Search This Blog

Friday, May 25, 2007

Security Management Weekly - May 25, 2007

header

  Learn more! ->   sm professional  

May 25, 2007
 
 
CORPORATE SECURITY  
  1. " Disaster-Proof Your Business"
  2. " 'Just Doing My Job'" FBI Praises Security Guards' Professionalism During Violent Bank Robbery
  3. " Measures Passed by SEC to Ease Burden of Sarbox" Guidance for Implementing Section 404 of Sarbanes-Oxley Act
  4. " Always Remain Calm" Banking Industry Officials Discuss Security and Robberies
  5. " All Along the Watchtower" Securing the Rock and Roll Hall of Fame Museum

HOMELAND SECURITY  
  6. " Fort Dix Suspect Applied for Police Jobs"
  7. " Bombing Kills Six in Turkish Capital's Shopping District" 70 or More Wounded
  8. " Survey: U.S. Muslims Assimilated, Opposed to Extremism"
  9. " New Computer Model Predicts Crowd Behavior" Model Can Simulate Evacuations of Cities and Buildings
  10. " 'How-to' Manual Found in Al Qaeda Safe House Shows Disturbing Torture Methods"
  11. " Federal Airport Security Workers Scanning Bottled Liquids" Hand-Held Explosives-Detecting Scanners Deployed to Airports
  12. " How Safe Is the Food Supply?"

CYBER SECURITY  
  13. " Cyber Assaults on Estonia Typify a New Battle Tactic"
  14. " Promising Antispam Technique Gets Nod" DomainKeys System Will Provide Businesses With Heightened Brand Protection
  15. " Security Concerns Hinder Online Buying"


   









 

"Disaster-Proof Your Business"
CNN Money (05/22/07) ; Dickler, Jessica

Small-business owners can take several simple and inexpensive steps to prepare their businesses and employees for the upcoming hurricane season, which is expected to be an active one. For example, companies should form a contact list for communicating with employees in the event that a hurricane strikes, and they should also create an emergency plan that covers several types of scenarios. Creating a phone tree or other process for communicating is also recommended, and all offices should have flashlights, a first-aid kit, battery-powered radio, bottled water, and batteries. Protecting corporate data can be accomplished by using a back-up device to store data in a remote, safe location. This data can be stored on a flash drive, disk, or similar device, and the stored data should include contracts, inventories, and orders. The data should be backed up on a daily or weekly basis. An Office Depot survey released May 22 finds that 71 percent of businesses lack a disaster plan, and 18 percent do not back up any data. The survey also finds that 52 percent of businesses say they copy their data to a removable media device, but just 11 percent store the backup data at a remote site.
(go to web site)

"'Just Doing My Job'"
Chicago Sun-Times (05/24/07) ; Main, Frank; Korecki, Natasha

Authorities have released new details about the takeover-style bank robbery in Chicago on Tuesday that resulted in the death of a teller and injuries to a customer and security guard. An FBI agent praised the conduct of the bank's security guards, saying that they may have prevented more people from being shot. Sources say that the robbery of the Illinois Service Federal Savings and Loan was carried out by three heavily armed robbers wearing bulletproof vests, masks, and gloves. One of the robbers stood at the entrance as a lookout during the robbery while the other two entered the bank, disarmed a female security guard, and ordered a bank teller to open the bank's vault. When the teller explained that he did not have the code to open the vault, one of the robbers shot and killed him. A second security guard, 53-year-old Earl Coleman, emerged from a backroom where he was doing paperwork, and exchanged gunfire with one of the robbers. Both Coleman and one of the robbers were wounded in the exchange, but Coleman managed to chase the robbers out of the bank. "The two security guards in the bank acted in a professional manner under stressful circumstances," said FBI Special Agent Frank Bochte. "There's always a chance that if the guards weren't present, it could have been more tragic than it was."
(go to web site)

"Measures Passed by SEC to Ease Burden of Sarbox"
Financial Times (05/24/07) ; Grant, Jeremy

The U.S. Securities and Exchange Commission (SEC) recently approved guidance for corporations on how they should implement Section 404 of the Sarbanes-Oxley Act (Sarbox). Rather than allow executives to rely too heavily on outside auditors and "box-checking," executives can now tailor their reviews of internal controls to focus on the areas of most concern at their particular firm. The guidance not only allows executives to tailor their audits based upon company size, but also based upon corporate complexity. SEC Commissioner Annette Nazareth stated, "It encourages innovation instead of a one-size-fits-all approach." The guidance also beefs up the definition of material weakness to include "a deficiency, or combination of deficiencies, in internal control over financial reporting," which could reasonably lead to misstatements of finances. While smaller firms have yet to comply with Sarbox, they are likely to be the most affected by the latest SEC guidance on the matter, note experts.
(go to web site)

"Always Remain Calm"
Chicago Sun-Times (05/24/07) ; Fleming, Leonard N.

Security experts and members of the banking industry agree that, as a general rule, bank employees and customers should comply with bank robbers' demands during a bank robbery. Banks that have been robbed once are likely to be robbed again, says security expert David Mansfield, who notes that banks located near interstates are likely targets because major highways provide robbers with a quick escape route. Banks are taking a number of measures to increase security, according to industry experts. These measures include hiring armed security guards; installing security doors; hiring greeters; and prohibiting customers from wearing sunglasses, hoods, and hats. Chase Bank spokesman Tom Kelly says that Chase branches that have been robbed three or more times within a span of two years will consider hiring armed guards, using bullet-proof glass, and a number of similar measures.
(go to web site)

"All Along the Watchtower"
Security Management (04/07) Vol. 51, No. 4, ; Longmore-Etheridge, Ann

Security at the Rock and Roll Hall of Fame Museum in Cleveland is comprised of several facets, including an intelligent video alarm system, access control, physical locks, and security personnel who have been trained in CPR and first aid. These security measures help protect more than 15,000 rock and roll relics and artifacts, including memorabilia from John Lennon and guitars owned by Jimi Hendrix. Protecting certain key areas in the museum is an important part of the security process; for example, only about 5 percent of the museum's curatorial staff members are allowed to access the museum's storage area, which is protected by CCTV and an access control system. The museum uses a computerized collection-management system to monitor the whereabouts of artifacts at all times, whether they be on display, on loan, or in storage. The museum's security personnel have also been trained to handle and protect A-list celebrities and VIPs like former President Bill Clinton and actor Tom Hanks. The security staff provides walking escorts for lower-tier celebrities, but the staff will clear out entire sections of the museum for higher-level celebrities, as it did for Clinton. Hanks, Clinton, and other VIPs have been known to drop in without giving any advanced notice--when that happens, "everyone kicks in to make it a success," says Paul Steiner, the museum's security director.
(go to web site)

"Fort Dix Suspect Applied for Police Jobs"
Fox News (05/23/07) ; Mulvihill, Geoff

One of the six suspects in the Fort Dix terrorist plot applied for a job as a police officer in Philadelphia and Oakland, Calif., apparently in an attempt to infiltrate U.S. law enforcement agencies, police said. The suspect, 23-year-old Turkish citizen Serdar Tatar, was rejected for the Philadelphia position because he is not a U.S. citizen. Tatar is a legal U.S. resident, but he had not lived in Philadelphia long enough to be eligible for joining the police force. Philadelphia police confirmed that Tatar applied for the Philadelphia position on April 10, but a spokesman for the Oakland police declined to confirm reports that Tatar also applied in Oakland. In addition, two sources--an FBI informant and one of the other suspects in the Fort Dix plot--have told authorities that Tatar wanted to join the U.S. Army so that he could attack and kill American soldiers from the "inside." The Army does not require its members to be American citizens. An Army spokesman could not immediately confirm whether Tatar had or had not applied to join the Army.
(go to web site)

"Bombing Kills Six in Turkish Capital's Shopping District"
New York Times (05/23/07) P. A8 ; Tavernise, Sabrina

A terrorist bombing in the shopping district of Ankara, Turkey, killed six people and wounded at least 70 others Tuesday afternoon. The attack occurred in the Ulus neighborhood. Plastic explosives are believed to have been used to carry out the attack, which occurred right as a bus pulled up to a bus stop. Eight Pakistani military officers who were visiting the city were wounded by the blast, and the list of the dead is said to include one Pakistani. Although Turkey previously has been the target of bombings, Ankara has rarely been a target because it is so heavily secured. One witness to the attack said he heard what sounded like two large explosions.
(go to web site)

"Survey: U.S. Muslims Assimilated, Opposed to Extremism"
Washington Post (05/23/07) P. A3 ; Cooperman, Alan

A new Pew Research Center survey finds that U.S. Muslims are mostly assimilated into American society and mostly oppose the use of suicide bombings and other forms of terrorism against civilians to defend Islam. But the survey also finds that 7 percent of U.S. Muslims believe that suicide attacks are "sometimes" justified, 5 percent believe they are "rarely" justified, and 1 percent believe they are "often" justified. This compares with 78 percent who say such attacks are "never" justified and 9 percent who "don't know" or refused to answer. The survey of 1,050 Muslims also finds that about 25 percent of those polled do not believe that "groups of Arabs" were responsible for the Sept. 11 attacks and that African-American Muslims are much more likely than immigrant Muslims to have favorable views of Al Qaeda. For example, 9 percent of African American Muslims expressed support for Al Qaeda, compared with 3 percent of foreign-born Muslims. The survey also finds that Muslims in the United Kingdom, France, and Spain are nearly twice as likely as U.S. Muslims to believe that suicide attacks are "sometimes" or "often" justified. In addition, U.S. Muslims younger than 30 tend to have more favorable views of suicide attacks, are more religious than their parents, and are more likely to consider themselves Muslims first and Americans second, the poll finds.
(go to web site)

"New Computer Model Predicts Crowd Behavior"
Arizona State University (05/22/07)

Arizona State University assistant professor in the School of Geographical Sciences Paul M. Torrens is developing a computer model that will realistically simulate the reaction and behaviors of people in a crowd. The computer model could be used by city planners, shopping center developers, and public safety and health officials to simulate situations that would be impossible to create in a live experiment, such as the evacuation of a city or large building. Torrens' goal is to create a simulation program that accounts for the panicked and desperate state that people would feel under such situations. The current behavior modeling programs have not proven to have the veracity this model could have, according to Torrens. In Torrens' model, each simulated person will behave independently and have different characteristics, such as age, sex, size, health, and body language. The program will also account for crowd and environmental features such as group panic and safety levels. Torrens said the model will be used for realistic experiments exploring "what if" and unforeseen scenarios that could affect cities. Additionally, the model can be used to explore sustainability in downtown settings, such as how can a city promote walking instead of driving and how pedestrian flow can fit better with city traffic. The spread of a pathogen through a city could also be simulated. The completed prototype model collects data from each element in the simulation every 60th of a second. Torrens' research is funded by a $400,000, five-year National Science Foundation CAREER Award.
(go to web site)

"'How-to' Manual Found in Al Qaeda Safe House Shows Disturbing Torture Methods"
Fox News (05/24/07)

U.S. forces have discovered a torture manual and photographs of tortured Iraqis in an Al Qaeda safe house near Baghdad. The manual consists of drawings and images depicting chilling methods of torture that Al Qaeda followers apparently use for interrogation purposes. For example, the book shows how terrorists use meat cleavers, electric drills, blow torches, irons, and other implements of torture to force victims to talk. The images also show victims having their eyes ripped out, their limbs broken or severed, their hands drilled, and their heads being put in vices. Other images depict victims being dragged behind cars, hanging from the ceiling, and having their skin seared by blowtorches and irons. While searching the safe house, U.S. forces found actual implements of torture, including blow torches, meat cleavers, electric drills, pliers, hammers, screw drivers, whips, chains, and wire cutters.
(go to web site)

"Federal Airport Security Workers Scanning Bottled Liquids"
Houston Chronicle (05/22/07)

The Transportation Security Administration plans to deploy about 200 hand-held scanners that can detect explosive material in sealed bottles of liquid at airports across the United States by October. The scanners have already completed piloting at Miami International and Newark Liberty International and are undergoing testing at airports in Los Angeles, Detroit, and Las Vegas. Testing in Boston is scheduled to begin later this week. The technology is only used on passengers chosen for secondary inspections prior to boarding.
(go to web site)

"How Safe Is the Food Supply?"
Security Management (04/07) Vol. 51, No. 4, ; Straw, Joseph

The E.coli scare of late 2006 shed light on how vulnerable the U.S. food supply is to terrorism. The first scare was traced to contaminated fresh spinach that sickened 129 people and killed three in 26 states, while the second scare at the Taco Bell and Taco John's fast food chains was likely caused by tainted lettuce. In response, the government, industry, and academia are collaborating to identify food vulnerabilities and create better solutions. For example, agencies like the FBI and Department of Homeland Security (DHS), along with industry representatives, have formed the Strategic Partnership Program Agroterrorism (SPPA), which seeks to identify risks in the food chain and pass this information on to industry and government members. The SPPA is busy conducting risk assessments of specific products and has already determined that targets attractive to terrorists include products that are quickly distributed and consumed, have many ingredients, and have large production volumes. Products aimed at high-risk groups like children or the infirm are also likely targets. The DHS national centers of excellence in food security are conducting survey-based research in order to identify best practices for securing food supply chains, with five areas of focus: process strategy, metrics definition, relationship management with supply-chain partners, public-interface management, and service-provider management.
(go to web site)

"Cyber Assaults on Estonia Typify a New Battle Tactic"
Washington Post (05/19/07) P. A1 ; Finn, Peter

Estonia, one of the most wired countries in Europe, was recently subjected to massive and coordinated attacks against the country's Web sites, including sites belonging to the government, banks, telecommunications companies, Internet service providers, and news organizations, according to Estonian and foreign officials. Computer security specialists called the attacks against the country's public and private electronic infrastructure unprecedented. The NATO alliance and the European Union have sent technology specialists to Estonia to observe and help during the attacks, which so far have disrupted government email and caused financial institutions to shut down online banking. Security experts and officials have warned that during times of war enemies may launch massive online attacks against a target, and the Department of Homeland Security has warned that U.S. networks need to be secured against al-Qaeda hackers. The attacks against Estonia provide an opportunity to observe how such assaults may be executed. Estonia's minister of defense Jaak Aaviksoo said the attacks were massive, well targeted, and well organized. Aaviksoo said about 1 million computers worldwide were used in Botnet attacks that began April 27. By May 1, Estonian Internet service providers were forced to disconnect all customers for 20 seconds to reboot their networks. By May 10, bots were probing Estonian banks, looking for weaknesses, and Estonia's largest bank was forced to shut down all services for an hour and a half. Estonian IT consultant Linnar Viik called the attacks an attempt to take a country back to the Stone Age, and said in the 21st century a country is no longer defined only by its territory and airspace, but by its electronic infrastructure as well.
(go to web site)

"Promising Antispam Technique Gets Nod"
CNet (05/23/07) ; McCullagh, Declan

A draft standard for the DomainKeys Identified Mail system, designed to detect and block fake email messages, on Tuesday received initial approval from the Internet Engineering Task Force. The DomainKeys system, backed by Yahoo, Cisco System, Sendmail, and PGP corporation, will provide businesses with "heightened brand protection by providing message authentication, verification, and traceability to help determine whether a message is legitimate," the companies said in a joint statement. The DomainKeys system is more promising than most other antispam and antiphishing technologies, writes Declan McCullagh, because it uses a cryptographically secure digital signature to verify that an email is from a legitimate source. When a site such as PayPal sends an email to customers about their accounts, the outgoing mail is marked with a digital signature. The signature, which is embedded in the message headers and is normally not visible, is automatically checked by mail servers and compared to PayPal's Internet domain name to verify the digital signature is valid and PayPal was where the message originated. Any message that does not contain a valid signature is probably spam or a phishing attack and while the DomainKeys standard does not specify that messages with invalid signatures should be marked as junk mail, Internet service providers are likely to as a service to their customers. DomainKeys is a revolutionary development in the war against email attacks as it cannot be countered, unlike most other email security technologies, which rely on lists of known fraudsters and spammers or scan the contents of the message, McCullagh says. The digital signatures, which use public key cryptography, are believed to be impossible to copy or forge. DomainKeys does have a few hurdles, particularly that both the sender and the recipient's email systems would need to be upgraded to use the system, and it does not do anything to filter spam from legitimate companies.
(go to web site)

"Security Concerns Hinder Online Buying"
eMarketer (05/23/07)

A study by Javelin Strategy and Research has found that 80 percent of consumers who had a preference would spend between $100 and $1,000 more online each year if they had a safe and convenient alternative to credit cards. The study also found that two-thirds of consumers limited their online shopping out of fear of abuse or theft of their privacy and financial information. Although many of the concerns consumers have about online shopping are based on irrational fears, e-tailers must still work to address these concerns, said eMarketer analyst Jeffrey Grau. "Having a simple return or order cancellation policy, displaying customer product recommendations and reviews, and having an easy-to-use site all help build consumer trust," he said.
(go to web site)

Abstracts Copyright © 2007 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: