| Store Security a Black Friday Challenge Arizona Republic (11/21/12) Randazzo, Ryan Numerous violent incidents at Black Friday retail events over the last several years have increased the need for more and better security during the frantic shopping holiday. Several incidents, including the death of a worker at a Long Island, N.Y., store in 2008 and the injury of a customer in an Arizona store last year, have prompted Wal-Mart to take new approaches to Black Friday. This year, in addition to increased security and police presence, Wal-Mart has developed a new security plan with the help of crowd-management experts. Where possible, Wal-Mart stores will not close between Thanksgiving and Black Friday in an effort to avoid the "door-busting" crowds that have been responsible for many injuries in past years. Discounted merchandise will be displayed throughout the stores on sealed pallets that will be opened at set times and customers seeking in-demand items like video games and electronics will be given tickets guaranteeing them the discount price on those items. Other locations are hiring increased numbers of in-store asset protection workers and private security staff, while also turning in increasing numbers to off-duty police officers to provide extra security. The Tempe, Ariz., police have reportedly increased requests for off-duty officers as early as Thursday and throughout the weekend. Workplace Violence Prompts Rising Concern Middletown Journal (Ohio) (11/18/12) Robinette, Eric The Occupational Safety and Health Administration (OSHA) has fined a nursing home in Fairfield, Ohio, $8,700 for failing to adequately protect its employees from workplace violence. The fine came after an OSHA investigation found that ResCare Inc. did not take sufficient measures to prevent attacks and injuries inflicted by potentially violent residents. ResCare has declined to comment on the situation, saying that it is working to resolve the matter with OSHA. The federal agency has been cracking down on workplace violence issues since issuing a compliance directive on the subject in late 2011. “This is a growing concern for OSHA, about what facilitates workplace violence … there have been a growing number of violations at certain facilities all across the country,” said Scott Allen, a spokesman for the U.S. Department of Labor, which oversees OSHA. The agency recommends that employers establish a zero-tolerance policy against violence by or for employees. It has also called on training for employees to recognize and diffuse violent situations and to encourage reporting to supervisors. Legalizing Marijuana: Workplace Drug Testing Expected to Remain the Norm WNCT-TV 9 (Greenville, NC) (11/13/12) Colorado and Washington state passed ballot referendums on Election Day that made recreational marijuana use legal, prompting some to wonder if potential employees in those states will still have to undergo drug tests before they can be hired. The Seattle Police Department said it has not yet changed its policy, but it said that it plans to review it. However, private firms say they will continue to require workers to pass drugs tests. Experts believe that standard drug testing policies in the two states will likely remain the norm since marijuana is still illegal under federal law. Executive Protection Training ASIS News Release (11/01/12) Anderson, Teresa Robert L. Oatman of R.L. Oatman and Associates says that his seven-day Executive Protection Training Program in Towson, Md., has changed over the years to reflect the changing face of executive protection. The biggest change, according to Oatman, is the use of smartphones, tablets, and GPS devices by security professionals. Oatman says that while such devices can be useful, it is easy to over-rely on them, and says he encourages his students to still plan out routes ahead of time. The seven-day program is limited to 32 students at a time, who receive individualized training from 18 instructors, most of whom are drawn from federal, state, and local law enforcement. Topics covered include everything from marksmanship to the legal issues surrounding a variety of use-of-force techniques, and a psychological discussion of the mind of an assassin. Oatman also provides several executive protection scenarios, including a recreation of the 2011 shooting of Arizona Congresswoman Gabrielle Giffords by Jared Loughner. Instructors take the roles of Loughner and Giffords and students are tasked with preventing the shooting. Preventing Employee Violence ASIS News Release (11/01/12) Spadanuta, Laura ASIS International and the Society for Human Resource Management (SHRM) offer guidelines for organizations looking to minimize and prevent the occurrence of workplace violence. The ASIS/SHRM standards focus primarily on educating employees and supervisors to recognize potential precursors of violence and creating policies and structures for reporting, assessing, and acting on these warning signs. The standards call for implementing reporting policies that allow for reporting without fear of retribution. Reporting should be anonymous and offer multiple channels so that reports cannot be easily shut out. This should be accompanied by training for both employees and managers and supervisors so that they know what sort of behaviors to be on the lookout for. Reports of potentially violent behavior should be referred to a threat assessment team for further investigation. The members of this team should receive professional training so that they can effectively parse reports for genuine cases of dangerous behavior and respond to them appropriately. Some steps that the assessment team can make include consulting with human resources and referring the employee in question to doctors and mental health professionals. The ASIS standards also call for ensuring the physical security of the workplace to defend against outside threats. U.S. Suspects' Alleged Terror Plot Beset By Hurdles, FBI Says Los Angeles Times (11/21/12) Willon, Phil ; Mather, Kate; Mozingo, Joe; et al. The federal complaint filed in a terrorism case in southern California shows that the four defendants faced a number of obstacles to their goal of joining al-Qaida and killing American and coalition troops. The complaint states that the man at the center of the alleged plot, Sohiel Kabir, traveled to Afghanistan in July and informed two of his alleged co-conspirators, Miguel Santana and Ralph Deleon, that they would join the Taliban before joining up with al-Qaida. But by August and September, Kabir was telling his co-defendants that the situation with al-Qaida had become "complicated" and that he felt he should travel to Yemen. Kabir later said that the fact that Santana, Deleon, and the fourth defendant, Arifeen Gojali, were traveling from the U.S. to Afghanistan was causing problems as well. Despite the confusion and problems with the plans allegedly developed by the four men, Santana, Deleon, and Gojali continued practicing and planning for jihad by playing paintball and visiting shooting ranges, authorities said. Santana also reportedly said that he wanted to attack a military base in Afghanistan using a truck laden with explosives. However, the FBI was able to foil the alleged plot by infiltrating the group. Santana, Gojali, and Deleon were arrested Nov. 16 after booking a flight from Mexico City to Istanbul, while Kabir was taken into custody in Kabul on Nov. 17. Intelligence Officials Edited Talking Points on Libya Attack Los Angeles Times (11/21/12) Dilanian, Ken Top intelligence officials on Tuesday revealed that authorities within the Office of the Director of National Intelligence (DNI), in consultation with the CIA, were responsible for editing unclassified CIA talking points on the Sept. 11 attack in Benghazi, Libya. The officials, speaking anonymously, said that the DNI authorities had removed references to "terrorism" and "al-Qaida" and the term "attack" from the talking points to protect information that at that time remained provisional and classified. "The adjustments were focused on producing talking points that provided the best information available at the time, protected sensitive details, and reflected the evolving nature of rapidly incoming intelligence," said one of the officials. This corroborates statements made by former CIA Director David Petraeus who testified before Congress last week that the reports of extremist links to the Benghazi attack had been removed from the talking points in an effort to avoid tipping off the attackers to how much U.S. intelligence already knew about them. Sen. John McCain (R-Ariz.), one of the most vocal critics of the Obama administration's reaction to and public statements about the Benghazi attack, reacted to the intelligence officials' account of the editing process by saying it left him "somewhat surprised and frustrated." Poland Thwarts Terror Attack on Top Leaders Associated Press (11/20/12) Gera, Vanessa Polish authorities on Tuesday announced the arrest of man who is alleged to have been planning to detonate a car bomb in front of the Parliament building in Warsaw, with the goal of killing the Polish president, prime minister, cabinet ministers, and members of the 460-seat lower chamber. Prosecutors said the man, who was not identified by name, was a chemist at the University of Agriculture in Krakow who was motivated by nationalism, xenophobia, and anti-semitism. The man was arrested on Nov. 9 along with two suspected accomplices, but prosecutors say he was not affiliated with any larger political or ideological group. Prosecutors say the man was already building and testing bombs and had planned to pack a car with four tons of explosives and then detonate it outside of the Parliament building when the heads of the government were all gathered there. Prosecutor Mariusz Krason said that the suspect had confessed to some, but not all of the charges against him, which include illegal possession of weapons and planning the assassination of state leaders. If convicted, the suspect could face up to five years in prison. Congress Wants to Know Who Created Benghazi 'Talking Points,' Why Terrorism Link Was Omitted Associated Press (11/19/12) Congress is trying to determine who played a part in developing the "talking points" that were used by U.N. Ambassador Susan Rice and other Obama administration officials in the aftermath of the attack on the U.S. diplomatic post in Benghazi on Sept. 11. Lawmakers also want to know why the final version of those talking points did not mention that the CIA had concluded that terrorists were behind the attack. Since the CIA's conclusion about the involvement of terrorists was omitted from the talking points, Rice and other Obama administration officials who used them continued to depict the Benghazi attack as an outgrowth of a spontaneous protest that had been sparked by an inflammatory anti-Muslim video on YouTube. Republicans in Congress have said that the inconsistencies between the information given in the talking points and the evidence that al-Qaida played a role in the attack are evidence of a cover-up by the Obama administration. Sen. Dianne Feinstein (D-Calif.), the chairwoman of the Senate Intelligence Committee, said that she does not believe that the talking points were changed for political reasons though she added that she is concerned about how the document was created when it became clear soon after the attack that the assault was not the result of a protest. The Obama administration, for its part, has said that intelligence agencies are the only ones who would have made any significant changes to the talking points. Deputy National Security Adviser Ben Rhodes said that the only change the White House made was to refer to the Benghazi compound as a "diplomatic facility" rather than a consulate. Petraeus: CIA Blamed Terrrorists for Libya Attack Associated Press (11/17/12) Dozier, Kimberly Testifying in closed-door proceedings before Congress on Nov. 16, former CIA Director Gen. David Petraeus told lawmakers that the CIA had suspected local Islamist militants and al-Qaida affiliates in the Sept. 11 attack in Benghazi, Libya, soon after the attack took place. According to an anonymous congressional staffer, Petraeus said that an initial draft of unclassified CIA talking points had referred to suspicions that the Islamist militia Ansar al-Shariah and the terror group al-Qaida in the Islamic Maghreb were involved in the attack, but that the names of these groups had been replaced by with the word "extremist" in the final draft of the talking points. U.N. Ambassador Susan Rice would later rely on those talking points while giving interviews on the attack later that week. According to Sen. Mark Udall (D-Colo.), this change was made during an editing process where the talking points were reviewed by top leaders from several intelligence and federal agencies. "The extremist description was put in because in an unclassified document you want to be careful who you identify as being involved." Other sources say the change was made so as to not tip off Ansar al-Shariah or AQIM about U.S. intelligence sources that could have identified them. Meanwhile, Republican and Democratic congressional leaders shut down calls from lawmakers including Sen. John McCain (R-Ariz.) seeking the formation of a Watergate-style congressional committee to investigate the Benghazi attack. Scientists Find Cheaper Way to Ensure Internet Security New York Times (11/20/12) Markoff, John Scientists at Toshiba and Cambridge University have used an advanced photodetector to extract weak photons from the torrents of light pulses carried by fiber-optic cables, in a technique that offers a less expensive way to ensure the security of the Internet. Based on quantum physics, the approach would make it possible to safely distribute secret keys necessary to scramble data over distances up to 56 miles. Although several quantum key distribution systems are commercially available, they rely on the need to transmit the quantum key separately from communication data, often in a separate optical fiber, which adds cost and complexity, says Toshiba Research Europe's Andrew J. Shields. Weaving quantum information into conventional networking data will lower the cost and simplify coding and decoding data. The system developed by Toshiba and Cambridge sends the quantum information over the same fiber, but isolates it in its own frequency. "We can pick out the quantum photons from the scattered light using their expected arrival time at the detector," Shields says. "The quantum signals hit the detector at precisely known times--every one nanosecond, while the arrival time of the scattered light is random." Anonymous Declares 'Cyberwar' on Israel CNN.com (11/20/12) Sutter, John D. The hacktivist collective Anonymous says that it has carried out a series of cyber attacks on Israeli targets in retaliation for Israel's attacks on the Gaza Strip. Messages sent out from an Anonymous Twitter account on Monday said that the group had defaced the Israeli versions of a number of Microsoft sites, including Bing, where visitors saw an anti-Israeli message instead of the search engine's normal homepage. The Israeli versions of MSN and Skype were also reportedly defaced by Anonymous hackers. In addition, Anonymous reportedly took several Web sites offline, deleted databases, and released e-mail addresses and passwords. Meanwhile, a Web page associated with Anonymous threatened a "cyberwar" against the Israeli government, saying that this month "will be a month to remember for the (Israel Defense Forces) and Internet security forces." Security experts are saying that the attacks show that Anonymous has moved beyond its traditional modus operandi of carrying out denial-of-service attacks against its targets. However, Israeli officials say that Anonymous' claims of taking down or defacing more than 650 Israel-based Web sites are largely untrue, as the group's attacks have mostly been unsuccessful. Israeli Finance Minister Yuval Steinitz said that the attacks have largely failed because of the investments the Israeli government has made in cyber security. Ever-Changing Data-Security Landscape Wall Street Journal (11/18/12) Osawa, Juro Symantec Corp. Vice President Bernard Kwok says that the face of information and data security is changing and that his company is working to adapt to a "holistic" approach to security. Kwok says that while the security of individual physical devices remains a priority, in the age of the cloud it is data security that matters most. The first step to properly protecting sensitive data, says Kwok, is determining what is sensitive and what is not. While it may be important to protect information like credit card numbers, e-mail account access, and intellectual property, Kwok says that the vast majority of most enterprises' data is usually highly "sharable" and that security efforts should be focused on identifying, locating, and protecting that data which is most sensitive. To this end, Kwok says Symantec is growing beyond antivirus to offer a broad array of services, including data-loss prevention, reputation-based security, authentication, and anti-theft and anti-hacking services. NYSE Hires Former Homeland Security Chief Reuters (11/16/12) NYSE Euronext recently confirmed that it had hired former Homeland Security Secretary Michael Chertoff in the wake of an internal Securities and Exchange Commission investigation that uncovered lax information security practices at an SEC office. The SEC investigation found that employees within the SEC's Trading and Markets Division, which is responsible for ensuring that exchanges are adequately protecting themselves from cyber threats, had failed to properly secure their own devices. SEC workers failed to install antivirus software or properly encrypt Apple products including laptops and iPads, while also using them for personal purposes including downloading music and online banking. While the SEC claimed in its report that no security breach had resulted from this laxness, NYSE employees say the exchange had its doubts and hired Chertoff, now an attorney with the Covington & Burling law firm, to investigate further. The NYSE allegedly believes the SEC investigation, carried out by the forensics firm Stroz Friedberg, did not go far enough and that several devices that hosted sensitive data about the network defenses of the exchange have not yet been examined to determine if a breach occurred. The NYSE is also seeking a copy of the Stroz Friedberg report and is protesting that it was not informed of the investigation sooner. PCI Council Publishes Risk-Assessment Rules for Card-Processing Networks Network World (11/16/12) Messmer, Ellen The PCI Security Standards Council has issued guidelines on how organizations should conduct an annual risk assessment if they store, process, or transmit payment card information. The guidelines provide information intended to explain what is expected under the rule DSS 12.1, which deals with risk assessment. "You need to do due diligence" not only on the security related to where the merchant's cardholder data is, but also with third-party processors, says PCI Council general manager Bob Russo. The guidelines refer to a few risk-assessment standards, such as the National Institute of Standards and Technology's 800-39 standard, ISO 2705, and the OCTAVE standard. The guidelines say "the risk-assessment process should include the people, processes, and technologies that are involved in the storage, processing, or transmission" of cardholder data. However, elements that might not be directly involved in processing cardholder data but could still impact the safety of it also should be considered, such as building security where cardholder data and processing exists. Meanwhile, Russo says the council has launched a certification program known as Qualified Integrated Re-Seller, which provides merchants with a list of technical specialists for installing payment applications. Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
1 comment:
You people have actually provided the best blogs that are easy to understand for the folks.
Keith W.
Post a Comment