Friday, June 22, 2012

Security Management Weekly - June 22, 2012

header

  Learn more! ->   sm professional  

June 22, 2012
 
 
Corporate Security
Sponsored By:
  1. "Police End Toulouse Hostage-Taking, Detain 'Al-Qaeda' Gunman" France
  2. "University of Alberta Shooting Suspect Caught on U.S. Border"
  3. "Security Audit Secrets"
  4. "Access Control: In With the New"
  5. "The Value of Assessment" Qualified Risk Assessments and Security Process Optimization Assessments

Homeland Security
Sponsored By:
  1. "Taliban Storm Afghan Hotel, Kill 18 People"
  2. "Explosives Found at Swedish Nuclear Plant"
  3. "Obama Administration Pressed to Do More on Boko Haram Terror Designations"
  4. "NSA Delves Into Next Level of Data Analysis" National Security Agency
  5. "British Authorities Unveil Plan for Mass Electronic Surveillance"

Cyber Security
  1. "U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say"
  2. "Hackers Exploit Windows XML Core Services Flaw" Extensible Markup Language
  3. "BYOD Users Threaten IT Security: Fortinet" Bring Your Own Device
  4. "Cyber Security Threats, Infrastructure Sabotage Rising: McAfee"
  5. "Search Results May Deliver Tainted Links"

   

 
 
 

 


Police End Toulouse Hostage-Taking, Detain 'Al-Qaeda' Gunman
AFP (06/20/2012) Beaujouin, Dominique

French police have apprehended a suspect who took over a bank in Toulouse and held four hostages on Wednesday. The incident began that morning when the man, who has been identified as Setih Boumaza, walked into the CIC bank and asked for money. Boumaza then allegedly fired a shot and took several bank employees hostage, saying that he wanted to negotiate with the police unit that killed Mohamed Merah, the man who was behind a series of killings in Toulouse earlier this year. Boumaza, who had claimed to be a militant with al-Qaida connections, was eventually shot by police when he tried to leave the bank with one of his hostages. He returned to the bank and was arrested. No police officers nor any of the hostages were harmed.


University of Alberta Shooting Suspect Caught on U.S. Border
Guardian (United Kingdom) (06/16/12)

Travis Baumgartner, who was wanted for allegedly murdering three co-workers and injuring another during a robbery at a University of Alberta mall on Friday, was captured at the Washington state-Canada border on Saturday. Baumgartner and four other guards from G4S Cash Solutions were reloading cash into ATMs in the mall on Friday when a shooting was reported and four of the guards were found shot. It is assumed that Baumgartner shot his co-workers and then escaped with the cash. The crew's armored van was found abandoned, but idling near G4S's headquarters building. When Baumgartner was arrested at the border, he had a large of amount of money in his truck. According to G4S, Baumgartner had been on the job for only three months. He faces three counts of first degree murder and one count of attempted murder.


Security Audit Secrets
Security Management (06/01/12) Vol. 56, No. 6, P. 94 West, M. David; Reynolds, Devin G.

An organization's security program can gain value with a properly designed and executed audit, which can be used not only to find flaws, concerns, or weaknesses, but can also to optimize improvements and identify best practices. The Six Sigma approach developed by Motorola in the 1980s focuses on finding the causes of errors in a manufacturing process and removing them with quality control; though this does not make it the best choice for a security program, using a simplified version of one of Six Sigma's project methodologies can provide excellent results. The DMAIC process can easily be adapted to security program auditing by using a qualitative approach to provide structure for the creation of an effective security program audit. The process would "define" what is being audited, "measure" the internal and external requirements against standards of practice, "analyze" disparities, "improving" by proposing prevention and problem solving theories, and "control" by reasserting managerial responsibility. The SIPOC process looks at suppliers, inputs, processes, outputs, and customers, and is a better fit for auditing service-based programs like training and uniformed guard services. All deficiencies found in an audit must be corrected, and the results need to be given to senior management and the supervisory teams of audited departments; with detailed briefs and recommendations for improvement, as well as praise and criticism. An audit should be a tool that is regularly used often to monitor progress and change within the security program as a whole.


Access Control: In With the New
Security Magazine (06/12) Meyer, Claire

Two organizations were recently able to achieve a number of benefits by installing new access control systems. One of those organizations is the Falls Church (Va.) City Public School System, which replaced its individual client-based RedCloud system with a Web-based system. Seve Padilla, the school district's director of facility and security services, said that the school system decided to implement a new Web-based system rather than upgrade the existing system because it needed to replace its aging servers anyway, and because the Web-based system was much cheaper, since it did not require any additional hardware or replacements on the front end. One of the advantages to using RedCloud is that it allows Padilla to access the system from home in order to help on-site staff. Meanwhile, the Cuyahoga Community College (Tri-C) in Cleveland implemented an access control system from AMAG and Karpinski Engineering Consultants for its four campuses. The system combines alarm and video with its access control capabilities, which helps reduce false alarms. In addition, the system allows Tri-C's director of fire prevention and security systems, Richard Frank, to remotely access the same video surveillance feeds that dispatchers see so that he can help them perform the proper actions in response to a particular situation.


The Value of Assessment
SecurityInfoWatch.com (05/21/12) Worman, Ronald

Qualified risk assessments and security process optimization assessments can be valuable tools for CSOs looking to cut costs, improve efficiency, and better their organization's security process. According to Ronald Worman, founder and managing director of The Sage Group, a qualified risk assessment will provide leaders with a clear picture of the risks facing their organization, a rundown of the organization's ability to respond to those risks, and a financial quantification of the costs associated with them. A security process optimization assessment takes a more granular approach, focusing on the specifics of an organization's security infrastructure and capabilities. This includes detailed breakdowns of an organization's information technology capabilities, identity architecture, data aggregation, technology usage, and overall security infrastructure. A good security process optimization assessment allows a CSO or organization leader to see their security systems as a whole, as well as identifying and suggesting ways to better manage and store sensitive information, ensure compliance with existing regulations, streamline vendor interactions, and gauge the performance of employees, processes, and technology. According to Worman, commissioning a qualified risk assessment and a security process optimization assessment can help free up 5 to 20 percent of an organization's budget based on the information and suggestions the assessments provide.




Taliban Storm Afghan Hotel, Kill 18 People
Associated Press (06/22/12) Shah, Amir

Nearly 20 people were killed in a Taliban attack against a hotel located north of the Afghan capital of Kabul. The attack began late Thursday night, when five assailants armed with machine guns, rocket-propelled grenades, and explosive vests stormed the Spozhmai hotel and opened fire on guests who were having a late dinner. Some of the guests were able to escape from the attackers by jumping from windows into the hotel yard, while others hid under trees or dived into the nearby lake. Those who could not escape were held hostage. Afghan security forces and international troops, backed with air support from NATO helicopters, responded to the scene and engaged in a 12-hour-long gun battle with the attackers. The battle ended by mid-morning on Friday when all five of the attackers were shot and killed. Among the dead were 14 Afghan civilians, three security guards, and an Afghan police officer. A spokesman for the Taliban said that his group carried out the attack because foreigners at the hotel were drinking alcohol and engaging in other types of activities that are prohibited under Islam. However, Kabul police denied that assertion.


Explosives Found at Swedish Nuclear Plant
Wall Street Journal (06/21/12) Rolander, Niclas

Sweden's three nuclear power plants are under a state of elevated alert after explosive material was found on a truck at one of the plants on Wednesday. Security personnel at the Ringhals nuclear plant found the material--later identified by police as explosive, though lacking an ignition source of any kind--on a truck while conducting routine security checks, and police are treating the incident as a case of attempted sabotage. It is as of yet unclear how the explosive material got onto the truck and police are conducting questioning to determine where the material came from. The driver of the truck is not believed to have been involved. As a result of the discovery all of Sweden's three nuclear power plants are operating at their second lowest level alert as a precaution. The Ringhals plant is the largest of Sweden's nuclear power stations and produces roughly 20 percent of the nation's electricity.


Obama Administration Pressed to Do More on Boko Haram Terror Designations
The Hill (06/21/12) Pecquet, Julian

Two congressional leaders called on the Obama administration take further action against the Nigerian terrorist group Boko Haram after the State Department announced on Thursday that it had designated three of the group's leaders as terrorists. As a consequence of Thursday's announcement, U.S. property interests are unavailable to and U.S. citizens are barred from engaging in beneficial transactions with Boko Haram's most visible leaders: Abubakar Shekau, Abubakar Adam Kambar, and Khalid al-Barnawi. But, in a statement Reps. Peter King (R-N.Y.) and Patrick Meehan (R-Pa.), the chairmen of the House Committee on Homeland Security and its counterterrorism subpanel, respectively, renewed their calls on Secretary of State Hillary Clinton and the State Department to designate the entirety of Boko Haram as a Foreign Terror Organization (FTO). In describing the government's policy towards Boko Haram, which has killed over 1,000 people in Nigeria and has most recently attempted to use a series of church bombings to incite open conflict between the country's majority Muslim north and Christian south, King and Meehan said, "Nothing should be off the table; the U.S. Intelligence Community should have every available tool at its disposal to combat this group."


NSA Delves Into Next Level of Data Analysis
Government Computer News (06/14/12) Yasin, Rutrell

The National Security Agency has launched an effort to better track and record the origins and precision of data it collects, as well as its migration between databases, as the Intelligence Community attempts to combine and analyze data caches from multiple sources. The NSA's pilot initiative operates atop a big data, standard cloud framework that enables the agency to track the full data life cycle, according to NSA Information Assurance Directorate Technical Director Neal Ziring. Ziring said that big data technologies are essential to the Intelligence Community if it is to extract meaningful insights from the complex patterns and behaviors of increasingly sophisticated adversaries. Intelligence analysts frequently attempt to derive actionable knowledge from data, only to be hindered by constraints or restrictions. Ziring also explained that the Intelligence Community is focused on the standardization of the simplest aspects of the area of data provenance. Data provenance is a side challenge to managing constrained data, and data provenance technologies help organizations ascertain whether sensitive data has been exposed and supply metrics to help measure the data's reliability.


British Authorities Unveil Plan for Mass Electronic Surveillance
Associated Press (06/14/12) Satter, Raphael

British authorities have unveiled a plan to compile details about every email, phone call, and text message in the United Kingdom. The surveillance effort proposed in the bill would provide the British government with an unprecedented amount of information on citizens' daily lives. The proposal "will give the police and some other agencies access to data about online communications to tackle crime, exactly as they do now with mobile phone calls and texts, [and] unless you are a criminal, you have nothing to worry about from this new law," says Home Office secretary Theresa May. However, others say the proposal provides the government with access to too much personal data. The bill would force communications providers to gather vast amounts of information on their customers. Providers would be required to monitor where online communications were sent from, who they were sent to, and how large they were. The bill also calls for providers to collect Internet Protocol addresses, details of customers' electronic hardware, and subscriber information such as names, addresses, and payment information. The measure is currently in draft form, which means it is subject to change before it is presented to the Parliament.




U.S., Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say
Washington Post (06/20/12) Nakashima, Ellen; Miller, Greg ; Tate, Julie

Western officials say that the Flame virus, which was discovered last month following a cyber attack on the Iranian oil sector, was the work of the U.S. and Israel. Flame was reportedly developed by the National Security Agency--which has significant experience in developing malicious code that can be used against the nation's enemies--and the CIA's Information Operations Center. The Israeli military also assisted in the development of Flame, which Western officials say was intended to collect intelligence ahead of cyber attacks against Iran's nuclear program. Flame reportedly disguised itself as a Microsoft software update and was able to avoid being detected for a number of years by using a state-of-the-art program to break an encryption algorithm. After it infected Iran's computer networks, Flame was designed to secretly map and monitor those networks and send intelligence back to its handlers. Officials also say that Flame was part of the classified Olympic Games operation that included the Stuxnet virus as well. However, Flame was developed at least five years ago, before Stuxnet, experts say. According to Kaspersky Lab researcher Roel Schouwenberg, Flame was likely used as a "kickstarter" to help launch the Stuxnet project. Despite the discovery of the Flame virus, the NSA and the CIA are reportedly continuing to develop new cyber weapons.


Hackers Exploit Windows XML Core Services Flaw
CSO Online (06/20/12) Gonsalves, Antone

A previously disclosed flaw in Microsoft's XML Core Services 3.0, 4.0, and 6.0 was spotted being exploited in the wild, according to Sophos. Sophos reports finding a Web page exploiting the flaw on the site of an unidentified European medical company, which did not know it had been compromised. Other security researchers says they are not surprised to hear the flaw is being exploited in the wild, as unpatched software vulnerabilities that are revealed publicly become top priority for cybercrooks, who know that companies and people are slow to release patches and create workarounds. Rapid7 researcher Marcus Carey says the latest flaw is easy to exploit, in that a user only has to visit a Web site that has been compromised in order to trigger the attack on the user's machine. MSXML, which is a set of services used in building Windows-native XML-based applications, affects all releases of Windows and Office 2003 and 2007, and can be wielded by a successful attacker to gain full user rights to a PC, Microsoft says. Until a patch is released, the Microsoft workaround is the only way to combat hackers.


BYOD Users Threaten IT Security: Fortinet
eWeek (06/20/12) Eddy, Nathan

The first generation of Bring Your Own Device (BYOD) workers pose a potential threat to organizations, according to a worldwide Fortinet survey. One in three respondents said they would breach a company's security policy that prohibits them from using their personal devices at work or for work purposes. Among respondents in India, two in three said they would contravene a corporate policy or have done so in order to use their personal devices for work purposes. The survey indicated the leading driver of BYOD practices is that individuals can instantly access their preferred applications, particularly social media and private communications, and this generation of workers continually views the use of personal devices as a right instead of a privilege. Although 42 percent of respondents acknowledged potential data loss and exposure to malicious IT threats to be the predominant risk, this threat does not deter them from skirting corporate policies. Moreover, 66 percent of respondents consider themselves responsible for securing personal devices that are used for work processes, says Fortinet's Patrice Perche. He says organizations in this environment must wield control of their IT infrastructure by tightly securing both inbound and outbound access to the network and not rely solely on mobile device policies for end users.


Cyber Security Threats, Infrastructure Sabotage Rising: McAfee
eWeek (06/19/12) Eddy, Nathan

A new cybersecurity report issued by McAfee and the Pacific Northwest National Laboratory (PNNL) examines emerging cyberthreats and calls for a shift toward "security by design" in IT infrastructure. The study points to ever-expanding networks with more access points and more automation creating new vulnerabilities as security is applied haphazardly and piecemeal. The report also observes that cyberattacks have matured into a refined and carefully designed digital weapon for a specific purpose, and analyzes how emerging weaknesses of control systems continue to accelerate. PNNL's Philip Craig Jr. says the "maze of disparate, multi-vendor, and stacked security tools" used to protect networks and IT infrastructure today can at best delay the determined cyberattacker and at worst make their job easier, offering up unforeseen weaknesses for more skilled assailants to exploit." The report instead advocates security by design, a unified approach utilizing security features such as file integrity monitoring, hard disk read/write protection, and memory protection to create more secure systems. "Cybersecurity must be embedded into the systems and networks at the very beginning of the design process so that it becomes an integral part of the systems' functioning," says McAfee's Phyllis Scheck.


Search Results May Deliver Tainted Links
USA Today (06/18/12) Acohido, Byron

Whereas email used to be the primary vector for hackers and scammers to swindle people out of money and personal information or infect their computers with malware, a new analysis by Blue Coat Security Lab shows the target of choice has shifted from email to the links in search engine results. The survey, which analyzed the Web traffic of more than 75 million Internet users on home and corporate networks, found that users were now encountering 40 percent of scamming and infection attempts through links in search engine results, while email accounted for only 11.6 percent. Blue Coat's Chris Larsen says the shift came as users grew more savvy about not opening or following links in suspicious emails, but they did not make the same adjustment when it came to search results. The analysis also demonstrated that, contrary to what one might expect, most of the bad links used as vectors for phishing or infection actually turned up in results for relatively specific or esoteric searches, such as for generic letters of resignation or for defects in very specific appliance parts, making it easier to catch searchers off guard.


Abstracts Copyright © 2012 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment