years, a telecommunications company, a retail bank, the Inland Revenue, and even a leading law firm have fallen foul of email misuse by employees. Consequently, companies are quite rightly becoming more far more cautious about putting company information in an email.

Any communication that traverses a company's network remains the property of the organisation, which is therefore responsible for it. This leaves the company open to severe penalties if a court finds it guilty of security breaches or of non-compliance with regulatory law, as well as their corporate governance policies. To minimise these risks, companies are claiming the right to monitor employees' use of email as part of the right to use the corporate network, but is email monitoring legal?

Read on at:


Email evidence is one of the issues covered in the new four-day Investigating and Interviewing Skills Course, delivered by Lynx International, on behalf of ARC Training. Demand for the first course 5-8 November is high. Contact Janet to reserve your place.

Tuesday, September 18, 2007

Planning to Sit the 2008 ASIS International Physical Security Professional (PSP) Certification Examination?

If you are planning to sit the 2008 ASIS International Physical Security Professional (PSP) Certification examination with ARC Training, you are reminded that it is never to early to begin studying for this challenging task!

David Patterson’s PSP Study Guide is an excellent preparatory guide. The text in each chapter is presented in the format of "Key Concepts" followed by practice questions to assist the reader in understanding the material. Additional references are cited at the end of each chapter for those who may require more detailed information about the subject. This invaluable resource will help evaluate your current knowledge and determine subjects that may require further study of the recommended reference books.

You can purchase the Guide from:

http://www.abdi-secure-ecommerce.com/asis/pc-757-59-1720.aspx

If you would like to register your interest in the 2008 PSP examination, please contact Janet. Full programme details will be published soon.

Perimeter Security Technology Gets Wired

Perimeter intrusion detection systems (PIDS) are an important element in the security of any critical facility with a vulnerable perimeter to protect. "Security Solutions" website carries a detailed story of a water treatment plant in Southern California which has upgraded its PIDS with the installation of a Zareba fence disturbance sensor, which has the option of being “armed” with a painful, but non-lethal electric current.

The article contains some interesting comment about PIDS in general, and can be accessed at:

http://securitysolutions.com/access_control/water_treatment_intrusion_detection_system/index.html
Information on the Zareba system can be found at:

http://www.zarebasecurity.com/guardtower.htm

(Note that ARC does not specifically endorse any security product)

PIDS is one of the topics covered in Security Management Stage 1, 19-30 November 2007. It will also be covered in the new Specifying Security Technology Course, 18-22 August 2008.

The protection of critical facilities will be comprehensively covered in the new Protecting Critical National Infrastructure Course, 14-18 July 2008.

New Overseas Training Dates Announced for 2008

ARC Training International Ltd in partnership with Precept Management Consultancy is pleased to announce two new overseas course dates for 2008:
  • Security Surveying and Design, 11-15 March 2008, Paphos, Cyprus

  • Security Coordination and Management, 20-24 April 2008, Muscat, Oman

In addition to the above programmes, ARC also plans to be running open overseas training programmes in Malaysia, The Czech Republic and Nigeria during 2008.

Chartered Management Institute Warns Businesses to Put in Place Procedures to Protect Safety of Staff and Business Operations

Business continuity management (BCM) is a process that helps manage risks to the smooth running of an organisation or delivery of a service, ensuring continuity of critical functions in the event of a disruption, and effective recovery afterwards.

Surprisingly, however, only 48% of large businesses have a business continuity plan, and the Chartered Management Institute (CMI) warned earlier this year that businesses are still not doing enough to combat the threat of unforeseen disasters such as power cuts, storms, fires, floods and terrorist attacks.

Phil Wood MBE CPP is today on-site with the world’s largest commercial security printing company to deliver a practical workshop in business continuity management. To book a similar workshop for your senior and operational managers, contact Phil at ARC Training.

Further details on the CMI warning can be found at:

http://www.newbusiness.co.uk/article/20/03/2007/CMI_business_continuity.html

What It Takes to Become a Competent Security Surveyor

Delegates representing a range of business sectors and countries began an intensive and very practical five-day programme yesterday at ARC to master the skills of security surveying.

The course, led by Peter Horsburgh CPP, PSP, will take delegates to a real site, where they will carry out a practical survey in syndicates, under the close guidance of Peter. Upon return to the classroom they will then work in the same syndicates to produce a detailed survey report, which will be presented to a simulated management board at the course conclusion.

This course is now in its seventh successful year and has been attended by many security professionals from across the world, representing some of the biggest international companies. Feedback has been extremely positive, with participants reporting that the course has not only given them the skills, but also the confidence, to effectively and efficiently carry out security surveys.

The next Security Design and Surveying and Design Course will take place April 21-25, 2008.

Al Qaeda Has Reconstituted into an Organised, Centrally-Driven Organisation, Warns Washington Post

The main points of this very detailed article are:



        1. Al-Qaeda has proven itself to be extraordinarily adept at succession planning. The core leadership had benefited from a "deep bench of lower-ranking personnel capable of stepping up to assume leadership responsibilities." Many are veteran jihadists.

        2. Al Qaeda “Central” has grown stronger, rebuilding the organizational framework that was badly damaged after the U.S.-led invasion of Afghanistan

        3. Today, al-Qaeda operates much the way it did before 2001. The network is governed by a shura, or leadership council, and has 200 core-group leadership member

        4. Operatives are organized into cells with separate missions

        5. Counterterrorism officials have been slow to grasp the resurrection of al-Qaeda Central

        6. Home-grown cells of militants, operating independently of bin Laden, have increasingly come under central control

        7. Al-Qaeda’s Al-Sahab media arm has a prolific output. It has produced over 60 videos this year, most including subtitles in several languages and sometimes 3-D animation. It posts videos directly on the Internet, relying on an anonymous global network of webmasters to shield their electronic tracks

          For the full five-page report, click on:


        8. http://www.washingtonpost.com/wp-dyn/content/article/2007/09/08/AR2007090801845.html

        Monday, September 17, 2007

        How Safe Are Budget Airlines? Useful Information Sources

        The tragic crash on Sunday of a McDonnell Douglas MD-82 aircraft at Phuket Airport, Thailand, has reopened the debate about the safety of budget airlines, which are proliferating. David Cresswell recently flew the Bangkok-Phuket route on a One-Two-Go MD-82 and reports a perfectly satisfactory and safe flight.

        The accident follows a week in which Canadian planemaker Bombardier ordered the grounding of almost half of its Q400 turboprop planes after three were involved in landing gear failures. Bomardiers are operated by UK budget airline Flybe. Aside from landing gear worries, a Flybe Bombardier Q400 with 36 people on board had to make an emergency landing in Edinburgh in July when crew members were forced to shut down one of its two turboprop engines.

        There are two websites which provide useful information on aviation safety. The European Commission website provides information on those airlines which are banned from EU airspace or which have restrictions placed on them. For details click on:

        http://ec.europa.eu/transport/air-ban/list_en.htm

        The airsafe.com website provides information on the safety record of specific makes of aircraft. The MD-82 type aircraft which crashed on Sunday is listed under MD-80:

        http://www.airsafe.com/by_model.htm

        Obviously, choosing a safe airline and safe aircraft type is a very imprecise science.

        Selection a safe airline is one of the topics covered in Business Travel Security, which is a one-day workshop during Security Management Stage 2, 15-26 October 2007. The workshop may be attended as a standalone workshop on 22 October.

        Alternatively, ARC can deliver the programme in-house, tailored to your specific requirements.

        Latest Symantec Report: Internet Crime Has Become a Major Commercial Activity

        Internet crime has become a major commercial activity, reveals a report by computer security company Symantec. Internet hackers have fundamentally shifted away from nuisance and destructive attacks toward criminal activities motivated by financial gain, according to the report. And the attacks are increasingly being launched by malicious computer code hiding in trusted websites that people visit regularly through their web-browsers.

        Cyber crime has become increasingly professional and was now a multi-billion dollar industry. The underground economy has its own auction sites and marketplaces that sell valuable data such as credit card numbers and bank accounts, sometimes for as little as $20 for someone’s banking log-on or credit card details!

        They also sell toolkits for novice cyber criminals who lack technical know-how to craft their own attacks. Just three phishing toolkits were behind 42% of all phishing attacks seen by Symantec in the first six months of 2007.

        The full report can be downloaded from:


        News stories relating to this report can be found at:

        US War with Iran Draws Nearer

        French Foreign Minister Bernard Kouchner announced today that the world should prepare for war over Iran's nuclear programme.

        Meanwhile, according to press, the US Department of Defense has begun pushing regular contractors very aggressively for “unit costs” to be used for logistical preparations for reconstruction and ground operations in a “certain unspecified” country of West Asia.

        For further information click on:

        http://news.bbc.co.uk/1/hi/world/europe/6997935.stm
        Any attack on Iran could have repercussions across the Middle East, potentially destabilising the fragile peace in Lebanon, where support for Iran within some sections of the community is very strong, warns ARC’s David Cresswell, who was in Lebanon last year when war broke out with Israel. Furthermore, a recent escalation in tensions between Jerusalem and Damascus could herald a concurrent Israeli air offensive against Syria.

        Friday, September 14, 2007

        Banks Can Spend Billions of Dollars on Surveillance Systems and It's Meaningless, Warns FBI

        Banking security experts in the US are blaming the height at which CCTV cameras are mounted as one reason why bank robberies are so prevalent. In Washington State alone there have been 117 robberies so far this year.

        “With most bank security cameras positioned in front of and above customers, the hats and hoods that robbers use to disguise their identities are often successful because the cameras capture the peak of a cap or brim of a hat,” says an FBI expert. "Even if you zoom in, all you're getting is the tighter picture of a baseball cap. Banks can spend billions of dollars on surveillance systems, and it's meaningless."

        Many banks have begun heeding the FBI’s advice that they lower their surveillance cameras to capture better images of robbers' faces instead of their headwear. For example, all City Credit Union have lowered their cameras to 1.8m.

        UK Loan Firm Caught up in Data Theft

        Credit broker Loans.co.uk has called in police after discovering the theft of personal customer data, according to the BBC.

        A spokesman for the Watford-based firm said the group had contacted police and relevant authorities as soon as the security breach was discovered.
        In addition to exposing a company to huge fines, such an occurrence could cause a company like this to go bust, warns ARC Training.
        Measures on how to protect your company customer data against theft and the methods used by data thieves is contained in the Information and IT Security Workshop, 26 November, which, for those wishing to undertake a university-accredited path of study, forms part of the Security Management Stage 1 Course.


        Protecting Critical National Infrastructure Training

        Northumbrian Water this month moved to reassure customers after it was revealed the company had been on a state of high alert after a terrorist threat to poison supplies, according to the Newcastle Journal Online.

        A security warning was issued by the Department for Environment, Food and Rural Affairs (Defra) in response to an “undisclosed and direct” threat last year. The threat came to light at an employment tribunal in Newcastle.

        Andrew Hindson, of Washington, was sacked by Northumbrian Water for failing to deal with an alarm set off by an intruder, but he has now withdrawn his claim of unfair dismissal.

        The security of water supplies will be one of the subjects addressed in ARC’s new Protecting Critical National Infrastructure Course, 14-18 July 2008. Other subjects to be addressed in the course will be:

        · Risk and Vulnerability Assessment Methodologies
        · Establishing Baseline Security Criteria
        · Port and Transportation Security
        · Food and Drink Supply Chain Security
        · The Energy Sector – Special Considerations
        · Pipeline Security
        · Securing CNI SCADA
        · Protection against Explosive Devices
        · Emergency Planning
        · Crisis Management
        · Extortion
        · Creating Resilience
        · Intelligence and Government Liaison

        “Company XYZ Puts Employee Data at Risk of ID Theft” – A Familiar Story, but Now a Solution

        The headline has been a familiar one over the past year, as laptops are lost or stolen and unencrypted personal details of staff contained on the hard drive are put at risk. Fortunately, most laptops are stolen not for their data but for simple resale. But laptop thieves don’t usually use special data-erase programmes before selling on, so the victim’s data, although invisible to the “naked eye”, is still there.

        Companies that don’t take care to protect such data against theft can face spectacular fines, as a major UK bank found earlier this year. Enter Seagate with its encrypted hard drive. The disk-drive maker announced this month that it's working on a hard drive with native encryption that will protect all the data on a stolen machine. The drive will contain embedded chips which will encrypt all the data on the drive. Then if the machine is stolen, the thief would have to come up with a password at minimum and two- or three-factor authentication at best.

        Seagate expects to ship in mid-2008 a 1 terabyte desktop hard drive that uses US government-grade encryption. Nicknamed the Barracuda 7200 FDE, the 3.5-inch drive has native encryption. Using AES encryption, the hard drive is designed to deliver end-point security for powered-down systems. Logging back on requires a pre-boot user password that can be beefed up with biometrics and smart cards.

        Expect laptop versions to follow.

        The Global State of Information Security Survey 2007

        Findings of the latest Global State of Information Security Survey 2007, a worldwide study by CIO magazine, CSO magazine and PricewaterhouseCoopers, show that IT is taking budgetary control for information security, with the 65% of budgets now coming directly from the IT department – a dramatic rise from just 48% a year ago.

        Additionally, although data breaches are driving privacy concerns, encryption of data at rest remains a low priority despite it being the source of many data leakage issues.

        For further details see:

        http://www.continuitycentral.com/news03459.htm

        Can Biometric Systems Be Tricked?

        Biometrics 2007, the annual UK conference on biometrics will take place in London over the period 17-19 October. With governments now poised to embrace this technology in the face of terrorism fears and a dramatic growth in ID fraud, it now looks as if the multi-million pound ten-year investments made by many biometrics manufacturers in the late 1990s are about to pay dividends. But is the technology as good as it claims to be and can the latest biometrics systems be fooled, as alleged in this 2005 newspaper report?

        http://www.ft.com/cms/s/0/78a735f4-e6a8-11d9-b6bc-00000e2511c8.html

        Delta Scientific Shows Off New anti-VBIED Shallow Foundation Bollard

        Delta Scientific has produced a new DSC 600 Shallow Foundation Bollard system which can be installed in front of vulnerable points at a building in a foundation of just over 0.3m. The two-bollard array is capable of stopping and destroying a 6,000 kg truck travelling at 80 kph.

        See the demonstration video at:

        http://www.deltascientific.com/vid_dsc600.htm

        Comprehensive one-day sessions on how to manage the threat posed by terrorism are contained in the forthcoming Security Management Stages 1 & 2. Each, focussing on different aspects of this threat, may be attended as “stand-alone” one-day workshops.

        Consider Energy Costs When Selecting Security Technology - How to Save $50,000

        The lower energy requirement of multi-function electric locks is set to prompt a significant shift away from electro-magnetic locks when the UK adopts the Energy-using Products (EuP) Directive 2005/32/EC – which is anticipated to happen in 2008.

        Switching to higher security performance electric locks will not only enable end-users to comply with this new green directive, but also lead to significantly reduced energy costs as, unlike electro-magnets, electric locks do not draw power 24/7, according to Abloy Security.

        'A recent study (by Borer Data Systems)' claims Abloy 'revealed that a massive £24,500-worth of energy costs could be saved by replacing the existing electro-magnetic locks on a 50-door access control system with electric strikes.'

        If You Are in the Food, Beverages or Pharmaceutical Manufacturing Industry in Europe, Read This Urgently!

        Terrorists may resort to non-conventional means such as biological weapons or materials. Some of these materials have the capacity to infect thousands of people, contaminate soil, buildings and transport assets, destroy agriculture and infect animal populations and eventually affect food and feed at any stage in the food supply chain. The risk of "bioterrorist" attack has been statistically low but its consequences can be devastating.

        Mitigating actions are the same as for a natural outbreak e.g. early detection, sound traceability systems, rapid control and eradication measures, contingency plans and overall coordination. Nevertheless, our tools could be developed to face bio-terror attacks during which pathogens could be introduced simultaneously in a number of different locations across the EU and to cope with simultaneous outbreaks of different diseases which could overpower the established response capacities and thereby affect public health.

        Read further into the European Commission Green Paper at:

        http://www.foodlaw.rdg.ac.uk/pdf/com2007_0399-biopreparedness.pdf

        The ASIS European Bureau has expressed concern that the paper has failed to recognise the professional security community as a stakeholder and is seeking urgent feedback (by 21 September) to the paper from European members of ASIS International. This will then be collated and forwarded to the European Commission.

        If you wish to comment, go to:

        http://www.asisonline.eu/index.html?current=31&page=10&page2=31&lang=en

        Thursday, September 13, 2007

        Ouch! - The Cost of Industrial Espionage

        McLaren have been stripped of their points in the 2007 Formula One constructors' championship after the outcome of the 'spygate' row with rivals Ferrari. The team were also fined a record $100m, which includes any prize and television money they would have earned from the constructors' championship.

        The size of the fine recalls memories of a bitter dispute between General Motors and Volkswagen in the 90s, when the former accused the latter of industrial espionage. Jose Ignacio Lopez de Arriortua, head of purchasing for GM, defected to VW in 1993, allegedly with more than 20 boxes of documents on research, manufacturing and sales! (If he had waited a few yesars he could have taken it out on a flash stick!!)
        Much of the allegedly pilfered data involved blueprints for a super-efficient assembly plant--a factory that GM believed would topple VW's dominance of the small-car market in emerging markets of Eastern Europe, China and elsewhere.

        The world's largest international corporate espionage case officially ended in 1997, when VW admitted no wrongdoing but settled the civil suit by agreeing to pay GM $100 million in cash and spend $1 billion on GM parts over seven years.

        ASIS CPP Training with ARC

        ARC Training is delighted to announce that beginning 2008 it will be conducting 2 CPP certification examinations per year on behalf of the UK Chapter of ASIS International.

        The examinations will be on May 3, 2008 and November 1, 2008. Each examination will be preceded directly by a one-week course, for which a distance learning preparation programme will be available four months earlier.

        Precise dates are as follows:

        Examination 1/2008

        Distance study begins: End January 2008
        Preparation programme: 28 April – 2 May 2008
        Examination: 3 May 2008

        Examination 2/2008

        Distance study begins: End July 2008
        Preparation programme: 27 – 31 October 2008
        Examination: 1 November 2008

        Package cost (including accommodation)

        £1225 + VAT for Region 25 ASIS members (Applicants outside Region 25 should contact Janet Ward).

        For details on how to register, contact David Cresswell.

        Please note that there is no change to the PSP certification schedule:

        Distance study begins: End July 2008
        Preparation programme: 27 – 31 October 2008
        Examination: 1 November 2008

        Troubled Waters Ahead for Companies with Business Interests in Iran

        Is Washington about to add Iran's Revolutionary Guards, the elite fighting force founded in 1979, to its list of terrorist organisations?

        The BBC is confirming reports carried by two major US newspapers that the Bush administration has been discussing this issue and is now prepared to do it. For now, US officials aren't confirming or denying it.

        If the Revolutionary Guards are added to the list, it would be the first time a part of a sovereign country's military has been put on it.For the full BBC report click on:


        Email Extortion Alert

        Several Florida residents have been targeted by an assassin email scam. Florida police say the scam emails claim they are from an assassin hired to kill the recipient. Officials say the emails are written with poor grammar and misspellings. The email asks the recipient for money so the assassin won't kill them.

        There are numerous services on the Web which allow users to disguise the origins of messages. It takes just seconds, for example, to spoof a message purporting to come from your email address!!

        Sony MicroVault USB Memory Stick – Hacker Vulnerability Warning

        Sony's high-end Memory Stick flash memory devices contain software that can make personal computers vulnerable to hackers, according to researchers at two Internet security companies.

        Sony's MicroVault USB Memory Stick and fingerprint reader create a hidden directory on hard drives that may allow hackers to infect computers with malicious software, according to the Web log of Finland-based F-Secure. Researchers at Santa Clara-based McAfee confirmed the vulnerability.

        The company is looking into the issue and won't comment now, said Sony spokesman Chisato Kitsukawa.

        ARC recommends that organisations advise employees to cease using Sony Microvault sticks until Sony have published a fix.

        Be Careful, Very Careful with Your Food

        A condom in a curry, a white Wellington boot in cheese and broken windscreen glass in a pancake. These "foreign bodies" were all found in food in the UK.Speaking at a recent session of the South African Association for Food Science and Technology in Durban, Professor Geoffrey Campbell-Platt and Tony Hinds highlighted the problems in the food industry. The worst case scenario could include terrorism, said Hinds, a director dealing in crisis management at Leatherhead Food International. Terrorism is still a threat he said.

        Listing the causes of foreign bodies in food, he said they included the accidental and criminal. One malicious contamination case was allegedly caused by a factory worker "who was feeling a bit down" and picked up a handful of broken windscreen glass, later putting it in a crispy pancake (he was found not guilty in court as there was insufficient evidence for a conviction).

        Malicious Product Contamination is one of many subjects covered on Security Management Stage 3. Dates for forthcoming Security Management stage 3 courses are:

        24 September - 5 October 07 (UK)
        2 - 13 December 07 (Bangladesh)
        12 - 23 May 08 (UK)
        22 September - 3 October 08 (UK)

        Read Garlik's Annual Report on the Growth of Cybercrime

        The changing digital environment means that criminals are always finding new and inventive ways to operate online. The press is filled with stories of online fraud, scams and stalkers. In a newly published report by Garlik it is claimed that over 300 cybercrimes are committed ever hour in the UK alone, and in 2006 over 3 million cybercrimes were carried out.

        The Garlik 'UK Cybercrime' report is the first of its kind to chart the extent of cybercrime in the UK. It details everything from online financial fraud to abusive emails. You can download the report in full from:

        https://www.garlik.com/press/Garlik_UK_Cybercrime_Report.pdf

        Don't forget that Ed Wilding, computer expert, broadcaster and author will be presenting his new ARC course IT Security and Incident Response over the period 9-10 October 2007. If your role involves the detection and investigation of internal crimes committed against your organisation using IT systems, this course is “a must”.

        Security Upgrades for US Airports

        Airports across the USA are likely to get hundreds of high-powered X-ray machines that are better at finding bombs in carry-on bags and could someday remove one of the biggest checkpoint hassles — taking a laptop out of its case.

        The Transportation Security Administration started testing the new machines at three airports this month and could buy up to 500 starting this autumn for major airports, TSA chief Kip Hawley said.

        New equipment would replace some of the 2,000 conventional airport X-ray machines, which have a limited ability to help security screeners find bombs.

        For the full story click on:

        Czech It Out!

        The unique security training partnership between ARC Training and Orange Group a.s. in Prague is set to enter its second year, with plans to expand the range of security management training in the Czech language.

        The courses, some of which are delivered by David Cresswell through translation and others by the Orange Group training team led by company chairman PhDr. Michal Fábera, provide credits which allow participants to work towards either a Diploma in Risk Management or a Diploma in Security Management, accredited by the Czech Ministry of Education. The project is the only undertaking of its kind in the country.

        The courses cover a wide range of security and risk management subjects, and related generic disciplines, such as project management.

        Together with David Cresswell and Michal Fábera the image depicts Marek Ŝimandl, who has successfully completed the recent security technology course, conducted by David.

        ARC is always looking for enthusiastic and capable partners in other countries to launch similar projects.

        Monday, September 10, 2007

        "Global Gathering" for Security Coordination and Management Course

        Fifteen delegates from Azerbaijan, India, Kazakhstan, Nigeria, Pakistan, Switzerland, and the UK will be gathering in the Thames Valley during the week 10-14 September 2007 to attend the Security Coordination and Management Course, a one-week condensed programme in the fundamentals of security management best practice. Representing sectors as diverse as nuclear power and finance, the delegates will study with Phil Wood MBE the core principles of physical security, risk management, IT and information security, manpower selection, personal protection, protection against explosive devices and investigations.

        Fifteen participants is a record attendance for this course, reflecting its growing popularity and importance.

        The next UK Security Coordination and Management Course takes place 25-29 February 2008.

        ARC Publishes 2008 Schedule - Several New Courses Added

        The ARC Training International Academy for Security Management has published its Schedule of Open Courses for 2008. Alongside a programme of courses similar to that of 2007, the following new courses will be introduced:
        • An additional Security Management Stage 2, to be held in Malaysia, 18 – 29 February
        • A brand new investigations course run by Lynx and entitled Investigating and Interviewing Skills, 10 – 13 March and 3 – 6 November
        • A one-week Retail Security Management Course to be held in June, dates to be confirmed.
        • A new Protecting Critical National Infrastructure Course, 14 – 18 July
        • A new Specifying Security Technology Course, 18 – 22 August

        In addition, it is likely that ARC will offer two CPP examinations, in May and November. It is planned that each examination is preceded by a one-week intensive study programme.

        For details contact Janet.

        BP Points Way to Integrated Security

        BP's plan to link its IT and physical security teams could provide an approach for other firms looking to better protect key systems from new threats, such as targeted attacks, reports Computer Weekly.

        BP is combining IT and physical security to combat a predicted rise in global attacks against large companies. According to Computer Weekly BP plans to bring together 530 employees from its security divisions worldwide over the next two years, so that IT and physical security departments can work together to address these threats.

        A very positive analysis of the integration project can be found at:

        ARC to Begin Open Course Training in SE Asia in 2008.

        Following on from a number of successful in-house training assignments ARC Training will begin open training in SE Asia in 2008 with a Security Management Stage 2 programme to be held in Kuala Lumpur, Malaysia, 18-29 February 2008.

        The Security Management Stage 2 Course, which has been successfully completed by hundreds of delegates from many of the world’s leading companies, will cover the subjects of Developing Security Risk Management, Business-Integrated Security Operations Management, Integrating Security Technology, Fraud Risk Management and Ethics, Investigations Management and Forensics, Transport & Distribution Security, The Corporate Response to Terrorism, CBRN, Business Travel Security Management, Information Security Management, Convergence of Physical and IT Security, Selecting a Guarding Contractor, Finance and Budgeting, Course Project (Based on Designing a Security Structure for a Multi-Site Operation), Security & Crisis Management Exercise.

        The course will be university accredited, providing participants with 30 of the 180 credits required for a Masters in Corporate Security Management. For more information contact Janet.

        Germany Gets Tough with Terrorism - Plans to "Infect" Suspects' Hard Drives with Spyware

        German Interior Minister Wolfgang Schaeuble proposes “to use ‘Trojan horse’ software to search potential suspects’ hard drives without their knowledge as a tough but necessary measure against terrorism,” reports the Associated Press. “… The software, carried in e-mails, would allow authorities to investigate the suspects’ Internet use and data stored on their hard drives over the Internet without their knowledge.”

        This report coincides with the recent seizure in Germany of hundreds of litres of hydrogen peroxide (an essential component of TATP home-made high explosives) and the arrest of a number of Germans. German police believe the bombers were planning to attack Frankfurt airport, as well as restaurants and discotheques.

        Following the London tube bombings of 2005 strict controls were put in place over the supply of hydrogen peroxide. In many other countries no such controls exist, and instructions on how to convert the chemical into powerful explosives can still be accessed on the Internet! (PS: If you are thinking of searching on Google, just out of curiosity, DON’T! Your activity may be logged by your country’s security services).

        David Cresswell Invited to Speak at the ASIS Asia-Pacific ASIS International Security Conference, February 2008.

        David Cresswell has been invited to Speak at the ASIS International 2nd Asia-Pacific Conference to be held on 11 – 13 February 2008, at the Raffles City Convention Center in Singapore. David will join with regional representatives of ASIS International on an expert panel to address the topic of professional development.

        David is well placed to advise conference participants objectively on the range of professional development options open to security professionals, especially training, education and certification. As well as leading the ARC Training Team, David is a visiting lecturer at the Centre for Criminology, Middlesex University and also works closely with Leicester University marking postgraduate essays in security and risk management.

        In addition, David is Chairman of the UK ASIS Chapter Professional Development Committee, responsible for ASIS certification programmes in the UK, and leads The Security Institute’s Working Group on Professional Development.

        US Issues Warning to Western Interests in Nigeria

        The U.S. mission in Nigeria has said it has received information that U.S. and other "Western'' interests in the country are at risk of a terrorist attack, according to US Bloomberg TV.

        Potential targets include diplomatic buildings and businesses in Abuja, the capital, and Lagos, the commercial center, according to a statement released today by the U.S. consulate in Lagos.

        The warning, just days before the sixth anniversary of the Sept. 11 terrorist attacks in the U.S., urged expatriates to take security steps, including varying routes to and from work and avoiding traffic bottlenecks. It follows the arrest Sept. 4 of three men in Germany suspected of planning ``massive bomb attacks'' on targets in Germany used by U.S. citizens.

        "This is the first time I have seen the words `terrorist' and `Nigeria' from the U.S.'' in a public warning, Sebastian Spio- Garbrah, an analyst at New York-based Eurasia Group, declared. The notification "should really distinguish it from the normal militia threat in the Niger delta.''

        Al-Qaeda has previously said it's interested in Nigeria.

        Stepping Up A Level

        As part of our continuing drive to improve and develop professional standards within the security industry, ARC Training and Skills for Security have begun collaboration on the production of training for a Level 3 Certificate in Security Operations. The course, which ARC will produce to Skills for Security’s specifications after wide consultation with security professionals and companies, will replace the now defunct ‘Professional Security Officer’ course.

        The aim is to provide training, which will be accredited by City and Guilds of London, for personnel involved in the running and management of security guarding operations. Training will involve distance learning, e-learning and licensed session delivery by in-house providers within companies and organisations. Under current planning, the training is due for launch in May 2008 and will be a significant step up in the level of accredited training available to this vital sector of the security profession.

        NaCTSO Publishes Sector-Specific Counter Terrorism Security Advice

        Amongst a wealth of information that can be found on the website of the US Memorial Institute for the Prevention of Terrorism are the following three excellent downloadable UK Government publications produced by NaCTSO, the UK’s National Counter Terrorism Security Office:

        - Counter Terrorism Protective Security Advice for Bars, Pubs and Nightclubs

        - Counter Terrorism Protective Security Advice for Shopping Centres

        - Counter Terrorism Protective Security Advice for Stadia and Arenas

        For further information and download instructions go to:


        Protection against Explosive Devices is a full-day module on the Security Management Stage 1 Course, 19 – 30 November. Alternatively, the session can be attended a day workshop on 26 November 2007.

        ARC Plans Two CPP Examination Dates for 2008, in May and November

        Beginning in 2008, it is planned that ARC Training will offer 2 CPP examinations each year, in May and November, each preceded by distance study and a one-week residential study programme. Contact David for details.

        Meanwhile, John Scott, Head of Security, The Post Office has taken over leadership of ASIS Chapter 208’s Item Development Group (IDG). The role of the IDG is to produce questions for the UK version of the internationally-recognised CPP examination.
        John will work closely with Chapter 208's Professional Development Committee, headed by David Cresswell.

        Metropolitan Police Offer Advice on Computer Crime

        A useful resource on computer crime is provided by London’s Metropolitan Police. Click here for details:
        Don't forget that Ed Wilding, computer expert, broadcaster and author will be presenting his new ARC course IT Security and Incident Response over the period 9-10 October 2007. If your role involves the detection and investigation of internal crimes committed against your organisation using IT systems, this course is “a must”.

        What Will the US Do When Prevention Fails?

        What will the United States do on the day after prevention fails?” asks the Washington Quarterly. “What preparations are necessary? … Among the challenges that must be addressed are emergency response, evacuation and sheltering, immediate radiation effects, follow-on threats after the first nuclear weapon, attribution and retaliation, and the long process of cleanup, especially the uniquely difficult problem of fallout and residual radioactivity.

        More at:

        British Security Industry Association Publishes Guide to IP in Security Applications

        With the adoption of Internet Protocol (IP) technology increasingly being used within the security industry, the British Security Industry Association (BSIA) has published a guide for installers to provide a basic understanding of IP in security applications.

        “As the generation of ‘digital’ systems is seeing a trend towards IP in all applications, security installers are now being asked to provide IP solutions which require an understanding of IT,” says Alex Carmichael, BSIA Technical Director. “This guide provides guidance on the key elements of IP, therefore assisting installers in providing the best service possible for their customers.”

        The BSIA installer guide provides comprehensive information on different network types and the assigning of IP addresses to devices in order to pass information between network-attached devices (hosts). The guide also considers the types of transmission devices available, for example cable and wireless, and the vast and varied types of hardware that form a network. The document also offers advice on design and installation considerations.

        The guide can be downloaded free from the following link:

        Accredit to ARC

        Properly and fully accredited training is essential for the committed security professional. We recognise this and have achieved accreditation by Skills for Security for our major courses, and then of course there is our highly successful partnership with Middlesex University.

        As we aim to provide the highest quality security management training available, ARC is embarking upon a programme to accredit much of its training with City and Guilds of London in line with the National Qualifications Framework (NQF). This will allow our delegates to gauge and map their training to emerging UK national standards and allow them to clearly demonstrate their progression as security professionals.

        Development work has begun on this exciting new initiative and we anticipate accreditation for the first tranche of courses to be finalised during the early part of 2008.

        Considering using the Internet to Transmit Alarm Signals? Read on.........

        After decades of signalling alarms over public service telephone networks (PSTN), the major communications companies recently started to tell us that voice over Internet protocol (VoIP) will increasingly replace circuit switched communications as the preferred method of communication. Rollout of British Telecom's 21CN has proved this to be the case in the UK and there are many similar projects underway throughout the world. The days of the Plain Old Telephone System (POTS) seem to be numbered.

        Read on here:

        Terror Accused 'Had Videos Urging Jihad on Laptop Computer'

        Videos featuring the 9/11 attacks on the United States and Osama bin Laden were found on the computer of a student accused of terrorism charges, a British court heard. The images and documents were found in a folder on the laptop belonging to Mohammed Atif Siddique, which was seized at Glasgow Airport.

        Many people, often out of simple curiosity, have such video clips on their laptop hard drives. Visitors to the UK should be aware of the potential dire consequences of being found in possession of such.

        Security managers should ensure that all staff travelling to the UK are aware of the potential for corporate reputation damage if employees are found to be in possession of any materials, the intention of which could be misunderstood by authorities.

        David Cresswell to Speak at the Conference of the British Institute of Facilities Management

        David Cresswell has been invited to speak at the forthcoming conference of the British Institute of Facilities Management entitled “Prepare, Plan, Prevent”, taking place in London 6-7 November.

        David will speak on the subject of Security Risk Management and will present the ARC Security Risk Management Methodology, so familiar to delegates from all over the world who have attended ARC courses.

        Never Leave Your Laptop in a Car - And if You Must, NEVER Leave It on Standby. This is Why………..

        Thieves are using mobile phones to detect laptop computers and other equipment hidden in cars, police in the UK Midlands have warned. Police believe thieves are using Bluetooth-equipped mobile phones to detect hidden electrical equipment.

        Laptops and satellite navigation systems, hidden under car seats or in boots, have been stolen during a spate of car crime in central England. A police spokesman warned: "What is most likely is that if somebody leaves a laptop in their vehicle, even if it's hidden away, if it's on stand-by somebody with Bluetooth on, a mobile phone is able to detect the presence of that laptop."

        Get Your Own Wi-Fi Router, Warn Police

        A man who was seen using his laptop in the street has been arrested on suspicion of illegally logging on to a wireless (Wi-Fi) broadband connection, reports the Times Online.

        Two police officers saw the 39-year-old man sitting on a garden wall outside a home in Chiswick, West London. When questioned he admitted using the homeowner’s unsecured broadband connection from his position on the wall. He was arrested and the case was passed to the Metropolitan Police Computer Crime Unit. He was bailed to return in October and faces a fine or a jail term of six months, or both.

        This from a police service that is constantly complaining it is overworked, in a country that is plagued with violent crime!!! Come on, lads, catch some real criminals.