tag:blogger.com,1999:blog-352447882024-03-14T04:17:45.531-05:00The Hackett Security Blog -Since 1977, we have been in the business of installing and monitoring burglar and fire alarm systems, with expertise in card access, CCTV, and the latest digital video recording and transmitting technologies. Our home office boasts a 24/7 UL listed central station and we are Listed and can Certify for both UL 681 and UL 2050 systems.<br><br>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.comBlogger117125tag:blogger.com,1999:blog-35244788.post-67530662087622183552008-09-02T16:35:00.001-05:002008-09-02T16:57:02.958-05:00School's starting again; how's your security?With the new school year starting up, various articles and blog posts have shown up on the radar indicating that 2008 may be the year of the security-conscious campus. The stories are linked below:<br /><br /><ul><li><a href="http://blog.mlive.com/citpat/2008/08/schools_take_steps_to_tighten.html" target="_blank">Schools take steps to tighten security</a> - "...a virtual security guard that grants or denies people access to the building based on whether they are registered sex offenders."</li><li><a href="http://www.courierpostonline.com/apps/pbcs.dll/article?AID=/20080831/NEWS01/808310369/1006/news01" target="_blank">Efficiency, high-tech tools mark new year</a> - "'e' is not just for effort, but also for efficiency."</li><li><a href="http://rncnyc2004.blogspot.com/2008/08/carnegie-mellon-system-thwarts-internet.html" target="_blank">Carnegie Mellon System Thwarts Internet Eavesdropping</a> - "A user who thinks he is linked to an airport or coffee shop 'hot spot,' for instance, might actually be linked to a laptop of someone just a few seats away."</li><li><a href="http://privateofficernews.wordpress.com/2008/08/30/cleveland-school-security-connect-to-police-dispatch-wwwprivateofficercom/" target="_blank">Cleveland school security connect to police dispatch</a> - "Officers in zone cars can listen and respond immediately to a school."</li><li><a href="http://www.thesuburbanite.com/communities/x1181306150/New-security-measures-in-place-in-Manchester-Local-Schools" target="_blank">New security measures in place in Manchester Local Schools</a> - "He was impersonating a sheriff deputy at the (local) McDonalds prior to this..."</li><li><a href="http://satellite.tmcnet.com/topics/satellite/articles/38436-homeland-integrated-security-systems-expects-sales-boom-following.htm" target="_blank">Homeland Integrated Security Systems Expects Sales Boom Following Passage of House Resolution 3179</a> - “Being added to the GSA Schedule and GSA Advantage has really opened a lot of doors for our company.”<br /></li></ul><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-64008324443112277262008-08-26T16:51:00.000-05:002008-08-26T16:55:07.208-05:00Metro St. Louis Procures Onboard Surveillance CamsFrom <a href="http://voipservices.tmcnet.com/feature/articles/37817-metro-st-louis-procures-onboard-surveillance-cams.htm" target="_blank">TMCnet.com</a><hr /><span class="Feature-Header"><span style="font-weight: bold; color: rgb(0, 0, 153);"><br />August 22, 2008 </span><br /><br /><span style="font-weight: bold; color: rgb(0, 0, 153);"> Metro St. Louis Procures Onboard Surveillance Cams </span><br /><br /> <span class="News-links"><span style="font-weight: bold; color: rgb(0, 0, 153);">By </span><a style="font-weight: bold; color: rgb(0, 0, 153);" href="http://www.tmcnet.com/tmcnet/columnists/columnist.aspx?id=100092&nm=Raju%20Shanbhag" id="LinkAuthor" class="News-links">Raju Shanbhag</a> <br /><span style="font-weight: bold; color: rgb(0, 0, 153);"> TMCnet Contributing Editor</span><br /> <br /> </span></span> <hr /> <p> </p><div>Looking to install onboard surveillance camera systems on 50 new Call-A-Ride paratransit vans, the Metro transit agency in St. Louis, Missouri has awarded an approximately $250,000 sole-source contract to Safety Vision, a provider of mobile digital video solutions. Eligible riders in the St. Louis area will now get curb-to-curb public transportation from the agency’s Call-A-Ride program.<br /><br /></div> <!-- #include virtual="/inc/net.tmcmid.inc" --> <div> </div> <div>The new contract was approved by the agency in June 2008 and was partially funded by a Department of Homeland Security Grant. Installation is scheduled to occur in two shifts: the first 25 vehicles this month, the second 25 in October. For 11 years, Safety Vision, a 16-year veteran of the mobile surveillance industry, has supported Metro’s transit security efforts.<br /><br /></div> <div> </div> <div>Each new Call-A-Ride vehicle will be outfitted with four mobile-rated security cameras, including microphones, impact sensors, and the Safety Vision RoadRecorder 6000 PRO mobile digital video recorder (MDVR). Apart from recording video, audio, and system health data in a secure, encrypted MPEG4 format, the MDVR also supports up to 10 interior and exterior cameras. The PRO features more camera frames per second, tripled storage capacity, wireless connectivity, and streamlined data management and builds on earlier generations in the RoadRecorder series.</div> <div> </div> <div>The Safety Vision onboard camera systems are also being used by transit authorities in other major metropolitan areas including Washington, D.C., Chicago, Illinois, and Portland, Oregon to increase operator safety, enhance public security, mitigate transit authorities’ risk, and strengthen criminal prosecutors’ cases.<br /><br /></div> <div> </div> <div>Safety Vision Account Executive John Major says, “We’ve installed camera systems on hundreds of Metro’s transit buses and light-rail vehicles. As we move into the paratransit vans, we’re extending our mobile safety net to encompass all of Metro’s ridership, driver/operators, and rolling assets. This project is also of note as one of our largest installations of security cameras in a paratransit fleet.”<br /><br /></div> <div> </div> <div>He continued, “Along with Broward County Transit in Florida, St. Louis Metro is one of our oldest transit customers. We’ve shared their longstanding commitment to improving the safety and security of their personnel and the public, and we’ve learned together over the years. The Safety Vision team takes pains to ask the right questions of these and other transit customers, and to listen carefully to their answers. Our in-house engineering staff then designs solutions according to customer input, yielding the most technologically advanced yet user friendly systems available today and into the future.”</div> <div> </div><br /><i>Raju Shanbhag is a contributing editor for TMCnet. To read more of Raju's articles, please visit his <a href="http://www.tmcnet.com/tmcnet/columnists/columnist.aspx?id=100092">columnist page.</a></i><br /><br />Edited by <a href="http://www.tmcnet.com/tmcnet/columnists/columnist.aspx?id=100139">Eve Sullivan</a><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-15499301205733766712008-08-26T15:49:00.000-05:002008-08-26T15:53:05.044-05:00Utah schools more 'security conscious'<span id="slt_article"><div id="articleSubTitle" class="articleSubTitle"><span style="font-style: italic; color: rgb(153, 153, 153);font-size:85%;" ><a href="http://www.sltrib.com/ci_10288973" target="_blank">From the Salt Lake Tribune</a></span><br /><br /><span style="font-weight: bold; color: rgb(102, 102, 102);font-size:100%;" >Many campuses will get card-access systems in the coming months</span></div><!--byline--><div id="articleByline" class="articleByline"><a class="articleByline" href="mailto:lschencker@sltrib.com?subject=Salt%20Lake%20Tribune:%20Utah%20schools%20more%20%27security%20conscious%27">By Lisa Schencker<br />The Salt Lake Tribune</a></div><!--date--><div id="articleDate" class="articleDate">Article Last Updated: 08/24/2008 02:27:59 AM MDT</div><br /><div id="articleBody" class="articleBody"><script language="JavaScript"> if(requestedWidth > 0){ document.getElementById('articleViewerGroup').style.width = requestedWidth + "px"; document.getElementById('articleViewerGroup').style.margin = "0px 0px 10px 10px"; } </script>Last school year, a Jordan School District student approached another student with a gun and threatened to blow off his head unless the kid gave him gum.<br /><br /> The weapon was only a realistic-looking squirt gun, but the "armed" student was suspended for 45 days, said Larry Urry, a Jordan staff assistant in the office of compliance and special programs.<br /><br /> "Something like that puts kids in fear of their lives," Urry said. "You don't do that kind of thing."<br /> It's the kind of thing, however, that happens more often than some might think in Utah schools. That's why some of the state's largest school districts, which resume classes this week, are working this year on both old and new security measures - ranging from door-locking systems, to cameras, to police officers - to keep schools safe.<br /><br /> Utah schools reported 654 incidents of weapon possession and 1,400 incidents of drug and alcohol abuse during the 2006-07 school year, the latest year for which numbers are available.<br /> Granite and Jordan district officials said the weapons are often knives and fake guns. The drugs are largely alcohol, tobacco and marijuana.<br /><br /> Most students don't want to be around such things at school, said Clay Pearce, Granite assistant director of student services.<br /><br /> "They want their schools to be safe and places to learn," Pearce said.<br /><br /> <div style="width: 336px;" class="articleEmbeddedAdBox">To make their schools safer, Jordan and Granite are improving security.<br /><br /></div> Jordan expects to finish installing card-access systems - where certain doors can only be opened with security cards - in all of its schools by the start of 2009. That means all school visitors will have to enter through front entrances. All other school doors will be permanently locked from the outside except for some accessible only with the security cards, said Scott Thomas, a Jordan auxiliary services staff assistant. Jordan also will have video cameras monitoring all schools' front entrances. The cameras will feed into monitors set up in schools' front offices, Thomas said.<br /> "It's just the world we live in," Thomas said. "Everybody's being more security conscious."<br /> Granite expects to have card access systems in all elementary schools by early 2009, said Randy Johnson, chief of the Granite School District Police Department. All the district's high schools and junior highs have video monitors, and several elementary schools have them, Johnson said. Salt Lake City School District's schools already have video cameras, said Jason OlsenÂ, district spokesman.<br /><br /> "It would be nice if elementary schools were really open to the public, but times have changed," Johnson said.<br /><br /> Johnson, who heads Granite's 17-member full-time force, said his department will stay busy this year. He said it will likely get more than 10,000 calls for service this year.<br /> The Granite police respond to everything from theft to out-of-control students to weapons and look-alike weapons complaints. They also monitor schools at night to deter would-be vandals and other criminals.<br /><br /> "Our job is to locate, identify and mitigate any problems during the middle of the night so the kids never have to show up and go, 'Oh my gosh, this place of safety and refuge is not really a place of safety and refuge,' " Johnson said.<br /><br /> The district also works with local police departments who station police officers - also known as school resource officers - at schools. The Jordan and Salt Lake districts also have police officers in many of their schools.<br /><br /> "It shows students from an early age that police really are there as a service and an asset to our community," Thomas said. "They're not scary people."<br /><br /> Students who break the law at school might not only face legal repercussions, but they also could face school consequences.<br /><br /> Any student caught with a gun at school can't come back to school for a year, according to the federal Gun-Free Schools Act. But depending on the situation, students and parents can often appeal to district committees, as happened in the case of the boy who brought the squirt gun to school.<br /><br /> "We try to look at the intent," Pearce said.<br /><br /> For example, when a student made threats with a real gun and a real knife at a Jordan School District high school last school year, that student was suspended for the full 180 days, Urry said.<br /> But Granite and Jordan officials said that type of incident is relatively rare.<br /><br /> "I don't know if there's a way to ever really completely bulletproof a school from everything," Thomas said. "But [it's important] to be proactive and protect the public and create a sense of responsibility among everybody."<br /><br /> <strong> <i>lschencker@sltrib.com</i></strong></div></span><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-72569679239441394472008-08-26T15:19:00.001-05:002008-08-26T15:39:19.452-05:00GE Security Explosives Detection Systems Help Protect Homeward-Bound Olympic Athletes and Visitors Using Beijing Capital International Airport<h2 id="StoryContent_TopPageNavigation_Headline2" class="storytitle"><span style="font-size:100%;">Twelve GE Security CTX 9000 DSi Inline Checked Bag Screening Systems Now Operating at BCIA's Terminal Three in Time for Departing Beijing 2008 Olympic Games Visitors, Athletes </span></h2> <div id="StoryContent_TopPageNavigation_PageInformation" class="PageLinksTop"> <div id="StoryContent_TopPageNavigation_LastUpdated" class="StoryHeadlineDetails" style="color: rgb(163, 163, 163);"><a href="http://www.marketwatch.com/news/story/ge-security-explosives-detection-systems/story.aspx?guid=%7BCBD8EE9D-E0A8-4953-86D9-0A111231AB48%7D&dist=hppr" target="_blank">Taken from MarketWatch.com</a><br /><br /></div> </div> <div class="StoryBottom"><table style="float: left;" align="left" border="0" cellpadding="7" cellspacing="0"><tbody><tr><td align="right"><img alt="" src="http://www.marketwatch.com/News/Story/Image.aspx?Guid=cbd8ee9de0a8495386d90a111231ab48&Track=201" id="pimage_201" border="0" /></td></tr><tr><td><img alt="" src="http://www.marketwatch.com/News/Story/Image.aspx?Guid=cbd8ee9de0a8495386d90a111231ab48&Track=202" id="pimage_202" border="0" /></td></tr></tbody></table> <div class="p"> BEIJING, Aug 22, 2008 (BUSINESS WIRE) -- GE Security, Inc., a business of GE Enterprise Solutions today announced its Homeland Protection business installed twelve GE Security CTX 9000 DSi advanced baggage screening systems at Beijing Capital International Airport's (BCIA) Terminal Three as part of the city's infrastructure investment for the Beijing 2008 Olympic Games. </div><br /> <table align="left" border="0" cellpadding="7" cellspacing="0"><tbody><tr><td align="right"><br /></td></tr></tbody></table> <div class="p"> GE Security's CTX 9000 advanced technology explosives detection systems are helping BCIA better protect visitors and athletes returning home after the Olympic Games. They are configured to optimally accommodate the 43 million air passengers and 170,000 flights per year for which the terminal was designed and also serve as a model for inline baggage screening systems throughout the country and region.<br /><br /></div> <div class="p"> "GE Security is pleased to be the provider of this reliable and advanced security technology for this state of the art airport terminal that is currently supporting travelers returning home from the world's premiere sporting event," said Dennis Cooke, president and CEO, GE Security's Homeland Protection business. "This deployment of advanced explosives detection capability to Beijing Capital International Airport underscores our commitment to providing integrated, real-world security solutions that are helping protect and secure Beijing 2008 Olympic Games athletes and visitors as well as all air travelers."<br /><br /></div> <div class="p"> "Our investment in GE's aviation security solutions is helping to make our security operations more effective, more efficient and more convenient for our passengers," said Mr. Yuan, vice president, BCIA expansion headquarters.<br /><br /></div> <div class="p"> The GE CTX 9000 line of CT-based inline explosives detection baggage screening solutions is designed to integrate with airport baggage handling systems (BHS). The CTX 9000 system is TSA-certified and is often well suited for fast-paced airport environments.<br /><br /></div> <div class="p"> With construction of the new Terminal Three beginning in 2004, China has invested approximately $2 billion USD to develop it as a modern gateway to accommodate increased international visitation to the Chinese capitol. The terminal's development is part of an unprecedented $40 billion USD infrastructure investment ahead of the 2008 Olympic Games, which host city Beijing anticipates to be among the most profitable and well attended of recent Games.<br /><br /></div> <div class="p"> Designed for ease of operation and service, with multiplexing capabilities and a low false alarm rate, the CTX 9000 system can be an excellent investment for high-volume airports. Its advanced technology can assist customers to efficiently and accurately identify the most challenging threat substances.<br /><br /></div> <div class="p"> The new Terminal Three opened to the public earlier this year. It consists of three concourses with a combined total area of some 1,000,000 square meters. Concourse C accommodates domestic and international check-in, domestic departures, and domestic and international baggage claim. Concourse D is temporarily dedicated to charter flights during the Olympic and the Paralympics Games. Concourse E is for international departures and arrivals.<br /><br /></div> <div class="p"> <span style="font-size:130%;">About Beijing Capital International Airport </span></div> <div class="p"> The Beijing Capital International Airport terminal officially opened on October 1, 1999, marking the 50th anniversary of Chinese Communist rule. This new, bright and airy terminal, built at a cost of $1.1 billion, is a welcome replacement for the former facility, which started operating in the 1950s, and has become increasingly cramped and dingy with the rise in the number of passengers visiting China.<br /><br /></div> <div class="p"> The new four-story terminal (including basement level) covers an area of 336,000 square meters -- three times the size of the former terminal -- and puts much more emphasis on passenger comfort. The complex also includes a large-scale public parking building and a cargo station.<br /><br /></div> <div class="p"> When this state-of-the-art terminal goes into full operation, it will be able to handle 190,000 flights, 35 million passengers, and 780,000 tons of cargo a year. The building has 51 elevators, 63 escalators, and 26 moving sidewalks to make moving around the airport easy. </div> <div class="p"> Beijing is served by international carriers such as Northwest, United, Canadian Airlines, Lufthansa, SAS, Dragon Air, Japan Airlines, ANA, British Airways, Malaysian Air, Austrian Airlines, Air France, Alitalia, Korean Air, Pakistan Airlines, Singapore Airlines, Thai International, Air China, China Southern and China Northern.<br /><br /></div> <div class="p"> <span style="font-size:130%;">About GE's Security Business </span></div> <div class="p"> GE Security, Inc., a wholly owned indirect subsidiary of the General Electric Company is a leading supplier of security and life safety technologies, with operations in more than 35 countries and $1.8 billion in annual sales. GE Security offers one of the industry's broadest product portfolios, including access control, explosives detection, fire detection, intrusion, key management and surveillance. GE Security's products are used to protect people and property across a wide range of industries, including aviation, banking and finance, education, government and military, healthcare, law enforcement, residential, retail, stadiums and event venues, and transportation.<br /><br /></div> <div class="p"> GE Security was honored with Frost & Sullivan's 2008 North American Video Surveillance Solutions Company of the Year Award for its industry leading video portfolio and integration strategy vision and execution. For more information about GE Security, please visit <a class="lk001" target="_blank" href="http://www.gesecurity.com/">www.gesecurity.com</a>.<br /><br /></div> <div class="p"> GE Security, making the world safer.<br /><br /></div> <div class="p"> <span style="font-size:130%;">About GE and the Olympic Games </span></div> <div class="p"> GE is the exclusive provider of a wide range of innovative products and services that are integral to staging a successful Olympic Games. GE works closely with host countries, cities and organizing committees to provide infrastructure solutions for Olympic venues including power, lighting, water treatment, transportation and security, and to supply hospitals with ultrasound and MRI equipment to help doctors treat athletes. In addition, NBC Universal, a division of GE, is the exclusive U.S. media partner of the Olympic Games, with its partnership also extending through 2012. For more information, visit <a class="lk001" target="_blank" href="http://www.ge.com/olympicgames">www.ge.com/olympicgames</a>. </div> <div class="p"> SOURCE: GE Security, Inc. </div> <pre>Edelman for GE Security<br />Niamh Grano, +1-202-312-8256<br />niamh.grano@edelman.com<br />or<br />GE Security<br />Steve Hill, +1-510-857-1132<br />steve.hill1@ge.com<br /><br /></pre>Copyright Business Wire 2008 <img alt="End of Story" src="http://i.mktw.net/mw3/News/greendot.gif" width="10" height="10" /></div><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-40132383295080066702008-08-26T14:57:00.001-05:002008-08-26T15:14:05.867-05:00First Biometric Facial Recognition Security System Using RFID Technology Eyes Canadian Market<span style="font-style: italic; color: rgb(153, 153, 153);font-size:85%;" ><b>[08/22/08] </b>@ <a href="http://www.morerfid.com/details.php?subdetail=Report&action=details&report_id=4896&display=RFID" target="_blank">MoreRFID.com</a></span><br /><br />RFID ProSolutions, Canadian leaders in RFID technology consulting and engineering, and American RFID Solutions, an industry-recognized leading manufacturer and solution provider, have announced a strategic reseller agreement for the distribution of TES, Trusted eSentry Security, a new, innovative biometric facial recognition system in Canada.<br /><br />TES is a biometric/RFID security system that allows for the automatic identification of individuals using a combination of facial recognition and HF or UHF RFID technology (access cards).<br /><br /><table align="left"><tbody><tr><td id="picture"><img src="http://www.morerfid.com/upload/report/2008/tes_080822.jpg" /></td></tr></tbody></table>"The ID cards are already used to control access to restricted areas but by adding a second reading of distinctive authenticity through biometric recognition; we've taken security to new heights," said Harold Clampitt, CEO & Founder of American RFID Solutions. "And this is the level of protection confidential information, valuable goods and sensitive environments require."<br /><br />"The beauty of the system is that there is no central data base that can cause accusations of copying or stealing information," stated Andre Lacaille, President of RFID ProSolutions. "Systems that require prints are known for leaving evidence behind because of the physical contact that is required and therefore the information can be copied."<br /><br />The system was recognized earlier this year as a Best in Show finalist for the RFID Journal Awards in Las Vegas and has a read rate of 99.999999% which makes this system one of the most secure in the world. The system works independently or through a network to interface with existing systems to form an increased secured perimeter.<br /><br />"We are extremely excited about introducing this system to Canadian organizations and security integrators; this is an important addition to our portfolio of solutions" says Jebb Nucci, Vice President of Operations for RFID ProSolutions.<br /><br /><b>About RFID ProSolutions</b><br /><br />RFID ProSolutions, a division of ProAction Management Group, offers their services in needs analysis, process design, solution selection and development, implementation and change management support. Specialized in RFID technology, RFID ProSolutions is a project management and solution-driven firm that focuses entirely on bringing the best possible products and the most innovative solutions to meet their customer's business needs.<br /><br /><b>About American RFID Solutions</b><br /><br />American RFID Solutions is the developer of the Trusted eSentry Security System, TrackStar and eDOTS, and offers turnkey solutions, consulting and products in the areas of active, passive, RTLS, near field and far field RFID technologies. <a href="http://americanrfidsolutions.com/" target="_blank">http://americanRFIDsolutions.com</a><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-57514882228935637012008-08-26T14:54:00.000-05:002008-08-26T14:57:50.722-05:00Back to School Fire Safety<span style="font-style: italic; color: rgb(153, 153, 153);font-size:78%;" >Posted by <a href="http://www.merchantcircle.com/business/NTX.Security.972-358-0178" target="_blank">NTX Security</a> on <a href="http://www.merchantcircle.com/" target="_blank">MerchantCircle.com</a></span><br /><br />Every year college and university students experience a growing number of fire-related emergencies. There are several causes for these fires, however most are due to a general lack of knowledge about fire safety and prevention. <h3>The Cause</h3> <p>Many factors contribute to the problem of dormitory housing fires. </p> <ul><li>Improper use of 911 notification systems delays emergency response. </li><li>Student apathy is prevalent. Many are unaware that fire is a risk or threat in the environment. </li><li>Evacuation efforts are hindered since fire alarms are often ignored. </li><li>Building evacuations are delayed due to lack of preparation and preplanning. </li><li>Vandalized and improperly maintained smoke alarms and fire alarm systems inhibit early detection of fires. </li><li>Misuse of cooking appliances, overloaded electrical circuits and extension cords increase the risk of fires. </li></ul> <h3>Safety Precautions<br /></h3> <ul><li>Provide students with a program for fire safety and prevention. </li><li>Teach students how to properly notify the fire department using the 911 system. </li><li>Install smoke alarms in every dormitory room and every level of housing facilities. </li><li>Maintain and regularly test smoke alarms and fire alarm systems. Replace smoke alarm batteries every semester. </li><li>Regularly inspect rooms and buildings for fire hazards. Ask your local fire department for assistance. </li><li>Inspect exit doors and windows and make sure they are working properly. </li><li>Create and update detailed floor plans of buildings, and make them available to emergency personnel, resident advisors and students. </li><li>Conduct fire drills and practice escape routes and evacuation plans. Urge students to take each alarm seriously. </li><li>Do not overload electrical outlets and make sure extension cords are used properly. </li><li>Learn to properly use and maintain heating and cooking appliances.</li><li>Consult a <a target="_self" href="http://www.myntx.com/">security and alarm system professional</a> to evaluate your home or dormatory.</li></ul><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-6318779185686181442008-08-22T11:39:00.001-05:002008-08-22T12:26:38.875-05:00Corralling Identity Management<span style="color: rgb(102, 102, 102);">From </span><span style="font-style: italic; color: rgb(102, 102, 102);">Security Products Online</span><span style="color: rgb(102, 102, 102);">'s </span><a href="http://www.campustechnology.com/" target="_blank"><span style="font-weight: bold; color: rgb(102, 102, 102);">Campus Technology</span><span style="color: rgb(102, 102, 102);"> ezine</span></a><br /><h3>Corralling Identity Management</h3> <!-- Deck --> <!-- Byline --> <p style="color: rgb(153, 153, 153);" class="date">8/22/2008</p> <p style="color: rgb(153, 153, 153);" class="byline">By Dian Schaffhauser</p> <!-- article content --> The <a href="http://www.uthouston.edu/" target="_blank">University of Texas Health Science Center</a> at Houston recently reconstituted its IT organization to include a new team focused solely on identity management. In the course of its work the team may end up becoming a model for how identity management can help deliver business value beyond standard IT duties, such as adding new users to the network.<br /><br />William Schneider, identity management team lead, said the purpose of his group is to manage the identity and access infrastructure, which consists of multiple ID management systems, many of the enterprise directories, and the Center's public key infrastructure.<br /><br />Individuals within the HSC community, which includes about 3,775 students and a staff and faculty of nearly 4,440 in eight different schools, may go through multiple roles during their time with the Center. A student, for example, may achieve an MD, then transition into a residency and perhaps eventually become a member of the faculty. Often the same person may be an employee, faculty member, and student simultaneously.<br /><br />"The identity management system ties all that together," said Schneider. "It makes it such that you could have the same e-mail, password, and inbox throughout that entire lifecycle."<br /><br />The Center has five "systems of record": the human resources system, which resides in PeopleSoft; the student information system, maintained in a DB2 database running a mainframe emulator on the front end; a resident system, called Graduate Medical Education Information System (GMEIS), basically, an HR system that does evaluations, duty hours, and rotations and scheduling; an HR system for the Faculty Practice Plan for the Center's physicians; and a guest database for anybody not in any of the other four categories.<br /> <!--Aamsz="336x280" Pos="m03"--> <br /><span style="font-weight: bold;">A First Attempt at Identity Management</span><br />In the past, that wealth of data from multiple sources posed several challenges. There was no simple way to know which data store to use when a person was maintained in more than one. Likewise, it was hard to reconcile those five systems in order to do a match to determine if an individual in one was the same as the individual in another.<br /><br />University of Texas guidelines mandate that the Center assign a persistently unique identifier to a single individual forever, explained Schneider. Yet those same guidelines say that a social security number can't be used--unless it's collected for another purpose, such as employment. So those linkages needed to be created in some other way.<br /><br />About eight years ago, the Center's academic computing group developed an application called Integrated Directory Service (InDiS). Each day, InDiS did a daily feed from each of the five data stores, performed a reconciliation, and fed it into an Oracle database, referred to as the "Person Registry," which populated a single LDAP-based Sun enterprise directory. This was and continues to be based on Internet2's Enterprise Directory design guidelines.<br /><br />Few other applications at the Center used the directory, and none of the desktops actually logged into it for authentication.<br /><br /><span style="font-weight: bold;">Choosing Novell Identity Manager</span><br />Then four or five years ago, Schneider said, there was a move afoot to consolidate mail systems across the Center from about a dozen to a single one: Microsoft Exchange. That also meant extending the Active Directory deployment to a much larger scale. So the IT team needed to figure out a way to take the data from that Sun directory and recreate it in Active Directory, plus integrate an e-directory that had been in use at the University of Texas for about 15 years.<br /><br />"We looked at that and said, 'OK, we can take the existing application and extend it and write custom code. Or we can look at commercial applications," Schneider recalled. "When it came down to it, maintaining our own code base wasn't where we wanted to go, if we could avoid it. We're a health science center, not a software development house. We decided pretty quickly to look at a commercial solution if it would meet the needs."<br /><br />Contenders included Microsoft Identity Integration Server (now called <a href="http://www.microsoft.com/windowsserver/ilm2007/default.mspx" target="_blank">Identity Lifecycle Manager</a>), <a href="http://www.sun.com/software/products/identity_mgr/index.xml" target="_blank">Sun Identity Manager</a>, and <a href="http://www.novell.com/products/identitymanager/" target="_blank">Novell Identity Manager</a> (formerly known as DirXML). Microsoft was knocked out because, Schneider said, it worked more in batch mode than real time and "required everything to be reconciled into a SQL database, which may or may not have been advantageous."<br /><br />The Sun product required that "you had to write Java classes to do anything, and it was based on a virtual directory structure. You wouldn't actually synchronize the data," he said. "We wanted these directories to stand on their own if something got knocked off in between."<br /> <!--Aamsz="336x280" Pos="m03"--> <br />The Novell solution met the criteria for being an event-based, real-time identity management system. With about 20 different drivers, the integration capabilities were extensive, and configuration was based more on setting up business rules than on writing code.<br /><br />Schneider and his colleagues focused on figuring out how well the Novell product could carry that Person Registry into Exchange. Prior to the initial deployment of Novell's ID Manager, the IT organization had been creating accounts manually in both Active Directory and the legacy e-directory.<br /><br />Administrators had to terminate accounts manually and only had valid data for employees. InDiS would populate a new e-directory, which then synchronized users to Active Directory and other directories. That movement of data (with certain attributes) into Active Directory causes Exchange to provision an account as well. They ran it like this for about three years. The drawback was that it was run in batch mode. The data on new users arrived once a day, and any changes took 24 hours to complete. But, said Schneider, "This was infinitely better than manual provisioning and deprovisioning."<br /><br />By replacing InDiS with the ID Manager software, Schneider and his colleagues hoped to move closer to an end-to-end, real-time, event-based system, what he calls the "holy grail."<br /><br />"This means that on your first day of employment or classes you are provisioned with everything you need and you don't have to go hunting for access or spawn more processes that are out of band," he explained.<br /><br />Schneider and a co-worker spent six months setting up connectors between each of those systems--PeopleSoft, DB2, and the others--to connect directly via ID Manager drivers to <a href="http://www.novell.com/products/edirectory/" target="_blank">Novell's eDirectory</a>, which was to become the Person Registry. Another ID Manager driver moves the data into the enterprise directory service, called Identity Vault and composed of a number of different directories and applications, including Active Directory, Tivoli, and others.<br /><br />"Right now, if I'm a student and I go to register in the registrar's office, within 30 seconds of the registrar saying, 'Yes, you're registered for classes,' I've got an e-mail account, VPN access, access into Blackboard--most of what I need to start the first day of class," said Schneider.<br /><br /><span style="font-weight: bold;">Achieving Agility</span><br />The Novell software has enabled the IT organization to become much more agile. As an example, the HR organization, which uses PeopleSoft, had stand-alone user names and passwords for that application. They wanted to move to single sign-on authentication. But a requirement of the request was that the IT department also go through annual disaster recovery testing at a third-party site, which would require hauling the ID management system to the test site in another state and then bringing the system back up within six hours. That surpassed the level of business continuity required for the whole ID Manager operation. So the IT group came back with an alternative suggestion: to set up a stand-alone directory directly on a PeopleSoft server, which gets backed up with the rest of the PeopleSoft application. During a disaster recovery scenario, the directory used by PeopleSoft for authentication is restored alongside everything else. "They don't have to involve five other people and reconstitute a bunch of directories," said Schneider.<br /> <!--Aamsz="336x280" Pos="m03"--> <br />Delivering that took only seven days, he said, from original request, through scoping, through a test run, to production and deployment. Although Schneider said he believes other identity management products currently on the market would probably offer the same capabilities, "Could I do it that quickly with other products? Probably not."<br /><br />Yet, ultimately, the current benefit of using Novell ID Manager is that nobody has to do daily administrative tasks, such as set up accounts, turn them off, or do password synchronization, he explained. The true value will come when the system can address real business needs.<br /><br />As a health science center that gets a great deal of funding from federal sources, there's a big focus on compliance regulations including HIPAA and CFR 21 Part 11. "Right now, there's not a clear definition of it," he said. "If an auditor came in and said, 'What does this person have access to?' well, I know a lot of things they have access to, but I couldn't say 100 percent without a shadow of a doubt. I want to get to a point where I can say, 'This person has access to these 12 applications. They gained access on this date. They had access revoked on this date. Here they attested annually that they needed it.'"<br /><br />Getting to that level of record-keeping, Schneider explained, requires a different approach to account provisioning. Currently, the overall system of user account management relies on data coming from multiple sources, sources that don't necessarily maintain the details about any given user's access. "The HR system was not designed to create e-mail accounts," Schneider said. "The registrar's job isn't to give students access to Blackboard. Their job is to register students and to hire and manage and retain employees."<br /><br />That disconnect between the data maintained by different organizations at the Center and the data needed to manage users reared up a few years ago. A core Web server relied on HR data that used a particular department name for one of the IT organizations at the Center. That department name changed, so it changed in the HR system too, which then populated down through the directories. All of a sudden, none of the administrators could access the Web server. "HR had no idea that the department name affected people's access to a Web server. Nor should they have to have that knowledge," said Schneider.<br /> <!--Aamsz="336x280" Pos="m03"--> <br /><span style="font-weight: bold;">The Next Phase in Managing the Digital Identities of Users</span><br />So the philosophy under which the identity management team will work is that although the data they have access to can help make decisions, it can't be relied upon 100 percent of the time. "There will always be exceptions, it'll always be somewhat inaccurate, and there will always be some degree of latency," he said.<br /><br />That means the traditional approach of handing out access to services on the network based on the presence of a user within a given system of record, or having a given job title, role within the organization, or department must be eliminated. "Right now when you get provisioned, you get a lot of things by virtue of having an account," Schneider explained. "In our Windows Server team, there are three people who do Exchange management. Does everybody in that group need access to do Exchange management? No, but they all have the same title and work in the same department. Every bit and piece that we have says they're identical. But they don't need identical access."<br /><br />In the new approach, access will be minimal, and users will need to have some way to identify additional network and application access they require.<br /><br />"For instance," said Schneider, "if I'm an employee on day one, one [service] may be VPN access. Another might be an e-mail account. Because I'm an employee, I get both of those automatically. If I'm a student, I get an e-mail address. I can have VPN access if I go in and request it, and it'll be provisioned automatically. I need to go in and turn it on myself. If I'm a guest, I don't get an e-mail address. I don't get VPN access. I can request them. But that [request] will initiate a workflow to be approved by the person who approved my guest account and maybe some secondary person."<br /><br />Beyond that the permissions issuance can get even more granular. The researcher with a large grant from the Department of Defense, for example, needs to know that the only people with access to a given database or application are the ones he or she has approved for access.<br /><br /><span style="font-weight: bold;">Getting Buyer-side Buy-in</span><br />That level of service delivery, Schneider said, will result in "business-side buy-in" from the administrators, researchers, and department heads at HSC for the changes his team will be introducing. "Most of the time, the way you get that buy-in, we've found, is to show the value they're going to get back. When a registrar can look at that student and say, 'When I finish registering you, you'll be able to log in at that kiosk and send an e-mail to your professor,' there's a value there. That's why they'll want to tie into this infrastructure."<br /><br />But he's quick to add that he doesn't expect to modify the processes those individual groups follow in performing their core activities. "We've tried very hard to integrate to existing processes and to be secondary to them. From the technical perspective, the identity management software really allows us to do that because the integration occurs at a level that's transparent to these systems."<br /><br />For now, the new identity management team is picking off high level items--VPN and e-mail addresses--and getting that infrastructure in place to do automated workflow and provisioning. From there, they expect to start seeing more attention paid on the part of the business users to how more specialized services are provisioned from the time they're envisioned. It'll become "part of your RFP process for your new application," he said. "You're going to have to answer, how do you address this aspect of the IT side of whatever you're buying?'<br /> <!--Aamsz="336x280" Pos="m03"--> <br /><!-- Player for podcasts articles -->"Once you start going down this road, it gains a critical mass," said Schneider. "You don't have to go out and seek out these applications to add in because the customers are seeking you out." <!-- Begin Article Cite --> <p><br /><span style="font-style: italic;">Dian Schaffhauser is a writer who covers technology and business. Send your higher education technology news to her at </span><a style="font-style: italic;" href="mailto:dian@dischaffhauser.com">dian@dischaffhauser.com</a><span style="font-style: italic;">.</span></p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-24179523046050887672008-08-11T16:09:00.001-05:002008-08-26T15:15:20.132-05:00The 9 Things You Should Know as a Security DirectorWriter <em>Christopher J. Wetzel</em> and online magazine SecuritySolutions.com, part of Access Control & Security Systems, had an excellent article in their July 2008 print and web edition that details the nine major points any security director and/or integrator worth their salt should know about the industry.<br /><br /><a href="http://securitysolutions.com/enduser/enterprisecorporate/rules_security_integration/" target="_blank">http://securitysolutions.com/enduser/enterprisecorporate/rules_security_integration/</a><br /><br />With rapidly changing trends and fundamentals, it's best to keep up with what you need to know as a security director for a firm, and with security and the company network becoming symbiotic and security becoming more important to all aspects of business and life, you don't want to waste time figuring it out. The 9 points bulleted are:<br /><ol><li>Get a security firm that is knowledgeable of computer networking.</li><li>IT and security directors should understand each other's model.</li><li>Let (or make) your IT director comfortable with security hardware.</li><li>Security and IT directors should partner together.</li><li>As an integrator, expect to compete with other ROI initiatives.</li><li>Software is the new hardware.</li><li>Physically test new designs and ideas.</li><li>Don't depend solely on technology. Merge the physical and the tech.</li><li>An integrator is an integrator, not 3 or 23.<br /></li></ol><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com1tag:blogger.com,1999:blog-35244788.post-50085443785600514702008-06-12T14:25:00.002-05:002008-08-26T15:12:01.381-05:00There’s Value In Integrated Security<p style="font-style: italic; color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;">From <a href="http://www.secprodonline.com/" target="_blank">Security Products Online</a></span></p><p style="color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;"><span style="font-style: italic;">By Marleah Blades · June 3, 2008</span></span> </p> <h3> </h3> <p>When Mike Howard became director of corporate security for Microsoft in 2003, he had to upgrade the company’s global security monitoring hub. </p><p>Microsoft wanted effective, integrated security and life safety monitoring -- watching cameras and access control events, performing dispatch, enabling seamless emergency response and continuity -- to protect corporate assets and nearly 80,000 employees around the world. </p><p>“As we started to do some due diligence into the center,” Howard says, “we realized that it was made up of a bunch of proprietary systems that didn’t integrate well with each other and were not scalable. In terms of real global presence, it was global in name only.” </p><p>The three Global Security Operations Centers that Howard and his global security team have worked for the past three years to develop -- one at Microsoft headquarters in Redmond, Wash., one at the Thames Valley campus in the United Kingdom and one at the Hyderabad, India, campus -- are based on a variety of Microsoft and third -- party applications that integrate with Microsoft products, backed by a technical infrastructure from Lenel Systems International. The GSOCs have built -- in interoperability and redundancy, so if one center goes down, all functions automatically transfer to another campus. Operators can easily pull up and view every camera location at each connected campus, and events can be monitored from anywhere. </p><p>Many companies won’t have the capital or technology available to create a system this elaborate to monitor remote offices or locations. Yet the lessons learned from this project apply to security for companies of all types and sizes. </p><p><strong>Use technology as a force multiplier. </strong>“For smaller companies and for us, the idea is to leverage personnel in strategic hubs and use technology as a force multiplier,” Howard says. “So instead of, for example, having two or three guards in Dublin, you have remote monitoring via cameras that give you the same views of entrances and exits and garages without having to have personnel there.” </p><p>Howard notes that the GSOCs have allowed Microsoft to reduce the guard force at one U.K. campus from four to one, and they also were able to give the old monitoring room to one of the business units for other uses. </p><p><strong>Evangelize security.</strong> “Our team has worked hard to get senior leadership support for the GSOCs,” Howard says. “The first part was just to acquaint senior management with what we’re doing here in global security and our strategy. To a lot of people five or six years ago, we were the guys who ran around in uniforms on campus. There was no knowledge of our investigations, threat analysis, handling of international events, etc.” </p><p>After the team briefed the managers on the security program, they focused on the inadequacies of the current monitoring center. </p><p>“We wouldn’t have been able to do this if we hadn’t gotten to senior leaders and been very open about the gaps,” says Howard, who took managers to the center to see the issues for themselves. “We were at a parking garage level, the room was very small, and I could take them around to see bundles of cables spliced together and stacks and stacks of servers that were running out of space. Once they saw that, it hit.” </p><p><strong>Tie new projects to business value.</strong> A security leader will more easily gain support for any big project if he or she can show its business value -- not just how it may improve security, safety and productivity, but also, where possible, how it may be used by other groups to improve efficiencies or create new opportunities. Because the Microsoft GSOCs are built on Microsoft applications, the global security team works with </p><p>Microsoft’s sales and marketing departments to perform demonstrations for potential customers who might be interested in similar technologies. </p><p>“A typical example involves a scenario in which an earthquake in Redmond shuts down the operations center,” Howard says. “We’ll turn the lights off for our viewers and shut down the computers, and we move load sharing from Redmond to the United Kingdom. Then there is a fictional employee here on campus who can’t get out of his office. We are able to show that the U.K. center can see every camera view on our campus and can dispatch responders in Redmond to take care of that situation.” </p><p>These demonstrations make security more than a cost center. </p><p>“We’re contributing to the bottom line by influencing revenue, bringing in potential clients and having technology keep employees safe and maximize use of limited manpower,” Howard says. </p> <p style="font-style: italic;"><span style="font-size:85%;"> About the author<br /><strong>Marleah Blades </strong><br />Marleah Blades is senior editor for the Security Executive Council, an international professional membership organization for leading senior security executives spanning all industries, both the public and private sectors, and the globe. For more information about the council, visit <a href="http://www.securityexecutivecouncil.com/?sourceCode=netcentric" target="_blank">http://www.SecurityExecutiveCouncil.com/?sourceCode=netcentric</a>.</span> </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-39709441333935824882008-06-12T14:21:00.000-05:002008-08-26T15:12:01.384-05:00Maryland Park Police Department Deploys Mobile Video Camera System<p style="font-style: italic; color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;">From <a href="http://www.secprodonline.com/" target="_blank">Security Products Online</a></span></p><p style="color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;"><span style="font-style: italic;">June 11, 2008</span></span> </p> <h3> </h3> <p>Brekford International Corp., a provider of homeland security technology products and services, recently announced completion of installation of 20 Panasonic Toughbook Arbitrator mobile camera systems for use in police vehicles by the Maryland-National Capital Park and Planning Commission. </p><p>Mobile vehicle-mounted camera systems provide audio and video recordings of police activities to maintain chain of custody for evidence collection. The recordings can be used to provide information for use in court, for officer training, tracking, surveillance and a range of other applications to increase safety and effectiveness for police and the public. </p><p>“Demonstrating to the marketplace the high return on investment provided by vehicle-mounted video systems, which can reduce legal and insurance exposure, is an important next step in our strategy to provide fully integrated vehicle upfitting solutions,” commented William A. Shafley, CEO of Brekford International. “We believe these projects further validate the reputation we have earned for providing value to public safety agencies throughout the Mid-Atlantic.” </p><p>Brekford’s Upfitting division develops integrated, feature-rich, “office-in-the car” rugged mobile communication solutions that enable police officers, security personnel and first responders to obtain and exchange information in real-time. The Company’s growing client list includes branches of the U.S. military, the National Security Agency and critical security and public safety agencies in the State of Maryland. </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com1tag:blogger.com,1999:blog-35244788.post-35932297251135518342008-06-12T14:17:00.000-05:002008-06-12T14:21:52.344-05:00Safe and Risk-Managed<span style="color: rgb(153, 153, 153);font-size:85%;" ><span style="font-style: italic;">From </span><a style="font-style: italic;" href="http://www.secprodonline.com/" target="_blank">Security Products Online</a><br /><span style="font-style: italic;">By Kevin McDonald · </span><a href="http://www.secprodonline.com/mcv/magazine/currentedition/?issueMonth=6&issueYear=2008"><span style="font-style: italic;"> June 2008</span> </a></span><p class="info_tag"> </p> <h3> </h3> <p><img class="floatLeftFix" src="http://download.101com.com/wa-mcv/spo/images/2008/6/850277_red_dices.jpg" align="left" />While every individual and organization that provides security products or services will have their spin on what security is and how to achieve the desired level, the truth is, security is essentially an unachievable outcome. A common definition of security is, “freedom from danger, fear and anxiety.” Security defined as such is, therefore, unattainable. Anyone who truly understands security knows this, and understands that security is actually a type of risk management. What this means in practice, is that security is all about fear and anxiety and managing levels of fear of danger that are acceptable to the organization. </p> <p>The day you are free of at least some measure of fear and anxiety is the day you should retire because you’ve lost your core purpose. This is ironic, because many executives and security professionals will actually resist any attempt to introduce fear, uncertainty and doubt in the process of proposing the need for security remediation; or as I insist it should always be referred to, “Security Risk Management” or (SRM). If you are not scared, you are either naive or in denial.</p> <p>Because human beings are responsible for acts and conditions that threaten security, security in the purest sense is impossible. In fact, it is the involvement of human beings in all things that perpetually assures insecurity. With human involvement come issues of intellectual competition, lack of education, inevitable error, injection of personality, potential acts of ignorance, laziness, retribution and unintended consequences. Whether you are talking about IT, personal or national security, your primary responsibility is identifying the real risk of loss and its impact. Your secondary responsibility is to balance the risk with the available solutions and financial and personnel resources. SRM must be a continuous and systematic process of analysis of the threats, their relative importance to the organization and then the ability to sustain a program of mitigation and further analysis. </p> <p>The single biggest challenge in risk management is our human differences. While one individual may look at business SRM from the perspective of intellectual or financial asset protection, another might see it as preservation of reputation and brand. An honest person may see weakness where another sees opportunity. One may be keenly aware of a technical risk, while another is focused on social engineering. An executive sees potential loss of goodwill and customers, while a security manager is worried about his professional reputation and job. Anyway you look at it, risk management is first about a negotiation of priorities.<br /></p><p>For some, it is only the existence of enforceable regulations with the threat of punishment that causes the implementation of SRM to become a priority. In the past, SRM was mainly focused on the direct protection of military information, financial assets and closely guarded secrets. The historical driver was business and government survival and a laser focus on keeping the bad guys away from those assets. Today, companies and individuals must guard not only their assets but those of others. This has also created some imbalance toward the protection of soft assets at the expense of other assets. Because the motivations for regulation are always political, one constituent may be served well to the detriment of another. One goal may be in direct contrast to another, and a middle ground must be found.</p> <p>In recent years we have seen an exponential increase in the legal requirement to protect the hard assets (money, intellectual property and even identity) of those we do business with. I have included identity in hard assets because in the wrong hands, identity can result in significant loss of hard assets. Another aspect that is most challenging to place a value on is privacy and safety. These are what I will call soft assets at risk from emotional assaults like the release of an embarrassing medical history or passport travel records. Interestingly, they are also the assets that are being protected by ever expanding regulations.</p> <p>So, with all of that said I can hear you asking, “What do I do? Where do I start?” Let’s start with analysis of the risks. To do proper analysis, you first need to win over the stakeholders and decision makers. In the majority of environments that I have consulted, this is a huge barrier to success. The significant disconnect between security practice managers and the boardroom is pervasive. To overcome disconnect, the security practice manager must learn to first listen and executives must be willing to engage those who are responsible for protecting them. The security practice manager must work to understand how the company makes its money, what are its real assets and who or what might do the company harm. Then you must agree on what a potential loss might do and what losses are tolerable. Only after the executives and security practice managers agree on what really matters can there be basis for risk analysis. </p> <p>I know it’s difficult, but speak the language of the business executive and always be sure that they truly understand your points. You must work to avoid the tendency to speak in technical or industry jargon. This is true in any business category. Don’t rattle off acronyms, complex engineering or other high-level language. Recognize that you are generally talking to people whose education relates to issues of profit and loss, strategy, resource management and other broad-form business concepts. If you try to bowl them over with your intellect, or the-sky-is-falling theories, you may end up with an executive who thinks you are insulting them. In your negotiation, be sure to accurately identify the ways and reasons a risk is being introduced and balance that with the potential exposure. If a sales person needs Internet access to do their job, barring him from going online is not an option. If they don’t need it, the risk of giving that sales person Internet access, may well outweigh the desire to have it. Don’t make these decisions in a vacuum. If you go too far down the road without understanding the impact, you may find your whole program unraveling.</p> <p>Once you have agreed on what is at risk, the level of importance of each asset and how much loss is tolerable you can begin to identify a program of Security Practice Management. Start with a calculation of the potential losses, then add in what you believe would be covered by insurance and other liability management instruments, and find your potential hard-dollar exposure. Don’t forget lawsuits, loss of goodwill, trust of clients, etc. Now decide what you are willing to spend, (potential investment budget) and begin allocation of resources by priority. There is never enough money, people or time to cover it all, so be sure that you don’t put money in to a low-priority risk, at the expense of one that can have a major impact. Thin and wide in the world of risk management equals no management at all. </p> <p>However, even if you install the latest and greatest technology, close the holes in the fence and put locks on your doors there is always some new risk, some new attack technique and some agent that can cause harm. Treat security risk management as a systematic program of constant analysis and disciplined remediation and then buy lots of insurance. Remember at the root of every effective Security Practice Management strategy is understanding how to manage fear and anxiety, and not about totally eliminating them. It’s not about fear mongering, it’s about taking a practical and pragmatic approach to identifying and managing potential exposure.</p> <p><span style="font-size:85%;"><span style="font-style: italic;"> About the author</span></span><br /><strong>Kevin McDonald </strong> <br /> Kevin McDonald is executive vice president Alvaka Networks </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-42447038802679644942008-06-12T14:14:00.000-05:002008-06-12T14:17:17.373-05:00Tips: Prevent Lock ‘Bumping’<p style="font-style: italic; color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;">From <a href="http://www.secprodonline.com/">Security Products Online</a></span></p><p style="color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;"><span style="font-style: italic;">May 30, 2008</span></span> </p> <h3> </h3> <p>If your home is protected with an ordinary lock, it may not do you much good, says the National Crime Prevention Council. </p><p>Thieves have caught on to an increasingly popular technique called “bumping.” It is easier than traditional lock picking, which requires manipulating the pins inside the lock with small tools. </p><p>All that is needed for bumping is a “bump key” that is specially manipulated to pick the lock without other tools. </p><p>The National Crime Prevention Council wants homeowners to be aware of the prevalence of bumping, especially because there are many “how-to” videos online demonstrating how easy bumping is. </p><p>This is a huge problem because usually there are no signs of a break-in when bumping is done. </p><p>This means insurance companies may not cover it because “you probably left your door open.” Installing high-quality locks is a good defense against home burglaries, according to the National Crime Prevention Council. </p><p>“Not all locks can be bumped; consumers just need to know the differences,” said Clyde Roberson, director of technical services at Medeco Security Locks. “Consumers should consider using quality high-security locks for their home or business in order to have adequate protection from bumping and other forms of lock attack.” </p><p>The National Crime Prevention Council also recommends consulting a professional locksmith or security provider for advice on which locks protect against this and other forms of lock bypass.</p> <p>Reduce Your Risk </p><ul><li>Use high-security locks to mitigate the risk of bumping. </li><li>Consult a professional locksmith for questions about your current system or recommendations on a new locking system. </li><li>Use patent-protected keys to protect against unauthorized duplication. </li><li>Be sure to lock your doors when you are away from the home.</li></ul><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-49248898860256999082008-06-12T14:11:00.000-05:002008-08-26T15:12:01.387-05:00Los Angeles County Sheriff’s Department Uses Digital Surveillance As Part Of Crime Fighting Plan<p style="font-style: italic; color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;">From <a href="http://www.secprodonline.com/" target="_blank">Security Products Online</a></span></p><p style="color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;"><span style="font-style: italic;">June 9, 2008</span></span> </p> <h3> </h3> <p>Sheriff’s deputies at Century Station, part of the Los Angeles County Sheriff’s Department, are now using “digital eyes” to protect citizens on the streets of Lynwood, Calif. and the surrounding unincorporated areas. </p><p>As part of its Advanced Surveillance and Protection Plan (ASAP), the department has deployed a wireless video surveillance network enabled by Firetide. The deputies have already made several arrests as a direct result of this surveillance, including one when deputies spotted a drug deal in progress in the park next to a neighborhood school. </p><p>“Wireless video surveillance is changing the way we serve and protect the community,” said Capt. James Hellmold of Los Angeles County Century Sheriff's Station. “It is a very effective force multiplier and officer safety tool. The quality of video is truly evidence-grade, which will serve us well not only to deter crime, but to help our district attorneys prosecute crime.” </p><p>The 13-square-mile area served by Century Station -- which is home to over 300,000 residents -- has twice the national average of violent crime. Gang violence, prostitution and drug dealing are frequently discussed at the community’s town hall meetings, and the citizenry is vocal in its support of the department’s taking whatever actions are necessary to make the streets safer. </p><p>“Our residents deserve the best law enforcement officers and the most advanced tools to fight crime and strengthen public safety,” said Sheriff Leroy Baca of the Los Angeles County Sheriff’s Department. “The Century ASAP program seeks to augment the dramatic crime reduction already made possible through the dedication and hard work of the men and women of Century Sheriff’s Station and the Gang Violence Task Force.” </p><p>Video cameras have been deployed at key intersections, near schools, and near two hospitals. The broadcast-quality (30 fps) video is transported in real-time over the Firetide wireless mesh network directly to the integrated video and 9-1-1 dispatch command center, where watch deputies guide teams on the ground as they respond to calls for service. Fifteen deputies have already been trained in the use of the new video surveillance system, which allows them to control the cameras and pan, tilt and zoom into images, track suspects and assess situations as reports of crimes in progress come in. </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-6285035113582244772008-06-12T14:06:00.000-05:002008-06-12T14:11:34.329-05:00Number Of Wireless Security Alarm Systems Expected To Increase<p style="font-style: italic; color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;">From <a href="http://www.secprodonline.com/" target="_blank">Security Products Online</a></span></p><p style="color: rgb(153, 153, 153);" class="info_tag"><span style="font-size:85%;"><span style="font-style: italic;">June 6, 2008</span></span> </p> <h3> </h3> <p>Traditionally, security alarm systems used fixed telephone lines to pass information from the security alarm panel to a central monitoring facility. Today, however, that communication is increasingly being delegated to a digital cellular link. ABI Research forecasts that the 2007 number of just fewer than 2.5 million wireless security alarm connections will increase to more than 7.5 million in 2013. </p><p>What is driving this transition? According to senior analyst Sam Lucero, a number of factors have combined to create this new market trend. </p><p>“In North America, formerly analog wireless security alarms are now shifting to digital cellular services as a result of the AMPS ‘sunset’ in February 2008,” Lucero said. “More importantly, the continuing decline of landline voice services and the increasing utilization of second phone lines for DSL broadband services have made cellular connectivity more attractive, even necessary, for security alarm connectivity.” </p><p>Other factors promoting cellular security backhaul include the general trend for cost-optimized alarm systems to rely on wireless connectivity exclusively, particularly in Europe. In addition, wireless operators and broadband service providers are increasingly entering the security alarm service industry and are utilizing wireless either as a primary connection or back-up connection to a primary broadband connection. Also, unlike wired connections, cellular connections cannot be cut, and current cellular module technology includes anti-jamming features. </p><p>Lucero does caution that there are challenges to the adoption of wireless technology by the security alarm industry. </p><p>“Wireless is a relatively new option and many security alarm dealers have to be trained in the installation process,” he said. “In addition, the relatively high cost of modules, particularly CDMA modules, is an inhibitor. Despite these barriers, however, there is an opportunity here for most if not all cellular module vendors, as well as for carriers and specialist M2M providers.” </p><p>AT&T appears to have positioned itself as a key player in the North American market, as has M2M mobile operators Aeris, Jasper Wireless, and Numerex. M2M mobile virtual network operator KORE Telematics is also strongly positioned in this market.</p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-75587451426964353432008-06-10T16:30:00.000-05:002008-08-26T15:12:01.390-05:00Oklahoma City Unveils Wireless Mesh Network For Public Safety<p><span style="font-style: italic; color: rgb(192, 192, 192);font-size:85%;" >From <a href="http://www.secprodonline.com/" target="blank">Security Products Online</a><br />June 5, 2008<br /></span><br />Oklahoma City recently unveiled its wireless network -- the largest city owned and operated municipal Wi-Fi mesh network in the world. </p><p>The network is used for public safety and other city operations. At this time it does not provide wireless Internet access to the public. </p><p>Tropos Networks president and CEO, Tom Ayers presented a plaque to the Mayor and City Council recognizing the City of Oklahoma City for successfully building and implementing the world’s largest municipal wireless broadband network. Tropos Networks provides the network infrastructure equipment. </p><p>The wireless mesh network covers 555 square-mile area with 95 percent service coverage in the city’s core. Wireless Tropos routers are installed on city siren towers, traffic lights, buildings and other places. Tropos’ mobile routers are mounted in city vehicles, extending the network coverage area. </p><p>“We’re proud to receive this award and claim this distinction,” Mayor Mick Cornett said. “Our state-of-the-art wireless communication system allows City government to be more efficient and provide a higher level of service to our citizens.” </p><p>The wireless network is an extension of the City’s information technology infrastructure. City staff now has access from the field to more than 150 software applications. </p><p>Police officers are equipped with a laptop in patrol cars that gives them better access to advance criminal information in real time and allows them to download photos, file reports and even do paperwork in the field. In addition, police officers and fire fighters have access to over 300 video cameras, giving them a real time, around-the-clock, birds-eye view of key locations throughout the city. </p><p>Fire battalion chiefs are now able to locate water hydrants, review site maps, building floor plans and hazardous materials information while en route to a fire or accident; enabling them to tell incoming response vehicles how and where to set up. </p><p>The Wi-Fi mesh network system took more than two years to implement. Strong security measures and policies the city put in place have worked well protecting the network and meeting performance needs. </p><p>“We’ve been so pleased with how the wireless network system has improved the coordination and service delivery in our public safety operations that we’re now using it in other City operations,” City Manager Jim Couch said. </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-18755875908575395322008-06-10T16:23:00.000-05:002008-08-26T15:12:01.393-05:00Former UK Law Enforcement Official Says Public Surveillance Cameras Work<span style="font-style: italic; color: rgb(192, 192, 192);font-size:85%;" >From <a href="http://www.secprodonline.com/" target="blank">Security Products Online</a><br />By Brent Dirks · June 6, 2008</span><br /><br />Public surveillance cameras in the United Kingdom work, but there are a few caveats. Sir Chris Fox, former president of the National Association of Chief Police Officers and 34-year veteran of British law enforcement, made the case for surveillance in a recent presentation. <p>“Community safety cameras work when they are planned, designed and implemented properly,” said Fox, who spoke at an ADT-sponsored event in May in Berkeley, Calif. “They work and are a good thing.” </p><p>The use of surveillance cameras in the United Kingdom stretches back to 1964 when the new technology was first used by retail and shops. Currently, there are a staggering 4.2 million plus cameras in the country -- one for every 14 people. </p><p>Fox said there were a number of reasons for the camera explosion without any outcry from civil liberties groups. </p><p>While, with the exception of the Sept. 11 attacks, the United States has been shielded from terrorism, violence from the IRA was a very real occurrence in the United Kingdom. Thanks to government funding in the 1990s and that constant threat of violence, the “community safety” cameras were welcomed in the country. </p><p>“In our environment, as it was, cameras were seen as a good thing,” he said. “Every day, I would get a request from a neighborhood saying we want some cameras. I never got a request saying take them away, it was an invasion of our privacy. The mentality was totally different; it’s changed a little bit, but then it was totally accepting.” </p><p>Currently, a typical CCTV system in the United Kingdom covers both high-risk and high-crime areas. Run by a city council, the system is not monitored by police but by trained users who are in contact with police via telephone and radio. All images are recorded and kept for 30 days. </p><p>Fox stressed that the notion of privacy doesn’t extend into a public place. But he said the system can’t target an individual without judicial approval. </p><p>Cameras in the country, Fox said, play a major role in the effort to reduce crime. When cameras are installed, the technology deters offenders and detects crime, eventually leading to more public vigilance and making communities feel safer. In the United Kingdom, citizens are now safer than they have since 1981.</p><p>But for the technology to work, Fox said, communities need to set goals and define success before installing the cameras -- as well as update the justice system with the compatible technology and hire enough police to respond to incidents caught by the system. </p><p>Fox’s presentation highlighted a number of successes thanks to the cameras -- including the July 2005 bombings that killed 52 and injured more than 700. Fox helped coordinate the national police response to the incident. </p><p>By using the cameras, police were able to identify the bombers and learn from the incident. Eventually, more than 194 other suspects were identified and arrested. </p><p>The cameras also were instrumental in identifying suspects in a failed attack against London transportation two weeks later. </p><p>And despite the cultural and other differences between the United Kingdom and United States, Fox said cameras also could work in America, especially with the advent of video analytics and intelligent surveillance systems. </p><p>“What I would tell my fellow police authorities and officials in the United States is to get your act together and be very specific with what you want and go to the private sector and ask ‘What can you do?’” Fox said. “They need to be thought through very carefully and analytically before saying ‘We want some of that.’” </p><p>Speaking of ADT, I recently was able to tour a wireless mesh surveillance system installed by the company in the city and port of Richmond, Calif., a Bay Area suburb. I’ll have more on the setup and technology behind it in the homeland security section of September’s <em>Security Products</em> magazine.</p> <p class="aboutAuthor"> About the author </p> <p> <strong><a href="mailto:bdirks@1105media.com"> Brent Dirks </a></strong> <br /> Brent Dirks is e-news editor for Security Products magazine. </p> <p> </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-9052317458404526742008-06-03T16:05:00.002-05:002008-08-26T15:14:05.870-05:00Study: Revenue From Video Surveillance Software To Dramatically Increase In Next Five Years<div><span style="font-style: italic; color: rgb(153, 153, 153);font-size:85%;" >May 29, 2008</span><br /><span style="font-style: italic; color: rgb(153, 153, 153);font-size:85%;" >from Security Products Online</span></div><p><br />Video surveillance systems have existed for many years, but until recently, extracting useful information from them was labor-intensive, time-consuming and tedious. </p><p>Now, however, the quickening transition from analog to digital video has made it possible to use software for detection and analysis. This can free humans from the drudgery while improving accuracy and creating opportunities to use video in ways never before possible. </p><p>“Analytics software has become increasingly sophisticated and more accurate,” said ABI Research vice president and research director Stan Schatt. “It is beginning to be used for such tasks as identifying customer buying behavior, identifying criminal behavior before crimes take place, identifying objects left unattended in public venues, and much more.” </p><p>A new study from the firm forecasts a nearly fourfold increase in revenue from video surveillance software between now and the end of 2013, rising from about $245 million to more than $900 million. </p><p>In fact, surveillance software has a myriad uses. The homeland security applications are self-evident, but it is also starting to be used in marketing, to identify customer’s “eyeball connections” with products and analyze their retail behavior. In a retail environment it can also analyze customer traffic patterns, helping to improve store layouts. ABI Research expects the retail market segment to grow exponentially. Casinos are also using it to keep staff from restricted areas. </p><p>Software can also be used in ATMs and in banks, to identify known criminals before they commit a crime (shades of the film Minority Report). </p><p>“There are many small software companies in this market, and some big ones such as IBM, which has released software that is largely platform-agnostic, increasing pressure for others to follow suit. And while most systems today are sold to end-users,” Schatt said. “IBM Global Services sees potential in a managed service model, and it would not be surprising to see HP jump in as well, particularly following its EDS acquisition.” </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-91369117909596878932008-05-20T13:36:00.002-05:002008-08-26T15:15:20.134-05:00Axis, Bosch, Sony Cooperate To Standardize Network Video Product Interface<div style="font-style: italic; color: rgb(102, 102, 102);"><span style="font-size:85%;">From <a href="http://www.secprodonline.com/" target="blank">Security Products Online</a><br /></span></div><div style="font-style: italic; color: rgb(102, 102, 102);" class="info_tag"><span style="font-size:85%;"><br />May 13, 2008</span> </div><h3></h3><p>Axis Communications, Bosch Security Systems and Sony Corp. announced recently that the companies will be cooperating to create an open forum aimed at developing a standard for the interface of network video products. </p><p>Currently, there is no global standard defining how network video products such as cameras, video encoders and video management systems should communicate with each other. The new standard is expected to comprise interfaces for specifications such as video streaming, device discovery and intelligence metadata. The framework of the standard, incorporating the key elements of network video product interoperability, will be released in October at the Security show in Essen, Germany. </p><p>The main goal of this new standard is to facilitate the integration of various brands of network video equipment and to help manufacturers, software developers and independent software vendors ensure product interoperability. A unified open standard will also offer end-users greater flexibility of choice, enabling them to select products from different vendors in order to develop systems that fully meet their needs. This standardization initiative demonstrates the strong commitment of Axis, Bosch and Sony to supporting the ongoing shift from analog to digital surveillance in the security market. </p><p>A forum set up by the said three companies will be open for all companies and interest groups who would like to participate in the standardization work. The forum will be established in the fourth quarter of 2008, and will work on further development of the standard and on reaching agreement on how the new technology should be implemented. </p><p>“We are very pleased to announce this cooperation between our companies,” said Ray Mauritsson, president of Axis Communications. “An open standard will make it even easier for integrators and end-users to benefit from the many possibilities offered by IP-based video surveillance technology.” </p><p>“This cooperation represents a great leap forward in establishing an international open forum focusing on network video surveillance,” said Gert van Iperen, executive vice president at Bosch. “For manufacturers of network video hardware and software, the forum and its standard will be an efficient way to ensure product interoperability.” </p><p>“We entered this discussion based on our common belief that an open standard will provide great benefits for users and everyone involved in the security industry,” said Yoshinori Onoue, SVP, Corporate Executive, Sony Corp. “Representatives from Axis, Bosch and Sony are now working intensively to develop a framework for the standard and to establish the guidelines for the standardization forum.” </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-84455434260483295862008-05-02T15:42:00.001-05:002008-08-26T15:13:08.777-05:00DHS Announces Aviation Security, Traveler Screening Changes<a style="font-style: italic;" href="http://www.secprodonline.com/" target="blank">From Security Products</a><br /><p class="info_tag">April 30, 2008</p><p>The Department of Homeland Security recently announced improvements aimed at strengthening aviation security while decreasing the hassle factor for travelers. </p><p>Among the key improvements, DHS is providing airlines more flexibility to allow passengers to check in remotely who have been unable to do so because they have a name similar to someone on a watch list. The department also unveiled the Checkpoint Evolution prototype, which recently began full operation at Baltimore-Washington International Airport (BWI) . </p><p>Each airline will now be able to create a system to verify and securely store a passenger’s date of birth to clear up watch list misidentifications. By voluntarily providing this limited biographical data to an airline and verifying that information once at the ticket counter, travelers that were previously inconvenienced on every trip will now be able to check-in online or at remote kiosks. </p><p>“Hassles due to misidentification and the resulting necessity to stand in line to check in at the ticket counter is consistently among the deepest -- and most valid -- complaints of the traveling public,” said Homeland Security Secretary Michael Chertoff. “Thousands of passengers are inconvenienced each day, and this change should provide a way to eliminate the vast majority of these situations. This is good for travelers and for security, because as we make the checkpoint environment calmer, it becomes easier to spot individuals with hostile intent.” </p><p>Additionally, DHS is providing greater clarity on the types of identification that will be accepted at checkpoints in the U.S. Beginning May 26, federal or state-issued photo ID will be accepted if it contains: name, date of birth, gender, expiration date and a tamper-resistant feature. Standardizing the list of accepted documents better aligns TSA with other DHS components and REAL ID benchmarks. More information on acceptable documents is available at www.tsa.gov. </p><p>These innovations, along with the new Checkpoint Evolution prototype, are part of a broader effort to calm the checkpoint. The BWI prototype includes Millimeter Wave technology used in random continuous use, multi-view X-ray and liquid bottle scanners. These technologies, in conjunction with changes to the checkpoint environment and processes, will be evaluated for operational efficiency over the coming months. </p><p>Transportation Security Officers and managers at BWI are the first in the country to complete a 16-hour training module designed to incorporate the latest intelligence analysis, more advanced explosives detection skills, and ways to engage with passengers to promote a calmer environment for better security. The training was developed by the TSA Office of Intelligence, Bomb Appraisal Officers, and TSA Checkpoint Evolution team. </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-24808464692103399762008-05-02T15:34:00.001-05:002008-08-26T15:11:26.179-05:00Study: Biometrics Ushering New Age Of Security In Asia Pacific Region<p></p><a href="http://www.secprodonline.com/" target="blank">From Security Products</a><br /><p class="info_tag">From May 1, 2008</p> <p>National ID and e-Passport programs are contributing to the growth and development of the biometrics market in the Asia Pacific region. </p><p>With these programs underway, market participants have realized the need for proper standardization in order for all these projects to be successful. In the coming years, biometrics products will be standardized and interoperable with other security systems, providing a much higher level of security. </p><p>New analysis from Frost & Sullivan Biometrics Markets in Asia Pacific, finds that the market earned revenues of $126.3 million in 2007 and estimates this to reach $1643.1 million in 2012. </p><p>National ID projects and e-Passport programs are providing the biggest potential for biometrics in APAC today. With the cost of biometric readers declining, biometric border control security is also being implemented in many countries across Asia. Furthermore, with the e-Passport program implementation coming to an end by 2008, new issuance of passports by the countries under the U.S. VISA Waiver program will significantly add to the growth in unit shipment. </p><p>“The national ID of Malaysia is already equipped with a thumbprint template and the Indian national ID will also be equipped with a fingerprint template,” said Frost & Sullivan Senior Research Analyst Navin Rajendra. “While India has already begun assembling a database of its citizens, countries such as Japan, China and Indonesia are expected to take to biometrics shortly.” </p><p>However, the high cost of implementing the biometric system has been a restraint globally and the same is likely to be the case in the APAC region. End users looking at a security system are often weary of the high cost involved and tend to wait until there is a reduction in prices. </p><p>“This apart, the prolonged cycle time for the implementation of a biometric project is a significant restraint, especially when organizations are looking at a quick and seamless implementation,” Rajendra said. “Depending on the size of the project, the cycle time can vary anywhere from 6 to 18 months.” </p><p>The APAC market is seeing convergence of technologies and applications. It is absolutely essential for market participants to bring about interoperability and standardization in this era of convergence. Through mutual and proper cooperation between system integrators, biometric systems can be seamlessly integrated with other security systems with reduced downtime. </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-52569677204607960002008-05-02T15:28:00.002-05:002008-08-26T15:12:01.401-05:00Cincinnati’s Use Of Automated License Plate Recognition Pays Off<p style="font-style: italic;" class="info_tag"><a href="http://www.secprodonline.com/" target="blank">From Security Products</a></p><p class="info_tag">By Brent Dirks · May 2, 2008 </p> <p><img class="floatLeftFix" alt="" src="http://download.101com.com/wa-mcv/spo/images/security/brent-mug.jpg" align="left" />The Cincinnati Police Department is using automated license plate recognition from Federal Signal PIPS and seeing strong results.</p> <p>Using the technology to identify stolen vehicles and wanted suspects and to serve as a crime analysis tool and deterrent, the city has ordered seven more installations of the technology with plans to expand in order to include fixed camera installations throughout Cincinnati.</p> <p>“We’re not doing dead-end leads anymore,” said Capt. Jeff Butler of the Cincinnati Police Department. “We’re going with a purpose because there’s a high likelihood that someone is going to be there.”</p> <p>In the first five months of deployment, more than 300,000 license plates were read. Of those, 8,000 vehicles were of interest to law enforcement and 300 suspects were taken into custody -- including a homicide suspect and bank robber.</p> <p>Beyond locating vehicles of interest, city officials also have found dividends with the investigative use of Federal Signal PIPS Back Office System Software (BOSS). </p> <p>Copper theft has swept the nation and is turning into a major problem for urban law enforcement. With the BOSS system, police used an eyewitness account of a vehicle leaving the scene of a copper theft to nab the suspect. Using the vehicle’s license plate number, law enforcement tracked down when and where the suspect had been seen around the city. With a cluster of locations from the data, police set up surveillance and were able to make an arrest.</p> <p>BOSS also provides data sharing and multi-jurisdictional search capabilities with other law enforcement agencies that use Federal Signal PIPS systems.</p> <p>“Federal Signal’s advanced ALPR technology, which is widely deployed in Europe, continues to gain traction here in North America,” said Michael K. Wons, vice president and general manager of Federal Signal’s Public Safety Systems Division.</p><p class="aboutAuthor"> About the author </p> <p> <strong><a href="mailto:bdirks@1105media.com"> Brent Dirks </a></strong> <br /> Brent Dirks is e-news editor for Security Products magazine. </p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-70075559427167886352008-04-23T15:33:00.003-05:002008-06-03T17:49:03.397-05:00National Industrial Security Systems : Protecting US government assets held by government contractors<span style="font-size:85%;"><span style="font-style: italic;">Courtesy of the <a href="http://www.ul.com/fsa/" target="blank">Underwriters Laboratories Fire & Security Authority</a></span><br /><span style="font-style: italic;">Issue 1 - 2008</span><br /><span style="font-style: italic;">by Pete Tallman</span></span><br /><br />Sensitive US government material held by government contractors is subject to a wide variety of potential threats and housed in a range of settings across the US, from major metropolitan areas to isolated locations with limited communication and support resources. In the early 1990s government officials and UL recognized the need for an alarm system verification program flexible enough to be applied in multiple settings, yet consistent enough to allow confidence in the delivery of alarm services. Developing a specialized category of service, a new standard and an Alarm System Certificate became the key for coordinating the variety of features that might be used in a particular setting and the relationship of each service provider. The result of this collaboration between UL and US government officials was the creation of the National Industrial Security System Category (CRZH), which has been designed with enough flexibility to allow protection to be rational, appropriate for the identified threat and cost effective.<br /><br />Two standards are maintained by UL for this category:<br /><br />• UL 2050, the Standard for Safety of National Industrial Security Systems, establishes a variety of ways in which installation, monitoring, investigation and repair service can be provided.<br /><br />• UL 681, the Standard for Safety of Installation and Classification of Burglar Alarm and Holdup Alarm Systems, further defines requirements for installation of equipment and devices comprising an alarm installation in a protected area.<br /><br />An alarm system certificate ties them together through the Alarm System Certification process; certificates are issued by UL at the request of UL Listed alarm service companies. The use of certification for compliance with the National Industrial Security System Category has increased steadily since its establishment in 1992. Currently, the following US government manuals contain the requirement:<br /><br />• The National Industrial Security Program Operating Manual, DoD 5220.22-M<br />• The Physical Security Standards for Sensitive Compartmented Information Facilities, DCID 6/9<br />• The Manual for Physical Security of Sensitive Conventional Arms, Ammunition, and Explosives, DoD 5100.76-M<br />• The Physical Security Standards for Special Access Program Facilities, JAFAN 6/9<br /><br />The applicable manual indicates specifications and techniques that may be required in a given situation. The US government cognizant security office or agency (CSO/CSA) assesses threats (see graphic) and determines system features, but UL 2050 and UL 681 specify the details of system delivery.<br /><br />For example, if a CSO/CSA stipulates that an investigator must be a private guard and respond to an alarm within 20 minutes, UL 2050 details how to assign an investigator, how to conduct an investigation, how to record activity and follow-up actions. Category CRZH allows an alarm service company to assign the delivery of monitoring and investigation services to other service providers, but keeps full responsibility for compliance of the delivery of all services with the requirements in the standards.<br /><br /><span style="color: rgb(204, 0, 0);">Collaboration allows UL to keep pace with technological changes </span><br />Alarm system technology has changed dramatically since the National Industrial Security Systems Category was created. UL staff maintains close, collaborative contact with government organizations, government contractors and alarm service companies to stay abreast of the latest technological advances. These relationships give UL staff a strong view of evolving security issues, actual performance data and the practical impact of new technology. The movement to send signals from alarm systems in the form of packets of data across public and private networks raised concerns about the security of the communication paths. The regular collaboration between all parties allowed UL to publish requirements for the use of this technology by drawing on existing Federal Information Publication Standards and an encryption algorithm certification program from the National Institute of Standards and Testing, resulting the availability of alarm equipment that provides encrypted line security.<br /><br />Centralization of the monitoring stations operated by government contractors created another new challenge. Data networks enable signals to be sent across widely distributed networks, meaning that a monitoring station can be located hundreds, even thousands, of miles from an alarmed area. CSO/ CSAs and UL quickly recognized the difficulties presented by this challenge, creating the National Industrial Security Monitoring Station Service Category (CRZM). This category allows the UL Listed alarm service company to assign area monitoring to a facility that has been evaluated by UL staff and found to be in compliance with UL 2050; the facility must have an active UL Listing. This relieves the UL Listed alarm service company of the responsibility for maintaining a monitoring facility while retaining the responsibility to ensure that alarm signal processing and monitoring system staff training are in compliance with category requirements.<br /><br />The National Industrial Security System and the Associated National Industrial Security Monitoring Station Categories are tributes to the value of collaboration between parties with a common interest. A constant focus on the concepts of flexibility and threat appropriate requirements, coupled with a service delivery verification process has benefited government contractors, alarm service companies and officials responsible for protecting assets of the US government.<br /><hr /><br />For more technical information about UL 2050, please contact Pete Tallman in Melville, NY at +1.631.546.2415 or at Peter.H.Tallman@us.ul.com.<div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-22381933985690380242008-04-23T14:52:00.002-05:002008-06-03T17:23:12.463-05:00Fear and Learning On Campus<div style="font-style: italic;" class="byline"><span style="font-size:85%;">From the <a href="http://www.nytimes.com/" target="blank">New York Times</a><br /><br />By ALICE MATHIAS</span></div> <div style="font-style: italic;" class="timestamp"><span style="font-size:85%;">Published: April 16, 2008</span></div> <!--NYT_INLINE_IMAGE_POSITION1 --> <span style="font-style: italic;font-size:85%;" ><nyt_text> </nyt_text></span><p style="font-style: italic;"><span style="font-size:85%;">Los Angeles</span></p> <div id="articleInline"> <div id="inlineBox"><a href="http://www.nytimes.com/2008/04/16/opinion/16mathias.html?_r=1&oref=slogin#secondParagraph" class="jumpLink"></a> <div class="image"> <a href="javascript:pop_me_up2('http://www.nytimes.com/imagepages/2008/04/16/opinion/16letter.ready.html', '16letter_ready', 'width=370,height=600,scrollbars=yes,toolbars=no,resizable=yes')"> <img src="http://graphics8.nytimes.com/images/2008/04/16/opinion/16letter_190_2.gif" alt="" style="float: right;" border="0" height="436" width="190" /> </a> <p class="caption"> </p> </div> </div> </div><a name="secondParagraph"></a> <p>LAST week, as I was editing my student film, my eyes wandered to the monitor of a nearby student. She had a gun in her movie, I noticed. I was impressed by her ambition. She had obviously done a lot of work — paperwork.</p><p>Since the shootings at Virginia Tech a year ago, our school has made it as difficult as possible for students to put guns in their films. Joe Wallenstein, who oversees film production by students, explained that using fake weapons could be misperceived by passers-by, and misunderstanding could lead to calamity. Just days ago, the faculty banned all guns in first-semester student films and mandated that higher-level students attend a police firearms training session before using fake guns, and under many circumstances pay a police officer $450 to oversee their productions. </p><p>One of my classmates avoided the permitting process by replacing a gun in his script with a banana, turning his Western-themed cowboy film into a slapstick comedy. In his in-class critique session, the professor told him that the banana “does not work.” </p><p>Many other universities around the country are also trying to balance freedom and safety. At Harvard, a dormitory that had prided itself on not having a security officer now has one. Dorm residents protested, but the college stood firm, insisting that the freedom of movement they had lost was secondary to their safety.</p><p>Stanford, for its part, still has no professional dormitory guards, but it is developing an ID-card-based access system that is meant to eventually include all campus buildings.</p><p>Emergency text message systems are becoming increasingly common, and many colleges now require students to submit their cellphone numbers. A friend at Florida State University complained to me that he recently received the same emergency message several times, warning about a “suspicious package” in the parking garage. The message did not specify which garage, so students avoided all of them. The package turned out to be a briefcase left on the car of a high school student whose nickname, A-Bomb, was inscribed on the exterior. Whoops.</p><p>I have lately heard classmates apologize in advance for potentially disturbing content in their movies, or crack jokes to avert suspicion that they may be emotionally troubled. Our teachers encourage us to be “edgy” (it sells) but we are also aware that, since Virginia Tech, stepping over that edge into the realm of “disturbing” could land you in the dean’s office. </p><p>I admit I was startled when, looking over that young woman’s shoulder, I saw that the gun in her film was being aimed at a student behind a desk begging for her life. Can it be a good idea to present school shootings as entertainment? </p><p>The filmmaker explained that the story was about a student who resisted peer pressure to skip class on what turned out to be the day of a school shooting. Her intent was to reveal how good intentions (not skipping class) can end up being a mistake because of forces beyond your control. My worry is that because of forces beyond her control, her movie could end up like “Oldboy,” a violent South Korean film that won the Grand Prix at Cannes in 2004, and then helped inspire Seung-Hui Cho to carry out the Virginia Tech massacre. </p><p>Freedom and safety are becoming increasingly difficult to balance, it’s plain to see. But when I consider that more than 29,000 students have bravely returned to classes at Virginia Tech this year, I’m heartened. </p><nyt_author_id></nyt_author_id><div style="font-style: italic;" id="authorId"><p><span style="font-size:85%;">Alice Mathias is a graduate student at the University of Southern California film school.</span></p></div><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-8858856545368619852008-04-18T10:44:00.002-05:002008-08-26T15:12:01.404-05:00DVR Security Cameras - Understanding The Basics<span style="font-style: italic;font-size:85%;" >From <a href="http://ehelpforu.blogspot.com/">ehelpforu.com</a></span><br /><br />In today's life, security is the main concern as the crime is<br />increasing day by day. DVR Security cameras are useful in<br />providing safety to you, your family and your business. The DVR<br />stands for Digital Video Recorder. It is also known as Personal<br />Video Recorder (PVR). DVR is a device that records the video in<br />a digital format on a drive. Mostly the drive on which DVR<br />records the video is a disk drive. When you use a DVR device for<br />security purposes, it is called DVR security system. Security<br />DVR consists of a stand alone set-top box and a software. The<br />software supplied with DVR system is used on the computer and<br />allows video capturing and playing back the video. The video<br />captured through the DVR system can be played directly from the<br />drive.<br /><br />Now-a-days, many companies have started selling television with<br />in-built DVR system (software and hardware both). A DVR security<br />camera provides longer recording time in comparison to<br />traditional VCR systems. This is the reason that many CCTV<br />companies uses DVR security camera to record daily activities.<br /><br />DVR security cameras are latest in the field of CCTV<br />surveillance. The picture quality provided by DVR security<br />camera is amazing. DVR security cameras have following features:<br /><br />• Applications – DVR security cameras can be used for indoor as<br />well as outdoor applications.<br /><br />• Ease of use - A DVR security camera is very easy to use.<br /><br />• Video quality - Most of the Security DVRs are able to record<br />audio as well as video. And the quality of video is fantastic.<br /><br />• Remote Access – This feature allows you to access the DVR<br />security cameras from a remote location via internet. This<br />becomes very helpful to keep a watch at a place where you have<br />installed the camera even when you are not present there.<br /><br />• Instant playback – DVR Security camera allows you to play the<br />recorded video instantly without rewinding or forwarding and<br />hence saves your time.<br /><br />• Customization – DVR security camera allows customization as<br />per your needs (personal or business related).<br /><br />• Affordability – DVR security cameras are cost- effective.<br /><br />• Selective navigation- You can search the video recorded by<br />DVD security camera on the basis of even, time, or date.<br /><br />• Identification of criminal becomes easier with DVR security<br />cameras as they produce sharp images.<br /><br />DVR cameras come with many advanced features such as motion<br />detectors, pre- alarm function, email and ftp server<br />notification, video compression, virus-care system and many<br />more. Now a day's mobile DVR security camera are also available<br />in the market. These mobile cameras are specifically meant for<br />transportation industry. Mobile DVR cameras can be used in<br />school buses, cars, taxis, trains, trucks, ships, aircraft,<br />airport shuttles, emergency vehicles, fire vehicles, police<br />vehicles, vans, delivery service vehicles, bank cash<br />transportation vehicle, prisoner buses etc. Mobile cameras are<br />very reliable and sturdy and at the same time reasonably priced.<br /><br />DVR surveillance camera systems can give safety comfort to you<br />and your family, as you can watch, who is entering your house.<br />So whom are you waiting for! Provide security to those whom you<br />love the most.<br /><br />Visit Hackett Security learn more about video <a href="http://www.hackettsecurity.com/videomonitoring.asp">surveillance</a>.<div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0tag:blogger.com,1999:blog-35244788.post-58307353177534540852008-04-11T11:40:00.002-05:002008-08-26T15:18:21.323-05:00Real ID: Coming to a State Near You?<p style="font-style: italic;" class="byline"><span style="font-size:85%;">4/11/2008<br />By Doug Gale<br />from <a href="http://www.campustechnology.com/" target="blank">Campus Technology</a><br /></span></p> <!-- article content --> Growing up in the Midwest, I'd never met an adult that didn't have a driver's license. As a teenager, a driver's license was a rite of passage that opened access to a whole new world. It seemed almost un-American to my adolescent mind not to get one as soon after your sixteenth birthday as humanly possible. A few years later as a college student I discovered a downside--that slip of paper (yes, it really was printed on a slip of paper) contained information, my birthdate. And every bar near campus wanted to see it.<br /><br />We forget is that a drivers' license is a recent phenomenon. Missouri and Massachusetts were the first when they passed laws in 1903 requiring all drivers to have a license. In Missouri the cost was 25 cents, and a test wasn't required until 1952.<br /><br />In the United States, a driver's license has become a de facto identification card. We use it to cash checks at the grocery store and board airplanes. When I moved to Montana a few years ago the only person ahead of me in line at the Division of Motor Vehicles was an elderly gentleman. He was seeking to get a drivers license after a lapse of many years. Not to drive, which he had stopped doing years before, but because he got tired of the hassle involved not having one for identification.<br /><br /><span style="font-weight: bold;"> <table style="width: 150px;" align="right"> <tbody> <tr> <td> <img src="http://download.101com.com/wa-mcv/cam/images/20080411id2.jpg" /></td> </tr> </tbody></table>What's Real ID?</span><br />Following 9/11 there was a push to change procedures for issuing identification documents, particularly when they were used to board airplanes. While the original motivating factor behind Real ID was terrorism, the objectives have grown to include addressing problems associated with identity theft and illegal immigration.<br /><br />Congress, however, has ducked the politically contentious issue of creating a national identity card and instead decided to require states to comply with federal standards for driver's licenses, effectively transforming them into a de facto national identity card.<br /><br />The Real ID Act of 2005 basically states that beginning May 11 of this year state driver's licenses and identification cards will not be accepted for federal purposes unless Department of Homeland Security (DHS) determines that a state is compliant with the Real ID regulations or the state has been approved for an extension. In practical terms we're talking about getting on an airplane or entering a federal building such as a courthouse. The deadline for a state requesting an extension was March 31 of this year.<br /> <!--Aamsz="336x280" Pos="m03"--> <br /><span style="font-weight: bold;">What's Required?</span><br />This January DHS <a target="_blank" href="http://www.ncsl.org/print/statefed/RealIDFinalReg.pdf">released the regulations</a> establishing minimum standards for state-issued drivers' licenses and identification cards. Basically states will be required to have proof of an individual's identity and U.S. citizenship or legal status through documents such as a birth certificate or green card before issuing a drivers' license or identity card. The states must also build security features into the card itself to make them harder to forge and implement a mechanism to share data with other states and the federal government through a common architectural framework.<br /><br />The final DHS requirements are much less stringent than earlier proposals. For example, requirements for biometric identification and Radio Frequency Identification (RFID) technologies on each card as well as a centralized database were in early versions of the DHS regulations.<br /><br /><span style="font-weight: bold;">State Resistance</span><br />The main reason for the dilution of the regulations was state resistance. Twenty-one states have passed some kind of legislation opposed to Real ID--some such as Montana and Maine going as far as opting out entirely. The reasons for opposition were both practical and philosophical.<br /><br /><span style="font-weight: bold;">Practical Concerns</span><br />Cost: The DHS estimates that the cost to states to comply with the Real ID Act will not exceed $3.9 billion. A joint study by the National Governors Association and the American Association of Motor Vehicle Administrators <a target="_blank" href="http://www.ncsl.org/realid/">estimates</a> the costs at more than $11 billion over the next five years and points to impacts on services to the public. So far Congress has appropriated $90 million to assist states. The <a target="_blank" href="http://www.dhs.gov/">DHS</a> counters that the final regulations reduce the cost to states by 73 percent from earlier proposals and would only increase the cost of an individual license by $8.<br /><br />Time and Difficulty of Implementation: State motor vehicle administrators <a target="_blank" href="http://www.stateline.org/">report</a> that reissuing 242 million licenses and identification cards, which requires verifying each individual's Social Security number, vital records (birth certificates, etc.), and legal resident status, could take eight years. Verifying identity is notoriously difficult. Exceptions, such as not having a birth certificate, having changed names, or a history of using a nickname on documents, render a simple set of procedures useless. A <a href="http://www.realnightmare.org/images/File/AAMVA_survey_report.pdf" target="_blank">survey</a> by the American Association of Motor Vehicle Administrators found that 76 percent of the responding jurisdictions anticipated that verifying the validity of source documents would have significant impact on their operation.<br /> <!--Aamsz="336x280" Pos="m03"--> <br />Security: While the current regulations no longer include a centralized database of information, concerns remain that a distributed database (one for each state) with a centralized access hub would be an attractive target for hackers. The DHS argues that the regulations provide an adequate level of security. Critics cite the recent discovery that private contractors had accessed the passport data of the current presidential candidates as evidence that federated security procedures need some work.<br /><br />Scope of Information: Real ID advocates argue that the amount of information that can be remotely accessed is limited. The counter argument is that what seems to be innocuous to one person, say an address, is critical to someone else, say the victim of a stalker.<br /><br />Non-official Uses: The Real ID Act does not give the DHS authority to restrict who may or may not use Real ID cards. In other words, the local convenience store will be using the Real ID card to control the sale of cigarettes to minors. Remember that Social Security numbers were never meant to be an identifier, but for decades that's what they were.<br /><br />Third Party Skimming: Real ID cards will include unencrypted personal information in machine-readable format. The decision to not encrypt was driven by state and local law enforcement groups concerned about key management and accessing the information on the card quickly. Non-official users may well find it irresistible to collect the information on a Real ID card. There have been <a target="_blank" href="http://www.news.zdnet.com/2010-9588_22-6228481.html">reports</a> that some businesses are already collecting personal data from driver's licenses using commonly available readers without patrons' consent. While some States, such as California, Nebraska, New Hampshire, and Texas have passed laws that prohibit the collection of information on a driver's license or identification card, most have not.<br /><br />Adequacy: Although they draw different conclusions, both those supporting and those opposing the Real ID Act are concerned about the adequacy of the regulations. Critics point out that ID documents don't reveal anything about evil intent and that determined terrorists will be able to obtain forged documents. That being the case, they argue that Real ID isn't worth the attendant loss of civil liberties.<br /><br /><span style="font-weight: bold;">Philosophical Concern</span><br />The philosophical objection to the Real ID Act is that it puts the country on a slippery slope to creating a national identity card and a "surveillance society." Thus we find some politically conservative "red" states such as South Carolina aligning with liberal "blue" states such as Maine in opposition to Real ID. This philosophical concern has led to strange bedfellows, including the <a target="_blank" href="http://www.jbs.org/">John Birch Society</a> and the <a target="_blank" href="http://www.aclu.org/">American Civil Liberties Union</a>.<br /><br /><span style="font-weight: bold;"> <!--Aamsz="336x280" Pos="m03"--> What Does This Mean for Higher Education?</span><br />While analysis of the impact of Real ID lies with a campus' legal staff, it is inevitable that the IT unit will become involved because of the work we do with information security. We need to be prepared to help:<br /><br />Determine the impact of Real ID on faculty, staff, and students. For example, an opinion by Michigan's attorney led the state to stop issuing new licenses to undocumented and temporary residents. That group included people on student visas and would have seriously impacted foreign graduate students who lived off campus. A change in state law was required.<br /><br />Analyze the data security requirements needed to protect information stored on state databases. While higher education is not in a position to set state policies, it should be prepared to outline how those policies impact research and instruction. This means that IT and security staff must become familiar with the technology being used and being proposed. For example, regardless of whether the data is stored centrally as originally proposed or in 50 state databases with a common portal, a fundamental question is who can access the data. Higher education is familiar with that problem and can provide valuable recommendations to the state agencies charged with implementing Real ID.<br /><br /><span style="font-weight: bold;">Where Are We Now?</span><br />One key element of the final regulations issued by DHS was the extension clause, which allowed states to request an extension. Otherwise states were required to be in compliance by May 11, 2008--an almost impossible task. The DNS agreed to grant an extension if a state was making substantial progress to compliance with the regulations and requested an extension by March 31 of this year.<br /><br />Earlier this month the DNS decided to avoid a showdown over extensions with recalcitrant states. For example, my home state of Montana sent DHS a letter outlining the security features in Montana's Drivers' Licenses (quite good in fact) and stating that the state could not by statute implement the Real ID Act or request an extension. DHS responded that they were granting the state an extension until 2010 anyway. As of this writing, all 50 states have been granted an extension until 2010.<br /><br /><!--Aamsz="336x280" Pos="m03"--><!-- Player for podcasts articles -->But the issues and concerns haven't gone away. This is an important and highly complex initiative with intelligent and well meaning people on all sides. The April 4, 2008 Christian Science Monitor summed things up nicely: "In any case, the federal government is deluding itself if it thinks that the extensions have solved this issue. It's far from settled." <!-- Begin Article Cite --> <p><br />Doug Gale is president of Information Technology Associates, LLC (www.it associates.org) an IT consultancy specializing in higher education. He has more than 30 years of experience in higher education as a faculty member, CIO, and research administrator.</p><div class="blogger-post-footer">www.hackettsecurity.com</div>Hackett Securityhttp://www.blogger.com/profile/12004860745827381977noreply@blogger.com0