The Security Institute's November / December News is Out

Read it here

The Washington Metro Are To Conduct Random Bag Checks

Metro anti-terrorism teams will immediately start random inspections of passengers' bags and packages to try to protect the rail and bus system from attack.

Police using explosives-screening equipment and bomb-sniffing dogs will pull aside for inspection about every third person carrying a bag, Metro Transit Police Chief Michael Taborn said. The searches might be conducted at one location at a time or at several places simultaneously. The inspections will be conducted 'indefinitely'.

The inspections over the far-flung transit network, which has 86 rail stations and 12,000 bus stops, will be conducted by several dozen officers at most. Metro's trains and buses carry more than 1.2 million passengers every weekday, and officials acknowledge the limitations of the plan.

The screening will be conducted before passengers pay to enter the rail system or board a bus, and customers who refuse the inspections will be "free to leave," Taborn said. But there is a possibility that those who decline screening will be questioned further.

Will this work? Is this enough to deter a terrorist? Isn't the 'MO' to detonate at first point of contact? 

Still something is certainly better than nothing!

Pass The Password

33% of computer users actually use the same password for every single website they use. Just one in five users say they use a different password for every site (imagine how many passwords you would need)!!

Millions of web users are being asked to reset their passwords as concerns spread over a major hacking attack on the Gawker site.

The attack on Gawker, which runs one of the world's most popular blog networks, was carried out over the weekend by an organisation calling itself Gnosis.

• Tips for keeping your password safe
• Never use the same password across lots of different websites.
• Do not use a word that you - or a hacker - could find in the dictionary: these are susceptible to so-called 'brute force' attacks.
• Try to include some digits and special characters to add a layer of complexity that will make life difficult for a criminal.
• Pick a phrase or mnemonic that helps you remember your password.
• You can avoid having to remember passwords altogether by using a password manager program. There are many available to download online.

 personnel security, personnel security, personnel security, personnel security, personnel security, personnel security

If You Suspect It, Report It!

This the message the MPS has put out as part of its latest counter terrorism publicity campaign. It's an old message put a very relevant one. Click here for the MPS new radio advertisement.

The MPS want people to look out for the unusual - some activity or behaviour which strikes them as not quite right and out of place in their normal day to day lives e.g.:  

• Terrorists need storage - Lock-ups, garages and sheds can all be used by terrorists to store equipment. Are you suspicious of anyone renting commercial property?
• Terrorists use chemicals - Do you know someone buying large or unusual quantities of chemicals for no obvious reason?
• Terrorists need funding - Cheque and credit card fraud are ways of generating cash. Have you seen any suspicious transactions?
• Terrorists use multiple identities - Do you know someone with documents in different names for no obvious reason?
• Terrorists need information - Do you someone taking an interest in security, like CCTV cameras for no obvious reason?
• Terrorists need transport - If you work in commercial vehicle hire or sales, has a sale or rental made you suspicious?  

I do find it a bit poor that the Met's own website actually spells 'suspicious' incorrectly (although I admit that my spelling isn't much better)!

SSR Salary Survey

SSR Personnel have released this years salary survey. The survey via a PDF document can be read here

hostile vehicle mitigation, security security security security security security security security Personnel Security, personnel security, personnel security, personnel security, personnel security, physical security, physical security, physical security,

Get Safe Online - If you do nothing else, read this!

Beginner's guide

The internet is great. People like to email, chat and have fun online. We also use it to buy and sell things, do our taxes or bank online. The problem is online criminals. To make money, they want to hijack your PC, rip you off and steal your identity.

Prevention is better than cure and GetSafeOnline.org can help. This is just a high-level overview, but the site has detailed advice that will explain it all.

Protect your PC

•  Get anti-virus software, anti-spyware software and a firewall
• Keep your computer up to date
• Block spam emails
• Use an up to date web browser
• Make regular backups
• Encrypt your wireless network

Avoid online rip-offs

• When you’re shopping online, look for clear signs that you’re buying from a reputable company
• On an online auction site, learn how it works and learn to pick good sellers
• Use safe ways to pay, such as PayPal or credit and debit cards
• Use your common sense to avoid scams – if it sounds too good to be true, it probably is

Take care of your identity and privacy

• Avoid identity theft by using an up to date web browser and blocking bogus emails with a spam filter
• Always use strong passwords
• Don’t give away too much personal information on blogs and social networking sites

Get Safe Online Week 15th to 19th November

A joint initiative between the Government, law enforcement, leading businesses and the public sector. Thier aim is to provide computer users and small businesses with free, independent, user-friendly advice that will allow them to use the internet confidently, safely and securely.

The Independents Front Page

Not strictly security related but a very compelling image in any case. The sad truth is that these individuals are the future of this country. Yesterday was not a good day for UK PLC. 

The front page of The Independent
11th November 2010

Physical Security, Hostile vehicle mitigation, personel security, security, security, Physical Security, Hostile vehicle mitigation, personel security, security, security, Physical Security, Hostile vehicle mitigation, personel security, security, security, Physical Security, Hostile vehicle mitigation, personel security, security, security,

Physical Security, Hostile vehicle mitigation, personel security, security, security,

Poll Results: What's the most important quality of a security professional?

The results are in:

68% said Integrity


13% said Professionalism


13% said Business Acumen


4% said an Academic qualification (degree or higher)

Physical Security, Hostile vehicle mitigation, personel security, security, security,
An interesting set of results and we will be running more polls in the future. Any suggestions would be welcome

Terrorists (aka Tourists....according to the House of Commons) Banned From Big Ben!

According to the Sun newspaper all 'foreigners' have been banned from Big Ben over fears that this iconic worldwide tourist landmark could be targeted by an Al-Qaeda type attack. The reasoning behind this is that it is too costly to pre-screen foreign visitors who are looking to tour the location (which are all pre-arranged in any case), however British citizens will still be allowed (after the appropriate checks have been carried out of course).

The only view of Big Ben that foreign tourists will now see!
Photo by Brandon Swartz

I cannot help but think that the House of Commons has got this one a little wrong. Isn't the insider threat one of the most significant security risks to any establishment at the moment? Also what about the British Citizens whom are 'sleepers' and have never been on the authorities’ radar but with the right opportunity wouldn't think twice about causing harm to others.

Since when did British Citizens pose a lower risk then most foreign citizens - apart from of course a number of obvious countries!?

So what is next banning tourists from St Pauls, London Eye or the Natural History museum? You heard it here first.............



Image, “Hydra-X”   from Crooks & Forkum Editorial Cartoons

 security security security  security security security  security security security Physical Security  Physical Security Physical Security Physical Security Physical Security Physical Security Personnel Security Personnel Security Personnel Security Personnel Security Personnel Security Personnel Security Personnel Security Personnel Security

AQAP Attempted Air Freight Bombing

Janusian - The Risk Advisory Group has released its analysis of the AQAP air freight bombing attempt. Read it here.

Identity Fraud – The Plague of the 21st Century?

As promised below is a very interesting subject from one of our guest bloggers - Graeme Forward.

As a fraud analyst sitting down to pen his first offering for a security blog it seems to me there is only one topic I can kick off with if I want to seem hip and with it and on the pulse – yes, I speak of course of identity fraud. Identity fraud is the current ‘du jour’ crime, a terrifying new plague where just a few minutes trawling through a wheelie bin arms your local hoodie with sufficient ‘data’ to steal your money, your friends and family, your cat, your dog, your tv remote, and most importantly your self confidence and self esteem. Or so your average tabloid would have you believe.

“This ID Fraud is a menace” I hear you cry, “why not have a whole week devoted to making people more aware of it?” Good idea. So they did. It was called National Identity Fraud Prevention Week (unsurprisingly) and ran last week (17th-23rd Oct). You didn’t miss it did you?

Who is using your identity?

Now don’t get me wrong, I do think ID fraud is a problem, of course it is, and it’s only right that there are groups working to make people aware of how to prevent it. ID fraud does need to be put into perspective though. The reason it gets so much press is that it is one of the only large scale frauds which is perpetrated against individuals rather than businesses. Crime against business is rarely news.



ID fraud can take many guises but invariably the aim is to gain access to money by posing as another – thus making them responsible for it. (This begs the question why is it now possible for me to get a loan in less than 10 mins via an iPhone app or over the internet with precious little in the way of security checks? – the costs of this are already becoming apparent though, and this is a topic for another day.)

ID fraud is commonly perceived as a crime against an individual, but this is a matter for debate. If a victim of ID fraud has taken reasonable steps in their day-to-day activities to mitigate the risk then in the majority of instances the bank/building society etc will be responsible for picking up the bill, and so the party left out of pocket is rarely an individual. And with that we come to the crux. National Identity Fraud Prevention Week is not the selfless, philanthropic event it seemed at first glance – businesses understand that if they can get you to do all the hard work for them they can save themselves an awful lot of money. This is corporate fraud prevention on a national scale and I have to admit I’m impressed. Just as we were all starting to feel sorry for those poor banks again.

Worryingly, in this modern world of social networking, professional hackers and spyware, the main message to come out of National Identity Fraud Prevention Week was “get a shredder”. Conveniently, most of the companies involved in the awareness drive are able to supply you with one at a very reasonable price.



Overall, NIFPW didn’t quite achieve what it set out to. As so often is the case with these initiatives, it was the security and fraud professionals who were most aware of it – yet another case of our industries preaching to the converted. Unfortunately as with so many things, it’s not until someone becomes a victim of this kind of crime that they sit up and take notice, but by then it’s too late. So maybe fraud prevention on a macro scale isn’t quite as impressive as I first thought. Guess it’s back to the drawing board. Maybe we’d more successful if we stopped trying to preach to people and allowed them to use some common sense. Protecting yourself from ID crime is after all just about being aware and being sensible about what you do with your personal information, whether it’s online or on paper.



One final thought – There was one genuinely alarming statistic to come out of NIFPW. It seems that almost a third of all ID frauds are committed by someone the victim knows – most often a member of the family. Maybe NIFPW’s message should really have been – take your chances with the wheelie bin hoodies- rather that than leave your info lying around on the bottom of the stairs where your auntie or uncle might pick it up.

My top 5 tips to help prevent you becoming a victim of ID fraud:

- Be careful how you deal with credit/debit cards particularly when out and about. Never write down pin numbers or let your card out of your site when making a transaction.

- Think carefully about the information you display on social networking sites – your settings may only let your ‘friends’ see your information, but these 250 or so people you spoke to once at school 20 years ago are not always quite as ‘friendly’ as their supposed status would suggest

- Never give any bank details out in response to unsolicited phone calls or emails. Fraudsters are very good at forging documents or presenting themselves as a bonafide company, but your bank will never ask you to provide your pin no or the whole of your password.

- Don’t stress about it, just be sensible. Use your common sense and be mindful of how personal information could be interpreted or used.

- Get a shredder.

So can the secret Ring of Steel save the City from terrorism?

The following is all about an exhibition I recently visited following reading an article by Kieron Long in the Evening Standard. the exhibition was at Hanbury Hall near Brick Lane, E1. 'Allegedly' it was a photographic trip in time and Hostile Vehicle Mitigation (HVM). It wasn't, but still interesting just the same.

The article in the Evening Standard by Kieron Long was about a phenomenon that had been relatively covert, until documentary photographer Henrietta Williams and cartographer and trainee architect George Gingell began their project ‘Entering the Panopticon’: a study of the Ring of Steel, earlier this year.

In essence Williams and Gingell attempt to take us on a journey of how their research revealed one of the most significant transformations of an urban planning anywhere in London, 17 years of alterations to the public realm that have fundamentally changed the way the city meets the rest of the city. Or in layman terms and as we security people know designing out the hostile vehicle attack through Hostile Vehicle Mitigation (HVM).

The project now complete and their comprehensive mapping and photographic survey of every element of the ring of steel ready for show, I with a couple of colleagues attended.

The article stated that Williams and Gingell's work had documented a landscape of explicit security measures, such as new chicanes in roads manned by armed police, security cameras and bollards, as well as more subtle segments of the ring. The pictures reveal decorative water features and planters that are in fact built solidly enough to prevent car-bomb attacks. They also showed many places that were once streets but are now private property that staffed by security guards who move on homeless people, prevent photographers from taking pictures and stop kids skateboarding.

Unfortunately the exhibition did not translate well, and what Williams and Gingell were probably attempting to communicate was lost in its surroundings. There were a limited amount of pictures on display and some of them were not any type of HVM, the bollards in one of the pictures were that of a different London borough and were not HVM and this was disappointing.

I was unable to attend and walk the planned tour earlier in the day, but I doubt that any commentary would have helped me in understanding the point as the exhibition had already lost any credibility through obvious mistakes.

The Ring of Steel itself as quoted by Kieron Long is 6.5 miles of bollards, police boxes, CCTV cameras and other more subtle obstructions that has transformed the capital since it was conceived in 1993. It is the City of London's defence against car-borne terrorism, an unbroken security cordon that encircles London's financial heart.

What I would say is Williams and Gingell's had a fascinating idea and as a topic is ignored daily and although the exhibition is now over, I would suggest visiting the square mile and playing eye spy the HVM. I personally believe both the City of London and the Capital as a whole can offer the modern day counter terror security advisor some great examples of how best to mitigate this increasing threat around in the world. Maybe next time walking around the capital I'll get my camera out and take some pictures, introduce myself to some security staff and have a argument about the risk and the right to take pictures in public (that of course is a whole other argument nowadays and one not for me).

Thank you!

Hello, we have seen our readership rapidly increase and have received some very positive feedback from security professionals all over the world.

We receive emails from our readers but please do feel free to post these as comments so everyone can read and take part in the discussions.

Recently we have added a 'jobsite widget' which displays security jobs (still needs a little tweaking) being advertised by the site, but please contact us if you have a role to advertise and we will happily add it to the site (and yes this includes agencies).
Over the next couple of months we will continue to add new content, but we will be asking a couple of guest bloggers to contribute also........so please watch this space!

Our aim has always been to openly chat about security (hence the name), provide upto date security news and to hopefully give you, our readers some advice which might help you in your day job.

And finally a big fat thank you for reading and contributing to Chatback Security. Regards, Paul and Richard.

Securing Britain in an Age of Uncertainty: The Strategic Defence and Security Review

The Government has published its Strategic Defence and Security Review: Securing Britain in an Age of Uncertainty [PDF, 800KB] which sets out how it will deliver the priorities identified in the National Security Strategy [PDF, 375KB]. It describes how HMG will equip our armed forces, our police and intelligence agencies to tackle the threats we face today and in the future.

National security is the first duty of Government. Britain as a country continues to have global responsibilities and global ambitions. We will remain a first rate military power.

National security depends upon economic security, and vice versa. Bringing the defence programme back into balance has required some tough decisions but is a vital part of both how we tackle the deficit and how we protect our national security.

Faced with these challenges, the Government has been determined to make the right decisions for the long term defence and prosperity of the country.

This Review will equip the UK with modern defences: Armed Forces and equipment fit for the 21st century; strong security and intelligence agencies; and diplomats and development aid which can help us prevent threats before they become a reality. We will double the amount of aid we spend in conflict countries, tackling threats at their source.

We will continue to invest in our security and intelligence agencies. And we will establish a transformative national programme to protect ourselves in cyberspace, backed by £650m of new funds.

Beer Googles!

Some of the Internet Search Engines

I recently read an article (its here) which mentions some of the pitfalls when using the Internet to search for information (including pictures) for potential recruiters. I think this is a very interesting subject and I would recommend reading the article and the subsequent comments at the end which offer both arguments for and against from the HR professionals prospective.

Any information posted on the internet is in the public domain so surely I/you shouldn't put anything on here that you don't want others to potentially see (for whatever reason), however the issue then comes when someone else puts something on the internet without your knowledge and which could potentially lead to reputational damage for you! Obviously the privacy settings within social networking sites could help here, but these are only as good as the users awareness of these and also your friends of a friend of a friends awareness of these also!!

My personal view (as is all of the content on this site) is that a Google search (or Yahoo! for that matter) is a tool which can be utilised with caution within the pre-employment screening process for certain roles. For example security sensitive positions where an internet search may highlight information which would prompt you to ask some more probing questions during the interview stage i.e. you may find that someone worked for company XYZ, wasn’t sacked but mentions on their social networking profile how they were able to procure £2000 fraudulently and further more this role doesn’t appear on their CV within the employment history section.

From a legal or DPA prospective I am not too sure what the view on this is(but I can guess that it’s not particularly pro). Now with my security hat on surely advising a candidate at the initial stages that an internet search may take place will potentially deter the candidates who could pose a problem................in the current climate good candidates are a plenty, we all want to recruit the best, but we also don't want to recruit the candidate within the accounts department who has previous for fraud (but never convicted) or the candidate who has links to a terrorist organisation that joins your business to gain valuable intelligence and pose an insider threat.....or the person that lacks integrity and is clearly not a team player!

Update 7/10/10: Sal Remtulla, Head of Employee Screening at Risk Advisory has recently circulated some snapshots of recent CV liars. You can read her analysis here

Don't Put Your Life Online!

I have this available in PDF format. If required send me an email.

Chatham House Rule

Chatham House is the location of the Royal Institute for International Affairs based in St James SW1. So what is the Chatham House rule? Firstly many people make the mistake of saying ‘Chatham House Rules’, this is a common misconception because there is actually only one rule which reads as follows:

"When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed".

The rule is widely used and seems to be mentioned regularly at business meetings, security committees and security conferences in an attempt to aid free discussion. The rule allows attendees to speak as individuals and to encourage free discussion without the concern for their official duties or personnel reputation.

The rule is not a gagging order, as you can chat freely about the meeting afterwards but the amenity of the attendees must stand (e.g.: name and originations), for example a list of attendees should not be circulated beyond those participating in the meeting.

The success of the rule is really only morally binding and is at best relying upon someone’s integrity and professionalism......and here lies the potential problem!

I recently attended a meeting where the Chatham House Rule was invoked. However, I knew that one person in the room had previous for a lack of confidentiality and integrity and as a result it was impossible for me to speak freely and rely upon this ‘morally binding’ rule, which according to some internet sources the rule is half-jokingly summarised as, "You may be quoted, but you cannot be fired," or the lesser, “what happens on tour, stays on tour”

I know that as a individual both working within business and being a member of various professional bodies, I am governed by lots of different legislation, codes of conducts and ethics. There are also a number of rules that I am bound by as a security professional and by my own personal beliefs and morals. All of which if breached would result in a significant amount of damage both professionally, reputationally and legally.

So why oh why, should I put all my faith in a morally binding (nice to have) rule that is actually only enforceable in Chatham House itself..... because in the absences of knowing any one persons integrity or honesty, I have to rely on this rule. Whether I choose to speak freely will now have to depend on my interpretation of who is around me.

20-26 Sept 2010 UK Home Security Week

All too often we in the corporate security arena concentrate on very high level ‘important’ security risks such as terrorism, physical, info sec and data loss to name but a few and simple security is sometimes over looked.

I recently gave a presentation to a number of senior management and asked them ‘when does security start in their day?’ All of them answered when they enter their building and surprisingly not before they leave home in the morning.

The week is designed to highlight what you can do to combat crime against your property and  the website http://www.ukhomesecurityweek.co.uk/ will show you how to make your home safer and more secure for you and your family.

For the record, ever the professional, I have shared this website with those managers. Please visit, publicise to your family, friends and colleagues. Enjoy and keeeeeeeeepp securing.

Top 5 Burglar's Deterrents

Address at the WCoSP by the Director General of the Security Service, Jonathan Evans

Counter Terror Conference 7-8 December, Russell Square, London UK

On the 7th & 8th December 2010 at Hotel Russell in London, Richard is attending and presenting.

Counter Terrorism is delighted to welcome the following keynote speakers: 

• Detective Chief Superintendent Liam O’Brien, ACPO TAM Interoperability Lead
• Adrian Dwyer, Counter Terrorism Risk Advisor, British Transport Police
• Mike Downing, Deputy Chief, Counter Terrorism and Criminal Intelligence Bureau, LAPD
• Andrew Huddart, Program Manager, National & Local London Resilience Team
• Rob Bartlett, Programme Manager Operations, Government Olympic Executive 2012
• Sue O’Sullivan, Deputy Chief of Police, Former President of the Counter Terrorism Alumni Association, Ottawa Police Service
• Col Tony Abati, US Army Special Forces Chief of Current Operations Deputy Director for Special Operations (J37) 3000 The Joint Staff, The Pentegon
• Detective Chief Inspector Chris Philips GCGI, FSyl, National Counter Terrorism Security Office (NaCTSO)
• Superintendent Alan King, CBRNe Co-ordinator, Metropolitan Police
• Joris De Baerdemeaker, Bio Terrorism Prevention Program Manager, INTERPOL General Secretariat
• Chief Inspector Tim Marjason, Strategic Business Continuity Manager, CO3 Emergency Preparedness OCU, Metropolitan Police Services
• and Me, Richard Bell, Security Audit Manager, Transport for London

This Counter Terrorism 2010 Conference, is being billed as an essential event for all counter terrorism stake holders wishing to hear the latest on the following:

• Expanding the use of scanning devices outside of airport security
• Operational command and control
• Overcoming communication challenges to improve response times
• Operational feedback from anti terror CCTV
• Future requirements for surveillance technology
• Combating the emerging threat of cyber terrorism
• Latest developments in biometric identification

Social Engineering Definitely a Massive Threat!

The thing is with Social Engineering we all experience it on a regular basis in one shape or form and we do not even know its happening to us, luckily the vast majority don't pose a security risk.

When was the last time you spoke to a recruitment company? The consultants use a form of Social Engineering to 'tease out' information about you, the organisation you work for (or previously worked for) and also some information about your colleagues. This information is not only used by them to help you but its also utilised by them to make more contacts, to get a better understanding of what the job market is doing and to ultimately make more money (and why not).

Personnel Security is now a very important part of any organisations security strategy. The potential risks from an 'insider threat' are reducing (with the appropriate processes in place), but attackers no longer need to gain legitimate employment they can gain the trust of the unsuspecting staff (normally at a junior level) to provide the sensitive information they require to penetrate your organisation (physically or electronically).

What I'm trying to say is be cautious who you are talking to, why are they asking so many questions, why are they stroking your ego and of course be careful what information you put into the public domain about you and your organisation (including the Internet).

Check out the link for the 'Help Net Security' website article.

Don’t pay for Skype – It’s a scam

Action Fraud states that Internet users are being warned to watch out for a scam that charges money for what appears to be an upgrade of Skype. Check out this, other current fraud threats and how to report fraud at http://www.actionfraud.org.uk/ or read more

Cash Machine Device Found

This is a crime that we haven't heard much about in recent years. Do you always check the cash machines you are using for anything that shouldn't be there or looks a little out of place?!

http://www.securityoracle.com/news/detail.html?id=17331

- Posted using BlogPress from my iPhone

The Security Institute Conference 2010

Thursday AM and I have had some time to reflect on the last two days. All in all not a bad conference some interesting speakers (and if i am honest some not). I have walked away with some newly acquired knowledge and a few good contacts who I will email later today.
The thing with conferences is it's probably impossible for the organisers (who did a great job by the way) to provide speakers who are relevant and of interest to all the attendees but the common theme was security - or rather 'Security Art or Science' and at times we appeared to wander from this path. To be a little more specific there were at least two speakers who just simply gave a breakdown of the work they and their teams do - which was not inline with the conference portfolio and if I am totally honest I found it a little self indulgent. There was also one speaker who mentioned security twice throughout the entire presentation and is 45mins of my life that i will never get back.
Before anyone asks I don't mean the presentation by 'The Colourworks' which was great and very thought provoking, non 'security' related yes but very relevant to building a more effective and dynamic team.
I thought Lord Carlile was great and what a fantastic president for the SyI bearing in mind the roles past and present he has held.
So the big question for me is still around the institute acquiring Chartered status and how this will be obtainable by me and other members.......I guess it's out of my hands and one to keep a watching brief on.

Below is brief breakdown of the two days:

1330: CoLP a good insight into the work that is being carried out by the NFIB.
1246: Lord Carlile a very worthy president of the SyI.
1151: Azeem Aleem is talking convergence, what an interesting subject. A very knowable presenter and a few bits to take away and think about.
1132: William Hill 30mins in and security has been mentioned once.
1047: Mitchell's and Butlers a basic presentation to a group of experienced security professionals.
0940: Bill Butler from the SIA was interesting. I wouldn't want his job for any amount of money.
0900 Day 2: Don Randall was funny and gave a good insight into the work around acquire Chartership, the register of security particinors and the WCoSP.
1802: End of day one. It's been an entertaining afternoon and we have had some interesting speakers (Hostage UK was my favourite). Let's wait until the end of tomorrow for my overall thoughts. Time for a beer.......the BBQ starts at 7pm.
1721: You and your team - unleashing the x-factor.......very entertaining and interesting actually quite thought provoking!
1623: Hostage UK are on, maybe one day I might need them if I spend anymore time in Croydon! A very interesting presentation from a knowledgable presenter. That's one business card that I will hopefully never need to use!
1500: The Art of the Forger seems to be a debrief of successful UKBA 'jobs'. Entertaining but I question if its relevant to the audience at the senior level of them (not me) are at?! More useful to a bunch of HR managers.
1436: Just had a whirlwind tour of Risk Management. Audit and review were mentioned but a little negatively I thought! Ummm some education needed.
1345: Things have kicked off.......hold on tight.
1135: What a great location! Let's hope the content is up to scratch.

- Posted using BlogPress from my iPhone

Personnel Security is a must for any organisation.

Personnel Security is a must for any organisation to combat the insider threat and manage associated risk. Checkout http://j.mp/bivrSO for some very good advice from the experts.

Security is simple - another data loss

USB stick with anti-terror training found outside police station:

Keychain cops

A memory stick containing anti-terror training manuals and other sensitive material was reportedly found on a street outside a Manchester police station.…

SMT Online End User News

SMT Online End User News: "On top of its push for chartered status and bold plans for a Register of Chartered Security Professionals (or Practitioners, depending on how the wording is finalised), The Security Institute has now begun publication of its Good Practice Guides for end users. The first in the series is an excellent document focused on workplace investigations. [...]"

FGH Security Get The Dragons Backing

A big well done to FGH Security who were successful in their pitch in the Dragons Den tonight (Monday 26th). Check out this link at info4security for additional information (click here)
Good job guys!

- Posted using BlogPress from my iPhone

Certificate in Terrorism Studies

Richard says... "I completed this online programme in Certificate in Terrorism Studies: a couple of years ago and enjoyed it very much. I wouldn't say it help me in my role, but it certainly made me understand and appreicate the wider issues related to terrorism. The support offered is second to none and even though it's on line, there is a good oppotunity to speak to others from the profession all over the world".

The Certificate in Terrorism Studies is a 16 week programme of study from the Centre for the Study of Terrorism and Political Violence (CSTPV) at the University of St Andrews and Informa.

Delivered entirely online, this is the leading terrorism studies course, vital if it's part of your responsibility to protect people, infrastructure, organisations or investments. Find out more: http://www.terrorismstudies.com/LR0038BA1V1

A 16-week online programme from the renowned Centre for the Study of Terrorism and Political Violence (CSTPV) at the University of St Andrews and Informa which provides a sophisticated introduction to the fundamental issues behind terrorism as well as the motivations, ideologies and modus operandi of the various strains of terrorism in the world today. Knowing how and why terrorist organisations function makes an unmistakable difference to counter terrorism and security strategies, whilst providing a valuable context to operational duties. Study the leading terrorism studies course, which has enrolled students from over 72 countries.

E: mailto:info@terrorismstudies.comT: +44 (0)20 3377 3210 (UK)

Counter Terrorism Conference, 10th – 11th November 2010, London, UK

Latest Chatback News.......


Counter Terrorism Conference, 10th – 11th November 2010, London, UK

Counter Terrorism Conference “Prepare, Prevent, Pursue, Protect” will be held 10th – 11th November 2010 at Hilton London Kensington, United Kingdom. Take the chance to hear a Keynote Address from Richard Bryan, Director of Commissioning, Olympic and Paralympics Security Directorate, Home Office, UK. His presentation will update you on the challenge of securing the London 2012 Olympic Games.

Hear how we will ensure a joined up multi-agency approach and the challenge of striking a balance between effective and visible security.

Keynote addresses also include:

• Assistant Chief Constable John Wright, Head of Prevent, Office of the National Co-ordinator Special Branch, Home Office, UK
• Asim Hafeez, Head of Intervention, Office of Security and Counter Terrorism, Home Office, UK
• Detective Chief Inspector Raffaele D’Orsi, S015 Counter Terrorism Command Ports, Metropolitan Police, UK

HOW TO BOOK

Visit www.smi-online.co.uk/counter-terrorism7.asp
Contact Teri Arri on: +44 (0) 20 7827 6162or email: tarri@smi-online.co.uk

This is an Interesting Feed on Linkedin

Please click here for a very interesting feed on Linkedin. This is a subject very close to my heart, but for a change I haven't commented on Linkedin but there are some interesting questions and comments posed.

For now I will remain tight lipped on this subject, but watch this space!!

£3m 'anti-terror' CCTV cameras 'set up to spy on Muslims' to be covered

The 218 cameras have sprung up in Birmingham’s Washwood Heath and Sparkbrook areas – to the outrage of residents who say they were not asked. They have been paid for with £3million from the Association of Chief Police Officers’ terror and allied matters fund.

None of them will be used until a public consultation exercise has taken place.
Rodger Godsiff, Lab­our MP for Hall Green, said: ‘Police have got themselves into a bit of a hole now because they have a difficult problem to explain to the public and try and get them on their side. ‘If the money did not come out of a counter-terrorism budget they may have got a different reaction.’

The Respect Party’s Sparkbrook councillor Salma Yaqoob said: ‘In terms of reassurance it’s going to take a lot more than plastic bags.’ The police say the cameras are there to fight all types of crime.

How to Provide Security Assurance in 9 Easy Steps!

The following is proven to work across all security disciplines including Physical Security, Personnel Security and Electronic Security. I know the thought of inviting Auditors into your areas of responsibility is a little daunting but if used correctly this can really be a very effective tool and can also be utilised to provide some free consultancy advice.

In conjunction with management you should produce and deliver an Annual Programme (1) of risk based audits aimed at ensuring security risks are identified and effectively managed. It is more than useful to obtain senior executive level approval that is communicated throughout your organisation and that clearly sets out the objectives, authority and responsibilities of the Department conducting these security audits.

Once high level approval is obtained you need to develop a structure as to how these security audits should be done and who needs to be involved. Below is an idea for a structure that could be adopted once the business area or security risk owner (also known as an auditee) has been identified.

A Planning or Opening Meeting (2) should be arranged with you and the auditee to agree areas of scope and to gain a better understanding of their business area. This meeting will include discussion of: appropriate questions to enable the level of risk maturity to be determined, confirmation of your understanding of the purpose of the area under review, the objective and scope of the audit, agreement of the key risks, any concerns risk owner may have which need to be addressed and agreement of key contacts and dates. This information then sets out the detail that is captured in an Engagement Letter (3) and once complete this letter is issued to the principal auditee(s) before fieldwork starts. I see the engagement letter as an essential document because it enables and drives the auditee and other key staff to have an input into the audit, clarifies the work that will be done, confirms the timing of the audit, ensures that the appropriate resource has been assigned to the audit, and establishes responsibilities of all parties.

Once you have identified your resource, the security auditor/advisor/manager should create a security audit programme. The purpose of the Security Audit Programme (4) is to set out in more detail the actual testing and work that will be carried out to address each of the areas in the scope. The programme is used as a basis to effectively align the Fieldwork (5) with the risks to be reviewed. The audit programme is the document that will focus on testing the effectiveness of the security controls and other risk mitigations in place to manage the most significant risks.

Fieldwork consists of a range of activities undertaken by the auditor/advisor and may include the following: Interviews with key staff involved in business processes, observation of key processes, carrying out tests of key controls, reviewing relevant documentation The purpose of fieldwork is to gather sufficient information to document the processes involved in the system under review and form an opinion on how well the key security risks or areas for review are being managed. The outcome of fieldwork will then form the content of the report with a management action plan to address any findings highlighted.

On completion of audit fieldwork and armed with a copy of the Draft Report (6) you should then meet up again with the management and auditee and hold a Closing Meeting (7) where the draft report, the findings and any suggested actions to rectify be discussed and pending this outcome it is then you notify management of the next stages in the audit process.

Most audit functions apply 4-5 Conclusion (8) titles ranging from very good, very poor to must try harder (a traffic light system is also sometimes used). It doesn’t matter what the conclusions are called just as long as it means something to the business. Based on the assessment of the fieldwork and the content of the identified issues a conclusion should be assigned to it, time scales with a defined date of when the identified issues will be addressed and owners named as this audit will have a Follow Up (9) and further tested at the agreed date. The report should then get an appropriate level of circulation to enable the business area, its managers and those that want and need assurance to understand its risk better. Dependant upon the audit conclusion the report circulation might include COE’s and other senior board members.

Personnel Security - Something we should all be paying a lot of attention to!

Personnel security is everything involving employees: recruiting them (also known as pre-employment screening), training them, monitoring their behaviour, and sometimes handling their departure. Personnel Security relies on a system of polices and procedures to reduce the potential security risk.

In these modern times not only are organisations at risk from external threats but we also have a very significant threat from the insider. An insider is classed by the CPNI (part of the security services) as 'someone who exploits or has the intention to exploit their access to an organisations assets'. So this could result in a number of different scenarios including fraud or an employee who sells your company data to a competitor or an employee who is feeding information to a terrorist organisation.

Personnel security is an area that many 'security professionals' think they understand, but in my experience actually don't. There are elements of personnel security which are managed by non security departments for instance pre employment screening by HR or it may even be outsourced to a 3rd party provider. If this is the case I recommended carrying out some of your checks to see if they are doing what you think and expect they should be doing.

I am lucky enough to receive training from some world class experts in this area, but the level of understanding is very different from organisation to organisation. The strategic objectives for personnel security are the same for everyone but in a private sector environment I believe it is a little more difficult, for example government departments have a security policy framework(SPF) which includes 70 mandatory controls (supported by various baseline standards) which must be adhered to (along with a annual declaration of adherence). The private sector has not got this level of hierarchy governance but of course there is no reason why at a local level you can’t have a similar assurance process. I would recommend any security professional obtaining a copy of the SPF which is publicly available here It is useful and a document which I refer to regularly.

The insider threat has seen a dramatic increase in the UK in recent years and one contributing factor to this are the advances in physical and electronic security. In order to gain access to organisations, it is now considered easier to infiltrate it with the co-operation of an insider. The current financial crisis has also increased the likelihood of the insider threat as staff who would normally not be tempted into exploiting their 'privileged position' may be willing to do so (e.g. for personal gain or they maybe disgruntled for not receiving their bonus etc). It is important to note that the vast majority of employees are genuine but with a robust Personnel Security process in operation the potential insider threat is reduced and you will ensure they are detected quickly and efficiently.

My top 10 recommendations are:

1. Assess Personnel Security Risks and include these on your risk registers
2. Have a helpline in place for employees to confidentially report concerns
3. Know the source of employment references
4. Confirm employee has the Right to Work in the UK (a legal requirement)
5. Carryout qualification checks and check physical certificates where possible
6. Where possible complete the 'pre-employment screening' process prior to start date
7. Promote a positive security culture
8. Advise potential employees of the level of checks you use, this may deter potential insiders

from joining the organisation
9. Transparency - have clear polices and procedures in place
10. Audit - to provide assurance that the systems are effective

In future blogs I intend providing some more details on each of the individual personnel security subjects which will hopefully help you going forward.