| | 
"Stopping Shoplifting"
Daily Telegram (08/30/05) ; Yeutter, Andrea Large retailers like Wal-Mart, Walgreens, and Lowe's have been forced to create their own organized crime divisions in order to combat organized retail theft rings. Joe LaRocca, vice president of loss prevention at the National Retail Federation (NRF), says that the shoplifting problem has worsened in recent years because law enforcement has its hands full with terrorism and drug trafficking. Urban police departments that are aggressively fighting organized crime rings often end up pushing these criminals into the suburbs or smaller cities, where there is less awareness of such crimes and where local law enforcement may be more lax. Jerry Biggs, head of Walgreens' organized crime unit, differentiates between common shoplifters and "boosters," professional thieves who steal large amounts of merchandise from many stores with the intent of selling the stolen items. Boosters tend to steal high-demand items that can be sold in bulk, including diabetic test strips, toothpaste, hair-care products, and over-the-counter medicine. "A bank robber can make a $3,500 daily profit, but a booster makes $10,000-$20,000 a day, and it's not a federal offense in all states," says Biggs. The NRF and FBI are collaborating with retailers to create the Retail Loss Prevention Intelligence Network (RLPIN), a database that monitors retail thefts across state lines and across different companies to help retailers and law enforcement combat organized crime rings. RLPIN will be completely operational by early September, and hundreds of retailers have already signed on with the project.
(go to web site) "Remote Weapons System Deployed at Oak Ridge Bomb Plant"
Southern Standard (09/02/05) The Y-12 nuclear power plant in Oak Ridge, Tenn., will be protected with a new weapons system that will allow the facility's security force to remotely control machine guns and other weapons from up to a mile away. The remote-operation system was developed by the Sandia National Laboratory in New Mexico, and it will be part of an overall emphasis by the National Nuclear Security Administration (NNSA) to aggressively use new technology to guard the country's nuclear installations, says Jerry Paul, NNSA's principle deputy administrator. The weapons system allows the plant's security personnel to remotely control multiple weapons through the use of a simple joystick. The NNSA provided a demonstration Thursday of remotely operated machine guns that are mounted in hard cases that open like clam shells. The weapons platforms can be used on poles or atop armored SUVs and can be equipped with grenade launchers, M-16s, M-249 machine guns, or other weapons. The weapons system, having been subjected to three years of testing, is a "first-of-its-kind technology for providing security" at nuclear installations and will serve as "a force multiplier," not a replacement for security guards, says Paul. The new weapons system gives security forces the ability to train a high degree of firepower on adversary forces from a safe distance, Paul says.
(go to web site) "14 Indicted in Fake Drug Plot"
Kansas City Star (09/01/05) ; Margolies, Dan Albers Medical Distributors Inc., Douglas C. Albers, and 12 other workers were charged with conspiring to sell $42 million in fake, stolen, or illegally imported medications. Albers faces a 53-count indictment from a federal grand jury, and the case highlights the many weaknesses inherent in the drug supply system. The U.S. Food and Drug Administration merely approves drugs and other medications and allows the states to regulate the supply chain, but loopholes and gaps in existing state laws have allowed companies to profit from counterfeit medications. While authorities are convinced that consumers were not harmed by the medications illegally sold, they do note that the benefits of the medications were probably not felt by those purchasing the medications. Albers' attorney noted that his client had cooperated with earlier investigations into the matter, and Albers plans to file civil actions against those parties he believes to be responsible for the fraud. The company and Albers remain accused of conspiring to import drugs illegally from South America and for purchasing chemicals and equipment needed to create counterfeit Lipitor and Celebrex.
(go to web site) "Comprehensive Security Risk Management"
Insurance International (Quarter 3, 2005)No. 67, P. 34 ; French, John Security risk management has been catapulted to the forefront of corporate priorities, and tools are now available to integrate this function into overall risk management programs to address IT exposures, physical security, environmental exposures, and personal security risks. While not all companies have problems with violent crimes, white collar crimes, and terrorism, other firms have security risks ranging from vandalism to product tampering to cybertheft. Most firms employ security guards, closed-circuit television monitoring systems, and alarm networks, but few actually test these systems to ensure they are efficient, functional, and that weaknesses are addressed. Corporations should install perimeter fence systems so that security personnel are free to address only genuine incidents, and many of these systems can be blended into existing aesthetics. These devices include seismic sensors, digital monitoring video surveillance, battery-operated, wind-powered, or solar-powered cameras and closed-circuit, wireless monitoring systems, and satellite alerts. When workers are abroad, employers can ask that they wear tracking devices, especially when overseas in terrorist breeding grounds. Even with the most secure systems, intruders can breach security through a variety of means, including "tailgating" where one person follows and authorized person through a secure door. Internal crimes often occur at businesses across the globe, but employers can conduct background checks to ensure they are hiring honest people with integrity, but most of all employees need to be trained about security protocols inside and outside the building.
(go to web site) "Disaster Recovery and Data Protection"
Insurance International (Quarter 3, 2005)No. 67, P. 38 ; Crichard, Mark Disaster recovery and business continuity plans should take into account the requirements of the Data Protection Act (DPA) and the Freedom of Information Act, not just the potential for extreme disasters to take place. The DPA requires that personal data, not data that merely mentions a person's name, should be protected from security threats either technical or physical in nature, and companies are required to secure that data with the means necessary and appropriate in relation to the data's sensitivity. When third parties are involved with the transfer, use, or storage of personal data, the same rules apply, which means that firms should backup data and secure it from unauthorized users. Moreover, backup copies of this data should be updated and kept fresh and accessible. The Freedom of Information Act governs what information can be released for public viewing and companies should separate confidential information from data that can be issued to the public under the act.
(go to web site) "The Inside Story on Outsource Planning"
Security Management (08/05) Vol. 49, No. 8, P. 61 ; Adler, Steven I.; Robertson, Prentice; Dickson, Kort L. More than half of the respondents to the 2004 ASIS salary survey said that their organizations outsourced some part of their security services. When outsourcing security functions, companies need to have a plan for every step of the process, and a good model to follow is the contract lifecycle management (CLM). The CLM process consists of contract governance and oversight, request for proposal, due diligence, and contract negotiation and execution. The process begins with the creation of a contract governance and oversight council, with the council being composed of a cross-section of the company's management. The request for proposal (RFP) step of the process calls for a team of corporate stakeholders to create a detailed statement of work (SOW), which describes the security services and products to be supplied or security functions to be performed by the security vendor. The RFP and SOW documents should include how much money the company is willing to spend for the work, and the documents should also address service-level agreements. A group of company representatives should form a due diligence team to conduct a detailed inquiry into potential vendors' past performance and other factors when deciding which vendor to choose. During the contract negotiation and execution phase of the CLM process, a contract negotiation team must review the contract for accuracy and appropriateness.
(go to web site) 
"Bush Calls for Massive, Coordinated Recovery"
Los Angeles Times (09/01/05) ; Gestenzang, James Homeland Security Secretary Michael Chertoff has been directed by President Bush to coordinate the nation's effort to recover from the effects of Hurricane Katrina. Chertoff will head a task force, dubbed Joint Task Force Katrina, that has been established by the Department of Defense to focus on disaster relief. Late Tuesday night, the Homeland Security Department designated Hurricane Katrina an "incident of national significance." The designation means that federal resources will be mobilized to assist states and local jurisdictions as they recover from the effects of a catastrophic event. This represents the first time that the department has used the designation, which is newly created. The effort to recover from Katrina could take years to complete. Joint Task Force Katrina will provide disaster-response equipment, rescue teams, medical evacuation teams, and a hospital ship. The task force is based out of Camp Shelby, Miss. The short-term goal of the effort is to provide aid and provisions to Katrina's victims, but the long-term goal will be to rebuild the towns and highways that were devastated by the hurricane.
(go to web site) "La. Governor Warns Troops Will "Shoot and Kill""
Reuters (09/01/05) Louisiana Governor Kathleen Blanco has ordered National Guard troops in New Orleans to "shoot and kill" looters and rioters in the lawless city. Blanco on Thursday publicly warned the rioters and looters that 300 National Guard troops with combat experience in Iraq have just arrived in New Orleans and that these troops will be expected to shoot and kill if necessary. Meanwhile, an untold number of police officers in New Orleans have resigned from the force due to their fear of being shot at or killed in the violence that has gripped the city, says State Police Superintendent Col. H.L. Whitehorn.
(go to web site) "FBI Will Do 'Threat Assessment' of Nation's Prisons"
Associated Press (08/31/05) ; Thompson, Don FBI agents across the nation will begin conducting threat assessments of prisoners throughout the U.S. prison system, looking for prisoners who may have converted to radicalized ideologies during their prison stay. The effort, detailed in an FBI letter, is a reaction to concerns that terrorist groups may be attempting to recruit and convert prisoners to their ideologies. The FBI agents will be looking for evidence of all "disruptive groups," including Islamic militant groups and prison gangs.
(go to web site) "4 Men Indicted in Alleged Plot to Spread Terror in Southland"
Los Angeles Times (09/01/05) ; Krikorian, Greg; Moore, Solomon A federal grand jury on Wednesday indicted four members of an alleged home-grown terrorist cell of plotting terrorist attacks against targets in Southern California, including National Guard facilities and synagogues. The four men were charged with conspiring to wage war against the U.S. government through terrorism. The alleged leader of the group is Kevin Lamar James, a 29-year-old inmate of the California prison system who created the Assembly of Authentic Islam radical group while in prison. One official said that James spent formative time with the U.S.-based Nation of Islam, led by Louis Farrakhan, but decided that the Nation of Islam was not radical enough. Another member of the group is 25-year-old Levar Haney Washington, a former prisoner and former street gang member. One of the other members is 21-year-old Gregory Vernon Patterson, the son of a college professor and college administrator, and 21-year-old Hammad Riaz Samana, who grew up in Pakistan before moving to the United States. Washington, Samana, and Patterson met at a local mosque, and Washington met James while they were both prisoners. James allegedly controlled the plot from prison.
(go to web site) "As U.S. Mobilizes Aid, Katrina Exposes Flaws in Preparation"
Wall Street Journal (09/01/05) P. A1 ; Carrns, Ann; Terhune, Chad; Hudson, Kris Local and federal government officials have admitted that insufficient emergency management preparations have left them ill-prepared to deal with the catastrophic results of Hurricane Katrina. The disaster-response effort has been hampered by incomplete guidelines for the coordination of emergency operations between state, local, and federal agencies, and communications have been another problem, according to several officials, including Norman Bourdeau, operations manager for the Calcasieu Parish (La.) Office of Homeland Security and Emergency Preparedness. Bourdeau's office sent out rescue teams of boats, but his officers found that while they could communicate with one another, they could not communicate with other officers and fisheries agents in the same area. Sen. Mary Landrieu (D-La.) also noted the communications failures, comparing them to the communications problems experienced by first responders during the Sept. 11 terrorist attacks. Louisiana Governor Kathleen Blanco (D) had intended to hold a conference call with local emergency officials on Monday but was forced to abandon those plans and call officials individually because several local officials were unable to get through on the conference call. Law enforcement officers in the disaster zones have reported communications problems caused by too many different radio frequencies and an over reliance on cellular telephone networks, which were heavily damaged. There also have been reports that Louisiana's police-led communications system for emergency personnel, the "smart-zone" system, has been beset by problems.
(go to web site) "Security System Tested on Bay Area Ferry"
Los Angeles Times (08/30/05) ; Horowitz, Donna Passengers that use a San Francisco-area ferry were subjected to screening for explosives on Monday as part of a pilot project to protect the ferry system from terrorists. For the most part, passengers gave the program positive reviews. The scanner technology used in the pilot project is capable of detecting trace amounts of explosives, and a terrorist does not necessarily have to handle the explosives in order for trace particles to be on his person. The scanners are capable of detecting upward of 40 types of chemicals used to create explosives. If explosives are detected, passengers are pulled aside and undergo a secondary screening and examination for explosives. Other cities have expressed a great deal of interest in participating with the system, said a Transportation Security Administration spokesman.
(go to web site) "Containing Cargo Risk"
Security Management (09/05) Vol. 49, No. 9, P. 60 ; Anderson, Teresa The possibility that terrorists could use cargo containers to slip weapons of mass destruction into the United States poses a serious risk not just to the ports themselves, but to the critical infrastructure and large urban populations that are typically found near ports. The key to preventing such a scenario rests with the private sector, which must take several steps to address cargo security. These steps include assigning responsibility for cargo security; fully integrating the security program into the company's business planning; conducting compliance audits of all customers and vendors in the supply chain; conducting background screening of employees; building relationships with industry groups and government; and using new security technologies well. Some organizations have focused on improving their communications equipment--for example, Purdue Pharma has created a control center to track cargo via Global Positioning System technology. Other companies view the use of RFID technology combined with container alarms as an excellent way to ensure the integrity of cargo containers, but the drawbacks to this method include standardization problems among RFID tags and readers and limitations to reading tags among numerous stacked containers. Retailing giant Target has a cargo security program that other retailers can look to. Target grades the risks of terrorism in various regions of the world and focuses its security resources on the high-risk areas. Target also tries to find bottom-line implications for its security training programs so that the programs are supported by the company's top management.
(go to web site) 
"The Threats Get Nastier"
InformationWeek (08/29/05)No. 1053, P. 34 ; Claburn, Thomas; Garvey, Martin J. Business technology and security professionals are confident that their IT systems are adequately protected against cyberthreats, according to InformationWeek Research's U.S. Information Security Survey 2005, but this attitude belies the fact that worms, viruses, and other forms of malware are more insidious and dangerous than ever. The recent Zotob worm epidemic shows that such threats have not gone away, while the motivation behind such attacks has shifted from bragging rights to financial gain. The most common types of security threats and espionage during the past year were viruses and worms, phishing, denial of service, and Web-scripting language violations, while suspected culprits include hackers, virus writers, unauthorized and former workers, and organized crime. Seventy-eight percent of survey respondents who believe their vulnerability to cyberthreats has increased or remained steady over the past year say the growing sophistication of such threats is their chief concern, while other anxiety-provoking factors include more ways to attack corporate networks, increased volume of attacks, and more malicious intent. Fifty-one percent of businesses plan to boost their IT security budget this year, while 56 percent of respondents say they are approaching IT security in a more structured way out of the need to conform to government regulations. Enhanced application security, secure remote access, and improved access controls are among the top priorities for these companies. Not only are cyberattacks being launched across multiple modes, but virus writers are taking a cue from hackers and using rootkits to conceal their activities from detection systems. Six percent of companies admit hackers gained access to their customer records, but the actual percentage may be higher if one assumes that some companies are hiding the truth or have been compromised without their knowledge.
(go to web site) "Net Access Security Plans Sow Confusion"
Network World (08/22/05) Vol. 22, No. 33, P. 1 ; Greene, Tim Network access control, which allows network protection by forbidding access to potentially infected computers, is a growing security priority with 74 percent of 304 IT executives surveyed by IDC expecting to spend more on the technology over the next 24 months and 15.5 percent expecting a significant increase in spending over the same time period. Cisco and Microsoft are the two biggest players in the network access control arena. The technology works by screening all machines attempting to access the network and denying access to machines that lack properly configured firewalls, updated and running anti-virus software, and the most recent technology patches. The technology can then direct denied machines to Web sites to find out how to become compliant or grant access only to quarantined segments of the network. Some equipment can also watch inter-network traffic and implement shutdowns if the traffic is identified as deviating from the norm. There is an overabundance of options, and customers are further bewildered by the numerous partnerships among vendors to support each other's offerings, says analyst Chris Liebert. Sygate CEO John De Santis says such alliances are set up to support endpoint security immediately, no matter which vendor's gear comprises a client's network. Cisco and Microsoft have aggregated lists of vendors who have agreed to support their security schemes, which raises their profile for customers who already own equipment from Cisco or Microsoft.
(go to web site) Abstracts Copyright © 2005 Information, Inc. Bethesda, MD |
No comments:
Post a Comment