| | 
"Private Security Contractors Head to Gulf"
Washington Post (09/08/05) P. A14 ; Witte, Griff Private security contractors are being hired by companies in the Gulf Coast region to deter looters in the aftermath of Hurricane Katrina. These private contractors specialize in providing security in dangerous, war-torn areas of the world like Iraq and Afghanistan. Doug Brooks, president of the trade group International Peace Operations Association, notes that some people have criticized the federal government's response time to the hurricane, adding that private security contractors "are always ready to go." One security contractor executive says that his company has been flooded with requests to provide security for commercial clients in the Gulf Coast region. Russ Knocke, spokesman for the Homeland Security Department, says he is unaware of any plans for the federal government to hire private security contractors for public safety, though he also did not say that the department would be opposed to the idea. Industry insiders say that the private security contractors sent to Iraq and other world hot-spots tend to be younger and heavily armed, while the contractors that have been sent to the Gulf Coast tend to be retired law enforcement agents armed with handguns. Executives of private security contractors in the Gulf Coast say that to this point their personnel in the region have not been forced to take any actions against looters or criminals.
(go to web site) "Package of Bills Aims to Protect Seniors"
Detroit Free Press (09/06/05) Lawmakers in Michigan on Tuesday introduced a raft of bills aimed at protecting senior citizens from criminal employees in nursing homes or other care facilities. The legislation requires "all employees who have direct access to elderly and disabled patients" to be subjected to federal background checks and fingerprinting. The legislation applies to all employees working at nursing homes, hospices, psychiatric hospitals, certified home health agencies, personal care agencies, and providers of swing bed services. If the background checks reveal that an employee previously has taken advantage of senior citizens, they could be permanently prohibited from working in the industry. Also, any employee who has been convicted of a felony would be prohibited from working in a care facility for senior citizens or the disabled for a period of 15 years after the date that their sentence and parole ended. The legislation mandates that federal money will pay for the fingerprinting and background checks.
(go to web site) "Karachi Blasts Target Food Outlets"
CNN (09/08/05) A McDonald's and KFC restaurant in Karachi, Pakistan, were bombed around 12:50 a.m. local time Friday. Authorities said that low-grade homemade bombs caused the blasts. The first attack occurred at the KFC, with the blast shattering windows, damaging three cars, and blowing a hole in the restaurant's concrete wall. Eight minutes later, a bomb went off outside the McDonald's. Roughly 80 people were inside the McDonald's when the bomb went off. No group has claimed responsibility yet for the attacks.
(go to web site) "Beefed-up Security to Greet Students Across State"
New Jersey Star-Ledger (09/05/05) ; Mooney, John The 3,400 schools in the New Jersey school system will have much tighter security measures in place for the new school year. Acting Gov. Richard Codey has ordered that all state schools undergo security inspections by the beginning of the school year, and officials say that this requirement has nearly been met. Groups of school officials and specially trained law enforcement officials have conducted the security audits. There are more than 70 items on the security audit checklists, including visitor policies, evacuation policies, access to ventilation systems, storage and inspection procedures for buses, and the elimination of hiding spaces through outdoor landscaping. Each school has unique security concerns, so some schools will require different policies than others. Students at some schools will be required to wear identification badges, while at other schools it will be teachers who are required to wear identification badges. Other security measures include forcing visitors to sign in, securing all school entrances, and monitoring the entrances. The state Department of Education will collect the schools' security data and analyze the data with the aim of possibly developing uniform security policies and training.
(go to web site) "Minimizing and Understanding Risks Can Keep Your Data Secure"
Kansas City Business Journal (09/02/05) ; Sayers, Gretchen There are several common-sense measures business owners can take to ensure the security of their assets and data. First, they must secure the physical premises and restrict internal access to data to those employees for whom it is absolutely necessary. It must be widely known that customer privacy is a top priority of the business, and that message should be reinforced by written policy. Business leaders are also advised to outsource the storage of data, and to ensure that data is not available via the Internet. Conducting periodic audits can help produce an honest snapshot of the success of security measures in place. In a media climate that plays to fears and anxieties and emphasizes worst case scenarios, business owners must not lose perspective. Although data security is a serious and often overlooked issue, the reality is that not every vulnerability will bring a company to its knees. Merchants and transaction processing services are perennial targets because they hold large repositories of financial data, though it is important to remember that not every breach results in massive fraud or identity theft. Provided that businesses have implemented the necessary precautions and awareness remains acute among the staff, business leaders should be able to rest easily knowing they have adequately secured their company.
(go to web site) "Organizations Find Unexpected Benefits from Sarbanes-Oxley Compliance"
RiskCenter (08/30/05) ; Oliver, Kathryn Sarbanes-Oxley compliance issues have made automation of compliance and control environments a priority at many organizations, according to a CFO Research Services survey of 180 senior finance executives that was conducted on behalf of PricewaterhouseCoopers (PwC) and Virsa Systems. More than 75 percent of respondents described such automation as a top or moderate priority over the next year, and about half of respondents said that their Sarbanes-Oxley efforts are improving the effectiveness of their corporate risk management. Nearly two-thirds of respondents said that Sarbanes-Oxley and other compliance initiatives have helped them identify control weaknesses that could be damaging, and a similar percentage of respondents said that Sarbanes-Oxley compliance has improved their understanding of their business. Three major trends observed by PwC and Virsa have been confirmed by these survey results, says Virsa CEO Jasvir Gill: first, "most companies are still feeling the effects of Sarbanes-Oxley compliance," while "secondly, reducing the total cost of compliance continues to be a primary goal; and lastly, companies are embracing automation to drive sustainable, cost-effective compliance across their enterprises." Companies are also finding new improvement opportunities due to their automation efforts, and respondents also said that operational performance is boosted by Sarbanes-Oxley and other compliance and control improvements.
(go to web site) "Threats From Within"
Insurance Networking News: Executive Strategies for Technology Management (09/05) Vol. 9, No. 2, P. 10 ; Speer, Pat The insurance industry is becoming increasingly concerned with the loss of sensitive data to "insiders"--people who were, or previously had been, authorized to use the information systems that they eventually intentionally or unintentionally used to cause a company harm. Although insurance companies often do not report insider attacks for fear of the negative publicity or increased liability that may result, the number of such attacks is on the rise, according to Deloitte Touche Tohmatsu's 2005 Global Security Survey. Thirty-five percent of the survey's respondents, which included those in the insurance industry, said that they had encountered an attack from inside their organization in the past 12 months (up from 14 percent in 2004), compared with 26 percent from outside sources (up from 23 percent in 2004). Insurance companies, particularly health and life insurance companies, are especially vulnerable to insider attacks because they are "information-rich," says Ted DeZabala, one of the authors of the study and principal in Deloitte & Touche LLP's security services group in New York. As a result, many carriers are implementing fingerprint authentication clearance for copy machines, and are looking to identity management solutions which include access, vulnerability, patch, and security event management to fight high-tech threats such as identity theft and phishing. In addition, the Independent Insurance Agents & Brokers of America published a report by the Agents Council for Technology that detailed steps that can be taken at the agency level to ensure security, including asking new and existing employees to sign and date a confidentiality agreement which assigns ownership of intellectual property to the agency and forbids copying, transmitting, or posting of confidential data, and restricting access to confidential consumer and employee information to only those employees who need it.
(go to web site) 
"Homeland Security in Action"
Charleston Gazette (WV) (09/08/05) ; Broadwater, Chandra With the help of equipment purchased with homeland security grants, the state of West Virginia managed to prepare itself to receive hundreds of evacuees from New Orleans within a span of just 24 hours. At 3 p.m. Friday, Sept. 2, West Virginia officials began mobilizing the state's resources in preparation for the arrival of evacuees, and by 9 p.m. that same day, the state's Office of Emergency Medical Services helped put a basic plan in place, and the plan was approved by the governor. The governor ordered state officials to implement the plan by the morning of Sept. 3, which they did, and that night the first wave of 200 evacuees arrived in West Virginia. A staging area was set up at Yeager Airport, and equipment such as trucks, shower tents, and rubber gloves--all paid for by homeland security grants--was used to help the evacuees. "Everything here is equipment we purchased with those grants," says Mark King, director of the state Office of Emergency Medical Services. "Weapons of mass destruction or not, we're getting use of that equipment." King says that the plans put in place for the evacuees are the same that would be used in the event of any type of large disaster.
(go to web site) "Homeland Security Suspends Worker Document Checks"
Star-Telegram (TX) (09/06/05) The Homeland Security Department has announced that it will give employers a 45-day window during which they will not be penalized if they hire people who are unable to prove they are eligible to work in the United States. The department decided to make the move due to the fact that many victims of Hurricane Katrina have lost their documentation proving that they are eligible to work in the country. Under normal circumstances, U.S. immigration law mandates that employers verify that job applicants can legally work in the country. The department said that it would retain the right to sanction employers who falsely hire people who are ineligible to work or job applicants who falsely claim to be victims of the hurricane.
(go to web site) "Cards Can Help in an Emergency"
Hagerstown Herald-Mail (MD) (09/07/05) ; Cunningham, Erin The Maryland Department of Health and Mental Hygiene has produced an information sheet the size of a credit card that provides citizens with information on what to do during a bioterrorism attack or other health threat. The card is small enough to fit inside a wallet but unfolds to become a 9.25-inch by 11.5-inch information sheet. A spokesman for the Washington County (Md.) Health Department says that thousands of the sheets are available for distribution locally and that they will be handed out in Hagerstown, Md., during Citizens' Emergency Preparedness Day, on Sept. 10. The information sheets provide details about dirty bombs, anthrax, smallpox, sarin, the plague, and botulism, explaining what steps citizens should take in the event of a public health emergency and where they should go for treatment. The information sheets have a blank chart where important information can be filled in, including information about personal emergency contacts, medical conditions, allergies, family member blood types, and local hospitals.
(go to web site) "Rebels Attack Colombian Power Pylons"
San Jose Mercury News (CA) (09/07/05) ; Toro, Juan Pablo Approximately 2.4 million people in Colombia have been left without electricity this week after the Revolutionary Armed Forces of Colombia (FARC) terrorist group blew up energy towers and communications towers. On Wednesday, 100,000 people along Colombia's Pacific coastline were left without electricity after FARC destroyed at least half a dozen energy tower pylons. And on Monday, FARC used dynamite to blow up pylons and communications towers in several areas, leaving 2.3 million citizens without electricity. The government is compensating by importing energy from Ecuador.
(go to web site) "Quarterbacking the Super Bowl"
Security Management (09/05) Vol. 49, No. 9, P. 102 ; Wolf, Robert Coordination of the massive security effort for the NFL's Super Bowl XXXIX, held earlier this year in Jacksonville, Fla., went smoothly even though numerous federal, state, and local agencies were involved. The Jacksonville Sheriff's Office was chosen as the lead agency in charge of security for the event, and Sheriff John Rutherford was named the incident commander, giving him final authority over the entire security effort. By placing Rutherford in charge, the possibility of turf battles was eliminated, and with Rutherford the unquestioned leader, he began reaching out to dozens of other agencies for help in securing the event. Jacksonville has an excellent emergency-operations center that allowed 16 separate groups to operate from; these groups included law enforcement, fire and rescue, public health, medical emergency response, transportation, communications, and the U.S. Coast Guard. Security for the Super Bowl included more than just the game itself--there were events being held at 35 separate venues in the days leading up to the game, so it was decided that numerous large security centers should be created around Jacksonville to help coordinate the security effort. These security centers included a top-level command post; a communications center; the Marine Operations Center; bomb management centers; and on-site NFL security booth. Those involved with the security effort passed on several lessons that can be applied to future Super Bowls or similar invents, including the importance of getting started early on planning for the event; making use of technology; and ensuring that tools and technology are distributed to front-line personnel.
(go to web site) 
"6 Ways to Survive Major Internet Attacks"
Federal Computer Week (09/05/05) ; Robinson, Brian Federal Computer Week (FCW) technology editor Rutrell Yasin and associate editor Florence Olsen moderated a recent FCW roundtable that involved seven information technology security officials from government and industry. The group discussed the six methods of surviving a major, Internet-based attack. Justice Department CISO Dennis Heretick recommended implementing at least five layers of defense policies, procedures, and technologies, such as firewalls, intrusion-detection systems, and encryption. NetForensics senior architect Edward Schwartz agreed but included real-time situational awareness, or immediate detection of malicious network behavior, as the best defense against attacks. Citadel Security Software's Bob Dix believed the best defense against attacks is leadership from the highest levels of government, such as the federal CIO. The Office of Management and Budget suggested federal agencies make all IT products and service purchases directly through the agency in order to reduce spending and increase security with government-wide security standardization and common security standards. Dix was concerned about a dismissal of cybersecurity threats among federal agencies, because the possibility of an attack is growing and could prove devastating based on the amount of personal data agencies store on their networks. Sourcefire security engineering director David Thomason emphasized that an increase in liability, rather than a growth in regulation, is likely to influence agencies and companies alike to increase focus on cybersecurity issues. Heretick believed work should be done to ensure network security while maintaining a high level of network access and service. Schwartz asserted that college and universities can help the situation by offering coursework in cybersecurity along with already established computer science and IT programs.
(go to web site) "A Safe Bet?"
Information Security (08/05) Vol. 8, No. 8, P. 26 ; Proctor, Paul As part of a comprehensive enterprise monitoring strategy, network anomaly detection systems (NADS), which are designed to monitor network traffic and alert network and security managers of any suspicious activity, offer detection of zero-day exploits, automated profiling and tuning, and focus on events missed by traditional intrusion detection applications (IDS). One company, after dealing with Nimda attacking 70 percent of its servers, installed a NADS and was able to detect the MyTob virus within minutes, while the company's IDS and other security did not spot the attack. NADS is also beneficial in that it helps ensure compliance with security regulations, detects unauthorized applications, finds misconfigured systems, and points out network traffic loads and bandwidth consumption. NADS is most effective using the largest number of behavior and event types possible and in a stable and consistent network environment. People who perform in network operations that require enterprise-specific contextual knowledge can especially benefit from NAD devices that help enterprises draw insights on network behavior and traffic. NADS are particularly effective in areas engaged in obvious behaviors, such as denial of service attacks.
(go to web site) "Anti-Spyware Gets HIP"
IT Architect (09/05) Vol. 20, No. 9, P. 61 ; Conry-Murray, Andrew Anti-spyware software is expected to transition from threat-specific technologies to Host-based Intrusion Prevention Systems (HIPS) as vendors deploy proactive solutions that block new and unknown spyware programs from PCs. Such solutions are likely to be increasingly compelling for security architects as the development of spyware continues without respite and end users continue to install spyware-laden programs despite repeated warnings. Most anti-spyware programs use signatures and are only effective against programs that are already defined in the threat database, while the increasing difficulty of removing spyware once installed makes proactive prevention all the more urgent. Some vendors offer behavior-based spyware detection technologies that can thwart the installation of spyware on enterprise desktops without the use of signatures, although such solutions carry with them the risk of false positives. "The market is warming up to the notion that existing signature-based solutions aren't providing adequate malware prevention," says Finjan's Nick Sears. "Customers are looking to alternative solutions." Other anti-spyware options deliver protection at the network gateway by scanning incoming Web traffic for spyware and adware, preventing spyware on a PC from linking to a remote server on the Internet, and stopping end users from surfing to established sites for spyware or adware. However, none of the gateway products can protect mobile users outside the corporate environment.
(go to web site) Abstracts Copyright © 2005 Information, Inc. Bethesda, MD |
No comments:
Post a Comment