| | Learn more! -> |  | |  |
| |
Price of CEO Security Balloons
USA Today (09/08/09)
Although companies have been cutting costs in nearly every other area, spending on personal and home security for CEOs increased by about 123 percent from 2007 to 2008. Ten companies spent a total of $4.6 million on CEO security in 2008, 40 percent more than the top 10 spenders of the previous year. According to company filings with the Securities and Exchange Commission, such spending is considered a worthwhile expense, especially in times of unpopularity and economic uncertainty. CEOs rarely pay for their own security systems, but only a fraction of the money that companies spend on CEO security is listed as such. ExxonMobil keeps in-house security experts on the payroll, while other companies consider perks such as private jets to be additional security measures, even though they may not be budgeted as security expenses. Equilar CEO David Chun says that recently increased security spending is mostly due to the combination of layoffs, hostility toward executive pay, and public outcry over exit packages given to the CEOs of bailed-out companies. Security measures may include personal bodyguards or "close protection specialists," licensed security guards, video monitoring, and home electronic security systems.
Lessons from Athens on Protecting Your People, Operations and Data From a Bomb
Securities Industry News (09/07/09) Kentouris, Chris
The recent bombing outside the Athens Stock Exchange should serve as a warning for businesses that keep employees and primary data centers in well-known, prime locations. Such companies should follow three main security rules. First, companies should never keep their main data centers at street level, in a location that receives heavy traffic. Second, any backup data centers should not be in the same building as the primary center, but ideally would be about 50 miles apart. Third, operations staff should never be in the same building as either the main or backup data centers. According to a 2003 report by the Federal Reserve Bank, the Securities and Exchange Commission, and the Office of the Comptroller of the Currency, back-up sites should not rely on the same infrastructure as the primary site, such as transportation, telecommunications, and electric power supply.
Security Increased After Man Kisses Nadal at Open
New York Newsday (09/09/09) Shallwani, Pervaiz
Security at the U.S. Open has been stepped up following the arrest of a man who ran on to the court to hug and kiss tennis star Rafael Nadal after a match. "There definitely was a breakdown," Tim Curry, a spokesman for the United States Tennis Association said of the incident. The suspect has been charged with criminal trespass and interfering with a professional sporting event. "What is particularly disturbing in this case is that the defendant actually made bodily contact with a player," says Queens District Attorney Richard Brown. "Fortunately, U.S. Open security personnel reacted swiftly to the situation and removed the defendant from the court without incident." Nadal's chief rival for the U.S. Open championship, Roger Federer, also faced an on-court intruder during the French Open in June.
European Banks Warned: Brace for Rise in Cash Machine Fraud
IDG News Service (09/07/09) Kirk, Jeremy
European banks should expect a surge in ATM fraud unless they take action to bolster their cash-machine infrastructure, warns the European Network and Information Security Agency (ENISA). A new ENISA report notes that ATM management and updating following installation is poor overall, while figures released earlier this year from the European ATM Security Team (EAST) estimate that ATM fraud cost European banks in 22 nations 485 million euros in 2008. EAST says there was a total of 12,278 reported attacks on ATMs last year, a 149 percent increase from the year before. The most frequent type of attack was skimming, in which a device attached to a cash machine records a card's magnetic stripe and steals the cardholder's PIN, which can be uploaded to a blank ATM card and used to commit fraud. Nearly 400 million euros of skimming fraud transpired in countries outside the country where the card was issued. Although banks have taken steps to boost ATMs' resistance to skimming and educate consumers on how to recognize tampered machines, ENISA says that "ATMs often now use publicly available operating systems and off-the-shelf hardware, and as a result are susceptible to being infected with viruses and other malicious software." The ENISA report says that few European banks, if any, have formally and completely evaluated the security risk of their ATM infrastructures.
Keys to Fraud Prevention
Security Management (09/09) Vol. 53, No. 9, P. 198; Anderson, William
A workable operational fraud-prevention program begins at the top with corporate backing. The CSO or top security chief can be an influential voice in defining the tenets of a fraud-prevention strategy and touting its value to the c-suite and lower-level managers. The implementation phase begins once governance is established. This phase involves assembling a fraud-assessment team, with members who hold diversified skill sets; creating a risk-assessment methodology that takes into account the organization's risk-tolerance thresholds; a review of existing safeguards, controls, and prior risk assessments; locating existing gaps in the firm's fraud-prevention program; and establishing an information-sharing network with other organizations and local law enforcement. Compliance is the last and most critical pillar. During the compliance phase, a company should test and audit its strategy. Additionally, it should be tweaked as necessary to account for changes in the organization, such as might arise in the event of a merger, for instance.
Eight Years After 9/11, Weaker Al-Qaida Still a Threat; Network Broken Apart, But Yemen Seen As New Base
USA Today (09/09/09) Johnson, Kevin
FBI Director Robert Mueller continues to encourage the agency to adapt to the ongoing changes in the power structure of al-Qaida. Since the organization became the major focus of U.S. counterterrorism efforts in 2001, it has become a fractured network of small terrorist groups scattered across Asia, the Middle East, and Africa. However, security experts are concerned that, due to increasing instability, the country of Yemen could provide a new opportunity for the organization to centralize. Director of National Intelligences Dennis Blair calls Yemen a "jihadist battleground" fueled by poverty and political upheaval. Al-Qaida-affiliated groups in Yemen recently claimed responsibility for two strikes against the U.S. Embassy in Sana. One was a coordinated assault in September 2008 that killed 17 people, including six attackers. Despite these concerns, other security experts say that al-Qaida has suffered irreparable damage in the past several years, as U.S. forces and their allies have killed a number of senior operatives and forced others, including Osama bin Ladin, into seclusion. That is not to say that any expert is suggesting that the threat the group poses has passed. Mueller acknowledges that although the group has suffered losses, new commanders are tapping recruits with the expertise to fill these gaps, as well as people with clean Western passports. Recent evidence indicates that as many as 150 such Western converts have been attracted to al-Qaida's ranks. Since 9/11 the FBI has completely restructured in order to combat continued threats from al-Qaida and other militant splinter groups. These changes include doubling the number of agents assigned to counterterrorism or intelligence duties; tripling the number of Joint Terrorism Task Forces; and more than doubling the number of intelligence analysts. The United States is also taking diplomatic action to shore up the Yemeni government's counterterrorism efforts. At the center of these efforts is the possible return of 94 Yemeni prisoners from Guantanamo Bay that Yemen's government has said it expects to be returned home. U.S. officials are unlikely to comply with this request; however, over fears that the prisoners would add to the terrorists ranks.
Al-Qaida Faces Recruitment Crisis, Anti-Terrorism Experts Say
Guardian Unlimited (UK) (09/10/09)
On the eighth anniversary of 9/11, counterterrorism experts in the West as well as consultants in Muslim countries report that al-Qaida is facing a recruitment crisis. According to these experts, al-Qaida's Pakistan-based "core" is now made up of approximately 200 significant operatives, including leader Osama Bin Laden and his Egyptian deputy, Ayman al-Zawahiri. The majority of al-Qaida growth is now located in dispersed "affiliates" in Yemen and North Africa, but those groups are increasingly disconnected from the central leadership. Additionally, the Afghani Taliban has been said to feel that al-Qaida may be becoming a liability, which experts argue could finally lead to the arrest of Bin Laden. Popular sympathy has also fallen away from the organization, fueled by sectarian killings in Iraq. In Saudi Arabia, intelligence reports indicate that between 60 percent and 70 percent of information about al-Qaida suspects now comes from friends, family, and neighbors, instead of surveillance or security agencies. Despite these factors, FBI and MI5 leaders warn that the organization remains a serious security threat. As FBI Director Robert Mueller points out, "They retain the capability of striking overseas. They are still lethal."
Fighting Flu Without Big Gun
Wall Street Journal (09/09/09) P. A3; McKay, Betsy; Simpson, Cam
The Obama Administration is pushing a hygiene message with hopes of slowing the spread of H1NI swine flu until a vaccine is ready. "Cover your sneezes with your sleeve," President Obama said recently. "I don't want anybody to be alarmed, but I do want everybody to be prepared." The Centers for Disease Control and Prevention recommends the following measures to help prevent flu transmission: washing your hands; coughing into your sleeve; avoiding touching your eyes, nose, or mouth; staying home if you are sick; and following public health advice for school closures and avoiding crowds. To further the hygiene message, the Department of Health and Human Services is sponsoring on its flu Web site, www.flu.gov, a contest for public-service announcements focused on prevention. Reports of flu-like symptoms have increased across the country with the start of the new school year. In August, an advisory panel to President Barack Obama warned that a new wave of infections could peak by mid-October. The first doses of a new swine-flu vaccine are not expected to be ready before Oct. 15, and it will take a couple of weeks after receiving a shot for people to build immunity to the virus. Approximately 45 million to 52 million doses would be available, but the number of healthcare workers, pregnant women and others first in line for the vaccine totals about 159 million people. Also, officials have not yet determined whether one or two doses of the vaccine will be needed.
Remembering a Future That Many Feared
New York Times (09/11/09) P. A1; Kleinfield, N. R.
Soon after Sept. 11, 2001, many predicted that New York would be avoided by tourists and filled with patrolling soldiers and empty skyscrapers, all out of fear of another terrorist attack. Eight years later, however, the city appears to have recovered and moved on from the fearful future that never came to pass. American Express' headquarters remains at the southwest corner of West and Vesey Streets, while Verizon and Goldman Sachs have settled into the northeast and northwest corners, respectively. Times Square continues to be a popular location for tourists, and most businesses inhabiting high-risk buildings remain in the same locations as on 9/11. New firefighters were recruited when the ranks began to decline, but now there are 11,415 uniformed personnel, more than before the attacks.
Ahoy! Port
Security Products (09/09) Vol. 13, No. 9, P. 54; Rahfaldt, Kim
The Port of Houston, which attends to more than 150 private industrial firms along the Houston Ship Channel and is top-ranked in the United States in foreign water-borne tonnage, oversees the security of its own terminals. After Congress passed the Maritime Transportation Security Act of 2002, which mandates a biometric security key of any individual using unescorted access when entering fortified facility areas, the Port of Houston Authority, which owns the public facilities on the channel, successfully implemented a biometric authentication platform by the April 14 deadline. With TWIC, a tamper-resistant credential containing the employee's fingerprint and access code, PHA ensures that potentially nefarious individuals do not attain unauthorized access to secure sections of the country's maritime transportation network. "TWIC controls access to restricted areas, whether it's an entire terminal or a section of a terminal, but it's all based on access," said Bill Crews, security and emergency operations manager for the port. "Not every port employee has a TWIC. For example, those who work in the executive building in accounting, payroll and purchasing don't have a TWIC because they don't have a reason to go to a restricted area. Receiving a TWIC is based on job requirements and where staff interface with people."
Sears Required to Destroy Tracking Data
MediaPost.com (09/10/09) Davis, Wendy
A recent settlement agreement between Sears Holdings Management Corporation and consumers who downloaded tracking software between April 2007 and January 2008 was approved by the U.S. Federal Trade Commission (FTC). Sears did not admit wrongdoing and reiterated that consumers downloading the software were aware of the project and that their Web activity would be tracked; the consumers also were paid $10 each for downloading the software. The FTC action against Sears signals increasing efforts by the agency to crackdown on online privacy violations even when it is not clear that consumers were harmed. The American Insurance Association (AIA) and law firm Sidney Austin are concerned that the case will lead to new disclosure standards. "Before this case, one would likely have considered Sears' disclosures both legally valid and commonplace. The proposed Sears settlement is at odds with established industry and regulatory practice allowing consumers to opt in to contracts of their choice," noted Sidney Austin in a recent E-Commerce Law Daily article.
Security Is Late to the Offshore Party
Computerworld (09/07/09) Rice, J.F.
To its detriment, one company failed to consult its security manager before outsourcing a component of its HR department to an overseas contractor to cut down on costs. When two companies join their networks together, both organizations are responsible to make sure no party is privy to information outside its purview. This happens by setting up a firewall or limiting access control, and encryption is also recommended. In this case, the company outsourced the management of a highly-regulated area of its HR department to an overseas firm without consulting with the security manager. The security manager, if consulted, would have recommended placing the onus of guaranteeing secure services on the vendor. As it happened, the company did not do this and the outsourced vendor is asserting, understandably, that the client is responsible to cover any costs associated with information security. The company, of course, is not eager to spend money as the idea of contracting this function out to a third-party vendor was saving money.
Data Remains on Discarded Drives
Security Management (09/09) Vol. 53, No. 9, P. 44; Berrong, Stephanie
Though much media attention has been given to data storage security, companies and individuals around the world still neglect to adequately erase digital data from used or discarded hard drives, according to a study performed by researchers in the United States, Europe, and Australia. The researchers recently examined hard drives they purchased last year from eBay and other resale and auction sites. The hard drives were purchased from five countries: the United States, Germany, France, Australia, and the United Kingdom. The examination revealed that nearly two-thirds of all devices--64 percent--still contained data. "You would hope over a period of years that we would have started to notice significant improvements," says Andy Jones, chief information security researcher at British Telecommunications (BT), who oversees the research. But "despite the knowledge improving, despite the tools and techniques [for disposal] improving, we're pretty much seeing the same things as we saw four years ago," he adds.
SQL Vulnerability Leaves Passwords in the Clear, Researchers Say
Dark Reading (09/02/09) Wilson, Tim
Several versions of Microsoft SQL Server contain a vulnerability that could allow a user with administrative privileges to see other users' passwords, warn Sentrigo researchers. The researchers say that administrators can access all of the passwords used since the 2000 or 2005 versions of Microsoft SQL Server went online by reviewing its process memory. A hacker also could access the passwords by using an SQL injection attack, says Sentrigo's Slavik Markovich. The vulnerability has been partially corrected in SQL Server 2008, though an administrator with local access could still access the passwords by using a debugger. The vulnerability is worrisome because many people use the same passwords for a number of different applications and for personal accounts such as online banking accounts. Microsoft, which has been notified about the vulnerability, says the threat posed by the flaw is "minor" and has no plans to issue a specific patch to fix it.
Privacy Plug-In Fakes Out Facebook
Technology Review (09/09/09) Lemos, Robert
University of Waterloo, Ontario researchers have developed FaceCloak, a browser plug-in that shields social network users' private data from both malicious users and social network providers. Waterloo professor Urs Hengartner says the plug-in replaces sensitive information in a user's profile with news feeds and meaningless text that can only be unscrambled by trusted friends and contacts. Carnegie Mellon University (CMU) professor Alessandro Acquisti says most users are unaware of the privacy implications of posting personal information on social networking sites such as Facebook and MySpace. In 2005, Acquisti and fellow CMU researcher Ralph Gross found that almost 80 percent of Facebook users revealed their birthday and the majority provided public access to their real-world address, which could provide enough information to commit identity theft. Acquisti says users have recently started changing their access options to protect their information more carefully, but social network providers have not been good at protecting user privacy because monetizing personal information could result in millions of dollars in revenue. FaceCloak allows users to designate what information should be encrypted and made available only to friends. The user receives a secret access key and sends two other keys to friends. The keys are used to access the real information, which is stored on a separate server. Similar tools are being developed by other academic teams, including a Cornell University plug-in called None of Your Business that encrypts profile information so it can be read only by a small group of friends.
Abstracts Copyright © 2009 Information, Inc. Bethesda, MD |
|
No comments:
Post a Comment