Monday, March 29, 2010

You Are a Security Management Professional – Now Underscore It with an Accredited Certificate



For the full-time security manager ARC offers two options: university-accredited, interactive and highly-participatory security management courses (which can lead into an optional MSc programme), or prepartion courses for the ASIS CPP certification.

Forthcoming university-accredited (postgraduate NQF Level 7) courses include (clickable links):

Security Management Stage 1, 2-13 August
Security Management Stage 2, 28 June – 9 July
Security Management Stage 3, 10-21 May

CPP certification can be achieved by following the ARC/Chapter 208 combined distance-learning/residential programme, or by attending the two-week intensive CPP crammer programme, 12 -23 July.

If you have a particular interest in terrorism, the Countering Hostile Reconnaissance and Counter Terrorism Course, 24-28 May, led by two UK police-trained counter terrorism security specialists, is highly recommended.

For those who are required to conduct investigations, ARC has three options:

Investigating and Interviewing Skills, 25-28 October
Advanced Investigations Techniques, 7-11 June
ASIS Professional Certified Investigator (PCI), 23-27 August (distance learning beginning May)

If your work requires you to survey, the very practical (site-based) Security Surveying and Design Course, 20-24 September, is recommended, and you will receive a BTEC level 4 award upon successful completion.

If you have to specify and procure technical security systems, then you should consider the ASIS PSP certification, for which distance learning begins in July.

If you are specifically interested in security risk mitigation in the oil and gas sector, then you should consider the Managing Security Risks in the Oil and Gas Sector Course, 16-20 August.

Those with a crisis management and business continuity remit should consider the Crisis and Business Continuity Management Course, 22-24 June, delivered by Barry Vincent, who was the lead in this area for one of the UK’s biggest and most successful companies.

Finally, if you have reached the pinnacle of security management, or have completed Security Management Stages 1-3, have a security management degree, or CPP, challenge yourself to participate in the very practical one-week BurrillGreen Masterclass in Strategic Security Management, 4-8 October, where you will be put through your paces across a range of “board engagement” scenarios under the guidance of two former multinational corporate heads of security. A unique opportunity – a unique challenge.

As always, Janet will be happy to provide all the details of any of ther above pogrammes.

Airport Security Guard Quizzed Over Scanner Abuse Claims

Source: Sun Online

A Heathrow security man was quizzed by police after ogling a girl colleague "naked" in a new anti-terror body scanner.

Jo Margetson, 29, reported John Laker, 25, after he took her picture with the X-ray gadget and made a lewd comment.

She had entered the X-ray machine by mistake - and was horrified when Laker pressed a button to take a revealing photo.

Laker, who faces the sack, was the first airport worker to be caught abusing the controversial new devices, which have been branded illegal by civil rights groups who fear abuse by security guards.

Sunday, March 28, 2010

UK Employers Urged to Review Whistleblowing Policies

Source: Workplace Law Network

Employers are being urged to review their approach to whistleblowing allegations in light of the UK Government's planned changes to the law next month, according to Workplace Law Network.

From 6 April, the current bar on Employment Tribunals revealing any details of whistleblowing allegations outside of the tribunal process is to be lifted. As a result, tribunals will be able to refer such claims to the relevant regulatory authority, such as the Serious Fraud Office or Health and Safety Executive, for investigation.

ARC offers a number of investigations courses, including:

Preparation Programme for the ASIS PCI (Professional Certified Investigator) Certification, beginning May 2010 with distance learning. For details, click here.

Investigating and Interviewing Skills (Based on UK Law), 25-28 October. For details click here.

Advanced Investigations Techniques, 7-11 June. For details click here.

CCTV Feature: New Instructional CCTV Video - Download Link

A basic, but very good, new educational video on CCTV has been produced by the FBI. View or download from:

http://www.youtube.com/watch?v=u5Oj2FDwLXs

Tuesday, March 23, 2010

Migrating to New Access Card Technology

Migrating to new access control card technology? Have you considered multiple technology cards to bridge the gap between different types of card reader systems? For details go to:

http://www.hidglobal.com/page.php?page_id=162

Card technology is one of many technical security subjects covered ARC’s Preparation Programme for the ASIS PSP (Physical Security Professional) certification. The next programme begins in July with distance learning, leading up to a residential programme. For more information or to enrol, contact David.

ASIS Security Toolkit

Great resources at:

http://www.asisonline.org/toolkit/toolkit.xml

Test Your Knowledge

1.Hydraulic defences used to protect facility entrances against hostile moving vehicles should be designed to stop a vehicle up to what weight and moving at what speed?

2.Protected areas within a perimeter should be illuminated to what minimum level?

3.When specifying lighting for a fog-prone area, which is the better option: Sodium Vapour or Mercury Vapour?

4.The rule that determines the importance of evidence and its ability to prove a point is called?

5.There are three broad threats to sensitive information: inadvertent disclosure, deliberate theft by an outsider, and deliberate theft by an insider. Of these, which is the major reason for the loss of sensitive information?

6.What is meant by the term “dumpster diving”?

7.At what intervals should emergency plans be audited?

8.Emergency succession plans need to reflect the anticipated normal management succession; true or false?

9.There are two types of safes, burglary resistant and what else?

10.In mitigating explosive blasts, what is the name given to the distance between an asset and the threat?

For the answers to these, and many more, questions about security, sign up to the CPP Intensive Development Programme, UK, 12-23 July 2010. For details go to: http://www.arc-tc.com/pages/asis_cpp_psp.asp#cpp

Monday, March 22, 2010

How to Detect Bugs!

17 delegates representing commercial organisations, armed forces, police and non-governmental aid organisations from 11 different countries are currently studying under the guidance of David Cresswell and Barry Vincent on the university-accredited Security Management Stage 1 Course.

On Monday 22 March the subject under study was Information Security. Delegates studied not only how to protect information in IT systems but also the core principles of protecting information in all of its forms, how information is exploited, and by whom.

A particular session of interest was that delivered by Iain McGhee of Audiotel Ltd, the leading provider of technical surveillance countermeasures equipment. With complete radio transmitter/receiver kits costing from as little as $60 online, the need for reliable technical surveillance countermeasures has never been greater.

Iain can be seen in the image demonstrating the DetectIV.

Th next Security Managment Stage 1 Course is 2-13 August 2010. Details at http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1

Wednesday, March 17, 2010

Social Engineering Using Email and IM – How (Not) to Get Scammed

Recommended reading for your employees.......

http://www.csoonline.com/article/480589/9_Dirty_Tricks_Social_Engineers_Favorite_Pick_Up_Lines

Should You Expect Protest Action on April 1st

Fossil Fools Day is an environmental demonstration day. It occurs on April 1st. The name is a play on the term fossil fuels and April Fools' Day.

To see what the environmental activists may have in store for you on April 1st, go to:

http://www.fossilfoolsdayofaction.org/2010/

http://risingtide.org.uk/node/336

Managing protest activity is one of many topics covered on Security Management Stage 3. For details go to http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3

Offensive Content on Foreign Server is within UK Jurisdiction, Says Court of Appeal

The law of England and Wales applies to material published online, even if it is hosted on a server in another country, the UK Court of Appeal has ruled. As long as a substantial measure of the activities takes place in England, its law will apply, it said.

This presents interesting issues for those protest groups which publish untue defamatory statements online about companies and their directors, on the assumption that if the server is overseas, they are beyond UK jusrisdiction.

Managing protest activity is one of many topics covered on Security Management Stage 3. For details contact Janet or go to http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3

For more on the main story,go to:
http://www.out-law.com/page-10743

Boeing 747 Survives Simulated 'Flight 253' Bomb Blast

Source and Copyright: BBC

A test explosion on a Boeing 747 has shown that a US Christmas Day flight would have landed safely even if a bomb on board was detonated successfully.

For more, go to: http://news.bbc.co.uk/1/hi/world/8547329.stm

Setting Sights on the CPP Designation

A group of UK ASIS Chapter members are firmly on track to achieving the coveted CPP certification in May.

Their programme began in January, with a series of challenging distance-learning assignments. In the most recent assignment, topics under detailed study included information security, investigations, interviewing, access control, and emergency management.

The programme culminates at the end of April with a one-week intensive residential course, following which the candidates will undertake the gruelling 200-question examination. This is now computer-based, so results will be available immediately.

According to the course director, David Cresswell, all of the candidates are on course for a first-time pass.

The next combined distance learning/residential programme begins in July, aiming for a November exam. For details contact Janet or go to http://www.arc-tc.com/pages/asis_cpp_psp.asp#asis1.

Alternatively, ARC has introduced a new two-week crammer course, which aims to take candidates from a standing start to being ready to sit the exam in 14 days of continuous study. For details of the latter, go to http://www.arc-tc.com/pages/asis_cpp_psp.asp#cpp.

Monday, March 15, 2010

Learn about IP CCTV Online

Go to http://www2.boschsecurity.us/ip/learning_center_intro.aspx?sb=lc for a very detailed explanation from Bosch. CCTV is covered in detail during Security Management Stage 2, 28 June – 9 July 2010. Click here or contact Janet for details.

Terrorism and the Rail Network

Terrorists seeking to attack the rail network have various options:

1. Bomb at the station.
2. Bomb on a passenger train.
3. Blowing up hazardous rail cargos in built-up areas.
4. Bomb on rail line, or other sabotage aimed at derailing a fast-moving train.

Go to the following link for an example of #4.

http://news.bbc.co.uk/1/hi/world/europe/8384404.stm

Linking Transnational Crime and Terrorism

A report illustrating how the US Govt views links between terrorism and transnational crime. Useful if you are writing a disseration:

http://www.fas.org/sgp/crs/terror/R41004.pdf

Wednesday, March 10, 2010

Information Theft: Computer Programmer Faces 25 Years in Prison for Stealng Trade Secrets

Source and Copyright: NASDAQ

A former Goldman Sachs Group (GS) computer programmer has been indicted on charges he stole computer codes used for proprietary high-frequency trading program.

Sergey Aleynikov, 40 years old, was charged in a three-count indictment with theft of trade secrets, transportation of stolen property in interstate and foreign commerce and unauthorized computer access.

Prosecutors from the U.S. Attorney's office in Manhattan alleged that Aleynikov, on his last day at Goldman Sachs in June 2009, transferred substantial portions of Goldman's proprietary computer code for its high- frequency trading platform to an outside computer server in Germany. He also allegedly transferred thousands of computer code files related to the proprietary trading platform to his home computers during his time at Goldman without the firm's knowledge, prosecutors said.

Aleynikov faces up to 25 years in prison on the charges.

Rogue employees and information theft are comprehensively addressed in the Business Espionage and Investigating Information Leaks workshop during the strategic-level Security Management Stage 3 course, 10-21 May 2010. For more details go to http://www.arc-tc.com/pages/university_acredited_sm.asp#sm3 or contact Janet.

Alumni Feature: Gavin Wilson

Gavin Wilson was one of ARC’s highest scoring candidates in the PSP (Physical Security Professional) certification examination in 2009. Having established himself as something of an expert in physical security, he is now working with a team to produce what it is hoped will become the first British Standard in Physical Security.

Preventing Burglary in Commercial and Institutional Settings

In this ASIS report Tim Prenzler, PhD, looks at how to assess, manage, and respond to burglaries that occur at commercial and industrial sites. While there is a considerable amount written about domestic burglary, research is less in evidence when the locale is non-residential. His report looks at the context in which burglaries occur, and includes a consideration of the burglar's approach. He examines a range of solutions, which aim to make it more difficult for would be offenders particularly in the workplace, and he shows where security managers can have an impact.To download the report, go to:

http://www.asisonline.org/foundation/noframe/research/crisp.html

Monday, March 8, 2010

Develop Your Expertise in Security Management

For the full-time security manager ARC offers two options: university-accredited, interactive and highly-participatory security management courses (which can lead into an optional MSc programme), or ASIS CPP certification.

Forthcoming university-accredited (postgraduate NQF Level 7) courses include (clickable links):

Security Management Stage 1, 2-13 August
Security Management Stage 2, 28 June – 9 July
Security Management Stage 3, 10-21 May

CPP certification can be achieved by following the ARC/Chapter 208 combined distance-learning/residential programme, or by attending the two-week intensive CPP crammer programme, 12 -23 July.

If you have a particular interest in terrorism, the Countering Hostile Reconnaissance and Counter Terrorism Course, 24-28 May, led by two UK police-trained counter terrorism security specialists, is highly recommended.

For those who are required to conduct investigations, ARC has three options:

Investigating and Interviewing Skills, 25-28 October
Advanced Investigations Techniques, 7-11 June
ASIS Professional Certified Investigator (PCI), 23-27 August (distance learning beginning May)

If your work requires you to survey, the very practical (site-based) Security Surveying and Design Course, 19-23 April, is recommended, and you will receive a BTEC level 4 award upon successful completion.

If you have to specify and procure technical security systems, then you should consider the ASIS PSP certification, for which distance learning begins in July.

If you are specifically interested in security risk mitigation in the oil and gas sector, then you should consider the Managing Security Risks in the Oil and Gas Sector Course, 16-20 August.

Those with a crisis management and business continuity remit should consider the Crisis and Business Continuity Management Course, 22-24 June, delivered by Barry Vincent, who was the lead in this area for one of the UK’s biggest and most successful companies.

Finally, if you have reached the pinnacle of security management, or have completed Security Management Stages 1-3, have a security management degree, or CPP, challenge yourself to participate in the very practical one-week BurrillGreen Masterclass in Strategic Security Management, 4-8 October, where you will be put through your paces across a range of “board engagement” scenarios under the guidance of two former multinational corporate heads of security. A unique opportunity – a unique challenge.

As always, Janet will be happy to provide all the details of any of ther above pogrammes.

The World’s Most Popular Security Management Experience


A truly international experience is promised on the forthcoming Security Management Stage 1 course, 15-26 March, with participants from Afghanistan, Angola, Germany, Hong Kong, Oman, Pakistan, Qatar, Romania, Sudan, Uganda, United Arab Emirates, United Kingdom, and Yemen.

With 20 participants, this event is now sold out, but registrations are already being accepted for the following two Security Management Stage 1 courses:

2-13 August 2010
15-26 November 2010

This is ARC’s flagship course, covering the core skills areas of security management, and has been attended by hundreds of delegates from literally hundreds of companies, worldwide.

For details go to http://www.arc-tc.com/pages/university_acredited_sm.asp#sm1

Or contact Janet.

CCTV Glossary

A useful CCTV glossary can be found at

http://www.iviewcameras.co.uk/content/glossary.asp#h

CCTV is one of the topics of the advanced-level Security Management Stage 2 Course, 28 June-9 July 2010, details at

http://www.arc-tc.com/pages/university_acredited_sm.asp#sm2 or contact Janet.

Scam Update

Telemarketing scams, Advance Fee Frauds, Phishing, Lottery Scams, False Billing........they’re all explained on the following pages, with useful advice:

Australian Government Site

http://www.fido.asic.gov.au/fido/fido.nsf/byHeadline/Scams%20-%20types%20of%20scams

UK Government Site

http://www.consumerdirect.gov.uk/watch_out/Commonscams/

Can a PDA Cause a Malfunction of Critical National Infrastructure?

Traditionally, critical process management in national infrastructure, such as oil and gas facilities, chemical plants, utilities, power generation etc, was carried out manually. Now, in many cases, such processes are managed automatically by SCADA – IT-based supervisory control and data acquisition systems.

At a recent summit on the vulnerability of IT systems to cyberattack, Mary Ann Davidson, chief security officer at Oracle, warned of the dangers of linking SCADA systems for monitoring and controlling critical infrastructure with the Internet.

"We know the SCADA protocols used in control systems were not designed to be attack resistant. They were originally used in electro-mechanical systems where you had to physically access the system, turn the knob, and so on," she said. "Now we are increasingly moving to the IP-based control systems and connecting them to corporate networks that are in turn connected to the Internet.

"We know some smart grid devices are hackable," she said. "We know there are PDAs, digital assistants, that talk SCADA because it's just so expensive to send a technician to the plant. Dare I say move the control rods in and out of the reactor? There's an app for that."

For background documents on SCADA security, contact David.

For more on this story, click on:

http://news.cnet.com/8301-27080_3-10458759-245.html

Handling Telephone Bomb Threats

Most bomb threats are made over the phone. The overwhelming majority are hoaxes, often the work of malicious pranksters, although in the UK Irish republican terrorists have also made genuine calls. To date those involved in so-called "international terrorism" have not issued bomb threats. Any bomb threat is a crime and, no matter how ridiculous or unconvincing, should be reported to the police.

Telephoned bomb threats are frequently inaccurate with regard to where and when a bomb might explode, and staff receiving a bomb threat may not always be those trained and prepared for it. But although they may be unable to assess a threat's accuracy or origin, their impressions of the caller could be important.

More at: http://www.cpni.gov.uk/SecurityPlanning/bombThreats.aspx

How to deal with bomb threat calls is dealt with in the Protection against Explosive Devices one-day workshop of Security Management Stage 1, 2-13 August 2010. For details click here.