THE MAGAZINE

A new publication from the National Institute of Standards and Technology (NIST) will help organizations understand the nuances of the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA). The paper, An Introductory Resource Guide for Implementing the HIPAA Security Rule, explains the security rule in detail and provides recommendations. Included are a glossary, a list of acronyms, and references to other NIST papers related to HIPAA.  @    Get the NIST report  via www.securitymanagement.com

A new portable storage device called Outbacker by Memory Expert International (MXI) is a bit bigger than a flash drive—it’s about the size of a deck of cards—but it makes up for its size with an incredible 20 GB of storage space (a model with twice as much storage is also available).

One possible step on the road to converging the physical and IT security functions within an organization is investing in smart cards to secure physical access to a facility as well as logical access to critical systems. But is there a good return on investment (ROI) to do so? There is, according to The ROI Case for Secure Access, which reports the findings of a 53-company survey from IT research firm Datamonitor. The report estimates an annual savings of close to $2.5 million for an enterprise with 2,000 employees (of course thats not including the cost to deploy smart cards in the first place). Savings are realized by, for example, managing PKI certificates through the cards, cutting the number of password-related IT queries, and saving time via faster access to facilities.  @    The full Datamonitor report is accessible at no charge through SM Online.

If you’ve got all day to prowl around a single site devoted to IT security, let it be Infosyssec, a portal to everything you ever wanted to know—and lots that you never knew that you needed to know—about cybersecurity. Everything from breaking computer-security news stories to dozens of news groups and mail lists to scores of niche search engines to the latest antivirus alerts. The wealth of resources that can be found in this one venue makes Infosyssec well worth the visit.@ Find the site on SM Online.

Why it’s so hard to create secure software, how to hack Google, Sarbanes Oxley costs, a secure and portable storage device, and more from the digital world

Sarbanes-Oxley may help the public reclaim its confidence in Corporate America, but it’s costing corporations plenty, according to a survey of chief financial officers (CFOs) by Financial Executives International (FEI), a professional organization of CFOs and other senior financial executives. Costs for complying were estimated at $4.36 million, 39 percent more than the $3.14 million they expected to pay (based on a July 2004 estimate from a previous FEI survey).

It might seem odd to dedicate network resources to actually try to attract hackers, but that’s exactly what these servers, attached to the Internet, do.

You can use Google efficiently and effectively to find out what’s out there about your company and its Web site, thanks to Google Hacks: Tips & Tools for Smarter Searching from O’Reilly Media, Inc. But these aren’t hacks that will land you in trouble; rather, they are tweaks that will help you to find what you need more efficiently.

The Illinois House Human Services Committee has approved a bill (H.B. 1098) that would prohibit the manufacture, sale, or possession of .50 caliber sniper rifles in the state. The bill, which is awaiting a vote in the full House, is designed to prevent a terrorist from using the rifle to shoot down a civilian aircraft during takeoff or landing. Violating the law would be a felony under the new measure.

The United Kingdom’s House of Commons has approved a bill to establish a national ID card system. The Identity Cards Bill sets out a system under which each citizen would have a compulsory ID card embedded with a computer chip by 2012. The chip will hold personal information such as names and addresses as well as a biometric identifier such as a facial scan or iris scan. All of this information will also be stored in a national database. The bill had little problem passing in the House of Commons with a vote of 224 to 64. However, it faces a greater challenge in the House of Lords, according to public comments from its sponsor, Secretary of State for the Home Department Charles Clark.@ The full text of the bill is available at Security Management Online.

A new report by the Government Accountability Office (GAO)assesses the effectiveness of explosives detection systems (EDS) and explosives trace detection (ETD) systems installed in airports around the country by the Transportation Security Administration (TSA).

The EDS and ETD machines were in place in most airports by the end of 2003. At the time, airport officials—especially those at small regional airports—expressed concern that the systems were too large to be incorporated into the baggage screening process and were installed as standalone devices in lobbies or other large areas. (See “Flying in the Danger Zone,” June 2002.)

In the new report, the GAO tracks this issue of space and concludes that the interim solutions have resulted in inefficient screening practices and led to hiring of more screeners than necessary. Of the 130 airports studied by the GAO for the report, 86 are planning to integrate the EDS machines into baggage conveyor systems.

However, the funding for such projects is limited and is beyond the reach of many airports.

In the report, the GAO faulted the TSA for failing to conduct an overall analysis of the problem. According to the report, some airports have proven that they could make up the cost in long-term savings and through increased efficiency.

@ To read the GAO report, visit Security Management Online.

How a company made the move to a PC-based digital CCTV solution that made viewing and storing images easier tasks.

Many experts consider the Reid Technique to be the leading method on interviewing and interrogation and Criminal Interrogation and Confessions to be the seminal textbook on the subject. Now the developers of the Reid Technique have created an abridged version of the classic textbook, called Essentials of the Reid Technique: Criminal Interrogation and Confessions.

Specific disasters including fires, bomb threats, and earthquakes receive individual attention. Probably to illustrate the extent and magnitude of disasters, Gustin includes lists of disaster and emergency declarations made in 2002 and 2003 that run for pages, from flooding in Arkansas to typhoons in the Federated States of Micronesia. The author’s good intentions aside, the lists don’t merit that much space.

If only the location of Osama bin Laden were as easy to discover as the identity of the “anonymous” author of Imperial Hubris, an insider’s view of the search for bin Laden and a critique of the overall war on terrorism. A new edition names Michael Scheuer, a counterterrorism expert from the CIA assigned to the bin Laden “team,” who quickly surfaced as the author, appearing on talk shows to defend his book’s controversial positions.

Part one covers infosec policies and procedures, and part two is an information security reference guide. The journey through both is pleasant, but familiar, somewhat like an afternoon stroll through well-trod terrain. Neither part contains any revelations, but each is well constructed and brims with relevant information that is easy to find.

Just who is spying on whom? The author explains that the typical person might be a target of bosses, friends, family members, hackers, and many others. Even people with nothing confidential or of value on their computers risk getting caught up in espionage and other cyber capers. For instance, hackers can use their computers as vehicles for staging attacks or as a location for storing illicit files, such as child pornography. And as more cell phones and PDAs connect to the Internet, the risks multiply.