Important Security Precepts

The concept of total security is fraught with problems. Perfect or absolute security is always the goal of security practitioners responsible for the protection of a facility or activity, but such a state of absolute security can never be fully obtained. The permutations to consider are in constant flux and calibrations and recalibrations are necessary. There is no asset so well protected that it can never be stolen, damaged, destroyed, or undermined by unauthorized individuals. For that reason a balanced, multilayered security program, informed and design after a thorough security vulnerability assessment provides protection against defined set of threats by informing the user of attempted intrusions and providing resistance to the would-be intruder’s attack paths. This resistance must be consistent around the intended asset protected perimeter area.

There are four main security elements that should be properly integrated in order to achieve a proper balance of physical security. They are:

• This is the process of detecting and locating intruders as far from the protected areas as feasible. Early detection gives the user more time for effective alarm assessment and execution of pre-planned response.

• Assessment is determining the cause of the alarm or recognizing the activity. This must be done as soon as possible after detection to prevent the intruder’s position from being lost.

• Intruders must be delayed long enough to prevent them from achieving their objectives before the response force can interdict them.

• A response force must be available, equipped, and trained to prevent the intruders from achieving their objective. The response time must be less than the delay time if the response force is to intercept the intruders before they achieve their objective.

Security in the news — Aftermath of Flight MH17

Source: http://dailym.ai/1yUKWnQ#i-2ba9f4cc7f12cb47 

The downing of Malaysia flight MH17 is an unprecedented attack on commercial aviation. I posted news report on tweeter as soon as the news broke, but waited to write about until there was at the very least some intelligent assessment of exactly what happened. The threat of a surface-to-air missile used by terrorist to target a commercial jetliner is not an unthinkable scenario that has not been consider my risk analyst before. In fact over the last 50 years there have been many other similar incidents which have occurred over conflict zones around the world. I can also recall at least one scenario which worried intelligence authorities related to terrorist groups intent on acquiring missile technology for such a gruesome plan during the aftermath of the 9-11 terrorist attacks on US soil. But in recent times the thought that a sophisticated weapons system, under the control of a State, should be put in the  hands of irregular actors would appear improbable and outside of all rules of engagement. That the same antiaircraft system should be trained on a passenger jetliner would be inconceivable; not any more. One thing appears clear, whether this was the result of a terrible accident or intentional action, the parties responsible should be severely punished as to discourage the indiscriminate use of such weapons in any armed conflict.

Some news media have attempted to lay fault on the airlines for flying over a popular air route which for months has been an increasingly escalating conflict zone. In fact, some airlines had made the risk calculus and opted to fly around Eastern Ukraine. It’s understood that after Ukrainian separatist rebels shot down Ukrainian military transport and a fighter jet using Russian made weapons just days before, some degree of caution should have been practiced by all airlines even in the absence of or limited no-fly zone. Perhaps this was a foreseeable black swan event, but the reality we were supposed to believe was that a commercial airline would be safe from such risk once a plane reaches cruising altitude above thirty two thousand feet, hence the ban on flights below that range for the Eastern part of the country. Furthermore even the current duty-of-care standards for commercial aviation fall short of accounting for such events. It’s difficult to fault an airline following the conventional wisdom, in the absence of guidelines, when you consider all these permutations.

No doubt this event is a game changer, and all commercial aviation stakeholders are rewriting their ops manual to involve geopolitical risk assessments from their security and risk management departments before a final decision is made on the air route to follow. We should prepare also for the potential for travel disruptions to come in the immediate future as conflicts flare up in a G-0 world struggling to define a new order. We’ve seen evidence of this just yesterday with many airlines suspending all flights to Tel Aviv’s Ben Gurion airport after reported rockets may have been aimed at the run-way following the renewed Israeli-Palestinian conflict on the Gaza Strip.

As we mourn for the victims of flight MH17, we’re also left with a sense of despair. Significant damaged has already been done to the confidence of air travelers when this terrible tragedy follows in the heels of another as yet unexplained commercial aviation accident involving Malaysia Airline flight MH370 . For a person skeptical of coincidences, is hard to come to terms with the fact that such terrible fate should revisit one single airline in a short period. Restoring confidence should be high on the list of all the stakeholders regardless of their powerful motivation to the contrary.

 

Getting out in time requires precision

Companies and organizations have several options for getting employees and others out of dangerous countries such as Iraq. For instance, they can rely on their respective country governments to get their people out of areas that are experiencing a crisis. However, private evacuations are often more efficient and faster than those handled by governments. Such private evacuations can be handled by insurance companies or evacuation companies like Anvil Group. Such security firms are hired to evacuate company staff or students abroad when crisis conditions reach a crescendo. Recent crisis events include the wave of violence stemming from political instability (the so-called Arab Spring) that swept the Middle East (Egypt, Tunisia, Libya, Syria, among others); the earthquake in Japan, as well as the Ukrainian and most recently the conflicts in Iraq.

 

Many organizations tapped Anvil Group after their insurance providers were unable to handle the evacuation. Some evacuations have only been partially handled due to failure to properly plan for specific scenarios, considering any and all modes of transportation, access to ports, border-crossing, save havens or other critical considerations. Such situations run the risk of placing people in harm’s way, which could be mitigated if evacuees have been advised to shelter-in-place until conditions were ripe for safe transfer to their country of origin or other safe locations.  Companies like Anvil Group are paid to consider all probable scenarios and develop robust, reliable plans that can be implemented often with very short notice. Because of the unpredictable nature of crisis events, organizations are advised to develop internal plans in coordination with the crisis mitigation firm; develop drills and table-top exercises based on credible scenarios. Companies are also encouraged to dispense with template documents that collect dust on shelves and instead develop practical, living-documents, easily scalable with logical steps that can facilitate activation during the crisis.

 

Country Risks Influence Security Levels

Source: http://www.riskmap.aon.co.uk/

Being exposed to different countries with varying risk levels, I’ developed a keen sense of the proper security layers that should be implemented. The most often asked question by company executives is as follows: Why are more resources invested in essentially identical business operations in different geographical locations?

The short answer is this, a country’s risk level is a fundamental external catalyst which added to the risk analysis enables decision making on the proper security layers to implement in the protection of people, assets and the well-being of all stakeholders. A number of different strategies are intertwined forming an effective protective fabric.  For instance, depending on your business activities (considering the difference between transporting valuables and commodities which require different mitigation strategies) in terms of duty of care for a broader geographical spectrum, few resources are allocated to staff protection in Alberta, Canada where the country risk level for violent criminal activities is relatively low, as opposed to Cairo, Egypt where political instability may trigger violent criminal acts (also considering the absence of or overreaction by state authorities), thus requiring more resources to assure the integrity of staff for on-going business operations. Even more resources would need to be invested if the risk levels reach a climax forcing business operations to be either temporarily or permanently interrupted.

Think of it as the layers and various fabrics that should be worn to protect yourself against the climatic elements. For instance, you’d be ill advised to don a heavy wool sweater or goose down jacket to the hot desert climate of Cairo for a business trip; just the same as you would not be fitted in a fashionable light linen shirt for a similar trip to Alberta at the height of the winter season. If traveling back and forth between these regions, care would be taken to wear the right clothing based on the prevailing climate. Equal permutations should be considered when tailoring the proper security strategies for these regions respectably and as mentioned before, based on your particular business operation.

 

Security in the news

 

While monitoring information channels, I came across a thought-provoking article related to the application of a robot, appropriately named Bob (As of now in the research stage) to the task of building security. The immediate reactions are to associate this adaptation of advance robotics andAi, setting aside the inherent weaknesses in this technology platform, with two very sensitive areas of our current economic model, that of replacing human labor with technology at a time when there remains soft pockets of labor markets in the global economy. There is also a more acidic view, that of another creepy intrusion of advance technology into personal privacy as such “droids” may lend themselves to abuse either willingly by its operators or unwillingly by malicious intrusion from hackers exploiting flaws in its software architecture.

But there is another reading to this. For years we in the security profession have been witnesses to the convergence of physical and logical security, where in many cases these two separate ops centers functioned seamlessly. In other words the same command and control centers that handle cybersecurity and other InfoSec countermeasures also integrate surveillance, access control and the human (security officer) interactions forming a concentric mesh of enterprise protection. I see the development of new nodes, such as robotic technology powered by the latest in artificial intelligence technology as an inevitable evolution in the converged ecosystem. The challenge will be to leverage the new technology to plug gaps in existing security programs with augmented nodes of information. For instance this would take the surveillance technology which is for the most part fixed on particular locations and make it mobile and interactive with people occupying the space where deployed. Furthermore, promising technology such as facial or pattern recognition which has yielded limited results in protection schemes could have more effective applications when loaded onto a roaming droid.

These are just quick reflections on this development. In time we can come up with more sophisticated approaches to the application of robotic technology to protection programs and more importantly in a way that’s not detrimental to our privacy and to the millions of men and women that depend on the security profession as a livelihood.

Read article:

Meet Bob, Britain’s First Robotic Security Guard http://dailym.ai/U6foMN

Daily Mail (United Kingdom) (06/16/14) Zolfagharifard, Ellie

_____________________________________________________________________________________________________

The tin can: CLICK HERE 

 

Name(required)

Email(required)

Website

Comment(required)

Submit

Δ

 

Reloading: a road-map to re-engage with readers

After a long hiatus, I feel the need to return to providing valuable security information through this blog. If you care to know, I have been immersed in a very exciting project with a MNC providing a full range of security services in challenging environment. Although I’m forbidden from disclosing confidential information regarding any of past, present and future companies I’m engage to provide these services, I see value in sharing with you all the methods by which a protection program is articulated. It’s my firm believe that this grain of sand not only contributes to the discussions of more resilient people, communities and enterprises.

It’s my sincere commitment to continue to provide more valuable information through frequent posts and interactive discussions on comments and Q&A sections.

Name(required)

Email(required)

Website

Comment(required)

Submit

Δ

Anarchism in the Age of Cyber

An important announcement from my LEO channel. I thought it important to share with everyone for monitoring:

For situational awareness, the following message (in italics) was posted online by the hacking group Anonymous:

Anonymous announces a nationwide “Day Of Vengence” to take place in dozens of cities across the USA on Saturday – September 24, 2011 at High Noon.

In coordination with these protests across the USA on September 24th, Anonymous and other cyber liberation groups will launch a series of cyber attacks against various targets including Wall Street, Corrupt Banking Institutions – and the NYC Police Department. We encourage the media to follow the Twitter feed @PLF2012 for ongoing reports throughout the day.

Additional public source information has identified possible targets of these attacks, to include entities in New York (state and city), public and private entities associated with the recent execution of Troy Davis in the state of Georgia, and law enforcement in general.

No further information is available at this time in regard to the specific nature, means, or potential targets of Anonymous’ plans for September 24th; however, in the past, Anonymous has engaged in distributed denial of service (DDoS) attacks, utilized SQL injection to gain unauthorized access to computer systems, conducted social engineering to gather personal identifying information, and released both personal information (i.e. “doxing”) and the contents of compromised systems (e.g. e-mail message content, passwords, etc.).

InfraGard members are encouraged to engage in information security best practices, such as using strong passwords, not reusing passwords, updating software to protect against known vulnerabilities, and ensuring that web-based applications are not at risk to attacks, such as SQL injection.

Deviant Flash Mobs: Manifestation of Social Ills to Come

By Francisco Mateo, CPP

Police Investigate Germantown Flash Mob

Flash mobs, a phenomenon that has evolved from the ubiquitous communication networks and the advent of social media, has lately been adopted by deviant mobs. It’s small wonder that the randomness and anonymity of flash mobs would be repurposed for criminal means. In fact, deviant youths have been late adopters, as flash mobs are the means by which many social related events are married to guerilla tactics for maximum impact. Criminal innovations in the social sphere are nothing new. Most criminal trends have their genesis in observed social behavior applied from a deviant perspective.

To understand the root causes at play here we ought to remember that with each new technological innovation (Coupled with the challenges of a growing global population and dwindling resources to sustain social order) we tend to relieve an episode of the Luddite rebellion. The main distinguishing factors is that in its original version the revolt had a marked character tied to a leader; in its latest reincarnation we see a hydra-like leaderless meta-groups leveraging the social communication networks to achieve their aims. These aims often times could not be separated from the deeply rooted issues of social inequality and deprivation which plague many communities in the developed world. The results are similar (As an expert on the subject would say “The internet’s output is data, but its product is freedom, lots and lots of freedom.”), a break from the social norms with roots based on perceived or real social inequality made manifest by a prolonged global recession.

The same technology that empowers an individual also creates malice, anti-social behavior spawned in part by social-economic stagnation. On the flip side of that is the application of technology to crime prevention and detection. On-line base detection options are available to business owners like the case of the retail store depicted above. Such technology has been in existence for a while. Recognizing the need to thwart such criminal trends, practitioners like ICG, Inc. through their iThreat Solutions platform have developed tools at the cutting edge of crime fighting on the wild-wild west of the cyber world.

I expect strains of the deviant flash mob phenomenon to propagate and become a trend globally; mainly because such tactics have already been in use all over the world. There is strength in numbers and these deviant youths have figured out there are ways to circumvent established social and crime controls. But technology gives to all and off-line crime control techniques have already evolved into the cyber sphere. Victims of deviant flash mobs should bare this fact in mind when they implement prevention and reaction plans.

When Economies Decline, Social Volatility Rises

For more than two years the question of sovereign debt has been festering as major economies struggle to nurse economies back to healthy growth levels. As first there was Greece, Dubai and others. Now, the list has grown r

Now the leading economies, with their backs against the wall, have launched ever deeper austerity measures, which now threaten to open the floodgates of pent-up social anxiety of sorts. The most recent manifestations, social unrest, (In Europe and the Middle East) appear to be spreading. Although many factors are contributing to these events, the underlying factors appear to be constant. High unemployment, as well as high inflation act as accelerant, fueling highly volatile conditions.

Some obvious questions that I asked myself more and more: what happens if the current sovereign debt problems continue to spread? What impacts would these events have on the protection of people, assets and reputation for public and private industry? For the untrained in global economics it’s difficult to make sense of the wild gyrations we’re experiencing and that are only getting more complex. To the extent that only a handful of people can understand the magnitude of the global economic crisis. We’re left with a partial picture of potential scenarios over the horizon; which we must draw upon to design strategic response.  Therein lies an important takeaway, we should question all of our assumptions and create contingencies for the most likely scenarios.

More about security strategy during social unrest: http://wp.me/pyuSR-7y

 

CONSIDER BEFORE YOUR SUMMER VACATION: 13 THINGS YOUR BURGLAR WON’T TELL YOU

13 THINGS YOUR BURGLAR WON’T TELL YOU

 

1. Of course I look familiar. I was here just last week cleaning your carpets, painting your shutters, or delivering your new refrigerator.

2. Hey, thanks for letting me use the bathroom when I was working in your yard  last week. While I was in there, I unlatched the back window to make my return a little easier.

3. Love those flowers. That tells me you have taste… and taste means there are nice things inside. Those yard toys your kids leave out always make me wonder what type of gaming system they have.

4. Yes, I really do look for newspapers piled up on the driveway. And I might  leave a pizza flyer in your front door to see how long it takes you to remove it..

5. If it snows while you’re out of town, get a neighbor to create car and foot  tracks into the house.. Virgin drifts in the driveway are a dead giveaway.

6. If decorative glass is part of your front entrance, don’t let your alarm company install the control pad where I can see if it’s set. That makes it too  easy.

7. A good security company alarms the window over the sink. And the windows on  the second floor, which often access the master bedroom – and your jewelry. It’s not a bad idea to put motion detectors up there too.

8. It’s raining, you’re fumbling with your umbrella, and you forget to lock your  door – understandable. But understand this: I don’t take a day off because of  bad weather.

9. I always knock first. If you answer, I’ll ask for directions somewhere or offer to clean your gutters. (Don’t take me up on it.)

10. Do you really think I won’t look in your sock drawer? I always check dresser drawers, the bedside table, and the medicine cabinet.

11. Here’s a helpful hint: I almost never go into kids’ rooms.

12. You’re right: I won’t have enough time to break into that safe where you keep your valuables. But if it’s not bolted down, I’ll take it with me.

13. A loud TV or radio can be a better deterrent than the best alarm system.