17 May 2010

New Verizon IT Consulting Services Target Gaps in Physical Security

Although physical security is integral to IT security, it is often an afterthought, which leaves an organization vulnerable to security breaches. Verizon Business is addressing this shortcoming by offering new IT security consulting services that proactively integrate physical security with information security and compliance programs.
Verizon Physical Security Services combine a physical security assessment and penetration test, security awareness training, a social engineering experiment, and an evaluation of relevant logical security technologies such as smart cards and biometric scanners to evaluate and strengthen an organization’s overall security posture.
“Organizations know that a proactive approach to security is key to protecting critical assets, but too often they overlook physical security considerations, such requiring access cards to enter a facility, making this one of the weakest links in the security chain,” said Dr. Peter Tippett, vice president of technology and innovation at Verizon Business. “Our research shows that simple security measures, done well, can make a big difference to an organization’s ability to prevent data breaches. These new services help companies address both their information and physical security requirements in a holistic manner, helping to more effectively protect the organization – and its own customers – from security breaches.”
Data from the 2009 Verizon Business Data Breach Investigations Report demonstrate the importance of physical security for data protection. For example, the report showed that only 43 percent of organizations had properly restricted physical access to confidential cardholder data according to PCI-DSS (Payment Card Industry Data Security Standard) requirements. In other words, 57 percent of organizations had left cardholder data open and exploitable via a physical breach.
According to research project DataLossDB, many data loss events could have been prevented with better physical security.
New Verizon Consulting Services Integrate Physical and Information Security
Verizon Physical Security Services are designed to help safeguard the entire IT stack --that is, the physical, network, application, data and end-user layers -- by addressing three major areas of weakness:
Access -- This includes visitor badge issuance and adherence, door access controls and lock configurations and detection/monitoring mechanisms.
Safety -- Addresses placement and status of alarm systems, material handling at the site and visible, functioning fire alarms.
Environment -- An evaluation is made of the company’s location, including the neighborhood and surrounding businesses, to determine the risk of criminal activity or collateral damage.
All evaluations cover the organization’s entire operations, including corporate offices, data centers and warehouses as well as document storage and disposal. Additionally, Verizon Physical Security Services help to maintain compliance with regulations that include specific physical security procedures, such as the Health Insurance Portability and Accountability Act, PCI-DSS and the North American Electric Reliability Corporation.
Verizon Security Meets the Demanding Needs of Today’s Businesses
Verizon Business offers a rich portfolio of security solutions, including threat and vulnerability services; governance, risk and compliance solutions; data loss and prevention solutions; and identity management solutions. The solutions are delivered by the company’s more than 1,200 security professionals around the globe. More information is available by visiting http://www.verizonbusiness.com/products/security. The company also provides additional security insight and analysis via the Verizon Security Blog.


About Verizon Business
Verizon Business, a unit of Verizon Communications (NYSE, NASDAQ: VZ), is a global leader in communications and IT solutions. We combine professional expertise with one of the world’s most connected IP networks to deliver award-winning communications, IT, information security and network solutions. We securely connect today’s extended enterprises of widespread and mobile customers, partners, suppliers and employees – enabling them to increase productivity and efficiency and help preserve the environment. Many of the world’s largest businesses and governments – including 96 percent of the Fortune 1000 and thousands of government agencies and educational institutions – rely on our professional and managed services and network technologies to accelerate their business. Find out more at www.verizonbusiness.com.


VERIZON'S ONLINE NEWS CENTER: Verizon news releases, executive speeches and biographies, media contacts, high-quality video and images, and other information are available at Verizon's News Centre on the World Wide Web at www.verizon.com/news. To receive news releases by e-mail, visit the News Centre and register for customized automatic delivery of Verizon news releases.

20 April 2010

“What am I going to do now to reduce shrink even more than before?”


I finally had a moment to sit down and read the March-April edition of Loss Prevention Magazine and I just read an article by Kevin M. Plante entitled “The Next Great Thing to Reduce Shortage” (http://www.losspreventionmagazine.com/archives_view.html?id=2568) and I found it to be excellent. 


As a long time student of loss prevention I have believed that my job is to influence the behaviors of my client’s customers and employees with technology. To do this I use solutions such as: Video Surveillance, Access Control Solutions, Electronic Article Surveillance (EAS), Alarm Panels, Point of Sale Systems (POS), and any other system or equipment that can be monitored like HVAC or specifically a temperature control in a walk-in cooler. We can collect data from all of these devices and with understanding use that data to predict areas of potential risk or fraud.

Kevin’s article discusses the recent availability of biometric solutions which will improve my “Trust but Verify” belief of making sure your employees are doing their job.

Make sure you find the right software to bring all the available information together. If you need any suggestions just drop us a note or give us a call and we can make some suggestions based on your needs. We all want to do all that we can to protect your BRAND from risk and fraud so that your business can be as profitable as it can be in today’s volatile marketplace.

Great article Kevin!







27 January 2010

The Physical Security Cloud in 2010


Should all physical security systems be accessed in the cloud? Is this tru convergence? Will It be easier to interface other applications such as Business Intelligence (BI) applications for the average user? What is the Risk?

For everyone involved in trying to protect their organizations' network users and data, a move to cloud computing will present a huge change and challenge. Compliance regulations will most likely prevent an enterprise from moving all its data and operations to the cloud, so the transition is in fact an additional security challenge on top of protecting existing network infrastructures. Moving to the cloud requires data and applications to be placed outside the comfort zone of well-established perimeter defenses and physical access controls. An increasing number of users who don't come under the controls of HR, such as suppliers, clients and partners, will access your data via Web-based collaboration tools. IT administrators already struggle with the task of securing mobile users who access corporate networks, but cloud computing is on a different scale altogether.

For me, one of the key security challenges is how to efficiently manage and enforce access control for employees, customers and partners beyond the enterprise firewall. Cloud computing turns us all into remote workers, and cloud applications and data, by definition, are outside the enterprise. This means that you can no longer rely on multiple layers of authentication, firewalls and other perimeter defenses to do the job for you.

Strategically, managing these challenges requires a number of actions. HR security policies must be reviewed and tightened up so they enforce robust lifecycle management of users. A detailed identity and access management strategy must also be put in place, one that makes full use of federated identity management, an arrangement that enables users to securely access data or systems across autonomous security domains. I recommend enabling single sign-on (SSO) within your own enterprise applications and leveraging this architecture to simplify cloud provider integration and implementation.

In the near future, cloud-based services and cloud computing technology will come under increased and prolonged attack because they're attractive targets for hackers and cyberterrorists. Building a data encryption strategy and implementing technology to support it, therefore, is the best proactive defense. Encrypted data is intrinsically protected, which is why so many laws and regulations mandate the practice. All data and communications should be encrypted, even if other services protect them. Encryption also allows you to separate roles and data as encryption keys control access to your data.

2010 will certainly see many new cloud-based services coming online, many offering substantial economic benefits for enterprises. Some will no doubt change long-established risk-reward relationships, and you will need to review your organization's business strategy and appetite for risk when assessing the ROI of a switch to a cloud-based service. Cloud computing is changing IT so will it also change Physical Security be sure to consider any new business processes so that infrastructure, data and users remain protected.

22 January 2010

EFFECTIVE OPERATIONAL RISK MANAGEMENT TECHNOLOGY SOLUTIONS

I just started work on "EFFECTIVE OPERATIONAL RISK MANAGEMENT TECHNOLOGY SOLUTIONS" an E-book discussing Physical and IT Risk Management Synergy thru the true convergence of technology to a Single Platform that is available in today’s multi-location and mobile enterprise networked environment. Those of you who would like to give me some input, please contact me directly.

-JM



"I was bold in the pursuit of knowledge, never fearing to follow truth and reason to whatever results they led, and bearding every authority which stood in their way."
- Thomas Jefferson

24 December 2009

Time to make the Glögg!

My recipe comes from the old Swedish father of a friend of my parents. It is good.. A little history...Samuel Johnson, author of the first English dictionary, wrote "Claret is the drink for boys, port for men, but he who aspires to be a hero must drink brandy." By that definition Scandinavian glögg, will make us saintly.

Glögg, pronounced glug, is a high-octane, mulled wine, which is to say it is made with a potpourri of spices and all three of the above: Claret (red wine), port, and brandy, and is served warm. Especially popular around Christmas, it is the perfect cold weather drink, warming the body and soul from the inside out. How does it work? The warm liquid raises the temperature of the mouth and stomach slightly, and because alcohol is a vasodilator, it forces blood to the skin, making us feel warm and blushing on the outside.

History of glögg

The Greeks and Romans were known to "mull" wine by adding spices to enhance its flavor and because it was thought to have health benefits. Probably because it was thought to be healthful, in an stroke of early marketing genius, English wine merchants in the 1500s named a spiced wine Hippocras, after Hippocrates, the famous Greek physician who lived about 400 years BCE and is often referred to "the father of medicine."

According to the Wine & Spirits Museum in Stockholm, King Gustav I Vasa of Sweden was fond of a drink made from German wine, sugar, honey, cinnamon, ginger, cardamom and cloves. It was later named "glödgad vin" in 1609, which meant "glowing-hot wine." The word "glögg" is a shortened form, and first appeared in print in 1870. Its popularity spread throughout the European nations and in the 1890s it became a Christmas tradition. It was often used as a health potion, and I prescribe it often for a wide variety of ailments, especially muscle strains induced by shoveling snow. Originally glögg was a bit less hearty, but a recipe from 1898 shows it was made with sediment from port wine barrels, full bodied red wine, Cognac, sherry, sugar, cinnamon, cardamom, almond, raisins, and vanilla pods, not dissimilar from today's recipes.

There are as many recipes for this old traditional winter beverage as there are for martinis. Instead of brandy, most Swedish recipes calls for aquavit, a distilled spirit frequently flavored with caraway seeds. Finnish gluggi often has vodka. Outside of Scandinavia, the Germans make a variation called glühwein (glow wine) often with a white wine base, and in Ireland it is made with, what else, Irish whisky. In the US, I've tasted it made with bourbon. But I prefer the taste of glögg made with brandy.

The spices and flavorings change just as frequently, with most recipes calling for cardamom, cloves, cinnamon, orange peel, raisins, almonds, and sugar. Some people use dried cherries. Some swear by dried orange peel, others use fresh. Sugar content can be varied according to taste, and I have tasted it made with honey and maple syrup. Some brew it and drink it on the spot, and others age it. I usually do both. My wife and I like to make some for after dinner on Thanksgiving, and then we age some for Christmas and the rest of the winter. We have been making glögg since 1974 and refining the recipe since then.

Recipe for glögg

The aroma of mulling glögg is heavenly, and when it is served steaming hot in a mug after a hard day of skiing or shoveling the sidewalk and driveway, the body offers thanks. Glögg also makes a good marinade for beef or venison. Here is my families tried and true recipe.

Ingredients

1.5 liter bottle inexpensive vodka or Grain Alcohol
1.5 liter bottle inexpensive American Port
750 ml bottle inexpensive Brandy or Rum
10 inches cinnamon stick
15 cardamom seed pods or 1 teaspoon whole cardamom seeds
2 dozen whole cloves
1 orange peel, whole and washed
1/2 cup dark raisins
1 cup blanched almonds
2 cups sugar
Garnish with the peel of another orange

Notes about the ingredients

The vodka, port, and brandy. There is no need to invest in expensive wine, port, or brandy because the spices are going to pre-empt any innate complexity of a fine wine, but don't use anything cheap. Remember, the sum will be no better than the parts. If you want to play, instead of brandy try using Swedish aquavit, a caraway flavored vodka popular in Scandinavia. I've had good luck with Southern Comfort and Capt Morgan, which has a changing flavor.

Raisins. Golden raisins will work, but dark raisins are better.
Cardamom. Cardamom comes in three forms: Pods, seeds, and powder. The pods look like orange seeds. Cardamom seed pods may be hard to find, so you may need to order them from a spice specialist, but don't leave out the cardamon. Cardamom is the secret ingredient. The seeds within the pods are either black or tan, about 1/3 the size of peppercorns. If you can't find pods and can only find seeds, use about 1 teaspoon of them. Do not use powder.

Almonds. It is important to get naked cream colored almonds that have had the shells and brown skins removed. The skins are bitter and full of brown coloring that can give the glögg a dusty texture. Do not use salted or smoked almonds. If you can only find almonds with skins, you can remove them by blanching them. Here's how: Boil a pot of water, dump in the almonds, wait for the water to boil again, let them boil for about a minute, pour off the water, and rinse with cold water, and drain. The skins will slip right off if you pinch them.
Cloves. Do not use powdered cloves.

Do this

1) Crack the cardamom seed pods open by placing a pod on the counter and laying a butter knife on top of it. With the palm of your hand, press on the knife. They will crack it open so the flavors of the seeds can escape. You can leave the seeds in the pods once they are cracked.

2) Pour the vodka and port into a stainless steel or porcelain kettle. Do not use an aluminum or copper pot since these metals interact with the wine and brandy to impart a metallic taste. Add the cinnamon, cardamom, cloves, orange peel, raisins, and almonds. Cover and simmer.

3) Put the sugar in a pan and soak it with half the brandy. Warm over a medium-low flame and stir occasionally until it becomes a clear, golden syrup and all the sugar is dissolved. Let it simmer for about 15 minutes until the little tiny bubbles become large burbles. This starts caramelizing the sugar and adds a layer of flavor.

4) Add the sugar syrup to the spiced wine mix. Cover and let it simmer over a low heat for an hour.

5) Taste. If you wish, add more sugar or brandy to suit your taste. If you do, go easy, 1/4 cup at the most. Like my barber says, "I can always cut more off but I can't put it back on". You can always add more brandy, but if you go over the top, you can't get back under.

6) Just before serving, strain to remove the spices, almonds, and raisins. You can serve your glögg immediately or bottle it and age it. A month or two of aging really enhances the flavors and marries them beautifully. A year is even better. If you are going to age glögg, use wine or whiskey bottles and make sure they are clean. Bottle glögg while it is still warm. Fill the bottles as high as possible and seal them tight. You don't have to lie them down to age, and if you use used corks, they might leak where the corkscrew entered if you lie them down.

7) Fringe benefits. Do not discard the raisins and almonds when you are done, they are impregnated with flavor! I put the raisins in a jar in the refrigerator, and my wife bakes them into panettone, an Italian raisin bread After I snack down a few handsful). I roast the almonds in a 225F oven for about 90 minutes and munch them as snacks with a football game.

8) Serving. To serve glögg, warm it gently in a saucepan over a low flame or, better still, in a crockpot. Serve it in a mug and, don't skip this, garnish it with a strip of fresh orange peel, twisted over the mug to release the oils and a cinnamon stick. Drink while seated and give your car keys to a friend.

Physical Security Talking Points and Fraud

When discussing physical security, there are several important talking points to consider. Here are some key points to include: Risk Assessm...