| | 
"30-Minute Bomb Patrol by City Centre Workers"
Leeds Today (09/15/05) ; Woodward, Grant Businesses and restaurants in Leeds, the United Kingdom, including local McDonald's and Starbucks stores, have heightened their awareness due to the possibility that Leeds is next on terrorists' list of targets. One employee of an unnamed fast food restaurant says that employees are being told to examine the restaurant's trash bins for bombs every 30 minutes. Many other restaurants are doing the same thing, the employee said. Businesses in Birmingham and Bradford are also said to be conducting regular checks of their trash bins. The wariness stems from a terrorism report released last month by the Center for Defense Studies at King's College; the report predicted that terrorists' next target might be areas with a large Muslim population, such as Leeds and Bradford, in order to heighten tensions within the local communities. The report predicted that the new targets would not include public transit. A McDonald's spokeswoman said that the safety of the company's employees and customers is a high priority. "To this end, we have always had site-specific security systems in all of our restaurants, and our management teams are trained in security procedures," the spokeswoman said. A spokeswoman for Starbucks also noted the importance of employee and customer safety, adding that the company is following the advice of law enforcement authorities. Employees of some businesses are being told that they should be especially wary of suspicious packages during their busiest times of day.
(go to web site) "At Wal-Mart, Emergency Plan Has Big Payoff"
Wall Street Journal (09/12/05) P. B1 ; Zimmerman, Ann; Bauerlein, Valerie Wal-Mart's contingency and emergency planning strategies helped many area stores reopen quickly with power generators, dry ice, bottled water, and other supplies shipped from warehouses before Hurricane Katrina made landfall. A little over 120 stores were shutdown in the Gulf Coast region, and half of those lost power, while some experienced flooding and 89 reported damages after the hurricane struck. Almost all of the retailer's stores have reopened, and in many cases the retailer's contingency plans beat out relief aid from Federal Emergency Management Agency (FEMA) workers. The network that Wal-Mart uses to distribute its goods to various locations across the nation became an asset in the preparation to prevent hefty losses during Hurricane Katrina, and FEMA was often left scrambling for resources and workers to aid the displaced and disenchanted. Critics view Wal-Mart's achievements as a way for the retailer to improve its public image and repair the damage that various discrimination lawsuits have done. Even when the computerized inventory system was not working, Wal-Mart called individual stores on the Gulf Coast to find out what supplies were needed and began filling inventory orders. Moreover, the firm has donated millions of dollars in basic supplies, including diapers and toothbrushes to relief centers, but the retailer is not the only company aiding workers and residents in the region; other large retailers are helping out as well.
(go to web site) "Security Policy 101: A S-OX Primer"
Sarbanes-Oxley Compliance Journal (09/12/05) ; DiPietro, Joe While many experts say that security in general is the main obstacle that stands between a company and compliance with the Sarbanes-Oxley Act, it is actually the security policy process which prevents the majority of companies from achieving complete compliance. When most companies write a security policy, the policy statement undergoes a manual and error-filled process that contains several distinct and time-consuming stages: determination, translation, deployment, and verification. Unfortunately, this manual process, in addition to being filled with mistakes, wastes time and resources and imparts no confidence to members of senior management. Instead of undertaking a manual process to write a security policy, companies should automate that process, which fixes many of the problems found in each step of the manual policy configuration process. Such a process does not mean giving up control to a machine, but instead means gaining control of a complex, task oriented, and time consuming process; having better information, fewer hassles and greater confidence in the accuracy of the company's security posture; and automating across everything in the company's IT infrastructure, not just one or two technologies. Automated policy configuration is built upon a central policy engine which is designed to specifically lay over existing security management systems. This central policy engine interprets plain business language precisely and impartially, translating into the appropriate technical language of all the technology assets in the IT infrastructure. This results in the consistent application of security policy, without the human translation factor, and a set of security parameter instructions that are easily communicated instantaneously throughout the IT environment.
(go to web site) "Bush: Let's Simplify Checks for Schools"
St. Petersburg Times (FL) (09/10/05) ; James, Joni Florida Governor Jeb Bush warns that failure to resolve difficulties related to the criminal-background check requirement under the Jessica Lunsford Act will eventually cost citizens more in taxes. The act calls for criminal background checks of all school vendors, but has proved difficult to implement. Every one of the state's 67 school districts have individual deals with vendors, which is requiring companies with a regional presence to pay for multiple background checks. In addition, the majority of school districts are far behind in background check requests. Some schools have restricted vendors from entering their grounds when students are present, while others have a school employee watch vendors or have taken few steps to enforce the law. Critics of the requirement include the Associated Builders and Contractors, Association of General Contractors, and even school district officials. Opponents contend that the fingerprinting and criminal background checks required under the act should be eliminated in favor of checking vendors against state and federal sexual offender databases. However, Jeb Bush and prominent lawmakers are unlikely to support stripping the law's requirements. The governor has proposed eliminating multiple payment requirements for businesses that operate across different school districts.
(go to web site) "Robberies Become Disturbing Trend"
Medford Mail Tribune (09/13/05) ; Moran, Jack Authorities in the area of Medford, Ore., are dealing with a rash of bank robberies, with half a dozen Medford banks having been robbed since May. Local banks have responded by increasing their awareness. The Southern Oregon Financial Fraud and Security Team (SOFFAST), composed of bank officials and law enforcement officers, is active in the fight against criminals who target financial institutions. SOFFAST President Shelly Miller has the responsibility of sending email alerts that inform all local banks of any bank robbery attempt as soon as law enforcement makes her aware of an occurrence. Earlier this week, she sent an email alert to all area banks after a police officer responding to a bank robbery in progress informed her of the robbery. "I sent it right out to everybody," Miller says, explaining that the emails "put us all on immediate alert and give us a heads-up in case there's anything suspicious, even if a [robbery] happens on the other end of town."
(go to web site) "Wireless Web Surfers Beware: There Are Pirates About"
Kansas City Star (09/13/05) ; Wenske, Paul The growing number of businesses and individuals who are using Wi-Fi networks leave themselves vulnerable to intruders who can tap into their connection just as nosy neighbors could with the old telephone party lines. Wi-Fi pirates can co-opt a connection to surf the Web at someone else's expense, and can even monitor the legitimate user's activity, read emails, and intercept sensitive information. On a half-hour tour of downtown Kansas City, a group of reporters from the Kansas City Star detected 228 wireless routers, with 102 unprotected by passwords. The existence of readily available networks in public areas presents a thorny legal issue, as many jurisdictions do not have precedent determining the legality of a user tapping into someone else's wireless connection in a public setting. Some are more inclined to treat the signals as radio waves, rather than as a physical cable that someone splices into. The most malicious threats come from pirates who use someone else's connection to send unsolicited email or viruses, or to download child pornography. Wi-Fi users can protect themselves to some degree with firewalls and the Wired Equivalent Privacy (WEP) encryption tool. WEP alone will not keep the most savvy intruders out, but WEP used in conjunction with updated antivirus programs, enabled Medium Access Control authentication settings, and the general practice of not sending sensitive files over Wi-Fi connections will go a long way toward protecting users' network connections. "It's like locking your car when you go to the store," said Gary Minden, a computer science instructor at the University of Kansas. "It's a bit of a hassle, but you know the value of locking your car. It's the same thing with your network."
(go to web site) "Security: It's Not All About Hackers"
Campus Technology (09/05) ; Gale, Doug When universities consider cybersecurity and the threat posed by outside hackers, they must also take a hard look at physical security. As one doctor at a top university hospital noted recently, all that is needed to obtain patient records from computer systems is a white lab coat and a clipboard. Access-control security technologies can be placed in three categories: "something you have," such as a photo ID or key to a door; "something you are," such as biometric devices that are based on a person's identifying characteristics; and "something you know," such as a password. One way higher-education facilities can protect the security of their campus computer networks is through two-factor authentication, which ensures that only authorized personnel access computer facilities. Two-factor authentication provides security based on "something you know," such as a password or PIN, and "something you have," such as a token or key. Checkpoints or coded card readers that use two-factor authentication can be used to control access to computer facilities. Among the advantages of two-factor authentication are that the technology is reasonably priced and convenient. When considering the physical security of a campus, the first step is to conduct a risk assessment, and the use of biometrics generally should be reserved for environments that require exceptionally strong security.
(go to web site) 
"Officials Rush to Prepare Coastal N.C. for Ophelia"
Washington Post (09/15/05) P. A1 ; Cooperman, Alan As Hurricane Ophelia lashed the North Carolina coast, the Federal Emergency Management Agency (FEMA), along with local and state leaders, was doing its part to ensure that the emergency response to the hurricane would be adequate. A FEMA spokeswoman says the agency has placed its emergency operations centers on 24-hour alert and has 50 rescue aircraft standing by. Three FEMA response teams have been readied, along with medical supplies and 100 medical personnel in Raleigh, N.C., and three other response teams were placed in Virginia and Maryland in case the hurricane heads north. Some 200 members of the North Carolina National Guard have been activated, and 200 others have been put on standby. The National Guard has also readied four-wheel-drive ambulances and all-terrain vehicles. Many local residents have decided to weather the storm, despite a mandatory evacuation order, frustrating local officials. Emergency officials have stockpiled reserves of water, military rations, and ice, in case it is needed, and the National Forest Service has deployed 10 chain-saw teams to remove downed trees.
(go to web site) "L.A., Melbourne Targeted in Purported Al Qaeda Tape"
Los Angeles Times (09/12/05) ; Schmitt, Richard B. Los Angeles and Melbourne, Australia, have been singled out as Al Qaeda's next terrorist targets, according to a videotape that was delivered to ABC News on Saturday. The tape shows a man believed to be homegrown terrorism suspect Adam Yahiye Gadahn--previously known as Adam Pearlman--warning that an attack on the United States could come at any moment if American troops do not pull out of Iraq and Afghanistan. "Yesterday, London and Madrid," the speaker warns. "Tomorrow, Los Angeles and Melbourne, Allah willing." The man on the tape, wearing a black turban and scarf that conceals everything but his eyes, speaks for 11 minutes. Gadahn, a native of Southern California who converted to Islam when he was young, is believed to have left the United States in 1998. Gadahn has emerged as a spokesman of sorts for Al Qaeda, and he appeared in another Al Qaeda video that was released right before the U.S. presidential election in late 2004. U.S. officials say that despite the release of the most recent video, they have no credible or specific information about a terrorist threat to Los Angeles.
(go to web site) "Homeland Security Spent $16.8B for Relief"
Washington Post (09/15/05) As of Wednesday morning, the Department of Homeland Security (DHS) had allocated $16.8 billion to relief efforts for Hurricane Katrina, with $5.1 billion going to Louisiana, $3.6 billion to Mississippi, $2.7 billion to Florida, and $1 billion to Alabama. Of the total funding, $5.6 billion was allocated to food and water, housing assistance, crisis counseling, and other human services programs, while $4.9 billion went to search-and-rescue teams, transportation, salaries, and other administration costs. The DHS allocated $42.6 million to 26 states and the District of Colombia that took in hurricane evacuees. The department currently has $48.5 billion left in its disaster relief fund.
(go to web site) "School Gets $21 Million for "Dirty Bomb" Research"
Newsday (09/12/05) The National Institutes of Health has granted the University of Rochester $21 million to conduct medical research related to radioactive "dirty bombs." The grant extends over five years. At the present time, there is little treatment for victims of a dirty bomb, says Paul Okunieff, chairman of the university's Department of Radiation Oncology. "With this funding, we are able to fast-track the science and develop concrete plans to monitor and treat people in the event of a radiological attack," says Okunieff. The project has several goals, including the creation of drugs that would prevent or mitigate the effects of radiological poisons; the creation of techniques to quickly determine how much radiation victims have been exposed to; and the creation of models to quickly test new drugs. The university is one of seven research centers that have been charged with conducting research into radiation exposure.
(go to web site) "Mass. Reworks Disaster Plan"
Boston Globe (09/12/05) P. A1 ; Helman, Scott; Ebbert, Stephanie The state of Massachusetts is revising its disaster plans in the wake of Hurricane Katrina, with Cristine McCombs, director of the Massachusetts Emergency Management Agency, calling for an increase in the number of disaster training drills conducted. Both state and local officials say that Massachusetts is prepared to handle a terrorist attack or natural disaster, but they also say that additional preparations must be made for a catastrophic disaster on the scale of Hurricane Katrina. The state intends to form a task force that will focus on planning for a Category 5 hurricane, and in Boston, city officials are revamping the city's evacuation and relocation plans. Boston's current evacuation plan, dubbed "Operation Exodus," calls for residents to willingly leave the city under their own power, but city officials are revising the plan after witnessing events in New Orleans, where many residents did not have the means to leave the city. Boston Director of Homeland Security Carlo A. Boccia has been put in charge of revising the evacuation plan, and he says that one of the most difficult questions confronting him is how to get people out of different neighborhoods if there was an incident that prevented people from leaving the city. Boccia said that if a disaster occurs, city residents would be advised of the evacuation plans via radio, television, and maybe even messages sent to cell phones and PDAs. Boccia intends to form agreements with arenas and shelter facilities to house potential evacuees, and medical equipment, water, and food could be stored in these facilities, he said.
(go to web site) 
"IT-Backed Workers Take More Net Risks"
TechWeb (09/14/05) ; Keizer, Gregg The backing of an IT department encourages more risky Internet behavior, according to new research from Trend Micro, which surveyed 1,200 computer users in the United States, Germany, and Japan. The study found that 39 percent of survey respondents had full faith that their IT departments would protect them from viruses, worms, spyware, spam, phishing, and pharming attacks, so they were more likely to open suspicious emails or click on unknown Web site links. Sixty-three percent of respondents who admitted risky online behavior did so due to the protection of applications installed by IT staff, and 40 percent felt justified taking online risks due to the existence of the IT staff to provide immediate assistance. Trend Micro's Bob Hansmann says the study shows that companies need to both implement stronger security protections and continuously educate staff about the dangers of risky online behaviors even with the existence of a competent IT staff. The study also found that 48 percent of American workers admitted risky behavior compared to just 28 percent of Japanese workers, a gap Hansmann believes is due to American workers having a high level of trust in their IT departments or simply a lack of understanding about how security works and that users are responsible for their own actions. The study also found that workers are far more likely to click on unknown links and perform other risky behavior online when the equipment is not their own.
(go to web site) "A Human Connection to Intrusion Detection"
SearchSecurity.com (09/14/05) ; McKay, Niall Researchers at the University of Nottingham want to use the human body's immune system as a model for protecting computer systems. Computer science professor Uwe Aickelin and his colleagues are collaborating with immunologists at the University of the West of England in Bristol to build a computer intrusion detection system that has an artificial immune system. "The University of the West of England is carrying out 'wet' experiments to look at various aspects of cell behavior and passing on their findings to us," explains Jamie Twycross, research associate with the Automated Scheduling Optimization and Planning Lab at the University of Nottingham. "We use the results to try and build a computational model." The immunologists are employing the controversial "danger theory," which holds that a complex system that accesses the origin, seriousness, and frequency of the danger signals the human immune system. Twycross is working to recreate, for an artificial immune system, the process in which garbage-collecting dendric cells that roam the body transform into fighter cells to battle an infection. Similarly, the software would be able to assess threats to computer systems by gathering information from a number of sources.
(go to web site) "Key Spyware Call: Where to Protect?"
Network World (09/12/05) Vol. 22, No. 36, P. 1 ; Messmer, Ellen Spyware has quickly become a thorn in the side of many networks, but solutions to the problem are still evolving. Less-expensive, gateway-based filters eliminate spyware just as effectively as more expensive desktop software, concludes Burton Group's "Enterprise Strategies for Defending Against Spyware" report, which tested 18 anti-spyware products. Gateway-based filters also use fewer resources and are easier to use. However, Burton Group recommends companies use desktop software if they have a large number of mobile desktops due to easy infections. Burton says combining the gateway approach with desktop software is an expensive solution that many companies cannot justify in terms of cost or inconvenience. Burton Group believes the anti-spyware market is in its infancy and recommends organizations with low-risk systems consider waiting for new technology releases in the market before making any anti-spyware purchases. However, many organizations, even public schools, are considering anti-spyware purchases due to infections causing significant delays and decreased computer efficiency. Users concur that they will spend more regardless of what strategy they opt for. Radicati Group projects that the spyware market will skyrocket from about $100 million today to upwards of $1 billion in the next four years.
(go to web site) Abstracts Copyright © 2005 Information, Inc. Bethesda, MD |
No comments:
Post a Comment