Source: www.nationalterroralert.com
In the 7½ years since America’s worst bioterror attack — when letters laced with anthrax spores killed five people, closed Congress and the Supreme Court and crippled mail service for months — U.S. agencies have spent more than $50 billion to beef up biological defenses.
No other anthrax attacks have occurred. But a flood of hoaxes and false alarms have raised the cost considerably through lost work, evacuations, decontamination efforts, first responders’ time and the emotional distress of the victims. That, experts say, is often the hoaxsters’ goal.
“It’s easy, it’s cheap and very few perpetrators get caught,” said Leonard Cole, a political scientist at Rutgers University in Newark, N.J., who studies bioterrorism. “People do it for a sense of power.”
Among the recent targets:
• Nearly all 50 governors’ offices
• About 100 U.S. embassies
• 52 banks
• 36 news organizations
• Ticket booths at Disneyland
• Mormon temples in Salt Lake City and Los Angeles
• Town halls in Batavia, Ohio, and Ellenville, N.Y.
• A funeral home and a day-care center in Ocala, Fla.
• A sheriff’s office in Eagle, Colo.
• Homes in Ely River, N.M.
The FBI has investigated about 1,000 such “white-powder events” as possible terrorist threats since the start of 2007, spokesman Richard Kolko said. The bureau responds if a letter contains a written threat or is mailed to a federal official.
Advice on what your organization can be preparing to do for such an eventuality can be found at:
www.hse.gov.uk/biosafety/diseases/anthrax.htm
Offering the CSMP - Certified Security Management Professional distance-learning award www.ismi.org.uk
Tuesday, April 14, 2009
Flash Drives - Greatest Threat to Sensitive Corporate Data?
Flash drives are probably the greatest menace to sensitive corporate data. They can store vast amounts of data and are plug-and-play in most computers.
Convergence and technical evolution means that the same functionality is being afforded to mp3 players and mobile phones, significantly multiplying the number of personally-owned devices which can siphon critically important company data through an unprotected USB port.
Software to protect USB ports, and to detect when an unauthorised UBS connection attempt is made, is available and inexpensive (for a single PC, just $30), but most organisations are not using it across the enterprise, and especially not on laptops, which are arguably the most sensitive - and the most vulnerable.
The following is recommended:
a. All employees reminded that unauthorised data copying may be regarded as theft for disciplinary purposes.
b. Software installed across the network to block, and alert to, the connection of unauthorised flash drives and other memory storage devices.
c. Personal flash drives banned from the workplace.
d. Charging of personal devices such as mp3 players and mobile phones via computer USB ports banned.
e. Those who are issued with flash drives are issued with such for a valid reason, and they may not be used on any computer except their own, without express permission.
f. Issued flash drives to be encryptable, so that data is protected in the event of loss.
g. Express permission required to copy certain types of data.
What’s more, personal USB devices are one of the most common sources of virus attack.
See http://www.zdnetasia.com/news/security/0,39044215,62052730,00.htm?scid=nl_z_ntnw
Convergence and technical evolution means that the same functionality is being afforded to mp3 players and mobile phones, significantly multiplying the number of personally-owned devices which can siphon critically important company data through an unprotected USB port.
Software to protect USB ports, and to detect when an unauthorised UBS connection attempt is made, is available and inexpensive (for a single PC, just $30), but most organisations are not using it across the enterprise, and especially not on laptops, which are arguably the most sensitive - and the most vulnerable.
The following is recommended:
a. All employees reminded that unauthorised data copying may be regarded as theft for disciplinary purposes.
b. Software installed across the network to block, and alert to, the connection of unauthorised flash drives and other memory storage devices.
c. Personal flash drives banned from the workplace.
d. Charging of personal devices such as mp3 players and mobile phones via computer USB ports banned.
e. Those who are issued with flash drives are issued with such for a valid reason, and they may not be used on any computer except their own, without express permission.
f. Issued flash drives to be encryptable, so that data is protected in the event of loss.
g. Express permission required to copy certain types of data.
What’s more, personal USB devices are one of the most common sources of virus attack.
See http://www.zdnetasia.com/news/security/0,39044215,62052730,00.htm?scid=nl_z_ntnw
Thursday, April 9, 2009
Microsoft PowerPoint Warning
On 3 April Microsoft announced that it was investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. At this time, the UK Govt is aware only of limited and targeted attacks that attempt to use this vulnerability.
The UK’s Centre for the Protection of National Infrastructure has advised that additional care be exercised when using Microsoft Powerpoint.
Company IT departments will eventually patch a solution, once it is provided by Microsoft, but it should be emphasised that unsolicited PowerPoints (or those found on the Internet) should never be opened.
Some former ARC delegates on special occasions circulate self-extracting PowerPoints containing greetings or words of wisdom. These may inadvertently be used to transmit malicious payloads and should always be deleted without opening, and the sender advised of the dangers – and the need to get their own PC checked for the presence of malware.
The UK’s Centre for the Protection of National Infrastructure has advised that additional care be exercised when using Microsoft Powerpoint.
Company IT departments will eventually patch a solution, once it is provided by Microsoft, but it should be emphasised that unsolicited PowerPoints (or those found on the Internet) should never be opened.
Some former ARC delegates on special occasions circulate self-extracting PowerPoints containing greetings or words of wisdom. These may inadvertently be used to transmit malicious payloads and should always be deleted without opening, and the sender advised of the dangers – and the need to get their own PC checked for the presence of malware.
Wednesday, April 8, 2009
Terrorism - Identifying Suspicious Activity
Templates for guidance on what to do if employees spot suspicious activity, possibly indicative of terrorist planning, can be found at:
http://www.nationalterroralert.com/suspicious-activity/
and
http://cms.met.police.uk/news/publicity_campaigns/new_campaign_urges_londoners_to_report_suspicious_activity
http://www.nationalterroralert.com/suspicious-activity/
and
http://cms.met.police.uk/news/publicity_campaigns/new_campaign_urges_londoners_to_report_suspicious_activity
Tuesday, April 7, 2009
Managing the Risk of Piracy at Sea
The US Department of Transportation Maritime Administration posts useful advice on its website on how to deter piracy attacks, based on experiences off the coast of Somalia. The advice includes:
- An awareness that most attacks occur in daylight.
- Vessels moving at less than 16 knots and with a low freeboard (less than 6 metres) are at high risk.
- Establishing a secure and pre-designated area for crew members to muster.
- Establishing a secure alternative steering location.
- Preparing a list of contact numbers and email addresses for assistance.
- Posting more security personnel and establishing roving watches, and 360 degree surveillance.
- Establishing duress codes for staff.
- Staging of anti-piracy equipment, such as fire hoses and spotlights.
- Removal of any equipment hanging over the side that could be used to gain access.
- Practice anti-piracy drills.
- Using established safe corridors.
- Transiting dangerous areas at maximum possible speed.
- Fullest possible utilization of radar.
- A single point of entry into the house.
- Securing deck lighting, except for mandatory navigation lights.
If under attack:
- Muster, man high pressure hoses etc., and provide a visible deterrent.
- Alter course, fire flares, turn on all lights if at night.
- Sound alarm signals.
- Activate SSAS.
- Notify nearest centre.
If pirates open fire:
- Change course repeatedly if unable to outrun pirate vessel.
- Hose team to remain behind cover until it can be used effectively.
- Use hoses to prevent boarding.
- Remainder of crew to secure location.
- If pirates succeed in boarding, cease resistance.
The link to the site, and other resources on Maritime Security, can be accessed by clicking on:
http://www.arc-tc.com/pages/resources_publications.asp#M
ARC Training offers a one-week course in Maritime Security, in accordance with the ISPS Code, during the period 5-9 October 2009. For more information contact Janet or go to
http://www.arc-tc.com/pages/other_accredited_sm.asp#s3
ARC is an approved TRANSEC (UK Government Agency) maritime training provider.
How Exposed Are You to Fraud?
The Association of Certified Fraud Examiners has produced a useful checklist that tests your company’s “fraud health”. You can access this document at the following link:
http://www.arc-tc.com/pages/resources_publications.asp#F and clicking on ACFE Company Fraud Health Check
ARC Training’s 3-day Investigating Fraud in the Workplace course takes place 20-22 July. For full course details contact Janet or go to
http://www.arc-tc.com/pages/accredited_investigation.asp#f3
http://www.arc-tc.com/pages/resources_publications.asp#F and clicking on ACFE Company Fraud Health Check
ARC Training’s 3-day Investigating Fraud in the Workplace course takes place 20-22 July. For full course details contact Janet or go to
http://www.arc-tc.com/pages/accredited_investigation.asp#f3
Monday, April 6, 2009
Guide to Emergency Management
The US Federal Emergency Management Agency produces an excellent guide to emergency management.
The guide provides step-by-step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities or any organization where a sizable number of people work or gather.
Whether you operate from a high-rise building or an industrial complex; whether you own, rent or lease your property; whether you are a large or small company; the concepts in this guide will apply.
Go to http://www.arc-tc.com/pages/resources_publications.asp#E
...and click on the link to FEMA Emergency Management Guide for Businesses.
The guide provides step-by-step advice on how to create and maintain a comprehensive emergency management program. It can be used by manufacturers, corporate offices, retailers, utilities or any organization where a sizable number of people work or gather.
Whether you operate from a high-rise building or an industrial complex; whether you own, rent or lease your property; whether you are a large or small company; the concepts in this guide will apply.
Go to http://www.arc-tc.com/pages/resources_publications.asp#E
...and click on the link to FEMA Emergency Management Guide for Businesses.
Global Spy Network
An electronic spy network, based mainly in China, has infiltrated computers from government offices around the world, Canadian researchers say. They said the network had infiltrated 1,295 computers in 103 countries. They included computers belonging to foreign ministries and embassies. There is no conclusive evidence China's government was behind it, researchers say.
For more go to:
http://news.bbc.co.uk/2/hi/americas/7970471.stm
The World’s Most Dangerous Countries (and the UK is to Blame!) According to US Company Forbes
To determine the world's most dangerous countries, Forbes combined rankings provided by iJet and fellow risk-assessment firm Control Risks, giving equal weight to each set of data. Both firms compiled their rankings by evaluating countries by categories including crime rate, police protection, civil unrest, terrorism risk, kidnapping threat and geopolitical stability.
For the full article, click on the link below:
http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20090305/Dangerous_Countries_090307/20090307
Business Travel Security is a full-day module on Security Management Stage 2, 29 June - 10 July 2009. For details of the full programme, go to:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
For the full article, click on the link below:
http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20090305/Dangerous_Countries_090307/20090307
Business Travel Security is a full-day module on Security Management Stage 2, 29 June - 10 July 2009. For details of the full programme, go to:
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
Thursday, April 2, 2009
Al Qaeda Kidnap Update
Confusion continues over the fate of two Canadian diplomats, and four western tourists, kidnapped in Mali during recent months. Al Qaeda's North Africa branch (AQIM) has claimed it is holding the two Canadians along with four European tourists kidnapped in January.
But Niger's President Mamadou Tandja has blamed Fowler's abduction on a rebel group from the northern Niger ethnic minority of Tuareg nomads who are battling the government. Tuareg rebels from the Front For Forces of Redress retracted their initial statement claiming responsibility for the kidnapping, saying their website had been hacked. But some western intelligence officials believe the Tuaregs may have traded the hostages to al Qaeda.
Travellers are urged to check the website of the UK FCO before travelling to unfamiliar destinations. On Mali and Niger, for example, the site offers the following advice:
There is a high threat of kidnapping in both Mali and Niger. Travel in can be difficult and conditions are poor for overland travel. You should take all necessary steps to protect your safety, especially outside of main urban areas. You should have confidence in your individual security arrangements and maintain a high level of vigilance.
Kidnap Risk Reduction and Response is a full-day workshop on the forthcoming Security Management Stage 3 Course, 11-22 May 2009.
The full programme includes:
- Corporate Risk Management
- Corporate Social Responsibility
- Adding Strategic Value to Security Management
- Setting a Vision for Corporate Security
- Kidnap Risk Reduction & Response
- Illicit Trade & Counterfeiting
- Product Tampering & Extortion
- Investigating Information Leaks
- Security Project Management
- IT Security – Managing Strategic Risks
- Terrorism – Future Trends and Responses
- External Liaison & Stakeholder Engagement
- Business Expansion – Security Considerations
- Security Intelligence
- Dealing with Protest Activity
- Strategic Security Management Exercise
- Multi-Site Security Management Project
Contact Janet for more information and to book a place.
But Niger's President Mamadou Tandja has blamed Fowler's abduction on a rebel group from the northern Niger ethnic minority of Tuareg nomads who are battling the government. Tuareg rebels from the Front For Forces of Redress retracted their initial statement claiming responsibility for the kidnapping, saying their website had been hacked. But some western intelligence officials believe the Tuaregs may have traded the hostages to al Qaeda.
Travellers are urged to check the website of the UK FCO before travelling to unfamiliar destinations. On Mali and Niger, for example, the site offers the following advice:
There is a high threat of kidnapping in both Mali and Niger. Travel in can be difficult and conditions are poor for overland travel. You should take all necessary steps to protect your safety, especially outside of main urban areas. You should have confidence in your individual security arrangements and maintain a high level of vigilance.
Kidnap Risk Reduction and Response is a full-day workshop on the forthcoming Security Management Stage 3 Course, 11-22 May 2009.
The full programme includes:
- Corporate Risk Management
- Corporate Social Responsibility
- Adding Strategic Value to Security Management
- Setting a Vision for Corporate Security
- Kidnap Risk Reduction & Response
- Illicit Trade & Counterfeiting
- Product Tampering & Extortion
- Investigating Information Leaks
- Security Project Management
- IT Security – Managing Strategic Risks
- Terrorism – Future Trends and Responses
- External Liaison & Stakeholder Engagement
- Business Expansion – Security Considerations
- Security Intelligence
- Dealing with Protest Activity
- Strategic Security Management Exercise
- Multi-Site Security Management Project
Contact Janet for more information and to book a place.
Wednesday, April 1, 2009
Achieving Recognition as a Competent Security Management Professional
Security managers from all top five UK companies, and four out of five of the top companies in the world, have attended ARC courses. Find out what makes their security departments so successful by joining one of the following courses:
Security Management Stage 1 (Postgraduate University Accredited)
“The course is EXCELLENT content & procedure wise. A MUST for the Security Manager.” Corporate Security Manager, Manufacturing Company
20-31 July, Kuala Lumpur
3-14 August, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
***
Security Management Stage 2 (Postgraduate University Accredited)
“The SM2 was challenging ….overall a very successful programme and highly recommended for security professionals..” Security Manager, Multinational Oil Company
29 June – 10 July, UK
12 – 23 October, UK
9-20 November, Kuala Lumpur
6-17 December, Qatar
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
***
Security Management Stage 3 (Postgraduate University Accredited)
“Excellent presentation of topics. Leant a lot, especially when focussing on the more strategic elements.” Security Manager, Logistics Company
11–22 May 2009, UK
7-18 September 2009, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
***
Security Coordination and Management
“Not only a learning experience, but one of the most enjoyable courses I’ve been on.”Company Fire Prevention & Security Manager, Manufacturer
28 September – 2 October 2009, UK
25-29 October 2009, Oman
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1b
***
Advanced Investigation Techniques
“It was a very interesting and useful training course.”
1-5 June 2009, UK
http://www.arc-tc.com/pages/accredited_investigation.asp#f2
***
Crisis Management and Business Continuity
*New Course*
23-25 June 2009, UK
http://www.arc-tc.com/pages/other_accredited_sm.asp#CMBC
For details on any ARC course, or to make a booking, contact Janet, and quote BLOG4 to qualify for a discount.
Many more courses can be found at http://www.arc-tc.com/
Security Management Stage 1 (Postgraduate University Accredited)
“The course is EXCELLENT content & procedure wise. A MUST for the Security Manager.” Corporate Security Manager, Manufacturing Company
20-31 July, Kuala Lumpur
3-14 August, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1
***
Security Management Stage 2 (Postgraduate University Accredited)
“The SM2 was challenging ….overall a very successful programme and highly recommended for security professionals..” Security Manager, Multinational Oil Company
29 June – 10 July, UK
12 – 23 October, UK
9-20 November, Kuala Lumpur
6-17 December, Qatar
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2
***
Security Management Stage 3 (Postgraduate University Accredited)
“Excellent presentation of topics. Leant a lot, especially when focussing on the more strategic elements.” Security Manager, Logistics Company
11–22 May 2009, UK
7-18 September 2009, UK
http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3
***
Security Coordination and Management
“Not only a learning experience, but one of the most enjoyable courses I’ve been on.”Company Fire Prevention & Security Manager, Manufacturer
28 September – 2 October 2009, UK
25-29 October 2009, Oman
http://www.arc-tc.com/pages/other_accredited_sm.asp#s1b
***
Advanced Investigation Techniques
“It was a very interesting and useful training course.”
1-5 June 2009, UK
http://www.arc-tc.com/pages/accredited_investigation.asp#f2
***
Crisis Management and Business Continuity
*New Course*
23-25 June 2009, UK
http://www.arc-tc.com/pages/other_accredited_sm.asp#CMBC
For details on any ARC course, or to make a booking, contact Janet, and quote BLOG4 to qualify for a discount.
Many more courses can be found at http://www.arc-tc.com/
Subscribe to:
Posts (Atom)