| | 
"Campus Safety Gains Sharper Vision With New Breed of Surveillance Cameras"
Chronicle of Higher Education (04/27/07) Vol. 53, No. 34, P. 15 ; Fischman, Josh; Foster, Andrea L. To boost security in its dormitories, Johns Hopkins University relies on "smart TV," according to Edmund G. Skrodzki, executive director of campus safety and security. Over the past two years, the university installed 101 surveillance cameras in dormitories along Charles Street in addition to some off-campus sites. The cameras are linked to computer software that can determine such things as when a person has his or her arms in the air or a vehicle is moving in a suspiciously slow manner; the software also issues alerts to campus security. Skrodzki says the new cameras at Johns Hopkins have made the campus "more proactive rather than reactive," and have already helped catch a person trying to steal a motorbike and identify an armed thief. Campus crime at Hopkins has declined by 43 percent since 2004, and some of that can be attributed to the cameras, he says. Before installation of the cameras began, Johns Hopkins officials asked the student chapter of the American Civil Liberties Union to talk about the system in an effort to reduce concerns over privacy. The students learned, for example, that the cameras block out any footage of direct window views. The technology reflects the growing presence of camera-based surveillance at universities, which may increase even more in the wake of the April 16 Virginia Tech shootings.
(go to web site) "U.S. Officials Recommend Better RFID Security"
Network World (04/30/07) ; Brodkin, Jon Radio frequency identification (RFID) systems pose unique security challenges, which is why all organizations employing RFID devices should conduct comprehensive evaluations of the technology's potential security risks, suggests a new report from the federal government. Security and privacy risks stem from the fact that multiple organizations--including manufacturers, suppliers, and retailers--may handle RFID tags. Experts note that in hospitals, unauthorized RFID use or eavesdropping could lead to security breaches involving test results or dangerous materials. The report, which was mandated by Congress and released by the Department of Commerce's National Institute of Standards and Technology, includes hypothetical case studies. The report also delineates best practices for RFID use by federal agencies, hospitals, manufacturers, and retailers, such as using firewalls, encrypting radio signals, and authenticating approved RFID users.
(go to web site) "College Rampage Renews School Safety Concerns for K-12 Leaders"
Education Week (04/25/07) Vol. 26, No. 34, P. 1 ; Maxwell, Lesli A. The Virginia Tech shooting on April 16 has raised concerns over school security similar to those in the aftermath of the 1999 Columbine High School incident. Jill L. Martin, the principal at Thomas B. Doherty High School in Colorado, says students at her school are urged to notify officials if they see something out of the ordinary, and "students have become very aware that it can be a big mistake to ignore something." Gregory A. Thomas, who directs a school-preparedness program at Columbia University's National Center for Disaster Preparedness, notes that the Virginia Tech shooting "was perpetrated by a student shooter who apparently had showed many of the signs we've seen in the shooters that have done this in our high schools." The signs exhibited by the shooter, Seung-Hui Cho, include being uncommunicative, solitary, and writing alarming compositions, says school psychologist Cathy Paine. She recommends that school staff, including teachers, counselors, and administrators, look out for and report to the appropriate authorities any threatening writings, isolation, and depression. However, they also need to make that decision based on their knowledge of the student in a wider context, she says, including the observations of fellow students, parents, teachers, and school counselors.
(go to web site) "Respectful Cameras"
Technology Review (05/02/07) ; Borrell, Brendan University of California, Berkeley computer scientists have developed "respectful cameras," a new type of video surveillance technology that covers a person's face with an oval for privacy but removes the oval in the event of an investigation. Respectful cameras are still in the research phase, as they are only capable of covering someone's face if that person is wearing a marker such as a green vest or yellow hat, but the cameras could be a compromise between privacy advocates and those concerned about security, according to UC Berkeley computer scientist Ken Goldberg. The researchers used a statistical classification approach called adaptive boosting to teach the system to identify the marker in a visually complicated environment, and added a tracker to compensate for the subject's velocity and other interframe information. When the system was tested using a vest at a construction site, the marker was correctly identified 93 percent of the time, and under more uniform lighting conditions while testing a hat in a lab, the system was 96 percent successful, even when two marked individuals crossed paths. Goldberg said the marker is necessary as face-detection algorithms are not advanced enough yet, but that a less conspicuous marker, like a button, could be used, particularly with systems of multiple cameras. Still, even if privacy protection camera systems were widely deployed, there likely would be debate on how difficult it should be for governments and law enforcement to see fully unobscured video footage.
(go to web site) "Counterfeit Products and Faulty Supply Chain"
Risk Management (04/07) Vol. 54, No. 4, P. 58 ; Wald, Jerry; Holleran, Jack Counterfeiting and gray-marketing of a company's products are particularly frightening areas of risk for many businesses because they span strategic, operational, and reputational risks. However, effective risk management can help companies better protect their customers from counterfeit products and ensure that their supply chains are not corrupted. Johnson & Johnson's Medical Device & Diagnostic (MD&D) business recently discovered that unauthorized dealers were selling its products, which eventually led to MD&D products being mixed with counterfeits. After determining that some of the products being sold as MD&D were in fact counterfeit, the company sought the advice of consulting firm Ernst & Young to study business practices throughout the supply chain to determine which links in the chain were most vulnerable to integrity issues. Ernst & Young found the decentralized nature of Johnson & Johnson's operations resulted in too many disparate brand protection policies, which were deemed ineffectual as a means to protect brand image and reputation. In addition, having a single person at MD&D who would be responsible for brand protection would make it easier for the company to aggressively combat counterfeits. Consultants also suggested improvements be made to information gathering and reporting processes to ensure that problems were easily identified and quickly remedied. MD&D followed the advice of Ernst & Young, which the firm credits with improved monitoring programs and tracking for its products and marketing endeavors.
(go to web site) "Identity Theft: How Do We Manage the Risk?"
Claims (04/07) Vol. 55, No. 4, P. 19 ; Quinley, Kevin M. Identity theft can be a significant risk for both individuals and the companies managing individuals' data; the average monetary loss from identity theft hovers around $6,000, plus the amount of time victims spend closing fraudulent accounts and restoring damaged credit. In addition, the longer it takes consumers to notice the fraud, the more compounded losses become. Companies should be proactive in their strategies to reduce identity theft possibilities, and these strategies can mirror those already in use to mitigate losses from other risks. Insurance is always one of the major tools in the risk manager's arsenal; many insurers offer both stand-alone identity theft insurance and identity theft clauses for general policies. The most useful risk-management techniques, however, are likely to be in the area of loss control. Regular credit reports and the retention of important financial information will help consumers spot an identity-theft attempt soon after it occurs. Prompt filing of a report with the U.S. Federal Trade Commission should also help reduce potential fraud losses. Other techniques may include retention of enough funds to cover potential identity-theft losses, and behavioral changes to reduce consumer vulnerabilities, although to become totally invulnerable, a consumer would essentially have to stop participating in modern banking systems. Even though identity theft appears to be a consumer-oriented risk, third-party businesses may also find themselves at risk, especially if cases are successful at pinpointing inefficiencies in business systems that allowed consumer information to remain unsecured.
(go to web site) "Preparing a Workplace for Pandemic"
Risk & Insurance (04/07) Vol. 18, No. 4, P. 8 ; Fogg, Erin The Occupational Safety and Health Administration has released new safety guidelines for a bird-flu pandemic. Titled "Guidance on Preparing Workplaces for an Influenza Pandemic," the handbook classifies company operations into four zones, according to risk of exposure during an outbreak. The report includes recommendations for each category for work practices, engineering controls, and the use of personal protective equipment. Companies are also instructed on how to maintain operations during an outbreak and about the importance of educating employees and customers on social distancing and proper hygiene.
(go to web site) 
"U.S. Seeks Closing of Visa Loophole for Britons"
New York Times (05/02/07) ; Perlez, Jane The Department of Homeland Security (DHS), alarmed by the number of British Pakistanis who have been tied to terrorism plots against Britain, is talking with the U.K. government about ways to prevent U.K. Pakistanis from entering the United States via the visa-waiver program that allows U.K. citizens to enter the United States without a visa. There are about 800,000 British Pakistanis living in the United Kingdom, and these citizens make about 400,000 trips to Pakistan per year. The vast majority of these trips are legitimate, but some U.K. Pakistanis are using these trips to meet with extremists and receive terrorism training. The DHS is concerned that radicalized U.K. Pakistanis will travel to the United States without a visa to launch attacks against the United States; thus, DHS Secretary Michael Chertoff has been talking with U.K. officials for the past several months on ways to mitigate this threat. U.K. officials say that Chertoff is especially concerned about radicalized U.K. Pakistanis who do not have a prior criminal record--such as the ringleader of the U.K. fertilizer-bomb plot who was convicted on Monday. U.S. and U.K. officials are discussing several proposals, the most drastic of which would eliminate the visa-waiver program in its entirety. Another proposal would require that U.K. Pakistanis make visa applications for the United States, but this is considered to be politically sensitive.
(go to web site) "5 Britons Guilty in Bomb Plot; Tied to 2005 London Attackers"
New York Times (05/01/07) P. A1 ; Perlez, Jane; Sciolino, Elaine Two of five British Muslim men who were found guilty Monday of plotting to bomb targets around London had ties to two of the four suicide bombers who carried out the deadly July 7, 2005, attacks in London. This information was revealed during the trial but was revealed publicly for the first time on Monday because the judge overseeing the case had placed a gag order on the press until the conclusion of the trial. Monday's verdict marked the end of a one-year trial of seven suspects, five of whom were found guilty of plotting fertilizer bombings that targeted an airliner, a major shopping center, a popular nightclub, and public utilities. The five guilty suspects have been sentenced to life in prison. The evidence produced during the trial shows that the leader of the fertilizer bombing plot met several times with the leader of the July 7 bombings and that several of the fertilizer bombing plotters had trained at the same terrorist training camp in Pakistan as the leader of the July 7 plot. Thousands of police and investigators were involved in monitoring the fertilizer bombing plot, and two of the July 7 bombers actually came under investigation, but authorities ended this investigation after wrongly concluding that they were merely petty criminals who had loose contact with members of the fertilizer bombing plot.
(go to web site) "U.S. to Plug Border-Security Gap"
Wall Street Journal (05/02/07) P. A6 ; Block, Robert; Fields, Gary The Department of Homeland Security (DHS), recognizing the serious threat that stolen or lost passports pose to U.S. border security, will begin using Interpol's database of stolen passports by year's end. The Interpol Stolen and Lost Travel Document database will be used by U.S. Customs and Immigration officers at 225 U.S. points of entry. Interpol made the database available to the U.S. government about two years ago, but until recently the DHS was reluctant to use the system, citing the system's inconsistency and slowness, among other things. This two-year delay has prompted criticism from some observers. DHS spokesman Russ Knocke said that technology procurements related to the Interpol database are already underway. "It's going to be an added tool for front-line personnel and an important contribution to their decision-making about who they let into the country and who they send back," Knocke said.
(go to web site) "Cargo Screening Finally Taking Off"
Los Angeles Times (04/30/07) ; Oldham, Jennifer Beginning this summer, the Transportation Security Administration (TSA) and Department of Homeland Security (DHS) Directorate for Science and Technology will launch a six-month cargo-screening pilot program at San Francisco International Airport. The pilot program will screen six times the amount of cargo that is currently screened; an $8 million sorting facility dedicated to screening cargo has been constructed. A group of specially trained airport security screeners will check cargo by taking apart pallets and removing the merchandise inside. Depending on their size and shape, individual pieces of merchandise will be subjected to different screening technologies--for example, paper will be placed in one system, while fruit will be placed in another. Federal lawmakers are currently considering the introduction of legislation that would require the TSA to screen all cargo aboard passenger airliners by 2009. The TSA justifies its current screening procedures by saying that cargo placed aboard passenger airliners passes through several layers of security, including inspection of all individual packages checked at airports and subjection of some shipments to bomb-sniffing dogs. "All cargo carried on passenger planes is only handled by companies that have security programs that have met our requirements," says TSA spokesman Nico Melendez. "These companies are subject to our inspections to make sure they're complying with the rules." The TSA is also running a cargo-screening pilot program at Cincinnati/Northern Kentucky International Airport and a stowaway-detecting pilot program at Seattle-Tacoma International Airport. DHS will submit a report to Congress on the results of all three pilot programs by the end of 2007.
(go to web site) "New Sensor Developed for Homeland Security"
United Press International (05/02/07) Government scientists at Sandia National Laboratories are developing a unique bioagent detection system that is capable of detecting thousands of different biomolecules on a single platform. The sensor could have applications in homeland security as an anti-bioterrorism device, the researchers said. Most existing biosensors are of limited use in homeland security because they are only capable of detecting one kind of biomolecule at a time, according to the researchers. In contrast, the Sandia sensor is capable of testing numerous characteristics of multiple bioagent targets on a single platform, allowing the sensor to detect thousands of biomolecules at the same time.
(go to web site) "Secret Service Guards Obama, Taking Unusually Early Step"
New York Times (05/04/07) P. A19 ; Zeleny, Jeff Voting in the Democratic primaries is still nine months away, but Department of Homeland Security Secretary Michael Chertoff has authorized the Secret Service to provide protection for Democratic presidential candidate Barack Obama. The decision marks the earliest that a presidential candidate has ever received a Secret Service security detail. A Secret Service spokesman would not say why security was increased for Obama, and he said that he was not aware of any direct threats against Obama. Department of Homeland Security spokesman Russ Knocke would not comment about any specific threats to Obama, but he did say that several factors were taken into account. "That includes things like the candidate having certain financial standings, pre-eminence in public opinion polls, and actively campaigning," Knocke said. Obama's campaign hired private security guards to protect him after he announced his candidacy four months ago, and some of these guards are former federal agents. Obama's wife, Michelle, has said that she fears for her husband's safety on the campaign trail. "Security was one of many issues that I have and will have in the course of this campaign," she said.
(go to web site) 
"Using a Good Name for Bad Deeds: Cybercrooks Turn to 'Brandjacking'"
Investor's Business Daily (05/01/07) P. A5 ; Howell, Donna Anti-fraud firm MarkMonitor has released its inaugural "Brandjacking Index" report, which looks at how the top 25 brands in the world (as ranked by Interbrand) are abused on the Internet. The term brandjacking refers to the various ways that criminals on the Internet can take advantage of a brand's name, such as weaving brand names in their Web site content in order to rank highly on search engine results. Cybercriminals also sometimes register misspelled variations of popular brands as domain names, in order to mimic branded Web sites. Cybersquatting is still the greatest threat to brands in terms of sheer numbers--for example, MarkMonitor reported 286,000 instances of cybersquatting during a one-month period this year. MarkMonitor CMO Frederick Feldman explains that cybersquatting is usually combined with e-commerce abuse or another form of brand abuse. Feldman also says that one of the biggest problems related to registering trademarks is enforcing the registrations. "You might have 10,000 active cybersquatter instances against your organization and brands," he says. Domain kiting--the practice of trying out domains during a free five-day trial period--can also be a form of brand abuse, although it is more a nuisance than a threat.
(go to web site) "Navigate the NAC Choices"
Communications News (04/07) Vol. 44, No. 4, P. 18 ; Lee, Alfred There are a number of considerations that must be made before an organization begins to pursue a network access-control (NAC) strategy. The first is whether or not the organization can benefit from a NAC solution. Organizations can make this determination by taking a look at the problems their network is facing. If the most common source of network infection was from an unmanaged user's laptop, an employee's laptop, or a virtual private network tunnel from a remote worker who accessed the organization's network from his home computer, chances are good that the organization could benefit from having a NAC solution. Another consideration is whether to use an agentless NAC option or an installed-agent method. An agentless NAC strategy does not require client installs or downloads, which allows test results to be gathered before a security policy is enforced. Such a strategy is beneficial for networks that are totally comprised of Windows devices, since a domain administrative account can be used to log onto the device for testing. However, the installed-agent method offers the largest number of possible capabilities, including the ability to take full advantage of a platform's application programming interface. Finally, organizations need to consider the various deployment options for NAC, including hardware, software, all-in-one appliances, and secure switches. Organizations should consider a number of factors when deciding which option is appropriate for their network, including the size of their network, the variety of operating systems and networking gear, and their budget.
(go to web site) Abstracts Copyright © 2007 Information, Inc. Bethesda, MD |
No comments:
Post a Comment