SECURITY IN THE NEWS
Professional Practices Online Course (MGMT6051)
3 June 2014
Security In The News
The latest security leaks coming from Edward Snowden, American whistleblower, dissident and fugitive who was reportedly obtained millions of documents from his former employer National Security Agency (NSA)1, reveal the amount of hypocrisy American officials have being portraying in dealing with alleged cyber security issues in recent years. United States Government has made a public case about the dangers of buying Information Technology equipment from the largest Chinese telecommunications giant, Huawei, however revelations by Snowden show that NSA was actually creating its own backdoors directly into Huwaei's networks2. The agency has successfully hacked into the company's Chinese headquarters, and obtained information about the workings of giant routers and complex digital switches that are used to connect a third of the worlds' population to the internet, and also monitored communications of all company executives3. Operation was code-named "Shotgiant," and aim was to find links between Huawei Corp and Chinese People Liberation Army4. However, plans went further into exploiting technology so that when Huawei sold their IT equipment to other countries, both allied and non-allied, the NSA could freely browse through foreign computer and telephone networks to conduct unlimited surveillance5. All of this raises another important question beside legitimacy of these actions all together. Is NSA also involved in classic corporate espionage in order to help US based companies of choice to perhaps improve their technological competitive levels in both domestic and international markets? A White House official, Caitlin M. Hayden, stated the flowing: " We do not give intelligence we collect to U.S. companies to enhance their international competitiveness or increase their bottom line. Many countries cannot say the same.6" While American and Chinese establishments are repeatedly hacking each other with high degree or reciprocity around the clock, they are also supposedly trying to deescalate tensions in their cyber cold war7. This raises another question, who will protect basic privacy rights of an average law-obeying internet user? Why does governments think they have right to spy without any limits on general population and not face any consequences while doing so? In his latest appearance via video link during TED conference in Vancouver, BC (Technology, Entertainment and Design converged) Snowden has proposed standardization of usage of SSL cryptographic protocols in all internet browsers8. While such proposal seems rather reasonable and achievable in the immediate future, it only patches the issue and does not even tackles root cause of a problem itself. The permanent solution would be some sort of digital bill of rights, perhaps an United Nations resolution or treaty signed by the governments around the world and adopted in their respective national institutions (parliaments). This idea was initially propped by Tim Berners-Lee, one of the world wide web founders9. Berners-Lee believes that the concept of the open web is under constant threat from the governments and corporations that want to have control over internet10. His proposal is part of the larger campaign currently underway, called Web at 25 (25th anniversary of the world wide web)11. Current situation of unlimited and unsupervised cyber espionage done by everyone on everyone is not sustainable in the long run. There is a big possibility that certain countries may resort into limiting and restricting internet connections with the outside world due to outgoing security issues. Another point of view comes from hacktivist entities such as Anonymous group, who are justifying their own activities as "protest in digital space12". Their view on the US state today is that it reassembles a nexus of power solely for corporate interests. Since it...
The main purpose of IT security is to defend information from unauthorized access. IT specialists are responsible for keeping all of the technology within the company secure from malicious cyber-attacks that often attempt to breach into critical private information or gain control of the internal systems. The capabilities and complexity of IT systems keep growing. Users can access more data and systems from a multitude of entry points, such as office workstations, offsite laptops, and roaming smartphones. As IT systems are increasingly integrated into the operational fabric of individual organizations, their exposure to potential threats in turn becomes increasingly multilayered, moving beyond technological vulnerabilities alone. The ultimate goal of managing IT security is to turn an organization's security policies into security requirements that can be codified, rolled out to the organization, enforced, and measured. Perhaps the most compelling reason to do this is that good security is more about encouraging and enforcing positive behavior than it is about protecting against threats and vulnerabilities. In fact, the vast majority of network attacks are targeted at vulnerabilities for which there are known remedies. Thus, if a well-planned security policy can actually be deployed and followed, most network threats can be avoided. Turning the theory of a policy...
...A Reference Security Management Plan
for Energy Infrastructure
Prepared by the Harnser Group for the European Commission
Under Contract TREN/C1/185/2009
A Reference Security Management Plan for Energy Infrastructure
The European Union is developing its policy on critical energy
infrastructures in relation to the European Programme for Critical
Infrastructure Protection (“EPCIP”) which considers measures that
will enhance, where necessary, the level of protection of certain
infrastructures against external threats.
The integrity of energy infrastructures and their reliable operation are key factors in ensuring
the supply in energy, vital for the well-being of the citizens and the functioning of the economy.
For this reason energy infrastructure is considered as a priority for the implementation of the
EPCIP, hence the policy adopted in December 2008, under Council Directive 2008/114/EC on
the identification and designation of European critical infrastructures and the need to improve
their protection, has the energy sector in its scope. As one of a number of requirements, this
Directive included the creation of an Operator Security Plan for all infrastructures designated
as European Critical.
The European Commission’s Directorate General for Energy tasked an external contractor to
prepare a non-binding Reference Security Management Plan. This is intended to be a useful...
...Computer security and Network Security is the means by which business and governments are protecting against computer intrusions and attack to prevent loss of data, information and provided services. Everything is now on computers, peoples whole lives are documented on computers. Big business and the government rely on technologies that use computers, whether it is used for storage, a medium between the customers and themselves or actual work. With all this information and data being stored, transferred and used it needs to be secured. A bank is open to the public; you would not have this bank unsecured would you? There would be security guards, cameras, and a vault. The same mentality to secure your data should be implied if you have a network that is connected to the Internet. You should have software, hardware, and/or personnel monitoring your networks operations and security. All computers and systems that connect to the internet or networks run off software of some type. People called hackers or crackers, manipulate programs, create worms, and viruses to make systems do thing there not supposed to, access places they aren’t allowed, and shutdown or hinder a system from working properly (Dasgupta). Then there are attacks, phishing attacks which come in the form of email that try to lead you to fraudulent sites, Denial-of-service attacks overload servers causing no one to get on or shuts them down. Then...
...Do international norms have an impact on security issues? Why?
Norms can be understood as rules for standard behaviour. Norms are a common belief or understanding usually shared by a majority. International norms are determined by the international community and they usually set the stage for the behaviour of individual countries. These norms shape international as well as domestic security issues. These norms shape inter-state behaviour, they also shape thesecurity policies of nation-states and they also serve to set certain normative standards about how the world should be. In this paper we will look at how the emergence of certain norms, taboos and international laws have contributed to international security concerns and sometimes also problems of mistrust.
The major schools of international relations theory such as neoliberalism and neorealism have not satisfactorily confronted the evolution of norms of interstate behaviour. However the constructivist literature draws on a variety of theoretical texts and empirical studies to argue that norms have illustrative power independent of structural and situational constraints.
The belief that all norms are created by the powerful can be challenged. As international norms have come to be shaped by a number of factors such as newer democracies, pressure groups, international and humanitarian organizations. Humanitarian values, global security,...
I am employed by United American Security and staff the Timken World Headquarters. Therefore, I thought it would be easiest to do my project on a place where I have constant access to the security management personnel, the insiders of the office, and I see the system at work daily. In my first two weeks of working for United American Security, I started to note flaws in the current structure and made recommendations, two of which have since gone into effect and will be documented here. Firstly, look at the layout of the World Headquarters, behind the brilliant office of the white collar workers, research and development is attached and that is where the main security goes into play:
Convenient for Security is the fact that every single Timken Facility in the world has a similar layout to this one. The unconvenience: When making rounds, security personnel are required to lock the main lobby and go outside in order to check the hydromation building, and well as the pumphouse not seen on this layout. When I first started, one officer was on duty at a time. The Timken World Headquarters was not meant to be more than a research and development lab, and then the stockholders decided to split the steel company from the research company, and Timken decided to have a vast expansion of their steel company in Ohio. Therefore all the executives would now be brought into the...
COLLECTIVE SECURITY DURING THE
Collective security during the interwar period
The term ‘collective security’ can be defined as a security agreement in which all states cooperate directly, collectively, and and every state accepts that the security of one is in the concern of all. In other words, when one of the states part of this agreement violates the rights to freedom of other nations, all other member states will have to join forces to restore peace, penalizing the aggressor state. This model is based on participation and compulsoriness. An agressor state is about to meet a united opposition of the entire world community. The concept of collective security is based on the consent of all or the majority of states to act against any state that unlawfully violates peace. The main idea of collective security is the assumption that no state will want to change the power and order of world community, and if so, all other states will act together against the aggressor state in order to reestablish the global equilibrium. An ideal collective security organization assumes a very high degree of congruent interest among its members.1 Interstate rivalry and power politics and effectively elliminated.2
As a legal form of states’ cooperation, a collective security system differs from any...
According to scenario 1, the followings are the threads and security measure to control it.
1.Fire outbreaks, begins just outside the data center.
The attack is an internal and active attack caused by a disgruntled employee or worker i.e an unhappy or a dissatisfied employee
I. Availability of fire department center
II. Implementation of well programmed sprinkler system
III. Building has been evacuated to prevent loss of lives
1.Figure out the worker by investigating and either dismiss him/her or by compensating him/her by treating him right or well.
2. This can also be controlled by enforcing the physical security of the company i.e by installing cctv camera in every hook and corner of the company this will monitor all the employees activities within the vicinity of the company; of which any employee that engages in such a destructive act can be fished out easily by replaying the record.
3. RFID can also be deployed to monitor the in and out of every employee.
2.Anthrax box was detected by an employee in the lobby
I. Evacuation of building has be done again to prevent loss of lives
II. Health department is on scene to investigate the issues and treat people
III. The sprinkler system has been implemented which caused the email and web server to stop working.
1. Employees and visitors should be properly screened and be checked thoroughly...
...Communication in Security Settings Paper
January 28, 2013
Robert J. Deuel
In the security world today many organizations have developed a more concise communication tools that will enable a security personal department, to teach, and help there officers observe the various behaviors that individuals display. For instance a security officer notices an individual is seen walking around a facility or retail establishment acting in a very suspicious way. It could be possible that this particular individual is going commit a crime or has a severe mental issue. With the officer learning the certain skills to detect this type of behavior it very well could prevent either a crime being committed or the individual from hurting himself or other people who are around the situation. In these instances a trained security personal may have to use their communication skills to read what the person is doing by watching their gestures and emotions. Unfortuannally In many security settings personal deal with many challenging, and frustrating individuals that have many nonverbal language barriers. From ant where to people who are death, or don’t understand the language or is trying to convey a certain message to the security officers or other authority figures. Accordingly to University of Phoenix (2011)....