Search This Blog

Friday, June 01, 2007

Security Management Weekly - June 1, 2007

header

  Learn more! ->   sm professional  

June 1, 2007
 
 
CORPORATE SECURITY  
  1. " Beware of Clever Workers Who Might Commit Fraud"
  2. " MPAA Trains Cinema Ushers to Catch Pirates" Ushers Using Night Vision Goggles to Spot Illegal Taping in Theaters
  3. " First to Worst: IT Survey Ranks 10 U.S. Cities for Disaster Preparedness"
  4. " Security to Be Beefed Up During Bonds' 4-Game Visit" Major League Baseball Security Director Praises Security Effort for Barry Bonds
  5. " Are Security Pros Worrying About the Right Stuff?"

HOMELAND SECURITY  
  6. " TB-Infected Traveler Is Lesson in Security" Traveler Infected With Superbug Prompts Security Review From DHS, Congress
  7. " U.S. Al Qaeda Militant Warns of Worse Attacks" Adam Gadahn Video Threatens U.S. With Attacks Worse Than 9/11
  8. " FEMA Finds Minor Issues in Disaster Plans" FEMA Review of State Disaster Plans Finds Few Problems
  9. " Many Would Ignore Evacuation Order, Poll Finds"
  10. " Sci-Fi Writers Join War on Terror" Science Fiction Writers Help DHS Envision Future Terror Attacks and Responses
  11. " Security Boom in Anti-Terror Spending" U.K. to Spend 6.7 Billion Pounds on Homeland Security Over Next 10 Years
  12. " Emergency Management Assistance Compact--Providing Assistance When Disaster Strikes" Agreement Allows States to Give Each Other Immediate Emergency Aid

CYBER SECURITY  
  13. " Feds Take 'Cyber Pearl Harbor' Seriously"
  14. " Five Reasons to Prepare--Now--for More Mobile Security Threats"
  15. " How Secure Are Mid-Market Companies?"


   









 

"Beware of Clever Workers Who Might Commit Fraud"
Boston Herald (06/01/07) ; Powell, Jennifer Heldt

The Association of Certified Examiners (ACE) reports that U.S. businesses lose about 5 percent of their revenue through employee fraud, and small businesses are particularly susceptible. Experts indicate the best defense against fraud in a small firm is a set of internal controls, periodic audits, and a system of checks and balances among workers. Small firms have fewer people to complete tasks, but rather than having one worker with all of the financial responsibilities, for instance, owners should break up the financial tasks to ensure fraud is caught early. Small firms lose about $190,000 on average to employee fraud, while the overall average is $159,000. ACE notes that small businesses are most often hit by check tampering frauds, particularly because one worker is responsible for writing checks, recording payments, and bank statement reconciliation. Experts also warn that businesses should examine their insurance policies to ensure that employee thefts are covered, should they occur.
(go to web site)

"MPAA Trains Cinema Ushers to Catch Pirates"
ITWeek (05/29/07) ; Thomson, Iain

Movie theater ushers in Malaysia are using night vision goggles to identify crooks who are illegally taping movies in the theater. The initiative is part of a crackdown on movie pirates by the Motion Picture Association of America (MPPA). The initiative has been very successful so far, an MPAA representative said. The MPAA is also using canine units to sniff out pirated DVDs. Thus far, the dogs have discovered more than 1 million pirated DVDs.
(go to web site)

"First to Worst: IT Survey Ranks 10 U.S. Cities for Disaster Preparedness"
Computerworld (05/29/07) ; Fonseca, Brian

Cleveland and Minneapolis/St. Paul-based businesses rank at the bottom of the 10 major U.S. cities in terms of their preparedness for natural catastrophes or man-made disasters, according to a new AT&T business continuity study of 1,000 IT managers. New York topped the list, followed by Houston and San Francisco. The rankings based on a city's plan of action to continue business, the city's degree of employee education about the emergency systems in place and its ability to execute such a plan, and the utility of security policies already in place. On the list of top threats, man-made disasters such as viruses, hackers, and spam were the most cited. The survey also revealed that when federal alerts are issued, only 41 percent of business executives whose companies have already been impacted by a predicament say they take heed; by contrast, merely 33 percent of companies that have yet to experience a disaster employ a plan of action.
(go to web site)

"Security to Be Beefed Up During Bonds' 4-Game Visit"
Philadelphia Daily News (05/30/07) ; King, Steve

Major League Baseball (MLB) has worked closely with the San Francisco Giants and the team's controversial slugger, Barry Bonds, over the past two years to ensure Bonds' security as he approaches the all-time home run record. MLB Director of Security Kevin Hallinan praised the way various ballparks have handled these security requirements during games featuring Bonds this year. "We have done a good job at alerting all of our personnel throughout the league about the possibility [of the record being broken], so that we can do a better job at controlling our crowds in whatever ballpark the record may be broken in," Hallinan says. As Bonds continues to approach the record, security measures at MLB ballparks are also likely to include protection for the fan who happens to catch the record-breaking home run ball, says Hallinan. So far, there have been no security incidents during Bonds' home-run-record chase, and one reason for this is the good communications between MLB offices, stadium operations directors, and league teams, says Hallinan. Bonds and the Giants are set to visit the Philadelphia Phillies Friday through Monday for a four-game series. Security will be somewhat heightened for this series, but the Phillies always have good security procedures in place, says the team's event operations manager, Sal DeAngelis.
(go to web site)

"Are Security Pros Worrying About the Right Stuff?"
Network World (05/28/07) ; Messmer, Ellen

CSOs and CISOs worry about a number of different issues, including regulatory compliance and security controls overlooked in IT projects. However, many independent observers--including former CSOs or consultants working with CSOs--say that CSOs and CISOs should be primarily concerned with other matters. Jon Gossels, president and CEO of consultancy SystemExperts in Boston, says CSOs should be primarily concerned with losing their jobs because upper management often sees their stance on security as being overly technical or a bad fit. Gossels noted that there is often a mismatch between what the CSO is trying to accomplish and what the business expects. Another observer, System Experts vice president Brad Johnson, said CSOs should worry about where they are going to find the best employees and how they are going to retain them. Johnson noted that this is something that CSOs should be concerned with because the economy is strong enough that competition is increasing for the best security professionals. CSOs and CISOs should still pay attention to regulatory compliance, but they should try not to become too transfixed on the issue, said Howard Schmidt, the former security chief at eBay and Microsoft. In order to keep CSOs and CISOs from becoming too focused on regulatory compliance, business process should change so that more of the logging, audit, and authorization and access-control information commonly requested in regulatory-compliance reviews is readily accessible, he said.
(go to web site)

"TB-Infected Traveler Is Lesson in Security"
USA Today (05/30/07) ; Manning, Anita; Davis, Roberts

Wednesday's disclosure that an airline passenger infected with virulent tuberculosis was able to leave the United States and drive back into the country "has homeland security implications" and warrants a congressional hearing into the "poorly coordinated federal response," says House Homeland Security Committee Chairman Bennie Thompson (D-Miss.). The unidentified patient from Georgia is infected with an antibiotic-resistant superbug known as XDR-TB and has been hospitalized in Atlanta as mandated by a federal isolation order. Officials with the U.S. Centers for Disease Control and Prevention say that the patient was aware of his disease and purposely disobeyed a county health department order not to travel. The CDC says the patient took a plane to Paris on May 12 and continued to disobey U.S. health officials' orders and elude the government's attempts to return him safely to the United States. The CDC even asked federal agencies to issue a no-fly order for the patient, but by then the patient was already in Montreal; from there he managed to drive into the United States via Champlain, N.Y., despite the fact that all U.S. border officers had been alerted to the situation and ordered to detain the patient. The Champlain border agent who allowed the patient to cross the border has been reassigned by the Department of Homeland Security (DHS) while an investigation is conducted. "Any time there is a significant case or incident at a port of entry, we go back and review the facts associated with that incident very carefully to see if there are any lessons learned and to see if we can refortify our security posture at the border," says DHS spokesman Russ Knocke.
(go to web site)

"U.S. Al Qaeda Militant Warns of Worse Attacks"
Reuters (05/29/07) ; Ersan, Inal

American Al Qaeda member Adam Gadahn warns President Bush in a new video that Al Qaeda is prepared to launch terrorist attacks against the United States that will be of a magnitude greater than the Sept. 11 attacks. The video, which was posted on the Internet Tuesday, shows Gadahn wearing a turban and robes as he warns the United States to give in to a lengthy list of demands or face another round of terrorist attacks. Gadahn, formerly known as Adam Pearlman, comes from a Jewish-Christian family but converted to Islam when he was 17 and moved from the United States to Pakistan a few years later. Authorities believe he is still in Pakistan. "Your failure to meet our demands...means that you and your people will, Allah willing, experience things which will make you forget about the horrors of Sept. 11, Afghanistan and Iraq, and Virginia Tech," Gadahn says on the video. Gadahn says that the United States must not only withdraw from Iraq, it must also pull all U.S. soldiers and spies out of all Muslim lands; end all military, moral, and economic support of Israel; end all support of "apostate" governments of Muslim countries; give all Muslim prisoners their freedom; and ban U.S. citizens from traveling to "occupied Palestine."
(go to web site)

"FEMA Finds Minor Issues in Disaster Plans"
USA Today (05/29/07) ; Heath, Brad

The Federal Emergency Management Agency (FEMA) is nearly finished its review of state disaster plans, including coastal states' plans for hurricanes, as the agency prepares for the official June 1 start of the Atlantic hurricane season. Thus far, FEMA's review has identified only minor flaws in state disaster plans. "There's nothing I've seen where I've said this is a problem," said FEMA Administrator David Paulison, pronouncing federal and state agencies ready for the hurricane season. "We're light years ahead of where we were last year." FEMA and other agencies and groups have focused on improving several areas of hurricane response, including delivering supplies of aid, increasing the speed of those deliveries, offering shelter, and enhancing state disaster plans. For example, FEMA is using satellite-based tracking technology to ensure that supplies make it to their destinations, and the agency will deploy mobile disaster-aid-registration centers. In related news, a spokeswoman for North Carolina's Department of Crime Control and Public Safety claims that the state has enough supplies and National Guardsmen to handle a Category 3 hurricane, but would need help with stronger storms.
(go to web site)

"Many Would Ignore Evacuation Order, Poll Finds"
Los Angeles Times (05/31/07) ; Rosenblatt, Susannah

A new report from the Los Angeles County Department of Health Services finds that only half of the county's residents would immediately comply with government evacuation orders during a terrorist attack. Ten percent of the 8,600 survey respondents said they would either ignore the orders outright or evacuate at their own convenience. And 33 percent of respondents said that if the government ordered them to seek shelter at a local school during an attack they would wait for more information before obeying the order. The survey finds that whites and blacks are more prepared for a disaster than Hispanics and Asians. While the majority of respondents said they were, at a minimum, somewhat prepared for a disaster, 33 percent said they had done little to prepare.
(go to web site)

"Sci-Fi Writers Join War on Terror"
USA Today (05/29/07) ; Hall, Mimi

The Department of Homeland Security (DHS) has tapped a group of science-fiction writers to dream up future types of terrorist attacks and potential tools to combat these attacks. Scientists acknowledge that science-fiction writers have shown an ability to envision what the future might look like. For example, Christopher Kelly, spokesman for the DHS Science and Technology unit, notes that science-fiction writers predicted the advent of technologies like cell phones some 50 years ago. "We need to look everywhere for ideas, and science-fiction writers clearly inform the debate," Kelly says. The group of science-fiction writers that is helping the DHS calls itself Sigma, and the group's mantra is "Science Fiction in the National Interest." Members of the group, who must have at least one technical doctorate degree, include the writers Arlan Andrews, Greg Bear, Larry Niven, Jerry Pournelle, and Sage Walker. The members of the group have vivid imaginations and can help the DHS envision future forms of terrorist attacks, ways to respond to terrorist attacks, and potential technological solutions, says Bear.
(go to web site)

"Security Boom in Anti-Terror Spending"
Daily Telegraph (UK) (05/29/07) P. 6 ; Bland, Ben

A new Frost & Sullivan report predicts that the United Kingdom will spend 6.7 billion British pounds sterling on homeland security measures over the next 10 years, with the government accounting for two-thirds of the spending. Most of the 6.7 billion stg. will be allocated to integrating existing systems, although some will also be spent on new technologies like high-tech CCTV systems. The report predicts that the homeland security spending will top out at 900 million stg. in 2009, up from a little more than 500 million stg. in 2007. The spending will be especially heavy from 2008 to 2012 as the United Kingdom finishes its security preparations for the London Olympics. Much of the government's security spending will be on the Olympics and the U.K. eBorders program, the report says.
(go to web site)

"Emergency Management Assistance Compact--Providing Assistance When Disaster Strikes"
County News (05/21/07) Vol. 39, No. 10, P. 9

The Emergency Management Assistance Compact (EMAC) provides a means for states to give each other aid in the form of equipment and human responders in the event of a major catastrophe without much of the bureaucratic delay that often accompanies federal emergency relief. EMAC, which began as a response to Florida's struggle to provide relief to victims of Hurricane Andrew in 1992, is a voluntary agreement between the fifty states, the District of Columbia, Puerto Rico, and the Virgin Islands that is not regulated by the federal government. States providing aid follow emergency management standards of incident command and control. Although EMAC does not govern local or county governments, such workers can be deployed by the state as part of an EMAC effort via agreements between county and state governments. Aid under EMAC begins once the governor of a state declares a state of emergency and asks for help from other states. An advance team is formed to determine what type of help the state most needs; states closest to the affected state send workers and equipment first in order to start the effort as quickly as possible.
(go to web site)

"Feds Take 'Cyber Pearl Harbor' Seriously"
Federal Computer Week (05/28/07) ; Miller, Jason

In light of the recent denial-of-service attack against the Estonian government, U.S. federal agencies are preparing for a massive cyberattack. Officials are taking steps to strengthen the government's cyber defenses against such an attack, which could immobilize large sections of the Internet on which federal operations rely. Agencies are being asked to employ standard configurations to facilitate the application of security patches. Government computers with sensitive information will now require two-factor authentication to be accessed. In addition, the CIO Council held a rare classified briefing to discuss cybersecurity. Cyberattacks are increasingly becoming a factor in global politics, as seen in Estonia, and "The FBI believes that the next terrorist attack will coincide with a cyberattack," says Ed Meagher, the deputy CIO for the Interior Department.
(go to web site)

"Five Reasons to Prepare--Now--for More Mobile Security Threats"
Computerworld (05/30/07) ; Haskin, David

A number of factors could bring about an increase in the number of mobile security threats in North America, according to Kris Lamb, director of the Xforce team at Internet Security Systems. For instance, multimedia messaging will provide hackers with more opportunities once it catches on in the United States. Lamb also noted that the move towards mobile advertising will also open a huge door for hackers since it will be difficult to differentiate between legitimate mobile ads and what could be phishing or spam attacks. "One reason that email spam is still ubiquitous is that people fall for it because it's hard to differentiate between legitimate and illegitimate messages," he said. "If you overlay that on the mobile device and have MMS messaging, well, it would be wrong to think that the criminal underground won't latch on to that." Another troubling development is that virtually all mobile devices now use Intel's X-Scale chip set architecture and ARM instruction sets--a development that has made hackers' jobs much easier, since they no longer have to write different code for each platform. Fortunately, enterprises can take several steps to mitigate the threat posed by these developments, Lamb said, beginning with creating and disseminating a secure-use policy for users of mobile devices that access sensitive data.
(go to web site)

"How Secure Are Mid-Market Companies?"
CIO Insight (05/17/07) ; Alter, Allan E.

CIO Insight's annual security survey found that 25 percent of IT executives at small and medium businesses say their firm's IT defenses do not offer adequate protection against viruses, Trojans, worms, and hackers. Many of these companies have not properly invested in security technologies and failed to establish and ensure employees follow proper security and privacy policies. Small and medium businesses have responded by increasing the level of security spending this year, but they also need to focus on the difficult challenge of changing their employees' behaviors. Many small and medium companies have trouble successfully installing patch management, intrusion detection, and URL filtering, and while far fewer small and medium companies report security breaches, a significant portion of that may be due to their inability to detect intrusions.
(go to web site)

Abstracts Copyright © 2007 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: