We upload articles and security issues from various sources for your convenience to our website.  However, if you'd like to receive our E-Newsletter and such articles direct to your inbox, click here to be added to our database. Security Engineers is a member of ASIS International - The Premier Organization for Security Professionals,  and highly recommends their site for up to date information relating to the security industry. You can access their web site at http://www.asisonline.org/   HOT TOPICS AND ARTICLES  Improving security means selling the benefits Zoo upgrades to protect visitors, improves research and animal husbandry in the process By Leischen Stelter - 02.05.2010   PITTSBURGH-Security professionals have long struggled to obtain necessary funding because security alone rarely results in much (if any) return on investment. However, more and more security professionals are finding ways to prove that security can do more than protect people and assets and, in this case, animals. When the Pittsburg Zoo originally installed a video surveillance system on its 77-acre habitat, it discovered it wasn't getting the images it needed to properly secure the grounds and was having difficulties retrieving and storing footage on its existing network. To address this, the zoo installed an intelligent network video recorder platform from TimeSight, which provided the zoo with higher-quality footage and storage capabilities to better monitor activities of its visitors as well as its animals. Along with improved monitoring of visitor activity, the surveillance system has improved the zoo's animal husbandry capabilities. "We have birthing dens and we don't want to interrupt the animal because it's wild and we don't want them to be frightened and [the video system] is a way for us to see what they're doing and how the babies are doing and the birthing process," said Connie George, director of marketing and public relations at Pittsburgh Zoo. Having better access means researchers can better document the health and well-being of its animals as well. "With our ability to store the information for long periods of time, we can now look back and track an animal's health and see trends developing, which is important because animals don't say, ‘My knees hurt,'" she said. Plus, having high-resolution video available means the zoo has better footage to send to news channels, for example, which can improve its marketing efforts and likely increase its bottom line. But getting to this point wasn't easy. One of the zoo's primary challenges was having the infrastructure in place to support video. "We tried different systems and obviously when video is streaming across a network bandwidth can be a problem," said Doug Jones, manager of information services at the Pittsburgh Zoo. With the TimeSight installation Jones said that concerns about bandwidth have been minimized. "It's scalable in how the data is stored and collected and how it comes from the camera and is pushed out," he said. This system also allows the zoo to assign viewing capabilities of certain cameras to specific people. "We don't want just anyone watching cameras so key people are given access to cameras," said Jones. For example, polar bear keepers are given permission to watch polar bears, but not elephants. But the zoo isn't alone in its storage and compression woes. "Ninety percent of cameras are not giving as good of quality as they could," said Charles Foley, CEO of TimeSight Systems. "They were having to dial up compression and down resolution because they had to fit so much on the NVR." Instead, TimeSight uses a lifecycle approach to video, recording at a higher resolution up front and, as the video ages, it continues to compress it over time to improve storage capabilities. Now that the zoo has improved its surveillance capabilities it plans to continue the expansion. "You don't know about the potential of cameras until you have them on the property and you don't think you need it and then you turn one on and then two on and suddenly it becomes really important and now it's nice to know we can add 10 at a time," said Jones. Stickups and Burglaries Are On the Rise - at Work Wall Street Journal (11/16/09) Needleman, Sarah E. Corporate offices have seen an increase in robberies as traditional cash-heavy businesses, such as banks or convenience stores, have stepped-up security to avoid becoming targets during the recession. Many of these robberies involved small companies with ground-level offices that offer easy access for thieves. According to FBI statistics, the number of annual reported burglaries increased 3.4 percent between 2004 and 2008. Sometimes the perpetrators are armed, heightening fear among office workers. Office thieves can be hard to detect at first glance. In the past year and a half, intruders got into Crosby-Volmer International Communications LLC's Washington, D.C., office three times during normal business hours. "All of these people had on ties and were wearing dress pants," says Robert Volmer, president of the public-relations firm. "People in offices tend to give [strangers] the benefit of the doubt." Volmer e-mailed a letter of complaint to the building's owner, Blake Real Estate Inc., in July but says he hasn't seen any signs of increased security. Stephen Lustgarten, Blake Real Estate's executive vice president, says, "The crime in that building would be no higher than any other urban environment in Washington. [Crosby-Volmer employees] left their back door open and unattended which is why they had a problem." After receiving the complaint e-mail, Lustgarten says the company briefed tenants on how to prevent future incidents by reminding them to be prudent, and avoid leaving personal items and entrances unattended. Crisis Care Network Inc. provided counseling to employees at 206 workplaces following incidences of armed robbery in the third quarter of 2009, a significant uptick from the 185 workplaces the company counseled during the same time in 2008. Experts say the actual increase in robberies may be higher than the counseling network's figures indicate since such organizations are often only called in when employee's lives have been threatened. In light of these figures, companies who may not be traditional theft targets are encouraged to enhance their security measures. Web Link More Job Seekers Scramble To Erase Their Criminal Past Wall Street Journal (11/12/09) Belkin, Douglas Due to increased corporate background checks and the continually tight job market, many job hunters are looking to legally clear their criminal records. Michigan state police report that they will set aside 46 percent more convictions in 2009 than in 2008 while Oregon expects to set aside 33 percent more. In addition, Florida says it sealed and expunged 43 percent more convictions. Attorneys report that past offenses are increasingly being discovered, and hindering employment rates, for both blue-collar and middle-class applicants with solid work histories. Background checks have become more commonplace since Sept. 11. More than 80 percent of companies performed checks in 2006, compared to fewer than 50 percent in 1998, according to the Society for Human Resource Management. Employers defend these background checks, saying that liability from workplace theft and on-the-job violence are both major concerns, particularly in the current economic climate. In addition to rising background checks, the number of Americans who have been arrested has increased significantly in the past 50 years. In 1967, 50 percent of American men had been arrested. Since that time arrests made largely in connection to domestic violence and illegal drugs have pushed that percentage to 60 percent. Web Link What to Do When Workplace Tensions Turn Violent Globe and Mail (CAN) (11/09/09) Boesveld, Sarah There are a number of steps companies and their employees can take to prevent workplace violence, experts say. For instance, victims of non-physical workplace aggression should stand up for themselves, said Chris Hinkle, the president of a Barrie, Ontario-based consultancy firm that specializes in workplace violence prevention. Victims and observers of hostile interactions should write down all the details of those interactions, including times, dates, and what was said, to help with any investigation that may be launched. In addition, managers should take an aggressive employee aside and discuss the conflict he is having with the victim, Hinkle said. Employers and employee should also watch for red flags that could lead to aggressive behavior, such as swearing, agitation, and threats, said Kevin Kelloway, a professor of psychology at Saint Mary's University in Halifax. He added that any threats, whether they seem serious or not, need to be taken seriously. Web Link Building Security: 7 Basic Blunders CSO Online (10/01/09) Vol. 8, No. 8, P. 22; Goodchild, Joan There are seven mistakes security managers commonly make that compromise the physical sureness of their buildings. First is assembling a guard services contract without inside knowledge of how the company is managed. Second is prioritizing appearance and aesthetics over effectiveness. Tim Giles, a security consultant and former head of IBM's security operations in the U.S. and Canada, says technologies such as hidden cameras and ground-level lighting are often pretty to look at, but do little for perimeter security. A third misstep is failing to secure all of a building's entrances. "Every door is another opportunity to get in," Giles reminds. Fourth, allowing upper-level managers and executives to be lax on the rules, such as monitoring other employees to see if they are wearing ID badges. Fifth is neglecting to properly learn new security technologies. "Companies will have a contractor come in an install the cameras, and then there is no follow up to learn how to really use it," Giles says. A sixth error is failing to lock and secure critical rooms within a building. Overdoing security is another frequent misstep committed by security managers. "I'm opposed to going into a facility and having them do as much security as they can do," he said. "If you overdo it to where it doesn't make sense, within six months people will have figured out ways to get around security and it will be a waste of money. It has to match the risk and culture of the business." Web Link House Panel Approves Chemical Plant Security Measure Congressional Quarterly Today (10/14/09) Nylen, Leah The U.S. House Energy and Environment Subcommittee has approved legislation that would add new requirements to chemical facility security regulations by mandating the use of safer technologies. The legislation would give the Department of Homeland Security (DHS) the authority to conduct vulnerability assessments and establish security standards for chemical facilities to address potential terrorist threats. A law passed in 2007 gave temporary authority to the DHS to issue regulations for high-risk chemical plants, and to close plants for non-compliance. The temporary authority was scheduled to expire on Sept. 30, but was extended through the end of October. The new legislation would make that authority permanent, and authorize $900 million in fiscal 2011 through 2013, of which $225 million would be allocated to creating strategies for reducing the consequences of a terrorist attack. The bill would also allow the DHS to require companies to use safety methods, like substituting chemicals or changing processes of storage facilities, to reduce the impact of a terrorist attack. The DHS could only require changes if those changes would significantly reduce the possibility of death and are technically and economically feasible for the company. Part of the bill, which would allow civilians to file lawsuits against companies for violating security standards, or against the DHS for improperly enforcing them, has been heavily opposed by Republicans, who argue that chemical facilities are too complex for outsiders to know when there has been a violation. A recent amendment to the legislation created a process citizens could use to petition the department to better enforce security standards. The amendment also added a section that would make it a federal crime for an individual to purposefully release protected information on a chemical facility's security features. Web Link Stop That (Solar) Thief Wall Street Journal (10/19/09) Simon, Stephanie Expensive solar panel arrays have become a major target of theft as demand for solar power increases. In response to this surge in photovoltaic theft, a number of companies are now offering new security products designed specifically to protect solar panels. These panels make such attractive targets because they are relatively easy to remove and, in a couple of hours of work, thieves can remove an average of 40 to 50 panels that can then be sold for a few hundred dollars each on the black market. Most installers say that security is vital to solar arrays, particularly those located in remote areas or in office parks that are mostly unoccupied on the weekend. In order to combat these thefts, Heliotex has created special screws that make the panels harder to remove. The bolts of these screws are created in an odd pattern, which can only be opened using a unique key. Another company, CodeSource of Denton, Texas, has created a labeling system for the panels that can record panel barcodes and make them easier for law enforcement to track. Unlike most labels, when the CodeSource label is removed, it leaves behind a residue of the bar code that can still be seen under ultraviolet light. Finally, there is Gridlock Solar Security, which is based out of Santa Rosa, Calif. They offer an alarm system wired through each solar panel that goes off if the panels are disturbed. At the same time, the system, which costs between $995 and $2,300 automatically, calls several programmed numbers, including the owner's cell phone or the police. Web Link DHS Taps ASIS, NFPA, BSI Private-Sector Preparedness Standards Security Management (10/09) Straw, Joseph Homeland Security Secretary Janet Napolitano announced Thursday that her department has proposed using three existing emergency management and business continuity standards under its Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep), which aims to develop a comprehensive standard that will help private companies to respond to disasters. Among the standards that were chosen was the ANSI/ASIS Organizational Resilience American National Standard, which helps organizations tailor their preparedness needs to meet their business needs, said Michael R. Cummings, the president of ASIS International. In addition, DHS also chose the National Fire Protection Association Standard on Disaster/Emergency Management and Business Continuity Programs and the British Standards Institute's business continuity standard. Elements of the three standards will be integrated to meet the needs of certain stakeholders, such as small businesses. Once the PS-Prep standards are completed, the ANSI-ASQ National Accreditation Board will develop and oversee the certification process, handle the accreditation, and accredit qualified third parties to perform the certification under the accepted procedures of the program. DHS is asking those who want to comment on the standards to do so by Nov. 15, though it has said that it plans to keep the docket open after that date. Web Link Legal Considerations for H1N1 at Work Buffalo Business First (10/02/09) Chandler, Matt As a U.S. H1N1 virus outbreak grows more imminent, companies are beginning to consider their risk exposures and potential liabilities and their responsibility to protect employees. Though the majority of legal experts agree that the odds of bringing a suit against a company after contracting the swine flu at work are low, possible errors in the way the human resources department handles the outbreak could open the liability flood gates. Failing to create sound outbreak response policies can not only lead to panic, but disagreement among senior leaders and possible discrimination suits, says labor law specialist Ginger Schroder, founder and partner of Schroder Joseph & Associates. "Employers also need to be concerned about what kind of communications procedures are they going to have for sharing information about individual employees' illnesses," she explained, adding that a thorough contingency policy could address that point. "The precautionary measures (can be put) in place without having to disclose confidential information about each employee and their particular situation." Regardless of precautions, employers could still face litigation under Occupational Health and Safety Administration regulations, which call for a healthy and safety work environment for all workers. Web Link  Fostering Awareness Security Management (10/09) Vol. 53, No. 10, P. 108; Kelly, Lee Although implementing and maintaining security technologies and policies are an important part of efforts to protect sensitive corporate data, companies can also reduce security threats to their information by providing their employees with security awareness training. An effective security awareness program should be tailored to the different types of employees a company may have. Although all employees should receive the same basic security awareness training, some employees--including those in the IT and security departments--should receive additional training designed specifically for them. IT employees, for example, need to be educated about which information is sensitive and needs the most protection, while security employees should be trained on what types of suspicious activity to look for and how to respond to security breaches, among other things. In addition to being tailored to the various types of employees, effective security awareness training programs should also incorporate new methods for informing workers about security programs, including the use of messages from managers delivered to employees via printed media such as the corporate newsletter or bulletin board notices. Managers may also want to consider using Internet-based meeting software to communicate with employees who are not in the office on a regular basis and using data from security applications to illustrate data security rules. In addition, security awareness training programs should provide incentives for employees who follow security policies. Finally, security training programs should include metrics that help managers see how they are valuable. Web Link  Uncertainty About Job May Be a Cause of Workplace Violence Hartford Courant (CT) (09/28/09) Megan, Kathleen Although the number of workplace homicides is on the decline, the number of incidents of threatening behavior at work is on the rise. According to Larry Barton, the president of The American College in Bryn Mawr, Pa., and an expert on workplace violence, the number of incidents of threatening behavior rose roughly 26 percent between June 2008 and June 2009. Barton said the poor economy is likely to blame for the increase, since it has created more insecurity in the workplace and stress that could cause "some fractures in [employees'] personalities." Barton also noted that anyone could potentially be a perpetrator of workplace violence, though he said the most dangerous person in the workplace is someone he referred to as "the grievance collector," or someone who gets angry about problems in the workplace and cannot let that anger go. However, there are a number of steps that employers can take to prevent such employees from committing violent acts at work, experts say. For instance, employers need to pay close attention to employees' behaviors and emotions, since anyone has the potential to become aggressive in the workplace, said Jodi Jacobson, an assistant professor at the school of social work at the University of Maryland. She also noted that employers need to listen to employees' concerns about colleagues who display troubling behavior, and create a corporate culture in which such concerns can be raised without being perceived as a tattle-tale. Web Link Investigation Mandate Grows -- So Does Liability for Doing Them Wrong Security Director's Report (10/09) Vol. 2009, No. 10, Workplace investigations involving employee misconduct have been complicated by numerous federal corporate governance and financial disclosure laws like Sarbanes-Oxley and the Foreign Corrupt Practices Act, as well as new security laws at the state level and new accounting rules. To minimize liability, companies should address the investigation process before an investigation is needed. Companies should have a plan to coordinate investigators, records managers, and information technology staff with regard to electronic information storage, e-mail accessibility, and backups. They should conduct an audit of the communication devices and tools used by employees, such as instant messaging and text messaging on cell phones and Blackberries, since the company's ability to access the communications transmitted on these devices depends on who owns them. A workplace privacy policy is crucial, as employees can bring claims against companies for violating their privacy. However, employees cannot reasonably expect privacy or privilege when employers distribute notices that ban the use of company systems for personal use; deny personal privacy with regard to information stored, created, or sent via company e-mail, voice mail, or Internet; and indicate that the company can monitor all data on its systems. Additionally, during the beginning stages of the investigation, investigators should determine the individuals who may have relevant documents and information in their possession; create a plan to assemble pertinent documents from the systems and employees involved in the investigation; select interviewers who have no ties to the investigation; and ensure privacy policies are up to date, have been distributed, and are enforced. Web Link Investigation Mandate Grows -- So Does Liability for Doing Them Wrong Security Director's Report (10/09) Vol. 2009, No. 10, Workplace investigations involving employee misconduct have been complicated by numerous federal corporate governance and financial disclosure laws like Sarbanes-Oxley and the Foreign Corrupt Practices Act, as well as new security laws at the state level and new accounting rules. To minimize liability, companies should address the investigation process before an investigation is needed. Companies should have a plan to coordinate investigators, records managers, and information technology staff with regard to electronic information storage, e-mail accessibility, and backups. They should conduct an audit of the communication devices and tools used by employees, such as instant messaging and text messaging on cell phones and Blackberries, since the company's ability to access the communications transmitted on these devices depends on who owns them. A workplace privacy policy is crucial, as employees can bring claims against companies for violating their privacy. However, employees cannot reasonably expect privacy or privilege when employers distribute notices that ban the use of company systems for personal use; deny personal privacy with regard to information stored, created, or sent via company e-mail, voice mail, or Internet; and indicate that the company can monitor all data on its systems. Additionally, during the beginning stages of the investigation, investigators should determine the individuals who may have relevant documents and information in their possession; create a plan to assemble pertinent documents from the systems and employees involved in the investigation; select interviewers who have no ties to the investigation; and ensure privacy policies are up to date, have been distributed, and are enforced. Web Link   Microsoft Offers Free Security Essentials InformationWeek (09/29/09) McDougall, Paul Microsoft on Tuesday introduced Microsoft Security Essentials, a free anti-virus application for PCs running Windows XP SP2 and later versions of the operating system. The service, which replaces Microsoft's subscription-based Windows Live OneCare security service, uses a new technology called Dynamic Signature Service to constantly update its malware detection capabilities and keep computers protected from the latest security threats. Microsoft says it is releasing the software because doing so will reduce the number of unprotected computers and keep the Windows environment free of viruses. However, Microsoft's competitors could see the move as an attempt by the company to dominate the anti-virus market by bundling security software with Windows, though the extent to which Microsoft will promote Security Essentials as the default anti-virus software in its new Windows 7 operating system remains unclear. Web Link 'Clear' Security Service May Return at Airports New York Times (09/30/09) Stone, Brad Customers of Verified Identity Pass (VIP) were denied refunds when the company ceased operations in June, based on assertions that it did not have the available cash to do so. However, it now appears that former customers will be able to reinstate their memberships in the Clear program. California-based investment group, Henry Inc., has signed a letter of intent with Morgan Stanley, VIP's largest debt holder, to buy its assets and re-open the Clear security-service program at airports. According to Kurtis Fechtmeyer, who heads the group, Henry plans to have the Clear program back online as soon as the holiday travel season. At that time former members of Clear will be given the option to rejoin with their already-paid memberships intact. If some members choose not to sign up, Fechtmeyer says, their personal information will be destroyed. Web Link "Coping With Catastrophe: The First 24 Hours" Risk Management (07/05) Vol. 52, No. 7, P. 44 ; Davis, Brian A.; Walters, T. Danielle Every company should prepare for a potential workplace emergency, as small problems can easily turn into a crisis if they are not prepared for or effectively dealt with from the beginning. Having a plan that spells out what the company will do in the event of an emergency and who will do it can help to limit the damage and speed up the recovery process. Companies should decide in advance who will be their primary liaison with emergency officials in the event of an emergency. These officials should be prepared to speak up if they feel that emergency responders are handling the situation unsafely, as a company can often be sued if emergency responders are hurt or killed if the cause of the incident is attributed to company negligence. A company should also work to control its legal exposure following a serious emergency, starting with immediately notifying insurers and legal counsel of the event. Damage from the event can also be minimized, by ensuring that the injured receive care, securing relevant evidence, retaining experienced defense counsel, and arranging to have the location where the emergency took place, along with the surrounding area, photographed. What a company does before a crisis happens can be important as well. Getting to know local authorities, creating a reputation for safety, and being a good corporate citizen can all go a long way to increase a company's chances of successfully making it through the first 24 hours after a crisis--or avoiding it altogether. "Criminal Databases & Pre-Employment Screening" Security Technology & Design (07/05) Vol. 15, No. 7, P. 26 ; Rosen, Lester S. Although multi-state criminal records databases can be a useful tool for security directors to use to evaluate a potential employee, there are limitations and legal risks involved in using them. Despite the risks, some security directors are turning to these databases because they cover a much wider geographical area than a traditional search conducted at county courthouses that are relevant to an applicant's history. However, multi-state databases are often inaccurate for a number of reasons. For instance, not all states provide criminal records to these types of databases, and those that do may not provide all the records that they have. A subject could also have a criminal record in the database under another name or a variation of his name. Multi-state criminal records databases also present certain legal pitfalls to companies that chose to use them. Some of these databases offer a grading system on a subject, such as a stoplight which may show green meaning cleared to hire and red meaning do not hire, which could be a violation of the federal Equal Employment Opportunity Law. Given their inaccuracies and the legal dilemmas that they present, multi-state criminal databases should not replace traditional searches, but should be used in conjunction with them. Other links that may be helpful when researching the latest in security technology whether you are looking for Access Control or the latest in digital recording and CCTV systems, go to: One Touch Threat Response Management http://www.securityinfowatch.com/ http://www.tempbadge.com/ www.securitymanagement.com/Physical_security.html www.infosyssec.com/infosyssec/physfac1.htm www.securitydocs.com/Disaster_Recovery/Physical_Security www.securitysolutions.com <-- Go Back