c-hq security services

RSS

Posts tagged with "security"

Feb 7

FOCUS ON CYBER-STALKING

Cyber stalking and cyber bullying are a similar crime in that the same techniques are used to intimidate the victim. Cyber bullying might be considered a lesser crime by the inference within the name. However, whatever label it has cyber-crime is still crime.

This article sets out to discuss some of the more basic issues related to cyber stalking and bullying. It differentiates these crimes from corporate or government cybercrime in that this article is intended to help individuals.

This form of crime has many challenges to overcome to prevent it or apprehend perpetrators. With the ever changing landscape of social media and advances in computing technology, the cyber-criminal adapts to find new ways to intimidate. It is important to remember that to protect ourselves, we must adapt as well.

METHODS OF INTIMIDATION
Identity theft – With a few simple details such as name and address a criminal can impersonate you. Given a date of birth and a password, the cyber-criminal can wreak havoc with your name by setting up online shopping accounts, interfere with online banking and hack in to social media accounts.

Data Attack – An unprotected computer and network provides a criminal with access to your data such as personal photos, letters, hobbies and interests. The data can be manipulated or destroyed or even read and used against a victim.

Scare tactics – A cyber-stalker hides behind the internet and to many this means that they are elusive and untouchable. By issuing threats and manipulating personal accounts, the bully seams powerful.

False accusation – A cyber-stalker may make false accusation via social media or free access web sites to try and incite others to abuse the victim. Adult content sites and accusations of paedophilic activity are common techniques for damaging the reputation of a victim.

There are many other known techniques that a cyber-stalker may employ from false victimisation to GPS tracking. E bombs will swamp your inbox with junk e-mail and micro cameras can record your activity. The YouTube society means that getting information broadcast is relatively easy.

HOW THEY TRACK YOU
The methods of information gathering employed by cyber-criminals are broad ranging. There are many free access websites that already post personal information about you for anybody to see. People tracing sites list your last registered address along with the other people that lived with you at the time. These sites also track your social media activity and any information that you may have posted such as photographs and blogs. Other websites such as property sites will declare when you bought your house and how much you paid for it. The cyber-criminal treats information like a jigsaw. The more pieces they have the bigger and clearer the picture becomes.

Phishing, key logging and spyware are all software applications that once installed on your computer can create a constant stream of your personal information to the outside world. These applications can be implanted by a seemingly innocent but rogue e-mail.

The cyber-criminal is not guaranteed to stay online. The area between cyber-stalker and stalker is grey. More serious accounts involve close contact tactics such as card skimming, GPS tracking and filming to gain information and intimidate their victims.

PROTECTING YOURSELF
Protection against the cyber-criminal is a difficult subject to address because of the shifting technology on the internet. There are three basic avenues of protection. The first is doing what you can to defend yourself from cyber intrusion. Secondly, if you are being stalked there are additional measures that you can take. The other is information gathering. If you are being bullied or stalked then proving the crime is often quite difficult.

VIGILANCE
• Password protect all of your accounts - use complex passwords
• Don’t use the same password for all accounts
• Install anti-virus and anti-spyware software
• Keep security software regularly updated
• Use advanced security settings
• If it’s on the internet and free it’s because you are the product
• Don’t carry security details in your wallet
• Be suspicious of unsolicited contact
• Be suspicious of unusual contact or content
• Never give out detail unless you are absolutely sure of integrity
• Regularly reset your passwords and PIN numbers
• Monitor your account activity
• Reset passwords if used on an unknown computer
• Be cautious of using geo-location services on your mobile phone
• Keep work and family activity separate
• Use encryption software to store data
• If you are suspicious, act quickly


SHUT THE GATES
• Reset all passwords and PIN numbers
• Check security software settings
• Create new e-mail and social media accounts
• Minimise use of cordless phones, baby monitors etc.
• Replace your mobile phone
• Review encryption software
• Regularly check your credit rating
• Regularly search your name on the internet


EVIDENCE GATHERING
It is critical to record times, dates and events by keeping a diary but to help the criminal investigation it is important to gather primary evidence. This is evidence gathered as close as possible to the source. There are electronic devices that can connect to your computer that record the time and date along with everything that happens on screen and everything that you enter on the keyboard. Software applications can indicate sources of malicious data through such techniques as e-mail and IP address tracing.

CONCLUSION
Protection is necessary to defend yourself from cyber-crime. Simple, user friendly tools and vigilance will go a long way to keeping you safe. If you are suspicious of a crime being committed then act quickly to alert the authorities, increase your defences and seek professional advice. Information gathering is key to resolving the issue. A crime without evidence is difficult to stop.


ABOUT C-HQ
c-hq provides effective technical advice based on the understanding of your threats, the associated hazards and their potential. We provide advice and guidance for the security of people and property, critical national infrastructure and the high security estate.

(Source: chqconsulting.co.uk)

Feb 2

Defining PSIM

PSIM as a concept emerged because end user managers of security environments cried out for better management of their security information. They wanted to be able to do with security data what every other business unit does with the data from their respective business units – that is, to make intelligent business decisions.

PSIM is a better, more flexible and much more useful way of managing security events and the information needed to respond to incidents than traditional command centre solutions.

THE CHALLENGE
Currently, improvisational, fragmented and off-the-cuff security management is the norm. It’s common to find security operations and traditional command-and-control centres using paper-based processes and not sharing information. Business units and IT departments rarely have access to data in corporate security departments. Events are managed separately.

Access-control-related events are monitored and managed separately from intrusion detection systems, and separate also from environmental sensors and other alerting systems. Often the people and systems are not even located in the same facility, inhibiting information sharing and correlation.

THE CONSIDERATIONS
Converged security and IT networks need to be managed to mitigate any risk of negative impact through the flood of data induced by an IP CCTV system.

Ensuring interoperability across different vendors’ devices/systems is a challenge. The physical security market as a whole lacks common, open standards. Thus, virtually, any deployment requires the development of new drivers to integrate various systems.

Choosing the right system. The capability to intelligently analyse and cross-reference incoming data represents a further challenge, most PSIM systems, still process individual alarms.

"PSIM is simply the security version of the larger, more important business tool of Information Management."

THE BENEFITS
PSIM principles may be used to produce better situational awareness, prompting better security and business decisions. Situation management software creates useful information out of raw video by contextualizing it (unifying video, alarm and sensor data) which improves situational awareness and makes incident responses more efficient.

Data management best practices are more pervasive now. Regulatory compliance and management best practices dictate that computer systems and data be handled in standardized ways. Security departments are, in general, not compliant with these best practices.

The PSIM system will aggregate, correlate and analyse data from various sources, including alarms, environmental sensors, intrusion-detection systems and video surveillance to ….

● Present a situational view of data.
● Guide standard operating procedures by documenting efficient best practices for every situation.
● Identify trends by searching through data from current and past events to create reports.
● Audit operator behaviour by recording all responses to all alerts for later analysis.

CONSLUSION
Physical Security Information Management systems provide specific security information based on intelligent analysis of data from a range of sensors from what would traditionally be disparate systems. It enables an organisation to manage risk and ensure that standard procedures are carried out at an enterprise level.

ABOUT C-HQ
c-hq provides effective technical advice based on the understanding of your threats, the associated hazards and their potential. Working in line with CPNI guidelines, we provide advice and guidance for the security of people and property, critical national infrastructure and the high security estate.

We provide support in the development and the design of your system. Producing schematics, schedules, interac-tion matrices and configuration tables as well as compliancy documentation and commercial selection.

An effective protection system protects more than just assets, it protects a business.

Credit:
Steve Hunt http://www.huntbi.com
Frost & Sullivan http://www.frost.com

Control Room Design

A suitable and proportional control room along with its associated areas is essential to the implementation of a robust security strategy. Operators will undertake a mixed range of tasks from VDU/GUI operation to producing reports and documentation. In order to achieve the most success from a security system, the control room must be designed with the operators in mind. Consideration should be given to the following.

   ● Security Policy
   ● Security Procedures
   ● Security Mechanisms
   ● Task Identification
   ● Time and Motion Analysis
   ● Sociotechnical Interfacing
   ● Proportional Accommodation
   ● Resilience
   ● Disaster Recovery
   ● Compliance with regulation and standards
   ● DDA Assessment

The control room suite should be located in a position where it cannot be isolated or compromised, as it must be able to continue to operate in the event of a serious disturbance. A Briefing Room may be necessary for management during a serious disturbance. The location of this room needs to have safe access for emergency personnel and services.

Access to a restroom/kitchen should be available. The staff toilets should ideally be separate male and female, but unisex toilets may be considered when space is at a premium.  A disabled toilet facility should be available as required by the DDA assessment. A staff shower room should ideally be provided incorporating sufficient dry area for changing and storage of clothes whilst showering.

Adequate space must be provided for the services that are essential for the operation of the control room. Adequate height must be provided to allow for raised floors. Raised floors and ceiling voids must be secured within the envelope of the control suite.

Lighting should be appropriate for all the tasks being performed. However, consideration needs to be given to reflection and glare on monitor screens.

The control room should be designed as a low noise environment with sound absorbing ceiling tiles, etc. The use of cross talk attenuation may need to be considered where ducts pass between separate rooms.

The ergonomics of the room needs careful consideration with respect to the positioning on monitors and display technology in relation to the operators. Headaches can result from and signle or combination of the following.

   ● Screen Glare
   ● Poor Image Quality
   ● Stress and Anxiety
   ● Long Periods of VDU use
   ● Poor Posture

The sociotechnical interfacing considerations should take in to account all of the above along with issues relating to watching images that don’t change very often, which can lead to “change blindness”. Black screen technology and PSIM solutions increase operator efficiency.

Control room design has many facets of consideration, from ergonomics to integration. Control room design, whether large or small must form part of the overall security strategy and mechanism.

(Source: chqconsulting.co.uk)

WHAT IS THE MOST RELIABLE BIOMETRIC TECHNOLOGY

I was recently asked which biometric technology I thought was most reliable. This is a relatively easy question to answer until I considered the wider issues of using it as a form of identification for access management and then trying to work out which technology is best.

Physical biometric identifiers are the distinctive and measurable characteristics used to identify individuals such as facial recognition, fingerprints, palm vein, iris and retina patterns etc.

The reliability of a technology tends to be the inverse of the social acceptance of that technology. Fingerprints are socially accepted with some resistance from those that associate them with criminal behaviour but they have a relatively high false positive or rejection rate. Which may be fine on a small access control system to a comms room but in an airport with thousands of passengers passing through on an hourly basis, a high percentage failure rate is unacceptable. Facial recognition is quite uncontroversial but equally has relatively high failure rates.

It is generally regarded that eye scans are the most reliable form of biometrics. However, technology such as iris and retina scanning appears to have more social resistance due to its perceived intrusive nature. For this reason iris scanning is now more prevalent than the deeper retina scan. The reliability of iris scanning was born out in a study carried out by the National Physics Laboratory some years ago, where is competed against six other technologies and won with the best false match and rejection ratios.

The problem is compounded by the fact that biometric systems provide”probabilistic results”. It is possible to get variable results due to technical issues and degradation of data, such as fingerprint damage for example. There is also evidence of ethnicity, age, sex and medical conditions affecting rejection rates. Having poorly installed and maintained systems combined with the deployment of biometric technology at airports and other high volume portals without understanding the biology of the population being screened could lead to long queues.

In conclusion, no single biometric trait has been identified as fully stable or distinctive and biometric reading technology should only be deployed with this in mind. False positives and reject rates need to be considered in line with the number and the biology of the users of the system.

(Source: chqconsulting.co.uk)

Access Control the Basics

ACCESS CONTROL

Electronic access control can be defined as any system that restricts access based on authority to enter. However, beyond this access control can restrict interaction with a resource. This area could include controlling access to a computer terminal or specific software.

OPERATIONAL REQUIREMENT

In order to maximise the benefits of your access control system it is important to establish some basic criteria as a starting point for the system design. The first of which is to define the problem and consider if electronic access control is the most appropriate response. Given that the answer is “yes it is”, it is critical to establish the operational requirements (OR) of the system.

  • The basic model for an OR is to establish the following information…
  • Site Plan – to identify areas of concern.
  • Statement of the Problem.
  • Stakeholder Liaison.
  • Risk Assessment.
  • Success Criteria.
  • Determine the Technical Solution.

With the OR in place it is then possible to design the most appropriate access control solution taking in to consideration that authorised personnel should not be impeded from their routine activities.

Level two of the OR should establish each portal to be controlled along with specific requirements such as emergency exit, manual override, time zones, alarm conditions and response.

Finally, the response to access control information needs to be considered. Who will monitor it, where from, what training do they need and are there any legal issues associated with discrimination and data protection?

SYSTEM DESIGN

 

There are many technologies available that validate a user as having the authority to proceed.

  • RFID cards and tokens.
  • Smart Cards.
  • Fingerprint.
  • Palm print.
  • Iris Scan.
  • Facial Recognition.

These “readers” will need to connect to a control device that holds the access data and controls the locking method. The controller needs to be intelligent in its own right and not rely upon connection with a software application running on a remote computer or server. The selection of the door controller is dependent upon the number of people logged on the system, the level of security required and whether the system will be managed either locally or remotely. These elements must be established early in the Operational Requirement to ensure that the system is appropriate and not over engineered.

Door hardware needs to be considered to ensure that a suitable locking and override method is deployed. Access through a door will be granted by either applying or removing power to an electric release mechanism. Where emergency exit is required, the locking device must be fail safe and be wired in series with an emergency release mechanism such as a break-glass unit or a fire-panel relay. Higher security doors that are not emergency exit may be fitted with fail secure locks so that if the power is removed, the door remains locked. The type of electric lock mechanism will depend on the type of door.

The door should be fitted with a sensor so that the access control system can report a range of conditions such as…

  • Door secure.
  • Door Insecure.
  • Door Held Open.
  • Door Forced Open.

DISCRIMINATION

Great care should be taken when designing any access control system to ensure that the reader and barrier technology can be operated by both able and less able people. It may be necessary to consider reader mounting heights, hands free cards or coded transmitters to overcome discrimination issues.

SECURITY ISSUES

Access control is just what it says “access control “. It does not necessarily secure a portal because of the risk of someone following an authorised person through or a door being held open. There are techniques to reduce this risk that need to be considered in the system design and overall access control philosophy.

Access control cards can be vulnerable to cyber-attack but more likely lost or abused.

(Source: chqconsulting.co.uk)

Bogus security guard arrest http://ping.fm/u5nDz security

CCTV: what trends can we expect in 2011? http://ping.fm/bwYSB CCTV SECURITY

Rob Whiteman

appointed CEO of UK Border Agency
http://www.info4security.com/story.asp?sectioncode=16

&storycode=4127755