Search This Blog

Friday, January 11, 2008

Security Management Weekly - January 11, 2008

header

  Learn more! ->   sm professional  

January 11, 2008
 
 
CORPORATE SECURITY  
  1. " Hired Guns" Private Military Security Industry
  2. " Weapons in the Workplace?" Georgia Legislature Debates Bill
  3. " The Business of Knowing" Visitor Management
  4. " ERM and the Security Profession" Enterprise Security Risk Management
  5. " Treasury Plans Social Security Debit Card" Solution Tackles Financial Crime

HOMELAND SECURITY  
  6. " Freed Hostages in Venezuela" Deal Between Chavez and Revolutionary Armed Forces of Colombia (FARC)
  7. " Coast Guard Officer Rebuts Report Faulting LNG Security" Officials Claim Strong Safety Plans
  8. " Bush Signs Bipartisan Gun Legislation" Restricting Handgun Purchase
  9. " Iranian Boats 'Harass' U.S. Navy, Officials Say" Strait of Hormuz
  10. " Al Qaeda Man From O.C. Posts Video" Adam Gadahn
  11. " How The U.S. Seeks to Avert Nuclear Terrorism" Role of Federal Scientists

CYBER SECURITY  
  12. " Build a Usable Security Plan" Incident Management
  13. " State Web Sites Back After Hack Attack" China Implicated in Infiltration
  14. " New Trojan Preys on Commercial Banking Customers" Prg Bank Trojan
  15. " Securing So Cal" Encryption Initiative in Los Angeles County


   







 

"Hired Guns"
National Journal (01/07/08) ; Valero, Rafael Enrique

Stability operations and nation-building initiatives are expected to grow even more prevalent during the turbulent 21st century, which has implications for the private military security industry. Experts acknowledge that military and civilian interests may converge into a symbiotic dynamic thanks to the expertise of private military contractors, though others fear that such a relationship could undermine the Army or create conflicts of interest. The concept of private armies is an ancient one, with roots in medieval times, and such armies may have played a key part in the nation-state's evolution, according to James Cockayne of the International Peace Academy. Private security contracting in the United States began in 1987, with the launch of Military Professional Resources Inc. (MPRI). MPRI aimed to leverage the expertise of middle-aged military retirees into support for the Department of Defense. In November 2005, the Defense Department issued a directive stating that stability operations were one of the U.S. military's "core" missions. The military is slated to publish its updated Operations Field Manual in February 2008, which equally stresses offense, defense, and stability operations. However, some academics contend that private security contractors and other transnational actors are undercutting national sovereignty. Army Lt. Col. James Boozell acknowledges that such operations can cause weak nation-states to grow reliant on contractors, which is why "you must have a developmental piece teaching them to survive on their own." The Pentagon's new stability operations division is in its infancy, but is considering preventive initiatives, such as establishing small advisory teams that would advise faltering countries. Today, over 150 private military companies operate worldwide, and the global industry generates between $20 billion and $100 billion each year.
(go to web site)

"Weapons in the Workplace?"
WALB-TV (Albany, GA) (01/08/08)

The Georgia legislature is considering a bill that would make it legal for employees to leave a licensed gun in their car while at work. The National Rifle Association (NRA) supports the bill, which it said would allow gun owners to protect themselves during their commutes to and from work. Several Georgia business interests, including the state Chamber of Commerce, argue that companies should be allowed to have their own individual policies on the presence of weapons on company property. There are concerns that having guns close to the workplace could cause a rise in violence. This is the second time that the bill has been considered by the state legislature, and an NRA spokesperson said that the organizations would continue to support the issue until the bill is passed. "If we get it this year, that's fantastic and a big win for law abiding Georgia gun owners," said NRA spokesperson Ashley Varner. "But if we don't get it, we'll be back."
(go to web site)

"The Business of Knowing"
Security Products (01/08) Vol. 12, No. 1, P. 60 ; Bell, Kurt

Computer-based visitor tracking systems, which emerged onto the market in 1997, were based on their forerunner, the log book, as both processes are essentially closed data systems for registering individuals at entry. Like CCTV, photo ID, and access control, visitor management is yet another discrete security system contributing to the unconnected nature of corporate security systems. In addition to the vulnerabilities created by the lack of integration, the isolated systems also hamper efficiency. Typically, information on each category - worker, temporary workers, contractors, and visitors - is stored in its own database, which causes confusion and delays data retrieval. However, Jolly Technologies' new Lobby Track system utilizes open-data architecture, which enables the user to swiftly access numerous data systems. The new technology has transformed visitor management into a unified security system by incorporating secure photo ID, visitor management, time and attendance statistics, and live connectivity to access control systems.
(go to web site)

"ERM and the Security Profession"
Risk Management (01/08) Vol. 55, No. 1, P. 31 ; Johnson, Michael P.; Spivey, Jeff M.

Enterprise security risk management (ESRM) incorporates security convergence into a comprehensive ERM model and prompts security professionals to collaborate with risk management professionals to calculate the impact of their joint endeavors on a company's financial health. To that end, in February 2005, ASIS International and its peers developed the Alliance for Enterprise Security Risk Management (AESRM) to facilitate the implementation of convergence between logical and physical security. ESRM also requires security firms take a holistic approach toward all risks impacting a company to draft a workable business continuity model. Rather than using the standard silo model, participants must assume responsibility for risk management. Risk managers can utilize the expertise of security professionals throughout the risk identification and mitigation process to ensure not only security, but also protection against known exposures. ASIS's campaign for new federal regulations for the formation of certified security management systems under the 2002 SAFETY Act has yielded results. Two recently passed federal rules delineate a process by which sanctioned technologies and methodologies can be endorsed by the U.S. Department of Homeland Security. The designation will supply tort liability reduction should a terrorist attack take place.
(go to web site)

"Treasury Plans Social Security Debit Card"
Wall Street Journal (01/04/08) P. A4 ; Laise, Eleanor

The Treasury Department is ready to introduce the Direct Express debit card, a prepaid debit card for Social Security and Supplemental Security Income recipients who do not have a bank account. The card is a component of a broader Treasury initiative to migrate to electronic payments. "We've been working for a while to try to understand the needs of the unbanked," says Treasury's Judith Tillman. "Combine that with problems we've seen with financial crimes and identity theft, problems with forged checks and stolen checks and so on--the debit card seemed like the right answer." Comerica Bank will serve as the card's issuer, and the card will debut in a handful of states in the spring and be rolled out nationwide by the end of the summer. Cardholders would have faster access to their money and avoid stolen checks and other security problems, while Treasury and banking experts say the product could yield substantial cost savings for beneficiaries and the federal government. Social Security retirement, disability and survivor benefits, and SSI benefits will be automatically loaded onto the card account on the designated payment day for beneficiaries who sign up for the debit card, which can be utilized at bank branches, retail sites, ATMs, and online. Cardholder fees, interchange fees when cardholders employ the card at the point of sale, and the float on funds sitting in cardholders' accounts will earn money for Comerica.
(go to web site)

"Freed Hostages in Venezuela"
CNN.com (01/10/08)

Two hostages held by the Revolutionary Armed Forces of Colombia (FARC) were released and flown to Venezuela after over five years in custody. The release was the result of a deal brokered by Venezuelan President Hugo Chavez, and members of his administration hope to negotiate more deals with the rebels in the future. "I hope they continue liberating the hostages that they still have," said Colombian Defense Minister Juan Manuel Santos. "This is only two of the 700 they have." Clara Rojas and Consuelo Gonzales were flown to a hospital on the border between the two countries before being delivered to Caracas to meet their families. Rojas was kidnapped in 2002 along with her boss, former Colombian presidential hopeful Ingrid Betancourt, who remains in captivity with a group of around 700 individuals, including three Americans captured in 2003.
(go to web site)

"Coast Guard Officer Rebuts Report Faulting LNG Security"
Boston Globe (01/11/08) ; Drake, John C.

The Coast Guard is challenging a U.S. Government Accountability Office report that claims it is ill-prepared to handle a terrorist strike on petroleum shipments to U.S. ports. Coast Guard Captain Gail Kulisch disputes the assertion. "Here in the Port of Boston, we have safe and secure transits," Kulisch notes. "We can do that because we have a very robust safety and security plan with many partners contributing to that for each and every transit." The Coast Guard is responding to a GAO report released Jan. 8 that questions the Coast Guard's ability to respond to a terrorist event at the nation's ports because of its limited staff and resources. But Kulisch argues that just the opposite is true at the Port of Boston, which provided security for 22 billion gallons of petroleum ferried through Boston's port last year. "In the Port of Boston, we exceed safety and security requirements," she said at a press conference.
(go to web site)

"Bush Signs Bipartisan Gun Legislation"
Associated Press (01/09/08) P. A2

President Bush signed into law on Jan. 8, 2008, a bipartisan bill that will give state firearms distributors better background information in order to prevent severely mentally ill citizens from buying handguns. The law provides a federal grant of up to $1.3 billion for states to use over a five-year period. Under the bill, introduced by Sen. Charles E. Schumer and Rep. Carolyn McCarthy, both Democrats from New York, states will use the grant money to supply gun buyer background information to a national databank in order to flag citizens who are not qualified to purchase a gun, including those involuntarily admitted to a mental institution. The legislation was originally introduced by the two Congressmen in 2002 after a church shooting, but gained momentum after the April 2007 shootings at Virginia Tech by a mentally impaired college student.
(go to web site)

"Iranian Boats 'Harass' U.S. Navy, Officials Say"
CNN (01/07/08) ; Starr, Barbara

Three U.S. Navy ships traveling through international waters were harassed by Iranian Revolutionary Guard boats Sunday, according to military officials. The ships were traveling through the Strait of Hormuz, a shipping channel that leads into the Persian Gulf, when five Iranian ships approached at a high speed. Military officials said that the boats made "threatening" maneuvers, coming within 200 yards of one of the U.S. vessels. Radio operators also received a radio transmission that warned the U.S. ships that they would "explode in a couple of minutes." Sailors took up their gun positions and were about to fire when the Iranian boats turned away. No shots were fired during the incident, which U.S. officials classified as a significant encounter. Mohammad Ali Hosseini, Iran's foreign ministry spokesman, said that similar incidents have happened in the past, and all have been resolved once the ships recognized one another. A U.S. State Department spokesman said that the United States would most likely not formally protest the incident. The United States and Iran do not have diplomatic relations and U.S. officials classify the Revolutionary Guard as a supporter of terrorism.
(go to web site)

"Al Qaeda Man From O.C. Posts Video"
Los Angeles Times (01/07/08)

Adam Gadahn, an al-Qaeda member raised in Orange County, Calif., called for attacks on President Bush in an Internet video posted Sunday. Gadahn urged supporters to greet Bush with "bombs and booby-trapped vehicles" during Bush's scheduled trip to the Middle East this week. Bush will be in the region to support a potential peace agreement between Israelis and Palestinians. Gadahn also tore up his U.S. passport during the video, which ran for almost an hour. Gadahn is wanted in the United States for treason and supporting terrorism. If captured and convicted, Gadahn could face the death penalty.
(go to web site)

"How The U.S. Seeks to Avert Nuclear Terrorism"
Los Angeles Times (01/06/08) P. A1 ; Vartabedian, Ralph

Federal scientists play a large role in protecting the United States from a nuclear attack, routinely being placed in the field in an effort to find and disarm nuclear weapons. Scientists fly in helicopters containing radiation detectors that search for signs of nuclear weapons and walk around major sporting events with instruments that can identify enriched uranium or plutonium. Although they have not uncovered any terrorist plots, experts say that they could be the last line of defense against a nuclear attack. Since 2001, the Energy Department's National Nuclear Security Administration has created 26 rapid-response teams designed to locate and defuse armed nuclear explosives. In the event that a nuclear device is located, scientists would attempt to disable its electrical firing system, then transport it to the G Tunnel, a 5,000 ft. shaft in the Nevada desert. Scientists and FBI agents would then disassemble the device and look for evidence to determine where the device originated. The head of the FBI Weapons of Mass Destruction Directorate described the chances of locating a nuclear device in Manhattan within 24 hours would be "quite reasonable." Scientists are also viewed as a deterrent, forcing nations to improve security of their nuclear arsenal to avoid being linked to a nuclear attack and targeted in a retaliatory strike. If a nuclear device successfully detonated on U.S. soil, authorities hope that nuclear forensics teams could determine how the fuel was enriched within three days and the device's country of origin within a week.
(go to web site)

"Build a Usable Security Plan"
Processor (12/28/07) Vol. 29, No. 52, P. 1 ; Rudich, Joe

As important as it is to prevent and protect against Internet attacks, it is equally important to have a recovery plan, but this aspect of computer security is often overlooked. The simplest and perhaps most important aspect of recovery is to write out the plan so all employees know what they need to do and who needs to be contacted. Following a playbook not only ensures that the right steps are followed, but creates a sense of calm within the company as it helps everyone feel in control of the situation and lets everyone know what they are doing, where they are in the process, and what steps come next. One of the first steps in the creation of an incident management plan is to define what is considered an incident. Next, define who should be involved in incident response, including employees within the company and any outside experts that may be needed, specifically extra technical support. The plan should include descriptions of any formal communication required during the incident, and contact charts to insure the necessary people are informed and aware of the situation, including law enforcement if necessary. An incident plan should be broken down into the following steps--prevention, detection, analysis, containment, eradication, recovery, and post-incident. It is important to build a plan to manage and control incidents, and to understand that a incident plan is never finished, that it should change and grow as your company does.
(go to web site)

"State Web Sites Back After Hack Attack"
Morning Call (01/05/08) ; Micek, John L.

Although the Pennsylvania state Web sites were hacked, officials say no sensitive information was misappropriated. The cyber-crime was traced to China, infiltrating the Web pages of the departments of Military and Veterans Affairs, Education, and Labor and Industry, among others. The Office of Administration reported that the state's antivirus software was largely responsible for thwarting the attack after hackers infiltrated the sites via an unsecured media player package. In addition to temporarily removing the hacked sites from public access, other sites were also removed as a cautionary measure. Personal computers were unaffected by the crime, though the state said ongoing investigations would continue. Mia DeVane of the Office of Administration said the state was regularly confronted with similar attacks, noting the state's success in battling them on a daily basis. IT experts traced the network domain to China and only attempted to infiltrate executive branch sites.
(go to web site)

"New Trojan Preys on Commercial Banking Customers"
Register (UK) (12/17/07) ; Goodin, Dan

A new virus, the Prg Bank Trojan, is victimizing commercial bank customers by logging into their online accounts and transferring funds to accounts owned by cybercriminals. So far, the virus is known to have attacked commercial banking clients at 20 banks and could have cost customers as much as $1 million. The Prg Bank Trojan usually comes to commercial banking customers as an email, supposedly from their bank, leading consumers to click on an infected link. Once the user's system is infected, the hacker is notified every time a user initiates a transaction, allowing criminals to bypass a bank's online security system.
(go to web site)

"Securing So Cal"
Government Security (12/01/07) Vol. 6, No. 6, P. 8 ; Silk, Stephanie

Recent high-profile laptop thefts and losses have prompted federal departments to take action. Los Angeles County has had its share of stolen laptops, some of which contained sensitive data. Worried about the possibility of another laptop theft, the L.A. County Board of Supervisors resolved to launch a major encryption initiative. The county's objective is to respond to all laptop thefts as though the criminal's aim is to exploit sensitive data. Therefore, officials decided that all L.A. County laptops, whether or not they house sensitive data, would be encrypted, explains county CISO Al Brusewit. In addition, officials decided that users would not be permitted to disable the encryption. After releasing a request-for-proposal in June 2006, the county evaluated vendors' submissions and eventually chose a product that is currently being installed on the approximately 12,500 laptops owned by L.A. county and its 38 departments. The vendor also ran a day-and-a-half training session for the departments. By the end of 2008, the bulk of the installation should be complete. "I'm comfortable that should a laptop fall into the wrong hands, all data on the device will remain protected," says Brusewit. L.A. County plans to extend the data encryption initiative to county PDAs as well.
(go to web site)

Abstracts Copyright © 2008 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: