| | 
"Global Business, Global Risks"
Crain's Detroit Business (07/18/05) ; Martinez, Michelle Security experts and veteran business travelers say that it is vital for corporate travelers to have a travel plan that emphasizes security when traveling to remote countries or emerging markets. During 2004, there were 4,000 kidnappings in China, 2,000 in Mexico, and 400 in Argentina, though rich local citizens, not U.S. business travelers, are normally kidnappers' first choice of victim, according to Ackerman Group CEO Mike Ackerman. A recent travel warning from the U.S. State Department noted that from September 2004 to April 2005, more than 30 Americans were murdered or kidnapped in the Mexican state of Tamaulipas, and more still were robbed while riding in taxis and buses. Security experts say that business travelers should always make their lodging and transportation plans well in advance, arriving in a modest vehicle and making sure to take a taxi that has been arranged through the hotel or host country. It is also important for business travelers to adhere to a tight schedule and to let the business office know their whereabouts. Arriving in a corporate jet and wearing expensive clothing or jewelry are invitations to kidnapping, and eating at the hotel restaurant--preferably a well-known chain--is a safer bet than going to night spots where Americans tend to congregate. It is advised that travelers carry two wallets, with one wallet full of enough cash--but no credit cards or identification--to placate a robber. Making friends with reliable local sources, including the hotel concierge, is a good idea, and business travelers who are kidnapped should attempt to establish a human connection with their kidnappers, though they should never attempt to personally negotiate with the kidnappers.
(go to web site) "Security Breaches of Customers' Data Trigger Lawsuits"
Wall Street Journal (07/21/05) P. B1 ; Bank, David A Marin County, Calif., salesman, along with two other plaintiffs, has filed a class-action lawsuit in California Superior Court in San Francisco against CardSystems Solutions, which last month acknowledged that hackers had obtained information on approximately 200,000 credit- and debit-card accounts. The payment-processing concern may have put the personal information of as many as 40 million consumers at risk. Merchants, banks, payment processors, credit-card associations, and even security auditors and software makers face the prospect of liability for lax practices. "There is going to be a flood of lawsuits by both consumers and businesses," said Mark Rasch, a former Justice Department prosecutor and now senior vice president for Solutionary Inc., a security-audit firm in Bethesda, Md. The suit is one of the first filed under California laws that require companies to take "reasonable" security measures to protect customer information and to disclose breaches of that data. The suit also names Visa USA, MasterCard International, and Merrick Bank Corp., charging they failed to enforce the payment-card industry's own standards. Those standards are emerging as a legal litmus test. MasterCard, in a statement, called the lawsuit's claims against it "misguided," and said it acted quickly to verify potentially vulnerable accounts and notify the proper parties. Visa said, "We soundly reject the allegations" against it in the suit against CardSystems noting that "by their own admission, CardSystems Solutions Inc. violated Visa's standards for holding card data." CardSystem itself said in a statement it plans to "vigorously contest" the lawsuit.
(go to web site) "Training Expertise Helps Secure Export Markets"
Financial Times (07/14/05) P. 9 ; Donkin, Richard The London terrorist attacks have underscored the need for companies and governments to provide better security training to all employees and personnel. Alan Hatcher, founder of the U.K.-based International School for Security and Explosives Education, criticizes governments for being overly focused on purchasing billions of dollars of security equipment and technology since the Sept. 11 attacks. Governments would be better served by exhorting the private sector to invest more resources on training employees to be aware of security and terrorism issues, Hatcher said. "Companies owe it to their employees to ensure they have the security staff who are competent" to deal with potential terrorist situations, he said. "Every single employee could be given rudimentary awareness training." Hatcher notes that personnel at subway stations could be trained to identify suspicious passengers, just as flight attendants are, and that more search dogs could be trained to detect explosives. Bomb-detecting dogs are a highly effective, low-tech solution, Hatcher says, pointing out that governments are often too eager to use high-tech anti-terrorist methods even though terrorists are not using high-tech methods to carry out their attacks.
(go to web site) "Bank Robbery Suspects Wearing Camouflage & Fake Beards"
Keloland (07/18/05) ; Jorgensen, Don Three people robbed a bank in the tiny Northwest Iowa town of Akron on Monday morning, in what police are calling a well-planned heist. Police are unsure what the suspects look like, or even of their gender, because they were wearing camouflage clothing, fake beards, ski masks, and gloves. The bandits set their plan into action by stealing a car and driving into Akron. One of the suspects entered the First National Bank, which had one customer and nine employees inside at the time, and demanded money. The bank robbers then fled the scene in the stolen car, abandoned the vehicle at a cemetery on the edge of town, and drove off in two other vehicles that were waiting at the cemetery. One of those two vehicles is a car with government license plates. Authorities did not say how much money the robbers stole or if they were carrying weapons, but the bank's employees received praise for their actions. "The employees did an excellent job of handling the situation as they should have; we have procedures to follow, and they followed the procedures in this robbery situation," said bank President Kevin Eekhoff.
(go to web site) "Keep on Pedaling"
Access Control & Security Systems (06/05) Vol. 48, No. 7, P. 26 ; Kollie, Ellen The Kettering, Ohio-based Kettering Medical Center Network uses patrols of security officers riding bicycles to secure three of its five campuses. Security sergeant Mike Emmons says that by using bikes instead of security patrol cars, security officers can reduce their incident-response time by half. Unlike officers in security vehicles, officers on bikes are able to cut through grass and parking lots and ride on sidewalks when responding to an emergency. Officer Doug Evans agrees that bikes are more effective: "A bike officer is also able to use all his senses vs. an officer in a car with windows up, the motor running, and the radio on, who can't smell, see, or hear as well." Another benefit is cost: Evans says that the total cost of maintaining a security vehicle can run as high as several thousand dollars a year, compared with $100 to $200, at most, for a bike. The Kettering bikes have lights and sirens that allow officers to clear a path to an emergency situation, if necessary, and the bikes are capable of providing the dual advantages of stealth and visibility. Officers on bikes wearing security uniforms also are perceived as being more accessible to people who need help because security vehicles, especially those with their windows up, can act as a barrier to contact, says Evans. The Kettering officers have trained with the International Police Mountain Bike Association, and have received bike-maintenance training from a U.S. Air Force program at Wright Patterson Air Force Base in Dayton.
(go to web site) "On a Mission to Merge"
Security Management (07/05) Vol. 49, No. 5, P. 59 ; O'Hara, Ray; Williams, Tim; Perman, Karl Companies are beginning to recognize that traditional risk management practices that separate physical threats from IT-related threats produce security weaknesses. The trend now is to integrate security across the enterprise, a tactic that results in greater efficiency through the elimination of redundancies, an increase in communication, and the delineation of responsibilities within the enterprise. Companies can get a view of their security vulnerabilities by developing a current-process model that shows the flaws in how they manage security and emergency management. Next, companies should create a team to recommend a future-process model that addresses the subjects of physical security, emergency management, information security, and personnel security, with the team composed of experts in these areas. An end-to-end process ownership can be established in which an "owner" for each security function is named and reports to a chief security officer (CSO). Among the benefits of having these owners report to a CSO is that the physical and IT security divisions will have an early idea of the shape of each other's security plans and how they can collaborate on projects. Before enterprise security can be achieved, a company must not only have a CSO in place, it must conduct process mapping to uncover departmental interdependencies, assess existing IT infrastructures, consider remote access by partners, and map interdependencies among suppliers and partners. The key final step to enterprise security is implementing an employee awareness program.
(go to web site) "Securing Document Management Systems: Call for Standards, Leadership"
CPA Journal (NY) (07/05) Vol. 75, No. 7, P. 11 ; Harpaz, Joe Although use of paperless document management systems is on the rise, many of these systems are vulnerable to outsiders and employees seeking to commit wrongful actions against corporations. Security does not necessarily mean hiring a full-time technology staff, and many companies can easily rely on an outside vendor to provide adequate protection. A common misconception is that offsite document management systems are less secure if handled by a vendor, but in fact, these systems are often more secure because the vendor is interested in pleasing its clients through periodic vulnerability scans, back-up solutions, and routine updates to software. Corporations that house their own document management systems should beef up security on their own networks, particularly given that many networks are connected to the Web and more workers are using wireless connections to complete work from their homes and on the road. Security updates should be downloaded on a periodic basis and vulnerabilities should be plugged. In addition, companies should implement procedures and policies governing access, changes, and storage of documents within the system and ensure that workers are well trained in the nuances of the document management software.
(go to web site) 
"Bombs Set at 4 London Sites, But Fail to Explode"
New York Times (07/22/05) P. A1 ; Cowell, Alan Authorities say that no one was hurt during Thursday's terrorist attacks in London, and casualties were avoided because the explosives used by the bombers never actually detonated. Using explosives hidden in backpacks, the terrorists attempted to strike four targets--the Shepherd's Bush subway station, the Warren St. station, the Oval station, and bus No. 26 in Hackney--but the attacks fizzled because although the detonators in the backpacks went off, the bombs failed to detonate. The detonators made loud popping sounds, but when the bombs failed to go off, witnesses said that the attackers dropped their backpacks and fled. Some officials believe that the explosives in the backpacks are of the same type that were used in the July 7 bombings, and officials are optimistic that the undetonated bombs will provide significant clues about who was behind the attacks. The attacks occurred around lunchtime and were nearly simultaneous, said Metropolitan Police Chief Ian Blair, and the incident was eerily reminiscent of the previous attacks just two weeks before. Investigators are already working to identify the attackers from surveillance camera footage.
(go to web site) "New York Starts to Inspect Bags on the Subway"
New York Times (07/22/05) P. A1 ; Chan, Sewell; Fahim, Kareem In response to Thursday's terror attack in London, New York City Police have begun conducting random bag inspections on the city's subway system and commuter rail lines, and transit systems in several other major U.S. cities could soon follow suit. Mayor Michael Bloomberg authorized the searches, and the searches are apparently unprecedented in the history of the city's subway system. The searches will be conducted in a systematized manner on "every certain number of people" and will not be based on factors such as race, religion, or ethnicity, said Police Commissioner Raymond Kelly. The ACLU has raised questions about the legality of the searches, but Kelly said that the legal ramifications of the searches are being examined by department lawyers. "We'll give some very specific and detailed instructions to our officers as to how to do this in accordance with the law and the Constitution," he stated. Transit officials in Washington, D.C., Boston, and San Francisco said they also may decide to implement random searches of transit passengers' bags. In New York City, the searches are unlikely to include purses and will mostly focus on backpacks and other large containers, a police spokesman said. City police will visually inspect subway riders' bags before they pass through the station turnstiles, and those who refuse to allow the search will not be allowed to bring the bag into the subway, though they will retain the right to leave the station without being questioned by police.
(go to web site) "U.S. Focusing on Boosting Rail Security"
Newsday (07/21/05) ; Autry, India A spokeswoman for the Transportation Security Administration (TSA) says that tests from a pilot program for security screening conducted in May 2004 show that rail security can be enhanced with a minimum of customer inconvenience. The initial phase of the pilot program, conducted in New Carrolton, Md., screened Amtrak and Maryland Rail Commuter passengers and their baggage for explosives. The average wait time for each rail passenger was less than two minutes, compared with 10 minutes for passengers in the nation's airports, said spokeswoman Lara Uselding. The object of the rail screening was to find explosives, not other types of weapons, meaning that, unlike airline passengers, the rail passengers did not need to part with metal objects during the screening process. Customer feedback from another phase of the pilot in New Haven, Conn., last summer was 96 percent positive, said Uselding. She also noted that it took an average of just 29 seconds to screen individual items and baggage during another pilot phase at Washington, D.C.'s Union Station. The Homeland Security Department and TSA are attempting to determine how to launch a wide deployment of the pilot program, though no timeframe has been established yet, she said.
(go to web site) "So Far, Dogs Are Still Best Detectors of Bombs"
Washington Post (07/19/05) P. A17 Due to the open nature of mass transit systems, it is nearly impossible to screen all passengers for explosives, experts say. The best available method for detecting hidden explosives are bomb-sniffing canine units, says Joseph Riehl, head of the arsons and explosives programs division of the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). The ATF has trained about 100 bomb-sniffing dogs that are currently being used across the United States, and 400 more are being used in other parts of the world, including Iraq. However, canine units have limitations on their ability to detect explosives, including how powerful an explosive scent is and how far away they are from someone carrying explosives. The private sector, scientists, and the government are attempting to create technologies that would be able to detect explosives on mass transit systems. A poll from CNN-Gallup finds that 69 percent of Americans surveyed believe that every American should be required to go through a metal detector when using subways, trains, buses, and other forms of public transportation. The government held a month-long test of explosives-detecting equipment at a Maryland subway station in May, but the trial proved to be too impractical and time-consuming. "There is no single system that exists that allows us to guarantee people are not going to get on a train with explosives," Homeland Security Secretary Michael Chertoff said recently.
(go to web site) "Border Czar Eyes Civilian Helpers to Assist Agents"
Sign-on San Diego (07/21/05) ; Soto, Onell R. U.S. Customs and Border Protection Commissioner Robert Bonner says that his agency is exploring ways to include civilian volunteers in the effort to protect the nation's borders. "There is the possibility in local border communities, and maybe even beyond, of having citizens that would be willing to volunteer to help the Border Patrol--but with some training and being organized in a way that would be something akin to a Border Patrol auxiliary," Bonner explains. He says the agency views volunteer auxiliaries for local sheriff's departments and the U.S. Coast Guard Auxiliary as potential models for its own auxiliary. Agency spokeswoman Kristi Clemens says that top officials in the Homeland Security Department have not yet been notified about the potential effort to include citizens, but the agency would brief them once a proposal has been readied. She states that the agency is considering all proposals, including having volunteers do clerical work that would allow agents to spend more time securing the borders. Jim Gilchrist, head of the citizen-led Minuteman Project, says he is skeptical of the potential auxiliary plan, dismissing it as little more than "a ride-along." The real solution to the border security problem is an adequately numbered, full-time police force, Gilchrist says. In related news, a 2006 ballot initiative in the state of California would, if approved, create a state border-policing agency, the California Border Patrol, that would have the power to form an agreement with the U.S. government to enforce U.S. immigration laws.
(go to web site) "Companies Get OK to Run Security Screening"
USA Today (07/20/05) P. 1B ; Frank, Thomas The federal government's Registered Travel program will "move a lot faster" if the private sector runs the program, said Justin Oberman, assistant administrator at the U.S. Transportation Security Administration (TSA). Oberman says that the TSA is delighted at the prospect of the private sector taking the lead on the program, which allows travelers who have undergone special security checks to use faster-moving lines at airport security checkpoints. Oberman made his comments during Tuesday's launch of the Registered Traveler program at Orlando's airport. The Orlando program is the first in the nation to be operated by a private company. Oberman indicated that private companies will feature prominently if the program is expanded across the nation. Some 4,000 travelers have paid $80 to sign up with the Orlando program, which is run by Manhattan-based Verified Identity Pass. Orlando travelers participate with the program by using a plastic card with an embedded microchip containing an image of an iris and a fingerprint. At the airport, the travelers undergo fingerprint and iris scans, and if the scans match the images on the card, they are allowed to use the faster security line.
(go to web site) 
"Between Phishers and the Deep Blue Sea"
CNet (07/18/05) ; Kawamoto, Dawn Hackers are often based in India, Korea, or China, with differing time zones and language barriers increasing the difficulty facing security enforcement agencies in the United States. The most prevalent cyberattacks are carried out by a network of zombies, or compromised computers that are remotely controlled without notification to the computer's owner. Currently, China is home to 21 percent of new zombies with the United States at 17 percent and South Korea at 6.8 percent, according to CipherTrust. Hackers overseas are carrying out attacks due to a high prevalence of broadband in China and South Korea but a lack of proper security software, according to Anti-Phishing Working Group Chairman David Jevans. Another factor boosting the prevalence of overseas attackers is the fact that even small amounts of money provide significant incentive to a hacker in a developing country than to a hacker in the United States. The Forum of Incident Response & Security Teams, an international clearinghouse for response to security incidents among government agencies, universities, and organizations, recommends companies implement a computer security incident response team, keep security patches and antivirus software updated, monitor network traffic for strange behavior, and join security groups in order to share valuable security information among members. Meanwhile, a broad, international coalition of trade groups, companies, and law enforcement organizations are working to stem cyberattacks from abroad by tightening global cooperation and establishing automatic filtering systems to block email traffic from specific regions. HoneyNet Project President Lance Spitzner says today's hackers are in it for the money not fame. He says, "It's not so much a security issue. It's a crime issue now."
(go to web site) "How to Make Safer Software"
Wall Street Journal (07/18/05) P. R4 ; Guth, Robert A. As software has filtered down to virtually every aspect of our lives, developers have begun to realize that the bells and whistles that used to drive sales of their products must take a backseat to fundamental security and quality provisions. In a recent interview, Cigital CTO Gary McGraw highlights the shift toward accountability that is defining today's software industry, as evidenced by the Sarbanes-Oxley Act and other standards of security-driven compliance. The trend is to knit security measures into the fabric of the software, rather than to address it after implementation through firewalls and antivirus programs whose vulnerabilities have already been exposed. Also, more companies in non-software industries are starting to look at software development in house, such as banks, credit card companies, and automobile manufacturers. McGraw cites Microsoft as having emerged from its earlier practice of relying on features to drive software sales to a more responsible, quality-focused approach that has enhanced the security of their software and further solidified their dominance in the market, even if the company is still not perfect. McGraw recommends that developers incorporate software assurance throughout the design of every package, which entails considering the end requirements of a system as well as the potential threats hackers may pose to it. To fully integrate software with the business community, developers must also overcome the language barrier and speak in terms that have instant relevance to bottom line, instead of burying themselves in impenetrable technical rhetoric. In the face of foreign competition, McGraw believes U.S. software companies can retain their preeminence through forward-looking risk management and needs assessment, even if India and China can offer coders who work for lower wages.
(go to web site) Abstracts Copyright © 2005 Information, Inc. Bethesda, MD |
1 comment:
Banks, banks, banks… They are a disaster! A complete rip off. Especially Merrick Bank. It is a real scam. I have never seen such an amount of negative feed backs in the address of one company. I found them on www.pissedconsumer.com. I wish I looked them up before I engaged into the business with this bank. Watch out! By the way your blog is great.
Post a Comment