| | 
"Security Camera New Star Witness"
Washington Post (10/08/05) P. B1 ; Ruane, Michael E. Surveillance camera footage has become one of the best sources of crime-scene evidence, according to many prosecutors. Grant Fredericks, forensic video analyst with the nonprofit Law Enforcement and Emergency Services Video Association, says fingerprints used to be the big mainstay of crime-scene evidence, but that role is now filled by security systems. "There's more visual evidence at crime scenes today than any other evidence," says Fredericks. Surveillance cameras have proved useful in many types of cases, including terrorism, robberies, kidnappings, murders, thefts, fraud, and burglaries. Surveillance cameras are found everywhere these days: Banks, stores, train stations, schools, ATMs, highways, and rooftops. Along with the proliferation of surveillance cameras has come a boom in forensic video analysis positions, with hundreds of law enforcement agencies across the United States now employing video analysts. As an added boon, experts say criminals are more likely to make confessions when they realize they have been caught on video. There are more than 26 million surveillance cameras in the country, according to estimates from one video security firm. "In the absence of any human witness, the video might be your only witness," says surveillance video expert Thomas C. Christenberry of the University of Indianapolis.
(go to web site) "Expert: Crooks Are More Creative"
St. Petersburg Times (FL) (10/09/05) Loss-prevention professionals in the modern age serve as a type of internal police force for retailers, says Dan Doyle, chairman of the National Retail Federation Loss Prevention Council. Doyle, who is also the vice president of loss prevention and human resources at the Beall's retail chain, explains that about one-third of loss-prevention professionals now have a college degree and that technology is making an increasing impact on the field. At Beall's, the role of loss-prevention specialist now encompasses homeland security issues, disaster preparedness, inventory control, and investigations into discrimination or sexual harassment. The role of technology has increased dramatically since the 1980s, said Doyle, noting that the average department store now has 15 to 20 surveillance cameras in addition to cameras that cover the parking lot. Security vendors are creating software that causes surveillance cameras to automatically record movements such as customers putting items into their pockets. Shoplifting now accounts for only 34 percent of inventory losses, compared with 47 percent for employee theft, and Doyle says that shoplifters do not fit into typical profiles. People use numerous shoplifting tactics, including dropping rings into soda cans that are half-full, placing items in the blankets of a baby stroller, placing items in body cavities, and using children as props. At Beall, Doyle and his staff look for suspicious activity that could indicate the presence of shoplifters, including people wearing out-of-season clothing and people who look around a lot while handling items.
(go to web site) "Employee Theft Plagues Small Business"
Canada.com (10/11/05) ; Jamieson, Jim Small businesses are plagued by employee theft, according to recent studies, with some workers borrowing company equipment to perform jobs after work hours or using company credit cards to pay for their spouse's gas. Experts warn that small business owners are often taken advantage of because they seek to create a workplace family for their workers, but a few bad workers can ruin a company's reputation and cost them money in liabilities. In 2004, the Retail Council of Canada reported that internal theft was the leading cause of retail losses, not external theft. Moreover, Ernst & Young discovered through its studies that 66 percent of firms had been victims of corporate theft, with 55 percent of fraudsters found among management employees. Human resource professionals should investigate credit histories, criminal backgrounds, and references of all workers in order to stave off employee theft; personal references are not as effective as employer references at gauging trustworthiness. Moreover, experts note that fraud assessments should be conducted to ensure that vulnerabilities are shored up to prevent temptation.
(go to web site) "Threats in the Workplace: The Thunder Before the Storm?"
Security Journal (Quarter 3, 2005) Vol. 18, No. 3, P. 45 ; Kenny, James F. Just as thunder warns of the possibility of violent weather approaching, threatening workplace communications and behaviors warn of the possibility of impending workplace violence. There are several steps organizations can take to mitigate the risks of such threats, including having a good crisis plan in place and implementing a written workplace violence policy that specifies what types of behaviors are inappropriate. Steps also can be taken during the hiring process by conducting thorough background checks, verifying references, and good interviewing. Some companies use "threat assessment teams" to identify workplace violence threats, and an effective response to these threats normally requires the help of team members from top management, security, local law enforcement, union officials, labor relations, legal, and counseling. When a workplace violence threat comes to the company's attention, the company needs to act decisively but properly, ensuring that the rights of the alleged perpetrator of the threats are being protected. Experienced investigators should conduct an investigation of the matter, being sure to get information from the targets of the threats, the perpetrator, and witnesses. In many cases of workplace violence, the violence is preceded by a series of threats that are ignored or downplayed, because managers and workers are unsure how they should react to the situation. Management should provide employees with threat and violence prevention training and conflict management and communications techniques.
(go to web site) "How to Protect the Data?"
Banking Strategies (10/05) Vol. 81, No. 5, P. 71 ; Milligan, Jack The most important element of a good data recovery program is the offsite storage of all critical information. The data should also be encrypted in case it is stolen or lost, and larger financial institutions normally have a backup data processing center that is physically located near their main operations facility. Some larger firms also have data centers located far from the primary site so that no single event--such as a power grid failure--causes both centers to shut down. Companies should consider both cost and performance when formulating a process to store data, experts say. Experts strongly recommend that companies avoid the typical tape storage process, by which banks back up their critical data to tape each night and then have the backup tapes delivered via courier to an offsite storage location. This approach is fundamentally flawed and will inevitably result in data getting lost while being physically transported, according to experts. Some companies use the Internet to back up data in real time and store it offsite on disks, which avoids the possibility of losing important data that is being physically transported. It is important that banks and other firms regularly test their disaster recovery systems, and risk assessment consultant Cynthia A. Bonnette recommends that firms test various parts of their business continuity and disaster recovery plans throughout the year, on a staggered schedule.
(go to web site) "Will Rage Turn to Rampage?"
Security Management (10/05) Vol. 49, No. 10, P. 66 ; Karr, Karen Employees with mental impairments who threaten violence against co-workers or customers may have protections under the Americans With Disabilities Act (ADA), meaning that companies must proceed deliberately and carefully when considering how to respond to the threat posed by the worker. The ADA mandates that employers must not discriminate against qualified individuals with a disability and that they must make reasonable accommodations for these individuals--except in cases where an employee poses a "direct threat" to workplace safety. The ADA defines a "direct threat" as someone who poses a "high probability" of committing "substantial harm," meaning that speculative or remote risks do not meet the standard of the definition. Thus, an employee who makes a one-time, minor threat in a joking manner does not meet the standard of a direct threat, but an employee who makes a one-time serious threat or a series of threats does meet the standard. The courts have made clear that employees who have assaulted a co-worker or pose a significant threat of such an assault can generally be fired without fear of any ADA violation, even if the employee has a mental impairment. Employers must be careful about asking employees to take a psychological examination because the ADA prohibits employers from discriminating against employees based on a "perceived" disability. Thus, an employee who has been asked to submit to a psychological exam could attempt to claim that the request is evidence that the employer perceives him as being disabled.
(go to web site) 
"Pentagon Plans to Beef Up Domestic Rapid-Response Forces"
Washington Post (10/13/05) P. A4 ; Tyson, Ann Scott Active military personnel will play a much greater role in responding to terrorist attacks, hurricanes, avian flu pandemics, and other large-scale disasters, under terms of a new plan being considered by the Pentagon. The plan is part of a federal government review of the lessons learned from Hurricane Katrina. "It is almost inevitable that the Department of Defense will play a very substantial role in providing resources, equipment, and other capabilities in response to a catastrophic event," said Paul McHale, assistant secretary of defense for homeland defense. In the event of an outbreak of avian flu or other disease, the military would help enforce a quarantine, though the National Guard would initially take up those duties, as ordered by state governors. "We are looking at a wide range of contingencies potentially involving [federal troops] if a pandemic outbreak of a biological threat were to occur," said McHale. The plan calls for the U.S. military to quickly respond to large disasters, including category 4 hurricanes and nuclear-based, chemical-based, or biological-based terrorist attacks. The military's response would be fast but temporary, with responsibilities quickly ceded to civilian authorities.
(go to web site) "Police: Stolen Plane Not Part of Plot"
Miami Herald (10/12/05) ; McGhee, Bernard A 10-seat charter jet was stolen from an airport in St. Augustine, Fla., and flown to an airport near Atlanta, roughly 350 miles away, over the weekend. Authorities do not believe that the theft of the $7 million Cessna Citation 7 was part of a terrorist plot, but Mohamed Atta and another Sept. 11 hijacker trained at the Gwinnet County (Ga.) Airport-Briscoe Field, which is where the stolen Cessna was found on Monday. A spokeswoman for the Georgia Office of Homeland Security declined to comment about the Georgia airport's security measures. The plane was stolen from the St. Augustine Airport sometime between midnight and 5 a.m. Saturday and landed at the Georgia airport sometime between 9 p.m. Saturday and 6 a.m. Sunday, and there was visible damage to the front edge of one wing. Bryan Cooper, assistant manager at St. Augustine Airport, theorizes that someone used one of three methods to enter the airport and steal the plane. Cooper believes that the thief either had a key or other form of authorized access to enter the airport, or they flew in and landed at the airport, or possibly climbed over the airport fence. The plane landed during a time when the Gwinnet County airport's control tower was not operational, and the thief likely left the airport via an automatic gate.
(go to web site) "Mobiles Not Disaster Answer: Expert"
News.com.au (10/14/05) ; Barnett, Darrin The chief executive of the London Ambulance Service is warning that mobile phones are not a reliable communications tool during large emergencies like the London subway bombings that took place this past July. Peter Bradley says that during the London attacks, mobile networks were for all intents and purposes unusable because millions of frantic people overloaded the system by using their mobile phones to call friends and family. Bradley made his comments during the national conference for the Australian College of Ambulance Professionals. "We were too reliant on mobile telephones and we've learned a lesson there because inevitably everybody used the phone--for phoning home, phoning relatives--and the network couldn't cope with the demands," said Bradley. "Getting communications to the London Underground was also a big issue for us, so we're making sure we work hard with other services to make sure we can actually communicate underground." Some experts believe that mobile networks should be purposely shut down during terrorist attacks to prevent terrorists from using mobile phones to detonate bombs.
(go to web site) "Castle Pushes for Train Security"
Delaware Online (10/12/05) ; Harty, Kristin Rep. Mike Castle (R-Del.) has announced plans to introduce legislation that would increase the security of the U.S. rail system. His legislation, the Rail Security and Public Awareness Act of 2005, would be based on many of the recommendations in a recently released Government Accountability Office report on rail security. Castle's bill would mandate that rail workers receive security training and would provide grants for these training programs, as well as funding for security technology and personnel. The bill would also force the U.S. Department of Homeland Security (DHS) to examine the possibility of adopting rail security techniques that have a proven record of success in other countries, including baggage and passenger screenings. Likewise, the DHS would be put in charge of developing rail security public awareness campaigns, and the Transportation Security Administration would be forced to develop a timeframe for creating an all-encompassing rail security policy for the entire nation. Amtrak spokesman Jon Tainow says that public awareness is a key component of rail security, citing New York City's transit security public awareness program, "If You See Something, Say Something," as an example of a good program.
(go to web site) "Fees to Fuel 'Trusted Traveler' Program"
USA Today (10/10/05) ; Frank, Thomas Congress on Friday approved a request by the Department of Homeland Security to charge background-check fees to travelers who participate with the Transportation Security Administration's (TSA) Registered Traveler program. The fees will be used to provide funding to the program, which is set to be expanded to any airport that wants to participate. Several airports are waiting for the TSA to introduce guidelines that give airports the authority to set up their own Registered Traveler programs. Half a dozen or so airports are said to have a strong interest in the program. To participate with the program, travelers must get a background check. The aim of the program is to allow security screeners to focus more attention on travelers who have not received background checks.
(go to web site) "U.S. to Boost Security at Nation's Chemical Sites"
Tennessean.com (10/11/2005) ; King, Ledyard The Department of Homeland Security was told by Congress last week to create a plan for improving security at the nation's chemical plants. The American Chemistry Council (ACC) agrees that chemical plants should adhere to federal security standards. "We believe a national program is more effective than an incomplete patchwork of potentially conflicting state efforts that could arise in the absence of federal action," said ACC President Jack Gerard. However, the chemical industry does not believe that plants should be forced to house fewer chemicals on their sites or replace potentially volatile chemicals with safer substitutes. Sen. Jon Corzine (D-N.J.) said that unprotected chemical plants are a disaster waiting to happen and a threat to national security. Corzine and Sen. Susan Collins, who chairs the Senate Homeland Security and Governmental Affairs Committee, are collaborating on legislation that would force chemical plants to implement specific security measures if they store toxic chemicals.
(go to web site) 
"10 Ways to Wireless Security"
ZDNet UK (09/30/05) ; Shinder, Deb Encryption is the most important aspect to wireless network security, and many wireless access points (WAPs) do not arrive with encryption enabled by default. WAPs generally support the Wired Equivalent Privacy (WEP) protocol, but any knowledgeable hacker can crack it due to several vulnerabilities. Stronger encryption with WEP is ensured by using 128-bit WEP over 40-bit and setting the WEP authentication method to "shared key" rather than "open system." Even stronger encryption is achieved by eliminating use of WEP in favor of the Wi-Fi Protected Access (WPA) protocol, but the protocol must be supported by the WAP, network access cards, and the existing wireless client software. Another important component to wireless network security is changing the default administrative passwords, which are common knowledge among hackers. Passwords should contain at least eight characters and consist of alpha and numeric characters but avoid words found in the dictionary. Most WAPs, by default, broadcast the Service Set Identifier (SSID) or wireless network name; therefore, the name shows up on the list of available networks. Turning off SSID is one form of security that means users must know the network name in order to gain access, and another is changing the default SSID. Another simple security method is to turn off WAP when not in use in order to prevent the opportunity for attacks when the system is unused. Implementing media access control (MAC) filtering means computers granted access are placed on a white list, while communication from addresses not on the list will be refused. Isolating the WAP from the LAN, and using directional antenna rather than default omni directional antennas when extending the network range cab bolster security. Another wireless security idea is to transmit on a different frequency from the common 802.11b/g to hide from the most common network access cards.
(go to web site) "Can Secure VoIP Interoperate?"
VoIP Magazine (10/03/05) ; Stegh, Christian; Gilman, Bob; Klein, Alan Despite voice over Internet Protocol's (VoIP) longstanding promise of interoperability, it has largely proven to be mutually exclusive with security, as was recently acknowledged by the authors of Session Initiation Protocol (SIP). Security issues also plague that standard's predecessor, H.323. Despite the inherent differences in the two protocols, both have limited security provisions built in natively, though their implementation is frequently optional. SIP proxies and endpoints use a common authentication mechanism based on challenge-response, known as Digest. Even though some SIP solutions only authenticate for certain services, different SIP vendors still enjoy a high degree of interoperability. One of the roadblocks to H.323 authentication interoperability among vendors is the different algorithms used. SIP and H.323 both have difficulty integrating authentication through a central directory or AAA server. Transport Layer Security (TLS) encrypts signaling between SIP devices, though it stops short of end-to-end encryption. Though it is difficult to implement, there is a standard for encrypting the substance of an SIP message through S/MIME and certificate-based cryptography, providing end-to-end encryption. The other organ of VoIP security, media encryption, is more important to many organizations, as transmissions such as audio streams can be intercepted with relative ease. Secure Real Time Protocol (SRTP), the most recent standard for media encryption, has seen widespread application, though it too suffers from interoperability issues concerning the manner in which the session is established. VoIP lags behind the Web in its ability to develop interoperable signaling and media encryptions that can add and remove certificates and define the scope of what validation means. Although VoIP security is improving generally, encryption poses many challenges to the creation of firewalls, and the most secure solutions remain vendor-specific.
(go to web site) "Strange Brew"
SC Magazine (09/05) P. 30 ; Carr, Jim Corporations are dealing with a massive amount of cyberattacks, including everything from spam to denial-of-service attacks, that are largely coming from an army of infected consumer systems. Gartner reports $929 million in 2004 losses for consumers due to phishing, viruses, and other cyberattacks. Also, cybercriminals are designing combination attacks, such as a pharming attack preceding an attack on DNS server software that allows for the redirection of Web site visitors to another Web site. Although no official statistics are known on the number of blended attacks, the Computer Security Institute/FBI 2004 Computer Crime and Security Survey, which involved about 700 respondents, determined corporate losses from cyberattacks dropped 61 percent to $204,000 per enterprise in 2004 compared to $526,000 per enterprise in 2003. Computer Economics Mark McManus agrees with the survey in that attacks appearing in 2005 are significantly less severe and less expensive to corporations than those seen during the same period in 2004. Meanwhile, a host of security solutions firms is continuing to assert that the amount of cyberattacks is growing and therefore the need to strengthen security is growing as well. Threat-assessment company Mynetwatchman.com founder Lawrence Baldwin says the main issue is the tens of thousands of infected consumer systems that send out up to 2 GB of spam per day as well as largely unprotected consumer endpoints. These systems are the strongest enemy of corporate IT departments. The solution is for organizations to implement blended layers of security to fight off the growing number of cyberattacks.
(go to web site) Abstracts Copyright © 2005 Information, Inc. Bethesda, MD |
No comments:
Post a Comment