The director of the New York Office of Homeland Security shares his thoughts on terrorism with Security Management. The complete interview is available online.

The Texas Supreme Court has ruled that a grocery store cannot be held liable for malicious prosecution of a patron because the employees who accused the patron of theft were acting honestly.

A California court has ruled that a contract security guard company can be held liable for failing to fulfill its contract.

A federal appeals court has ruled that, under the ADA, an employee need only request accommodation to trigger an employer’s obligation to provide appropriate accommodation.

Find out how many companies are already using metrics to show security’s value, by reading this Frost and Sullivan survey

Here are some recommended basic steps to better protect yourself from identity theft.(The first, from the U.K. telecom company BT, explains how criminals steal identities, what ISPs and other organizations are doing to help consumers, and what the future holds. The second, from the Liberty Alliance Project, shows how stolen identities are converted into money.)

The California Supreme Court has ruled that vulgar language used in the workplace is sometimes acceptable, if the talk was part of the process of developing an adult-themed television show.

Guide for Developing Performance Metrics for Information Security analyzes legislative requirements, describes linkages between strategic planning and information security, and explains types of performance metrics.

Chemical facilities are making progress. Find out which ones have dramatically reduced the risk of harm from hazardous chemicals. (CAP’s Preventing Toxic Terrorism: How Some Chemical Facilities are Removing Danger to American Communities and the National Research Council’s Terrorism and Chemical Infrastructure: Protecting People and Reducing Vulnerabilities are both available at SM Online.)

Why aren’t more airports opting out of using federal screeners? Read about the issue in a report from the Government Accountability Office.

A paper summarizes new court security guidelines proposed at a symposium held by the National Center for State Courts.

The United States Cyber Consequences Unit released a checklist to help business managers assess their companies’ cybersecurity.

Use of synthetic drugs—such as methamphetamine, prescription medications, and Ecstasy—has become such a concern that the White House has released a specific national strategy to control synthetic drugs. It represents the first time that a national drug control strategy has focused on a single class of drugs. A tailored approach to these substances was necessary, according to the Synthetic Drug Control Strategy: A Focus on Methamphetamine and Prescription Drug Abuse, because these drugs or their ingredients are designed for legal use and due to “extreme health and environmental problems associated with the production of drugs such as methamphetamine and the indisputably destructive nature of methamphetamine use itself.” @ The strategy is on SM Online.

Jerry H. Ratcliffe, an associate professor of criminal justice at Temple University, has sifted through dozens of studies on the effectiveness of CCTV in an effort to get an answer. His findings are presented in an article that is another in a series that comprises the Department of Justice's problem-oriented guides for police.

A bill (formerly H.R. 32) that would prohibit trafficking in labels or similar packaging, with knowledge that a counterfeit mark has been applied to them, has been signed into law (P.L. 109-181). Under the new law, the definition of “counterfeit mark” includes any mark on a label or packaging that is substantially indistinguishable from a trademarked design, and that is likely to mislead consumers. Any article that bears a counterfeit mark will be subject to forfeiture.

The National Science and Technology Council has released the Federal Plan for Cyber Security and Information Assurance Research and Development. The plan provides “baseline information and a technical framework for coordinated multiagency R&D in cyber security and information assurance.” It covers vulnerabilities, threats, and risk, and provides technical perspectives on subjects ranging from authentication and access control to wireless to software testing and assessment tools. An appendix provides roles and responsibilities of the members of the working group that created the report.@ The Report is at SM Online.

The full results of the survey will be published in book form next month and will be available for sale at the ASIS 52nd Annual Seminar and Exhibits in San Diego, September 25-28, as well as on the Society’s Web site, ASIS Online. Responses to 23 questions are broken out by industry and geographic areas, and where response levels allow, full reports are also included on major metropolitan areas.

The amount of rain and wind delivered by Katrina and Rita last year was nothing compared to the criticism that poured down on the federal government, Louisiana, and New Orleans for shoddy hurricane preparation and response. In the aftermath, Congress asked the Departments of Transportation and Homeland Security to review federal and state evacuation plans for catastrophic hurricanes. The two agencies have just issued a nearly 200- page report on evacuation plan assessment and jurisdictional roles in evacuation. @ Read it now by going to SM Online.

The Nuclear Regulatory Commission (NRC) has announced its plan to formulate a new rule to guide risk assessments at nuclear power facilities. The risk assessments, which will be performance-based and technology-neutral, will be required before a facility can be issued a license by the NRC. The advance notice of the rulemaking does not set out the specifics of the plan. Instead, the NRC is asking for comments on whether the concept of the plan is reasonable and, if so, how it should be designed and implemented. The comment period expires December 29, 2006. @ read the advance notice of the proposed rule.

The Transportation Security Administration (TSA) has issued a proposed rule relating to the Transportation Worker Identification Credential (TWIC). Under this program all people who have unescorted access to secure areas of ports and vessels will be required to carry the TWIC card. As set out in the rule, TSA would collect names, personal information, fingerprints, and photos on all applicants for the card. TSA would also perform background checks including those for criminal history, terrorist activity, immigration status, and outstanding warrants. The TWIC will be a smart card and will include a biometric feature. According to the proposed rule, more than 750,000 people will be required to obtain the card. The TSA expects that workers will have to pay approximately $139 to obtain the TWIC card. The card will be valid for five years. @ To read the entire proposed rule, visit SM Online.

A port security bill (H.R. 4954) has been approved by the House of Representatives. The Senate has placed the measure on its calendar, meaning that it will consider the bill. The bill, which will cost $7.4 billion, was approved by the House of Representatives with most of its original provisions intact.

A bill (S. 2631) introduced by Sen. Charles Schumer (D-NY) would prohibit the production, transfer, possession, and use of false travel documents. The bill has no cosponsors and has been referred to the Senate Judiciary Committee.

A bill (H.R. 4439) that would overhaul the Transportation Security Administration (TSA) to increase aviation security has been approved by the House Homeland Security Committee’s Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity. The bill must now be taken up by the full committee to proceed. The bill would require that the TSA reorganize to focus resources on areas that are at greatest risk of terrorist attack and would mandate that the TSA create a program to instantaneously prescreen all international passengers traveling to the United States. The bill would also allow state and local governments to compete with federal contractors to provide airport security. Under the bill, the TSA would be required to create new training standards to help those who check documents to recognize fraudulent identification. Under the measure, the government would create an independent agency within the TSA to focus on airline passenger and baggage screening.

A bill (H.R. 4765) introduced by Rep. Anthony D. Weiner (D-NY) would require the government to designate an area at high risk for a terrorist attack as a high-threat helicopter-flight area. The government would screen all passengers and property transported from a high-threat flight area to a standard passenger helicopter. The screening would be equivalent to that provided for passengers and property carried aboard a domestic passenger aircraft. The bill would also require that the government develop a plan to conduct the screening, including acquiring equipment and hiring and training personnel. H.R. 4765 has no cosponsors and has been referred to the House Homeland Security Committee and the House Transportation and Infrastructure Committee.

A bill (H.B. 1205) introduced in the Missouri House of Representatives would make it illegal to alter or falsify drug or alcohol test results. The bill would also create the crime of transporting a biological sample or adulterant with the intent of falsifying test results.

A bill (S.B. 186) currently under consideration in the West Virginia Legislature would provide employers immunity in disclosing information about former employees. Immunity would be waived, however, in cases where the former employer knowingly gives information that is false, disclosed with reckless disregard for the truth, deliberately misleading, or malicious.

With the hurricane season underway—and with memories of last year’s catastrophes still fresh in mind—businesses in areas that are likely to be affected by summer storms are doing whatever they can to secure their premises from damage or destruction. But what about digital assets?
The Florida Chamber of Commerce is helping Florida businesses to ensure that their e-mail traffic keeps flowing throughout hurricane season, even if flood waters shut down mail servers.
The Digital Disaster Preparedness service is being offered for free by AppRiver, LLC, a Gulf Breeze, Florida-based company that provides e-mail security services. The company will monitor the mail servers of Florida companies that have an Internet domain name and have signed up for the service via the Florida Chamber of Commerce or App River Web sites.
If bad weather hits and a company’s mail server goes down, AppRiver will reroute incoming messages to its own data centers in Texas, Virginia, and England until the damaged servers are back up, or until the company asks the mail to be redirected (messages can be made available online if requested). Spam and virus filtering are included. The free service runs through October 31.
@ Point your browser to SM Onilne to link to these two sites, where you can sign up for the Digital Disaster Preparedness service if your company is based in florida.www.appriver.com
www.floridachamber.com

If you are a wireless user, you need to know just how many tools are available to compromise wireless networks. Remote-exploit.org highlights tools such as Hotspotter, which acts like a wireless hotspot so that anyone trying to connect to a legitimate network at, say, Starbucks will attach to the attacker’s access point instead. The tools can be downloaded from the Web site along with detailed tutorials—in some cases, step-by-step Flash presentations that walk users through programs that break wireless encryption protocols or that can crack passwords. The need for information on how wireless networks can be vulnerable makes Remote-exploit.org A Site to See. @ Get there via SM Online.

John Bumgarner, research director for security technology with the US-CCU, says that the idea for the checklist evolved because, despite the number of industry-specific guidances (such as Sarbanes-Oxley and ISO standards), there was nothing aimed at nontechnical managers.

Number of daily cyberattacks launched against credit unions