| | 
"How to Get Sick Overseas (If You Must)"
New York Times (07/17/07) ; Raymond, Joan According to the National Business Travel Association, only 40 percent of American firms have a travel risk management program in place to help employees working abroad deal with threats like extortion, medical emergencies, kidnappings, and other problems. Small businesses and sole proprietorships are even more unlikely to have travel risk management programs in place. Safe Travel Institute Executive Director Randy Spivey says, "Embassies can only do so much. Business travelers have to take some responsibility to help themselves." John Friel learned first hand how important corporate travel risk programs are when he had a heart attack on the Caribbean Island of St. Martin, where residents primarily speak French. Friel does not speak the language and neither did his wife, but his corporation handed him an International SOS card, which provided medical assistance and security services to his firm's workers overseas. The card and the team behind the card helped prevent his death, Friel claims. Spivey notes that there are a number of firms available to provide workers with the survival training and travel-risk reduction skills they need overseas, even vendors that can track workers on a computerized map. While many small business owners do not believe they have the resources to implement these programs, experts note that the U.S. State Department has a plethora of travel warnings and safety tips for all travelers. Business travelers are advised to make copies of all their important documents and leave them with a family member, colleague, or friend to ensure they are available should originals get lost or stolen.
(go to web site) "1 in 12 Workers Admits Recent Illicit Drug Use"
Seattle Times (07/16/07) The Health and Human Services Department's Substance Abuse & Mental Health Services Administration's recent survey of illegal drug use by workers estimates an average use rate of 8.2 percent, up from 7.6 percent in 1994. Of the workers admitting to the use of illegal drugs, most were employed full time, and the highest incidents of drug use occurred in the restaurant and construction industries. The lowest instances of drug use occurred in the teaching and social services sectors at 4 percent on average per sector. Drug use is highest among younger workers between the ages of 18 and 34, according to the survey. While testing among employers increased to 48.8 percent, the number of treatment programs available for employees with drug dependence are declining.
(go to web site) "Hard Target"
InformationWeek (07/16/07)No. 1146, P. 40 ; Greenemeier, Larry InformationWeek's 10th annual Global Information Security survey indicates that data theft is a growing concern reinforced by the complexity of security technology, although the argument can be presented, given the priority respondents still place on viruses, worms, spyware, malware, and spam, that there is not sufficient concern about data theft. Experts such as BT Counterpane's Bruce Schneier say security professionals are concentrating on the threats they are most familiar with when they should be focusing on emerging threats created to exploit the value of intellectual property and customer data, although there are indications in the survey that organizations are beginning to realize this. The chief reasons U.S. respondents feel an elevated sense of vulnerability are the growing sophistication of threats, more ways for corporate networks to be assaulted, the increased volume of attacks, and a rise in attackers' malicious intent; companies believe attackers' motivation is primarily to steal their assets rather than crash their networks. Other signals of the increased importance of data security include the fact that 43 percent of survey respondents gauge the value of their security measures on their ability to cut time spent on security-related issues, while 43 percent consider how well customer records are safeguarded, and 33 percent rate the measures according to lowered breach incidents. Both American and Chinese respondents list exploits of known operating system and application vulnerabilities as the leading attack strategies, but many more Chinese than U.S. respondents report suffering such attacks. Thirty-seven percent of respondents cite the creation and enhancement of user policy awareness as the leading tactical security priority for American companies this year, down from 42 percent last year. Fifty-one percent of the U.S. respondents who say their companies watchdog employee activities monitor email, 40 percent monitor Web activity, and 35 percent monitor phone use; instant messaging, the opening of email attachments, and the contents of outbound email messages are assigned lower priority.
(go to web site) "Three Steps Can Limit Hacker Damage"
Tech Journal South (07/12/07) ; Hatcher, Kate Protecting an online business' data, including customers' personal information, is a top concern for any business with an online presence. Three simple pieces of advice can help protect a company's information and legal status online. First and foremost, encrypt all data. All state laws cover only unauthorized access to unencrypted personal data and FTC actions frequently cite businesses for not installing proper encryption. A company that encrypts data before an incident occurs will be far less liable, and look more responsible to the public. Second, investigate any security breach. At least six states require an investigation into the unauthorized access of computer networks containing customer information, but at least seven states do not require a company to notify customers if a reasonable investigation shows that any exposed or misused information will not harm consumers. Finally, inform the police. Notifying the police will help define the amount of data exposed, and can also help determine if notifying customers is necessary. Even if customer notification is necessary, the police can permit postponing the notification if they believe it will hinder the investigation, giving the company more time to create a damage control strategy. If the data breach proves to be extensive and potentially damaging, notifying consumers is necessary to avoid further complications with the state attorney general or the FTC.
(go to web site) "Project Management's Role in Disaster Recovery"
Leadership and Management in Engineering (07/01/07) Vol. 7, No. 3, P. 89 ; LaBrosse, Michelle Michelle LaBrosse, recently named by the Project Management Institute as one of 25 influential women in project management around the globe, stresses the need for effective project management during disasters, as demonstrated by events like 9/11 and Hurricane Katrina. During a disaster, when documentation is often destroyed, it is vital for a project manager to keep up communications, even if it means verbal project agreements. "Think of your project agreement as living and breathing" during a disaster, says LaBrosse. "The more people who know it, understand it, and act on it, the more life there is in it. If you are the only one who knows the plan, it will suffocate." Also important at such times is the maintenance of team dynamics. "Give people a clear goal that they can be committed to, give them opportunities to interact, and the opportunity to talk openly about how they're feeling and what they are experiencing," says LaBrosse. Every aspect of recovery should be documented, even if it means by paper and pencil. This way information can be shared with the project team, the industry, and others who could benefit from the lessons learned during the experience. Active leadership is vital, especially during the bleakest of hours. "Recognize people's efforts and celebrate loudly-- even if it's simply a loud, rowdy cheer that says, 'we're all in this together and we're making progress,'" says LaBrosse. Project teammates must feel that there is hope in order continue in difficult situations. "Be a leader who can resolve conflict, come up with solutions, and give people a way to participate in the solution."
(go to web site) 
"D.C., New York Get Biggest Increases in Counterterrorism Aid"
Washington Post (07/19/07) P. A1 ; Hsu, Spencer S.; Sheridan, Mary Beth The Department of Homeland Security (DHS) has awarded its counterterrorism grants for fiscal 2007, with seven metropolitan areas deemed to be at the highest risk of attack splitting a total of $410 million. These seven urban areas--New York City; Washington, D.C.; Los Angeles; Chicago; Jersey City/Newark; San Francisco; and Houston--received 55 percent of the department's Urban Area Security Initiative funding, with the remaining $337 million of the initiative going to 39 other cities. New York City received about $134 million--$10 million more than last year--and D.C. received about $62 million--$15 million more than last year. Nonetheless, officials in both metropolitan areas complained that the funding was not enough. DHS Secretary Michael Chertoff responded by saying that higher-risk cities should not necessarily expect to receive such high levels of funding in the future. Chertoff said that top-tier cities are not the only terrorist targets, and he underscored his point by noting the 1995 Oklahoma City bombing; the recent airport attack in Glasgow, Scotland; and various plots in recent years that targeted Trenton, N.J.; Miami; Atlanta; and Chicago. All told, the DHS awarded $1.7 billion in state and local grants and $1 billion in grants for emergency communications.
(go to web site) "U.S. Says Top Al-Qaeda in Iraq Leader Captured"
USA Today (07/18/07) The most senior Iraqi leader of the Al Qaeda in Iraq terrorist group was captured in Mosul, Iraq, on July 4, the U.S. military has announced. The captured leader, who goes by two names, including Abu Shahid, is a loyal henchman of Al Qaeda in Iraq's top leader, Abu Ayub al-Masri. Until his capture, Shahid served as an intermediary between al-Masri; Osama bin Laden; and bin Laden's lieutenant, Ayman al-Zawahri, according to the U.S. military. "In fact, communication between the senior Al Qaeda leadership and al-Masri frequently went through [Shahid]," a military spokesman said. "There is a clear connection between Al Qaeda in Iraq and Al Qaeda senior leadership outside Iraq."
(go to web site) "In a Shift, U.S. Will Allow Most Types of Cigarette Lighters on Planes"
New York Times (07/20/07) P. A15 ; Lipton, Eric Effective Aug. 4, the Transportation Security Administration (TSA) will eliminate the two-year-old ban on bringing Zippos and other types of cigarette lighters aboard commercial airliners, although torch lighters will still be prohibited. TSA chief Kip Hawley dismissed the lighter ban as little more than "security theater," saying that it trivialized the security process. The lighter ban was imposed by Congress in the aftermath of the 2001 Richard Reid shoe-bombing incident. At the time, members of Congress said the lighter ban was necessary because they believed Reid might have been successful in lighting the explosives in his shoe had he used a lighter instead of matches. Since the lighter ban went into effect, airport screeners have seized an average of 22,000 lighters per day, reducing the efficiency of airport checkpoints and distracting screeners from their top priority, searching for bomb components. Language in the 2007 Homeland Security Department spending bill empowers the TSA to repeal the ban. In related news, the TSA announced that it will tweak its rules on liquids to allow passengers to bring more than three ounces of breast milk aboard planes, so long as the passenger makes a security declaration. Also, the TSA will begin installing new bomb-detection technology at airports later this year.
(go to web site) "Al Qaeda's Gains Keep U.S. at Risk, Report Says"
Washington Post (07/18/07) P. A1 ; DeYoung, Karen; Pincus, Walter Al Qaeda "is and will remain" a serious threat to the U.S. homeland over the next three years, according to the new National Intelligence Estimate report, "The Terrorist Threat to the U.S. Homeland." A two-page summary of the report in declassified form was released Tuesday. The summary states that Al Qaeda's core leadership, communications ability, and ability to train operatives have been rejuvenated because the group has been able to form a new base of operations in the frontier areas of northwestern Pakistan. This haven has allowed Al Qaeda to develop a new crop of lieutenants, many of whom have "long experience at [Osama] bin Laden's side." For the past few years, Pakistan has refrained from taking military action in the area, but that is changing with pressure from the Bush administration. Separately, the U.S. director of national intelligence, Mike McConnell, said Tuesday that Al Qaeda is working hard to get its operatives into the United States. These operatives, who are being trained in Pakistan and elsewhere, "have the right skills" and language ability to blend into the U.S. population and carry out attacks, McConnell said.
(go to web site) "Bumble Bee Replaces Mickey Mouse Lookalike on Hamas TV"
CNSNews.com (07/16/07) ; Stahl, Julie Farfur, the Mickey Mouse-like character used by the Hamas television station to brainwash children into taking up the cause of jihad, was killed off by the television station during an episode two weeks ago. During that episode, children watched as Farfur was "martyred" by an Israeli who beat him to death because Farfur would not sell his land to the Israeli. During last Friday's episode of the "Tomorrow's Pioneers" program, Hamas television introduced a new character, a bumblebee named Nahool, to take Farfur's place. During the program, Nahool introduced himself in a squeaky voice as Farfur's cousin. "I want to continue the path of Farfur--the path of 'Islam is the solution;' the path of heroism; the path of martyrdom; the path of the Jihad warriors," Nahool said. "And in his name we shall take revenge upon the enemies of Allah, the murderers of the prophets, the murderers of innocent children."
(go to web site) "Radiation Detector Program Delayed"
Washington Post (07/20/07) P. A1 ; O'Harrow, Robert Jr. The Department of Homeland Security's $1.2 billion nuclear-device-detection program has been put on hold after the Government Accountability Office (GAO) determined that the success rates of the program's nuclear-detection machines range from just 17 percent to 50 percent, not 95 percent as the DHS had claimed. Congress allowed the five-year DHS program to go forward only after DHS officials testified that the $377,000 machines had a 95 percent success rate for detecting highly enriched uranium, but the GAO report raises questions about whether the DHS testimony was misleading. Under terms of the plan, the machines would be installed at border crossings and ports to screen trucks, cargo containers, and cars for nuclear devices. The GAO claims that the DHS used assumptions, not hard data, when presenting its assessment of the machines to Congress. Specifically, the GAO accuses the DHS Domestic Nuclear Detection Department of not knowing whether the machines are effective or not. Domestic Nuclear Detection Department Director Vayl Oxford now says that the 95 percent rate quoted by the DHS was a "high-water goal," not a precise determination of the machines' success rates. A total of eight of the machines are about to be tested at various ports and border crossings, Oxford said.
(go to web site) "UK Monitoring 30 Terror Cells, 2000 Suspects"
Herald Sun (AU) (07/16/07) The United Kingdom's security minister, Alan West, says that British authorities are currently monitoring 30 different terrorist cells that are plotting terrorist attacks against the United Kingdom. In addition, law enforcement officials are monitoring "over 200 groupings or networks" that pose varying degrees of threats to Britain's security. "There are 30 that are actually being looked at very closely indeed because they have got to the stage where they are gathering materials and doing things which could lead in fairly short term to doing something if they wanted to," West says. All told, about 2,000 suspected militants and another 2,000 militant sympathizers are being monitored, according to West. Under current rules, British law enforcement officials can hold terrorism suspects for 28 days without charging the suspects. Due to the complexity and sheer scale of the terrorism-monitoring effort, the British government should consider giving authorities more than 28 days to hold suspects, West says.
(go to web site) 
"Happy Birthday, Dear Viruses"
Science (07/13/07) Vol. 317, No. 5835, P. 210 ; Ford, Richard; Spafford, Eugene H. This year marks the 25th anniversary of the genesis of the first computer virus. In 1982, a high school student in Pittsburgh wrote a virus that infected Apple II systems. The virus is known as the "Elk Cloner" and did little more than copy itself to floppy disks and display bad poetry, a minor irritation compared to the viruses of today. After Elk Cloner, the problem of malware grew slowly in the early 1980s, but became major news in 1988 when the "Morris Worm" spread worldwide and caused outages across the still young Internet. Since then, numerous viruses and pieces of malware have made news, created fear and headaches for everyone with a computer, and caused billions of dollars in damage. Some of the more memorable names include the Michelangelo virus, SQL.Slammer, Code Red, Nimda, Concept, and Melissa. Today, the greatest risk is financial damage from stolen information and identity theft, and attacks are far more quiet to avoid getting noticed. Instead of displaying a message or erasing a computer's hard drive, malware turns computers into spam machines, platforms for other attacks, or secretly records financial information and passwords. Despite the best efforts of researchers, programmers, and security experts, malware is not going to go away anytime soon. Cell phones continue to become more advanced, and as handheld mobile devices are used for computing tasks, cell-to-cell malware will become prevalent. Computers are difficult to make and keep secure, and humans are normally the reasons viruses manage to bypass security measures, write Purdue University's Eugene H. Spafford and Florida Institute of Technology's Richard Ford.
(go to web site) "On the Trail of Servers Gone Bad"
Government Computer News (07/16/07) Vol. 26, No. 17, ; Dizard, Wilson P. III Cybersecurity experts say that federal agencies are increasingly pursuing "honeyclient" technology to detect and analyze Web sites that store and distribute malware. Honeyclients are virtual machines that travel over the Web searching for sites that show signs of being infected with malware, says Mitre computer scientist Kath Wang. Wang says honeyclients "provide the capability to potentially detect client-side exploits" that can be used in malware attacks. The exploits on malicious sites often allow the site's server to capture the visiting computer to be used as part of a bot herd of zombie computers. Botnet herders then rent out hijacked computers to launch spam and other attacks, with prices ranging from a few cents a month for a home computer to several dollars a month for a computer inside a corporate network. Wang says online criminals are already starting to install honeyclient avoidance technology on malicious servers, so Mitre, which operates six autonomous honeyclients, is building a honeyclient prototype that mimics human behavior by displaying the same delays and bandwidth footprint as a human visitor. The Department of Homeland Security's assistant secretary for cybersecurity and communications Greg Garcia says his department has received more than 21,000 reports of cyberincidents through May of this fiscal year, as opposed to only 24,000 for the entire 2006 fiscal year. Garcia says DHS will be working more closely with Information Technology and Communications information sharing and analysis centers. "Increasingly, we are finding that IT and communications are one and the same," he says.
(go to web site) "The PKI Payoff"
Washington Technology (07/09/07) Vol. 22, No. 12, P. 34 ; DeJesus, Edmund X. Implementing public-key infrastructure (PKI) can be difficult in the early stages due to its complexity. PKI also requires expensive infrastructure, including hardware, software, and services. And since there likely will be resistance when an agency tries to implement PKI, management must organize itself and prepare to overcome this resistance, says Dr. Peter Alterman, assistant CIO for electronic authentication at the National Institutes of Health. But once these obstacles have been overcome, an agency can realize a number of benefits from having implemented PKI. For example, PKI is capable of powering a wide range of agency applications and services. Federal agencies often work with state agencies on an ongoing basis or in emergencies. A federal health agency, for instance, could exchange information with hospitals or public health authorities. However, although these groups cannot use the same PKI system, they can still use PKI to solve their problems thanks to bridge services offered by a number of providers.
(go to web site) Abstracts Copyright © 2007 Information, Inc. Bethesda, MD |
No comments:
Post a Comment