Search This Blog

Friday, December 28, 2007

Security Management Weekly - December 28, 2007

header

  Learn more! ->   sm professional  

December 28, 2007
 
 
CORPORATE SECURITY  
  1. " City is Doubling Police Program to Reduce Crime" Operation Impact in New York City
  2. " Shining Light on Nonlethal Weapons" LED Incapacitator
  3. " Games Aid Emergency Management" Interactive Training Simulations
  4. " Stadium Security a Concern at Colleges" College Stadiums at Risk
  5. " Corporate Crime on the Rise" PricewaterhouseCooper Survey

HOMELAND SECURITY  
  6. " Benazir Bhutto Killed" Suicide Attack in Rawalpindi
  7. " Pakistan in Crisis as Bhutto Buried" 22 Killed Since Assassination
  8. " Experts Say Instability Puts Country on 'Dangerous' Path" Assassination of Benazir Bhutto
  9. " US Forces Identify Slain Qaeda Militant in Iraq" Abu Abdullah
  10. " FBI Prepares Vast Database of Biometrics" $1 Billion Campaign
  11. " Harboring Safety" Port of Halifax

CYBER SECURITY  
  12. " Cyber Security Threats To Pipelines And Refineries"
  13. " Information Security Standards" Best Practices
  14. " DHS Puts Cybersecurity Toward Top of 2008 To-Do List" Cybersecurity Template for Future
  15. " Herd Intelligence Benefits IT Security" Collecting Threat Information from Customers' Computers


   






 

"City is Doubling Police Program to Reduce Crime"
New York Times (12/27/07) ; Baker, Al

New York City Mayor Michael Bloomberg announced that every new N.Y. police officer will join the Operation Impact program, which pairs new recruits with veteran officers in small, designated areas of the city. The program, which began in 2003, is cited as one of the main reasons that crime has dramatically declined in the city. City officials estimate that there will be less than 500 homicides in 2007, which would be the lowest number for any year since reliable statistics were made available in 1963. Overall, crime has fallen by 6.3 percent since 2006. However, six of the city's 76 police precincts have seen an increase in crime, mostly in Brooklyn. In order to further reduce crime, the 900 officers currently in the program will continue to participate, with 914 recruits joining Operation Impact. Approximately one-third of the 1,800 officers will be sent to six precincts in Brooklyn that are plagued by the highest crime rates. Although the program has been a success, the city is still suffering from a recruiting shortage. The department has budgeted to hire 2,400 new officers, but police officials estimate that the next class at the police academy will consist of only 1,000 new recruits. Some city officials blame a low starting salary for the lack of interest.
(go to web site)

"Shining Light on Nonlethal Weapons"
Security Management (12/07) Vol. 51, No. 12, P. 24 ; Spadanuta, Laura

Torrance, Calif.-based Intelligent Optical Systems has developed the LED Incapacitator (LEDI), a nonlethal weapon that temporarily blinds people and makes them feel nauseated. The device, which resembles a flashlight, features bright light emitting diodes (LEDs) that prevent eyes from focusing for several seconds, similar to the impact of a magnified picture flash. The LEDI has several advantages over other nonlethal weapons, according to Los Angeles County Sheriff's Department Commander Sid Heal, who consulted on the device. For instance, the LEDI does not have any lasting effects after a person becomes adjusted to the visual over stimulation. And, unlike pepper spray, which can sometimes hit police officers as well as suspects when used during an incident, there is no risk of cross contamination. There are other benefits as well. Heal noted that there are not any additional expenses related to the LEDI after the purchase of the flashlight and the rechargeable batteries that power it. The device could eventually be used by law enforcement and security forces to subdue violent subjects, depending on how well it does in tests at the Pennsylvania State University's Institute for Non-lethal Defense Technologies.
(go to web site)

"Games Aid Emergency Management"
Security Management (12/07) Vol. 51, No. 12, P. 32 ; Straw, Joseph

Emergency management professionals have two options for disaster planning training: meeting-based tabletop exercises, and field tests involving managers and volunteer "victims." While both of these options are critical, they are also expensive and time consuming. A cheaper and more flexible option is game-based interactive training simulations. One of these game-based simulators is called Zero Hour. During the simulation, players must make critical operational decisions during a simulated anthrax attack and respond to questions from fictional characters who report to an inoculation center. Players must also juggle simulated phone calls and requests for added equipment. Currently, the Department of Energy is designing a game called "Ground Truth," which simulates an event manager's response to a chemical tanker truck leak. The player orchestrates the simulation's hazmat response team's operations with the goal of limiting casualties. The player can direct team members to close streets for evacuation and to evacuate citizens, among other orders. The game's designers hope to soon expand the game to include a simulated biological attack scenario as well, and to include common challenges like equipment failures or communication difficulties.
(go to web site)

"Stadium Security a Concern at Colleges"
Associated Press (12/26/07) P. C11

College football stadiums must step up security in order to prevent against an inevitable terrorist attack, security experts warn. College stadiums, which contain tens of thousands of spectators during sporting events, in general lack the basic security measures observed by professional stadiums, and few have a high emphasis on security. "What we found is that there's a need for athletic administrators, campus police, emergency medical service, for all those people to have training," says Rep. Bernie Thompson (D-Miss.), chairman of the House Homeland Security Committee, who believes colleges should avoid cutting corners and must begin investing in security training.
(go to web site)

"Corporate Crime on the Rise"
London Free Press (Canada) (12/17/07) ; Musgreave, John; Porter, Graham

Losses stemming from corporate crime have increased substantially over the last two years, though the majority of companies have faith in their existing fraud controls, according to results from PricewaterhouseCooper's (PwC) 2007 global economic crime survey. The poll revealed that 43 percent of international survey respondents experienced corporate crime in 2007, and that their reported losses due to crime grew from $1.7 million in 2005 to $2.4 million in 2007, on average. Nevertheless, roughly half of the global companies polled believe it is "very unlikely" that they will suffer from corporate crime in the near future, says Bruce Webster of PwC. This perspective suggests that many organizations are insufficiently aware of the danger of corporate fraud. And while over 60 percent of Canadian companies surveyed have enhanced their security controls since 2005, 67 percent of those companies still lack fraud-related training programs, and 36 percent have not instituted a "whistleblower" hotline. Without such anti-fraud controls, companies put themselves at risk for economic crime and decrease the odds of detecting fraud, says Webster. Indeed, almost 40 percent of corporate crime incidents reported by Canadian businesses were discovered by chance. The survey also revealed that 30 percent of reported international fraud incidents were cases of asset misappropriation, which is the easiest type of fraud to identify; however, many businesses do not see asset misappropriation as a threat. Also, employees were to blame for the most grave fraud transgressions, according to 67 percent of victimized Canadian companies. The PwC survey notes that control systems must be supplemented by a robust corporate culture in order to detect and deter fraud, and that fraud controls must be routinely reviewed and updated.
(go to web site)

"Benazir Bhutto Killed"
Associated Press (12/27/07)

Former Pakistani Prime Minister Benazir Bhutto was killed in an apparent suicide attack in the military garrison town of Rawalpindi, according to her aides, throwing Pakistan's political system into a new round of turmoil. Bhutto was emerging from a political rally in Rawalpindi when an attacker fired shots and detonated himself, according to news reports from Pakistan. At least a dozen people are believed dead from the blast. Police said a suicide bomber fired shots at Bhutto as she was leaving the rally venue in a park before blowing himself up.
(go to web site)

"Pakistan in Crisis as Bhutto Buried"
Reuters (12/28/07) ; Aziz, Faisal

Former prime minister Benazir Bhutto was buried Friday in southern Pakistan, a day after her assassination began a wave of violence across the country. At least 16 people have been killed in the Sindh province since Bhutto was shot and killed, and a bomb killed six people at an election meeting in northwest Pakistan. Hundreds of vehicles were burned and crowds blocked the streets in Sindh to protest against the rule of President Pervez Musharraf. Although al-Qaeda is believed to be behind the assassination, many of Bhutto's supporters blame Musharraf and the United States for her death. President Bush joined other world leaders in condemning the murder of Bhutto, urging Pakistan to hold its scheduled elections on Jan. 8, 2008. Pakistan Prime Minister Mohammadmian Soomro said that election plans had not changed, but experts fear that a prolonged wave of violence could make it impossible to hold peaceful elections in less than two weeks. Former prime minister Nawaz Sharif, a political rival of Bhutto, said that his party would not participate in the January election. The United States had hoped that Bhutto, who spoke out against Islamic extremist violence, would prove to be a valuable ally in the fight against al-Qaeda forces.
(go to web site)

"Experts Say Instability Puts Country on 'Dangerous' Path"
Boston Herald (12/28/07) ; Fargen, Jessica

The assassination of Benazir Bhutto in Pakistan could destabilize the nation and provide terrorists with greater leeway in the Middle East, according to several experts. Boston University Pakistani International Politics Professor Adil Najam says, "This might be the most important blow the terrorists have struck since 9/11, because it could tip over this critical country." Many are concerned about a military crackdown on protests and other demonstrations, which would ultimately divide the army's loyalties and strengthen extremists' campaigns to take over the nation. However, Stratfor.com's George Friedman believes if the military can remain as a cohesive unit, Pakistan will make it through this dangerous crisis. Meanwhile, world leaders continue to condemn the assassination.
(go to web site)

"US Forces Identify Slain Qaeda Militant in Iraq"
Agence France Presse (12/26/07)

The U.S. military in Iraq said on Wednesday it had identified a slain militant killed last month near the restive town of Samarra as a key fighter from the Al-Qaeda group. Abu Abdullah, also known as Muhammad Sulayman Shunaythir al-Zubai, was killed in an operation on November 8 south of Samarra in central Iraq. Abdullah was a high-level Al-Qaeda in Iraq leader for a network operating in Salaheddin province, was also allegedly responsible for the kidnapping, extortion and murder of local Iraqis, and he is believed to have "led a group of foreign terrorists, whom he used to conduct his car-bombing campaigns." "Intelligence indicates that Abdullah had historical ties to the battle of Fallujah in 2004, and was a close contact of the former Al-Qaeda in Iraq leader Abu Musab al-Zarqawi," an army statement said. Zarqawi was killed in a US air strike in June 2006.
(go to web site)

"FBI Prepares Vast Database of Biometrics"
Washington Post (12/22/07) P. A1 ; Nakashima, Ellen

The Federal Bureau of Investigation is initiating a $1 billion campaign to construct the world's biggest computer database on individuals' physical traits, a plan that would provide the U.S. government new ways to locate people in this country and overseas. In January, the FBI plans to grant a decade-long deal that would substantially broaden the amounts and types of biometric data it gets. In the future, law-enforcement officials globally will be able to depend on iris patterns, face-shape information, scars, and possibly even the individual way humans walk and speak, to solve crimes and find criminals and terrorists. In addition, the FBI will keep, upon request by companies, the fingerprints of staff who have been subjected to criminal background checks so the companies can be contacted if workers have problems with the law. If successful, the FBI's Next Generation Identification system will obtain a broad variety of data in one location for forensic and identification reasons.
(go to web site)

"Harboring Safety"
Access Control & Security Systems (11/01/07) Vol. 50, No. 12, P. 18 ; Silk, Stephanie

Under the Marine Transportation Security Act implemented by Transport Canada in 2005, the Port of Halifax was required to institute an access control database system and a biometric credentialing tool to enhance security at a facility where Halifax Port Authority manager Gord Helm says it is virtually impossible to block the flow of traffic. The port opted for Identica Canada Corporation's Vascular Pattern Scanner, which scans veins, arteries, and capillaries just below the skin to verify a person's identity. Users are given smart cards that store the template of their vein patterns, and the stored template is matched to the hand placed on the scanning device. Additionally, the port chose the ImmediaC database from Unisys to ensure full integration with the credentialing reservation system already in place. When the system goes live in early 2008, it will comprise as many as 50 scanners and 4,000 users.
(go to web site)

"Cyber Security Threats To Pipelines And Refineries"
Pipeline & Gas Journal (11/07) Vol. 234, No. 11, P. 56 ; Williams, Tyler

The cyber security threat to critical infrastructure systems continues to be a clear and present danger. Terrorists and hackers that want to paralyze the United States could deal a devastating blow by disabling key infrastructure systems such as power plants, oil and gas pipelines and refineries. Pipelines are especially vulnerable because they tend to be located in unpoliced and isolated areas. Although the Supervisory Control and Data Acquisition (SCADA) system offers a measure of protection, an entire pipeline could be taken out of commission if an attacker gained access to a physical Ethernet port at a field site. An combined cyber and physical attack also poses major implications, particularly if an attacker accesses critical servers in a SCADA control center. By infiltrating a server in the control center, the hacker could feed false information to the asset owner, making it appear as though an event was in the making at a far off site in a bid to distract emergency sources at the site so that it could target another critical site at a separate location. While such an attack seems far-fetched, several power companies in the U.S. routinely report instances of hackers trying to circumvent their security to tap into their computer networks. A similar event took place in Estonia this spring after hackers pummeled the government and other Website with cyber attacks as retribution for the removal of a beloved Russian war memorial there.
(go to web site)

"Information Security Standards"
Risk Management (12/07) Vol. 54, No. 12, P. 11 ; Lindenmayer, Gerhard

For many organizations, the most essential asset is information, which means organizations must implement security measures to ensure data is not inadvertently or maliciously compromised. Certain best practices exist for securing network data. A layered approach--which combines technology, policy, training, and enforcement--is the best way to achieve full protection. Encryption, antivirus software, and firewalls are key technological elements of data security. Adopting an intrusion detection system helps safeguard the network infrastructure and notifies the IT department when problems occur. In addition, it is crucial to train employees regarding the data in their control and to enforce a robust password policy. Workers should have a limited ability, if any, to use memory sticks, CD/DVD drives, and other portable USB storage devices; though strict, this policy will prevent data from being carried away from the premises. Restricting workers' Internet access to work-related sites also keeps the network safe from viral downloads. Finally, it is important to have outside consultants conduct regularly scheduled patches and yearly penetration tests. Businesses that utilize credit cards for online transactions should scan their servers and ports at least four times each year to adhere to the Payment Card Industry Data Security Standard.
(go to web site)

"DHS Puts Cybersecurity Toward Top of 2008 To-Do List"
Federal Computer Week (12/13/07) ; Bain, Ben

In his year-end remarks, Department of Homeland Security (DHS) Secretary Michael Chertoff announced that cybersecurity will be one area of DHS' four key areas of focus in 2008. Indeed, DHS and Congress are collaborating to design a cybersecurity model that Chertoff envisions as the template for the next 10 years regarding how the United States handles the growing cybersecurity threat. Chertoff says this emphasis on cybersecurity is driven by the realization that much of the nation's economic health "depends on our ability to use the Internet and to use data systems in order to perform our work." Secure identification, immigration and border security, and a push to "institutionalize" the agency's operations are the other areas slated to receive heightened attention in 2008. However, many lawmakers were disappointed that DHS did not classify public safety interoperable communication efforts, including fusion centers and information sharing programs, as a vital area of focus for 2008.
(go to web site)

"Herd Intelligence Benefits IT Security"
InfoWorld (12/26/07) ; Hines, Matt

In response to a boom in customized malware, security vendors are switching strategies and are now utilizing customers' computers as threat detection information collectors. Indeed, malware authors are now using more malware toolkits to develop different attacks for almost every individual user. Therefore, "herd intelligence" will enable customers' computers to act as eyes and ears that can spot customized threats, says Andrew Jaquith of Yankee Group. Customers' endpoint devices can then channel data about new attacks into global networks of scanning technologies, thereby helping security vendors staunch the tide of smaller volume, lower profile attacks. Meanwhile, the amassed data could also help vendors guide customers away from Web sites or applications that are risky to use. As part of the "herd intelligence" initiative, security vendors may have to collaborate with their competitors to develop a larger network effect. "Scale enables the herd to counter malware authors' strategy of spraying huge volumes of unique malware samples with, in essence, an Internet-sized sensor network," explains Jaquith. However, the effort has disadvantages, include cost, dealing with false positives, safeguarding customers' privacy and data, and handling the "data glut" produced by the anti-malware herd networks.
(go to web site)

Abstracts Copyright © 2007 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: