• The Intelligence Triangle
    Security Management (09/14) Lane, Bryan

    All good corporate intelligence programs require a strong information requirement, access to data, and the tools and expertise to process the data. Those three components make up the intelligence triangle. Information requirements are the base of the triangle and are usually standing requirements, ad hoc requests, or information discovery projects. Information requirements may vary depending on who needs them, so they have to be prioritized within a business. These requirements should also become a part of daily business. Data gathering makes up one side of the triangle and supports intelligence programs by filling gaps in data. Data may include sales, financial statements, current events, and government policies. Data sharing throughout a company can ensure intelligence remains up to date. The final portion of the intelligence triangle is effective communication of the outcome of processed data. Using analytical and data visualization technology can help report information. Structured data is often the easiest to work with as it is information that can be categorized. Unstructured data can be harder to work with as it comes from free text. This form of data needs to be analyzed for a conclusion to be reached.

    Web Link

  • Reviewing Lessons on School Safety
    Security Management (08/14) Tarallo, Mark

    The Columbine shooting in 1999 changed the model for responding to school shootings. Assailants now operate more like terrorists, seeking body counts and media coverage, which leaves little time for the traditional police-response model of setting up a command post. Schools are preparing for active-shooter situations in several new ways, such as response training sessions for faculty and even students. Teachers are encouraged to think of three main options during a shooting: to hide, barricade, or evacuate. Some schools focus more on the physical security of the building or facility. Miller Place Union Free School District in New York upgraded physical security several years ago, improving its ability to go into lockdown by implementing a wireless proximity card-based locking system and applying a special film to all classroom door windows. The Columbine shooting also prompted efforts to address the root causes of violence. Paul Timm, PSP, president of RETA Security, advocates a comprehensive approach to school security that includes antibullying initiatives, drug-abuse programs, and dating-violence education, as well as mental-health education. Such interventions should go hand-in-hand with physical security measures.

    Web Link

  • JPMorgan and Other Banks Struck by Cyberattack
    New York Times (08/28/14) P. B1 Perlroth, Nicole

    JPMorgan Chase and at least four other U.S. banks were the targets of what security experts say was a sophisticated cyberattack. In a series of coordinated attacks this month, hackers infiltrated the banks’ networks and siphoned off gigabytes of data that included checking and savings account information. The FBI and several security firms are involved in the investigation, although the motivation and origin of the attacks remain unclear. Earlier this year, Dallas-based security firm iSight Partners warned that companies should be prepared for cyberattacks from Russia in retaliation for Western economic sanctions, but Adam Meyers, head of threat intelligence at security firm CrowdStrike, said it was too soon to suggest that sanctions were the motive behind the attacks. Hackers may have been after account information, or information about a possible merger or acquisition.

    Web Link |

    New Industry Group Tackles ATM Fraud
    BankInfoSecurity.com (08/20/14) Kitten, Tracy

    ATM manufacturers Diebold and Wincor Nixdorf are laying the groundwork for the formation of a new global industry group focused on thwarting ATM crime. The aim of this group is to establish industrywide technical standards for secure ATM terminals and ATM components and provide a platform for information sharing about attack scenarios and emerging threats, said Joerg Engelhardt, vice president of global product management for Diebold.

    Web Link |

    Security Becoming Less of a Luxury
    Security Management (08/14) Gips, Michael

    Security spending has seen significant growth since 2011, with healthy growth projected in both operational and IT security through 2017. An upcoming survey and report prepared by ASIS International and the Institute of Finance and Management, called “The United States Security Industry: Size and Scope, Insights, Trends, and Data, 2014-2017,” updates the original 2012 ASIS/IOFM survey. Private-sector spending jumped from $282 million in 2012 to $319 billion in 2013 to a projected $341 billion in 2014. Data drawn from surveys of 479 security end users, manufacturers, and service providers, predicts $377 billion in private-sector security spending in 2015, another 10 percent year-over-year increase. Most spending growth is driven by smaller firms with revenues of $1 million to $10 million. Operational security budgets for such businesses are expected to increase 17 percent from 2013 to 2015, with IT security expected to grow by 15 percent in the same period. Spending will include video surveillance, access control, alarm monitoring, IT security software, consulting services, employee screening, training, perimeter protection, and systems maintenance.

    Web Link |

    Tips and Strategies for Securing Datacenters
    Security Today (08/26/14) Hill, Ginger

    The first step in establishing data center security should focus on the physical security of the perimeter, which can add another layer of security between the data and potential hackers. Facilities should develop a physical security policy that every employee is aware of and follows. This may involve biometric access or security guards, as well as closed-circuit TV cameras facing each of the outside walls. Some cameras also should focus on the ceiling, which intruders may try to use to gain entry. Data centers should also separate loading and storage areas to prevent interference with the equipment. Servers should be protected even if they do not contain any data, as they are still susceptible to an attack if a malicious individual can gain physical access to install or implant hacking technology into servers. Facilities also should keep their power and network cabling neat, which can employees avoid mistakes that could compromise data integrity.

    Web Link

  • Jury to Decide if Cinemark Liable for Aurora Shootings
    Wall Street Journal (08/18/14) Schwartzel, Erich

    Judge R. Brooke Jackson of U.S. District Court in Colorado has ruled that a jury will decide whether movie-theater operator Cinemark Holdings is liable for the deaths of 12 moviegoers in the July 2012 shooting spree at its multiplex in Aurora, Colo. Cinemark sought to have the suit dismissed, arguing that the attack, in which James Holmes allegedly opened fire on a crowded theater, was so unprecedented that managers and security personnel could not have anticipated it. Jackson wrote in a decision Aug. 15 that he was “not convinced” by that argument, partly because recent mass shootings should have made theater owners aware that such incidents could take place on their properties as well. Attorneys provided evidence that Cinemark should have known or did know about the threat of a shooting, including a Department of Homeland Security briefing on theater security and the company’s own security protocol. On the night of the “Dark Knight Rises” opening, when the shooting took place, 80 of Cinemark’s theaters hired off-duty policemen or security personnel, but the Aurora location was not one of them.

    Web Link

« Previous Entries   

Recent Posts

Recent Comments