Web Highlights for July 2008

Security Management

Web Highlights

JULY 2008



Security Management




Citibank, Cardtronics Mum on ATM PIN Breach
Jul 02, 2008 - The extent of the fraud is still unknown, although prosecutors allege the hackers stole at least $2 million.

U.K.: A Year After Glasgow, Aviation Security Risks Persist
Jul 01, 2008 - A new report warns that cargo planes could be used in acts of terrorism and a security consultant says airports are still vulnerable to terrorism after the attack on Glasgow International Airport last year.

Americans Returning from Overseas Find Their Electronic Devices Searched and Seized
Jun 30, 2008 - But does it violate the Fourth Amendment's protection against unreasonable search and seizure?

Retailers Face Deadline for Securing Web-facing Applications
Jun 30, 2008 - Retailers that accept payment cards have until the end of the day to comply with a new requirement that secures a company's web-facing applications.

Should the Freedom of Information Act Aupply to Private Prisons?
Jun 27, 2008 - Lawmakers hear testimony for and against having private prisons covered under the Freedom of Information Act.


Payment Card Industry Data Security Standard
Retailers that accept payment cards must adhere to the PCI DSS to protect their customers' personal information from hackers and other malicious web-based attacks. Recently, a best practice, sec. 6.6, which recommends that all web-facing applications receive protection from known threats, became a requirement. Do you comply?

Effectively Managing I-9 Employment Eligibility in the Face of Changing Legislation

How to eliminate the headaches of I-9 paperwork, management, tracking, and compliance by using an electronic I-9 solution.

2008 Data Breach Investigations Report

Conducted by the Verizon Business Risk Team, the study upsets the conventional wisdom and reports most data breaches investigated were caused by external sources.

Crime in the United States 2007: Preliminary Annual Uniform Crime Report

The FBI reports that preliminary figures show that violent and property crime fell in 2007



1. Green Security
2. Smarter Cards
3. Information Sharing
4. Deterring Car Crime
5. Mobile Money Laundering
6. Sexual Harassment
7. Offline Threats
8. Read All About It
9. Online Forum Question

1. Cover Feature: Green Security

When security best practices clash with the goals of the “green” movement, building design can hang in the balance. Architects and project developers strive for Leadership in Energy and Environmental Design (LEED) certification through environmentally friendly designs. Security professionals must learn to work both around and with the green elements. For example, LEED grants points for windows, because they help save energy, but they also increase vulnerability. Security professionals can suggest ways to reduce the vulnerability of windows by placing most windows around a courtyard or in an area of the building that doesn’t require high security.

@Assistant Editor Laura Spadanuta describes how security and environmental goals can harmonize in “The Greening of Security.”

2. Smarter Cards

Are you smarter than your ID card? With new microchips and interactive capabilities, smart cards can accomplish more than ever. A single card can transact financial business, record time and attendance, check out equipment and materials, provide authentication for network access, store healthcare information, and, oh, yes, identify the holder. Their use with network and application log-on is helping security justify and pay for cards, becoming the first step in the cards’ wider use in a more converged physical/logical access system.

@ In “Trends in ID Cards,” Associate Editor John Wagley reports on the latest in smart cards. Two case studies explore the experiences of Northrop Grumman, which rolled out highly secure smart cards with biometric templates, and PricewaterhouseCoopers, which replaced multiple badges and keys with a single credential.

3. Information Sharing

Never mind that Congress mandated national information sharing to thwart terrorism in 2004. State and local officials continue to complain that they share information with the feds, but the favor is rarely returned. That is changing, according to intelligence leaders, who are working to produce useful intelligence for police, firefighters, and others on the front lines. The new Interagency Threat Assessment and Coordination Group, a team of four state and local civil and law enforcement officials posted to the National Counterterrorism Center, examines the center’s finished intelligence for items of interest to their constituent groups and counsels federal partners on what local first responders want to know and how best to get the information to them.

@ This month’s “Homeland Security” by Assistant Editor Joseph Straw checks out the new system and other developments in information sharing.

4. Deterring Car Crime

When criminals plundered costly parts from cars on a dealership’s storage lot, management stepped up security with more guard patrols and an alarm monitoring service. After those measures didn’t solve the problem, the dealership looked for another solution. A surveillance system with video analytics and two-way communications has been working for this dealer. When would-be thieves enter the property, security personnel can talk to them, letting them know that the police are being called while describing their clothing so that the intruders know a real person is watching in real time. As security has improved, the dealership has been able to make the lot more customer-friendly, and sales have increased dramatically.

@ Read about the system that’s made so much difference in “Car Talk Back” by Senior Editor Teresa Anderson

5. Mobile Money Laundering

Terrorists, white-collar criminals, and other nefarious sorts have found that a cheap, disposable cell phone is all they need to move money globally. Millions of dollars can be shifted around the world through wireless financial networks, quickly, reliably, and without leaving a trail. A sender hands over cash to a remittance center, paying a small fee. The center transfers money electronically to the receiver’s cell phone account in the receiving country. Recipients receive a text message informing them that a transfer has arrived in their electronic wallet. They can withdraw cash from a licensed outlet or simply spend or transfer the credit electronically.

@ Learn more about how this system is complicating things for authorities in the July “International” by John Barham. Other issues covered this month include protecting NGO workers throughout the world and Britain’s new biometric ID.

6. Sexual Harassment

A company that failed to intercede while an employee harassed various women over a 10-year period can be held liable for creating a hostile work environment and for the employee’s retaliation against his victims, according to the U.S. Court of Appeals for the Sixth Circuit. Although the company investigated the employee’s behavior, he was not fired until 10 years after the first complaint.

@ This case is described in this month’s “Legal Report” by Teresa Anderson. You can find the link to the case online in the Beyond Print section.

7. Offline Threats

Digital picture frames infect a home computer. GPS systems conceal malicious files. Storage media-such as CDs and USB devices-conceal unwanted malware. Those are some examples that illustrate how digital perils can exist in virtually any memory-bearing device. In fact, the Ponemon Institute reports that the majority of data breaches are related to devices such as laptops, CDs, tapes, memory sticks, smart phones, PDAs, and MP3 players.

@ Two articles (here and here) in this month’s “Technofile” by Associate Editor John Wagley look at these threats and what can be done to mitigate them.

8. Read All About It

No security function operates in a vacuum. As a consequence, managers must keep pace with a host of threats, internal and external. In the fifth edition of Security and Loss Prevention, author Philip Purpura accomplishes two major objectives: providing a practical baseline of information and concepts security professionals need with identifying the current and future risks that will test their resourcefulness. Today’s top challenges include old and new threats like terrorism, cybercrime, technology exploitation, and pandemics.

@ John Gargiulo, former director of security for Reuters America, reviews the book in this month’s edition of Security Management.

9. Online Discussion Forum Question of the Month

Visit the Forums on SM Online to share information and experiences with your peers. Here’s a question recently posed by one visitor:

The 9/11 Commission has recently issued a progress report on the private sector's readiness to manage terrorism. I am a doctoral candidate who has been doing research on this area for the last two years. Would you offer an opinion on why the private sector is not ready?

@ To register and participate in the Forums, just click here. It's free!


Because you are a valued subscriber to Security Management magazine, we would like to welcome you to the Security Management Online Product Information Service. You can instantly request product and service information from our July 2008 issue.

Select one or more categories of interest to view the advertisements and product announcements for the selected categories. Request more information about products and services using our reader service Web site.

Product Info

Also New Online:

-- Find links to the latest security reports and other resources through "Beyond Print."

-- Check for Breaking News and lend your expertise to others by commenting on individual news items.

-- See Marketplace for the latest products and services. And if you need a local supplier, check out the ASIS Security Industry Buyers Guide Online.

-- Get the latest info on events and training programs.

-- Link to, ASIS's Web page, for more industry events, workshops, and resources.

And much more...

-- Don't forget to go to on a daily basis to get the latest news from "Today's Headlines."

Security Management is the award-winning publication of ASIS International, the preeminent international organization for security professionals with more than 35,000 members worldwide.

Check out ASIS Online for more industry events, workshops, and resources.

-- Subscribe to the print edition to get even more valuable advice. This month features articles about:

  • How to create a safety culture

  • How to protect personal data

  • How to devise a security master plan

Click here to subscribe.

We welcome comments on content from the Web site or the print magazine, as well as suggestions regarding topics for future coverage. Send e-mail to:

Sherry Harowitz
Security Management

Thank you for signing up to receive the SM Online E-News, an informal periodic alert to make you aware of breaking security news and upcoming monthly features that you can read by going to SM Online. (You will only receive this alert if you requested it. If you wish to leave the list, see the instructions at the end.)

This mail is never sent unsolicited. You have subscribed to receive this information. To unsubscribe from this e-letter, e-mail Type "unsubscribe" in the subject line.


    Beyond Print

    SM Online

    See all the latest links and resources that supplement the current issue of Security Management magazine.