Kidnap Risks to Travellers

One of the negative outcomes of crime prevention activities is that a crime may not be eradicated, but instead displaced to another place, target or time. A further potential consequence, especially when the adversaries are organised criminals, is that interdiction of one type of crime may lead to a corresponding increase in another.

This is the case in Mexico, where Mexican authorities’ successful interdiction operations against drug smugglers has lead to a dramatic rise in kidnaps for ransom. Some sources estimate that drug gangs are now responsible for 30 to 50 kidnappings a day in Mexico and that ransoms often run to $300,000 if the victim is returned alive. Sometimes, gangs hold several victims at a time. The risks to business travellers should not be underestimated!

For more on this story, click here.

For access to free resources on this and other security management subjects, click on the link below:

http://www.arc-tc.com/pages/resources_publications.asp

ASIS CPP Certification

For the 25 security manager and consultant candidates sitting the ASIS CPP certification examination in the UK on 3 May, this is a very intensive week of final examination preparation under the guidance of Barry Walker CPP and Phil Wood MBE CPP PSP.

In addition to covering the core security management knowledge domains, the CPP certification places great emphasis on general management principles, which constitute 11% of the examination questions.

Yesterday candidates discussed the various theories of motivation, including Malsow, Herzberg and McGregor.

The basic human needs, according to Maslow are (from lowest to highest) physiological needs, security needs, belonging needs, esteem needs and self-actualisation needs (the synthesis of ‘worth’, ‘contribution’ and perceived ‘value’ of the individual in society). The basic assumption of Maslow’s theory is that motivation cannot be advanced unless each successive need is satisfied.

Herzberg took a complementary approach, arguing that there were specific negative motivational factors that have to be addressed before the positive motivational factors can take effect. His analysis, based on 200 middle class professionals in the USA, identified the demotivational factors as: over-supervision, poor salary, poor working conditions and poor interpersonal relations. Fix these, Herzberg argued, and then move onto the truly motivating factors such as recognition, interesting work, opportunity for advancement and being given responsibility.

McGregor’s theory argues that there are essentially two types of managers - those who believe employees need to be rewarded, coerced, intimidated and punished in order to work (Theory X), and those who believe employees will work willingly because work is a natural human activity (Theory Y).

Several useful links to leadership and motivational theories can be found on the ARC weblinks page at:

http://www.arc-tc.com/pages/resources_publications.asp

For information on the next CPP Review Programme (in preparation for the Nov 1 examination) click below:

http://www.arc-tc.com/pages/asis_cpp_psp.asp#asis1

Security Management Training Focus: Protecting Vital Human Assets

The Protection of “People at Risk” was one of the topics discussed in detail by delegates attending last week’s Security Management and Coordination Course in Oman.

From an Arabian Gulf perspective, delegates identified three risk groups: high net-worth or high profile senior local employees; expatriates; business visitors. The group consensus was that it was business visitors who were at greatest risk due to their unfamiliarity with their surroundings and lack of cultural awareness. Other groups doing this exercise previously have often placed expatriates ahead of visitors in the risk ranking due to expatriates' inherent sense of “adventurism”!

Moving on to discuss travel security awareness for their staff travelling overseas, the group felt that while free-to-access services offered by organisations such as the UK FCO were a good and accurate starting point, business travellers required more detailed information. The group felt that a traffic light system (green – low risk; orange – medium risk: red – high risk) was preferred, with these indicators being broken down into the following categories:

General Crime
Political Unrest
Corruption
Terrorism
Kidnap

The tutor, David Cresswell, felt that from his own many experiences in travelling to over 50 countries, there should also be a special box for taxi driver risk!

For more on Business Travel Security awareness training for your travelling staff contact David.

For more on the one-week Security Management and Coordination Course click below:

UK: http://www.arc-tc.com/pages/other_accredited_sm.asp#s1

Overseas: http://www.arc-tc.com/pages/reg_train.asp

Protecting Critical National Infrastructure

PROPOSED laws to allow companies to snoop on their workers' emails are needed to protect vital electronic infrastructure from terrorist attacks, Australian Deputy Prime Minister Julia Gillard says.

The Australian federal government is developing new counter-terrorism measures which include changes to the Telecommunications Act that would allow companies which make up the nation’s critical national infrastructure to read workers' emails.

To read which sectors are considered CNI in Australia click here.

ARC’s new Protecting Critical Infrastructure course takes place 14-18 July. The course will focus on best practice in protecting critical infrastructure against a range of adversaries, from simple criminals, through cybersaboteurs to terrorists. Click here for more details.

Warn Your CEOs! - Coordinated Attempt to Break into Computers of Top Executives Reach Unprecedented Levels

Last year (and continuing into this year) it was “recruitment” emails with a malicious .rtf attachment addressed personally to top executives. (Even security managers eager to advance their prospects are falling for the scam and laying bare all of their security plans!) When the .rtf file is opened the data on the target computer is compromised. And it needn't be an .rtf file; similar attacks have been seen using .doc files. For more on this click on the link below:

http://www.news.com/Trojan-attack-targets-top-executives/2100-7349_3-6209930.html

Then early last week CEOs were targeted with fictitious subpoenas. The targeted executives are directed in an email to an authentic-looking US Government website. Executives who click on the link in the email are then told that they need to download a plug-in in order to read the subpoena. That plug-in is actually malicious software. About 2,000 executive were tricked into compromising their computers.

For more on this attack click below:

http://www.pcadvisor.co.uk/news/index.cfm?newsid=12753

Then on Thursday of last week CERT reported that a large number of legitimate websites have been compromised with malicious code. The hackers injected malicious code into hundreds of thousands of reputable web pages, turning them into launchpads for attacks that silently install malware on the machines of those who visit them. The UK's Civil Service, the United Nations and websites of city firms were among those who had been hacked.

The compromised websites contain injected JavaScript that attempts to exploit multiple, known vulnerabilities. Users who visit a compromised website may unknowingly execute malicious code.

While it is clearly the remit of IT Departments to take action to protect their corporate sites against attack, it is imperative that somebody in every organisation is appointed to take responsibility for educating corporate computer users about the fast growing range of sophisticated scams and frauds that now pose an unprecedented threat to sensitive corporate data.

Security Management Training - Feedback

Click here to read what past delegates have said about ARC Training security management courses.

Lock up Your Laptops – The EU Wants to Get Tough!

The EU is calling for the introduction of new data protection legislation which would compel businesses to inform customers in the event of a data breach involving the loss of personal data. This would presumably include laptop s and data sticks, which have been the focus of numerous data loss stories recently.

Meanwhile in the UK the Information Commissioner has been notified of almost 100 data breaches by public and private sector organisations since the loss of 25 million people's details by HM Revenue and Customs last November, according to figures released this week.

Half of the 28 private sector security breaches were by financial services companies.

For more on both of these stories click below:

http://www.out-law.com/page-9053

http://www.out-law.com/page-9066