News letter feb 11

NNeewwsslleetttteerr:: FFeebbrruuaarryy 22001111 LLeett’’ss pprrooffeessssiioonnaalliizzee tthhee pprrooffeessssiioonnaallss……

Today it's significantly different! Yesterday we operated with fences, gates, guards and cameras. We were worried about people taking minor items out of the workplace. But the fences, guards and gates are not as important these days for many businesses. Now the assets are electronic; they are built on and live on the Internet. The facility environment today is more open; employees want to come and go with their electronic access card; they don't want to be stopped

by a fence or a gate. Today, they want a card in their hand and the ability to be there! Intellectual electronic assets are much more significant. One CD could have more property on it than you might have in whole office years ago. And yesterday they would have had to steal the entire filing cabinet to get the same amount of information that is on a single CD today. A digital asset / data theft happens today, and tomorrow it is on the six o'clock news. In the electronic age that we live in, there are not many secrets out there anymore that cannot be hacked or found. The things we have in place for protection must change tonight. These hackers [who have fed Wikileaks] were able to disrupt an amazing amount of USA Government in a short amount of time. Wikileaks is a wake-up call! This has been going on for a period of time all over the world; it just

s become more public than ever before. ha

Capt S B Tyagi For ICISS

FFOOOODD FFOORR TTHHOOUUGGHHTT:: IIff iitt iiss nnoott aallrreeaaddyy wwiitthh yyoouu,, pprroovvaabbllyy iitt wwiillll hhaarrmm yyoouu:: tthhee iinnffoorrmmaattiioonn,, tthhee tteecchhnnoollooggyy –– iinn sshhoorrtt,, ‘‘TThhee EEddggee’’!!

C:\S B Tyagi\ICISS\News Letter Feb 11.doc

HHooww ttoo EEnntteerr tthhee FFiieelldd??

It is realized that many international manufactures and distributors of international repute failed where small timers were successful in procuring the order. Though this fact is initially perplexing, it is realized after careful study that reasons for the failure were -

• Inability to contact potential buyer, • Lack of knowledge of procurement procedure in India, • Products incompatibility in Indian climate, and, • No after sale support

The Original Equipment Manufacturers (OEM) need to be appraised about the opening opportunities of business in India. The manufacturers and distributors of the security gadgets need to have overview of the quantum of business, and, to familiarize about the procedures and formalities relating to procurement of such items. DEVELOPING SENCE OF INSECURITY IN INDIA The ruthless ambitious nature of the human being shall continue to harness unhealthy competition. This shall result in personal aggrandizement of wealth in the hands of the few, conversely poverty shall increase, and so shall the numbers that shall be afflicted by it.


The ruthless ambitious nature of the human being shall continue to harness unhealthy competition. This shall result in personal aggrandizement of wealth in the hands of the few, conversely poverty shall increase, and so shall the numbers that shall be afflicted by it. All the deteriorating conditions shall have multiplier adverse effect on the security of our society, as also the Corporate and Industry. That the rate of crime shall definitely continue to rise should be the foregone deduction of the conditions prevailing in our society. Because….

Pearl S Buck, in ‘The Good Earth’ stated that, ‘when the rich get too rich, the poor shall not sit back but react to correct the imbalance’,

NEED FOR SECURITY GADGETS IN INDIA The prevailing conditions in India have focused every body’s attention to the security measures in the industry, which started taking appropriate measures in this regard. The concerted and tangible attempts by the industries have been visible since last three decades a far as security manpower is concerned. Introduction of technical gadgets is hardly a decade old phenomenon. Three developments are taking place in India -

• Opening-up of economy • Development of Information technology • Realization that India can, and, will be a major power in the world, and, efforts of

Industries to get ready for it. As a result ‘Industrial Security’ has gained importance and it is being treated as profit making activity. LARGEST INDUSTRIAL SECURITY FORCE IN THE WORLD Government of India has established a central Para-military force called Central Industrial Security Force (CISF), which is the only Government run Industrial security force in the world with approximately 1 million. As it is a Central Police Organization, it is also the largest police force in the world. Its professional security personnel are deployed in 256 industries and 16 airports. Its main efforts are to reduce the manpower by installing the security gadgets. Thus it is also the single largest specifiers and end-user of the security gadgets. Public Sector Undertakings (PSUs) totaling up to more then 600 in number, is the second most security conscious sector, which also lays great emphasis to keep security unobtrusive and cost effective by installing the security gadgets. Thus this segment is ‘The Largest’ procurer of the security gadgets. CISF instead of procuring directly, gets is done through the PSU / organization where its security force is deployed.


ONE OF LARGEST PROCURER OF SECURITY GADGETS IN THE WORLD As brought out above, Central Industrial Security Force (CISF) is the single largest specifiers and end-user of the security gadgets and Public Sector Undertakings (PSUs) is ‘The Largest Procurer’ of the security gadgets. In addition, there are more then 500 large scale industries having their own security set-up and have started installing security gadgets. DOMESTIC MANUFACTURES OF SECURITY GADGETS Indian Security Gadget Industry itself is in nascent form and is generally assembling the imported items. The ‘State-of-the-Art’ high-tech security gadgets are not being manufactured in India.

WWhheerree ffrroomm ddoo tthheeyy ggeett tthhee ssttaannddaarrddss?? In India, the Industrial Security Consultancy needs to come to international standards! The Consultants essentially have to be un-biased, truly professional and with up-to-date information, without having stakes in any of the parties – may it be the Solution Provider, Integrator, Man-power Provider or the Service Provider! The Consultants need to prove themselves to be thorough professionals. They need to attain certain educational and professional standards. Just being out-of-job or retired from service and claiming to be Consultant will not do! Part time consultancy will ruin this profession! The retired police officers or the officers of armed forces do not automatically become Security Consultants! They have to do lot of un-learning before learning the skill-sets of the imperatives of Industrial Security Management, which is all together different cup-of-tea! For a person to gainfully spend the post-retirement time is noble idea by any standard. But, the consultancy in the field of Industrial Security Management is not similar to starting insurance agency or consultancy on feng-sui! In the ‘Consultation Report’, the ‘Return-on-investment’ (ROI) must be indicative in terms of increased productivity or decrease in ‘down-time’. The Consultants need to have scientific and methodical approach to the proposals they are offering to the Management and must own-up these proposals till they are successfully executed and start giving proposed ROI! Industry-developed and regulated Standards in the field of Industrial Security Consultancy need to go through the process of evolution and need to mature. What presently required are the pragmatic views by the service users as they have to be very objective, exacting and careful while awarding the consultancy assignments? The


demand of professionalism and quality-consultancy from the service-users will presently set the rule of the game. Only time will tell – where from the Consultants will eventually get the high standards - set them themselves or be forced by the service-users!

Sometimes ago, a thief stole a laptop computer from a restricted area in the student administration building at the University of California at Berkeley. The laptop contained names, addresses and Social Security numbers of 98,000 people who applied to graduate school between fall 2001 and spring 2004; students who enrolled in graduate programs between fall 1989 and fall 2003; and recipients of doctoral degrees fro m1976 to 1999.

A university spokeswoman told the Los Angeles Times that school policy mandates that all personal data be encrypted to ensure privacy protection. However, the files on the laptop had been recently downloaded and were not yet encrypted.

The university is attempting to notify the individuals whose records might be compromised. Authorities say there’s no evidence yet that the data has been misused. They believe the computer was stolen for what it is, not what’s inside it.

This is almost old hat for Berkeley. Five months ago a hacker attacked the UC Berkeley computer system, compromising the data of some 600,000 Californians involved in a home-care program for seniors and the disabled.

But this latest incident raises a new issue: Should sensitive information be stored on portable devices at all? According to the Times account, a campus employee noticed a woman leaving the restricted area with a laptop near the time of the theft. It may have been just that simple. Suppose the alleged thief were truly interested in the data and not the machine. Would she have been a little more conspicuous trying to haul a mini-tower out of there?

Maybe it’s ridiculous, considering wide adoption of laptops, PDAs and cell phones, to restrict their use to the mundane. But the risks are real. In July 2004, CSO explored the issue in “How to Stop a Laptop Thief.”

As reported in that story, Gartner estimates that just one stolen laptop could cost a company more than more than $6,000 for a new machine, software, restoring data and user downtime. The cost of such an incident increases exponentially if sensitive data is compromised and falls into the hands of a competitor or a hacker.

Technology is increasingly packing more computing power into smaller and smaller devices: cell phones, PDAs and their hybrid cousins. What should be done to protect the information on these devices? Biometric locks? Common sense use policies? Tell us what you think. How does your company secure information on portable devices?


Most Recent Responses:

The use of portable devices in today’s world is increasing. As security professional we must be able to protect these devices with the knowledge they will be lost or stolen.

Lap-Tops are easy to secure so that the date is not available to the thief. Use strong encryption and create a volume for all documents. PGP and other similar tools allow for this and the use is very simple.

Devices like PDA’s and Blackberry Devices are more difficult in that they can have the same types of data and are easer to loose or steal. For these devices the solution is generally a device specific solution.

For all the devices a solution is as strong as the training and understanding that is conveyed with the issuances of the device. That is you can put the tools on the device but if the user does not use them or allows the tools to be compromised by walking away while logged in or decrypted then the loss is the same as with no security.

With all access grants all users must have a clear set of training directives for the proper use of the information they have and a true accountability action must be enforced for failure to comply.

Basically the user is the weakest link in the design. Training and awareness are the tools used to keep this weak link at speed with the need for security and protection of the information assets.

How to secure the data? The problem with portable data falling into the wrong hands is best remedied not by preventing the data from becoming portable but by making the data secure whether it is portable or not.

Most modern workplaces empower their staff to send email, print, fax, or even save to portable storage such as floppy disk or USB keys. With this in mind it is his highly unlikely that an authorized user can ever be prevented from making data portable. If they really want to take it on the road, then they will. Additionally technology limitations should never prevent a business justification for access to data. If employees need that data on their laptop then why should we prevent it because of technology’s inability to protect that data from unauthorized access?

The solution therefore is to develop appropriate technology that secures/encrypts information that is deemed important enough.....whether it is portable or not. Technology departments should take the option of not having encrypted data out of the hands of the person who uses it.

If data is sensitive, then the requirement for it to be encrypted and therefore safe should be mandatory. With this policy in place, the question of whether it should be allowed to leave the corporate network and reside on a laptop or any other portable device becomes irrelevant.


From: Capt. Rajiv Ojha

Dear Friends, This is a short note to reflect my feelings, feelings of a plebian amidst agony and pain that descended on common people stretching from Srinagar to Mumbai when the sun traversed its length on our side of the globe to witness the death and destruction. Terror strike in Srinagar is understandable where I have been recently but in Mumbai it is very difficult to fathom. Still Mumbai is a resilient city that has immediately sprung up with sheer determination to help those who were suffering the terror inflicted by known people to face another day with steely resolve. The guts of Mumbaikar are unparallel and are as strong as the resolve of the Indian Government. There is not a single person who knows from which side across the Border the chaos is ordered. Which Military ruler sanctions such heinous crimes and then presents the paintings to our leader, who smiles and forgets the tears and pain of his own countrymen allowing such terrorists to create more mayhem? Where in world, in which country it takes for the government years to make rules stalling hijacked planes from taking off to distant lands where they are hailed as liberators after killing, maiming and torturing innocent civilians who cannot defend themselves? Where in the world judiciary gives life imprisonment and keep the terrorists alive and well fed from the money collected from the tax payers? Where in the world, the terrorist guilty of killing innocents and awarded life imprisonment will demand better medical facilities and food of his choice? Where indeed??? Still the resolve of common man is high. He looks behind the chaos and death of his fellow citizens and keeping his head high moves on to face another day with deep and painful memories of the bloody day that he witnessed with prayer on the lips that he may live for another day or that such incidences may never happen in his lifetime ever !!! I salute this noble plebian of this Republic and his resolve to survive the daily battle from Kashmir to Kanyakumari!


Helmet Research

Helmets have not suddenly arrived At least 50 years of research in various fields have led to this development. Helmets have been designed based on cadaver studies, animal experiments, computer simulation studies, biomechanical studies and study of crash injury patterns. Sir Huge Cairns was the first person to understand the role of helmets in preventing severe head injuries and deaths. Before a helmet is certified it has to pass through four main tests namely:

1. Shock absorption – Cushioning capabilities of the padding test. 2. Resistance to penetration-to make sure the shell of the helmet is strong. 3. Strength of the retention system-to test the stretching of the chin strap. 4. Rigidity-to test the structural and safety performance. Most injured motorcyclists who

do not wear helmets report that they did not expect to be injured; yet 40% of the head injury-associated deaths were ascribed to the motorcyclist’s loss of control, not, apparently, to some action of the driver of another motor vehicle.

5. Studies have shown that when helmet use is voluntary, it is used by 40-50 %; when it is compulsory it is almost 100 %; no other approach has succeeded in raising helmet use to anything close to these levels.

How is a helmet useful?• The brain is the only organ in the body with its own safe deposit vault. • When a major impact occurs, the skull however thick cannot absorb the entire force!

The impact only slightly attenuated is still transmitted to the underlying brain. When direct injury occurs, the damages to brain are very serious - often irreversible.

• A helmet considerably increases the thickness of the container. The blow gets absorbed, spreading the impact over a larger region. The intensity at any one point is considerably diminished. The time lag also reduces the ultimate intensity reaching the brain through the helmet, hair, skin, skull and the meninges of the brain

REASONS FOR NOT WEARING HELMETS

• “I am a good driver. How can an accident ever happen to me “? • “But, it is not compulsory “ • “I use the scooter for very short distances” (If only the bus driver knew this • “Where do I keep it“ (Where there is a will there is a way ) • “I may loose my hair“(How many bald motor cyclists does one see?) • “It is so hot and uncomfortable“(If only you knew how much hotter it can get

without one!!!) • “I may get headache and neck pain” ( at least you will still have a head ) • “Neck & Spinal Cord injuries may increase , reduced hearing &, vision,

increased fatigue & overconfidence ( Detailed studies have shown that this is not true)

• “Ungainly appendage on a beautiful feminine head” (and we talk about equality and women’s liberation!)


• “What is to be will be” (Alas the bereaved family does not subscribe to this oriental fatalism)

• “What about the family” (Buy three for the price of two?) • “I have just not had the time” ( Time and tide wait for no Man) • “A helmet is expensive” ( Obviously the contents are not ) • Adventure, recklessness, misplaced enthusiasm particularly in the young –

helmets worn only by “sissies” ( Knowledge is learning from one’s known mistakes, wisdom is learning from another’s mistakes – alas self acquired knowledge may be too late )

• “What about protecting other body parts” (death & major disability is due to brain injury – protecting the brain is easy, pragmatic and effective)

The purpose of this Communication is to assist you in communicating effectively. Following are clear practical tips that might be applicable to your daily communication within the company.

Give full attention to people while they are talking to you. Encourage other people to talk, and ask appropriate questions. Present your ideas so that others are receptive to your point of view. Treat people fairly and let others know how you want to be treated. Value teamwork and know how to build cooperation and commitment. Show respect for people’s ideas and feelings, even when you disagree with them. Accept differences and conflict as a normal part of any work environment, and Know how to address them constructively. Strive to understand other people and to be empathetic. Be open to negative feedback, and communicate difficult truths in a respectful way. Be able to easily win people’s trust and respect. Check to make sure you have

IInn aa hhiieerraarrcchhyy,, eevveerryy eemmppllooyyeeee tteennddss ttoo rriissee ttoo hhiiss lleevveell ooff iinnccoommppeetteennccee.. WWoorrkk iiss aaccccoommpplliisshheedd bbyy tthhoossee eemmppllooyyeeeess wwhhoo hhaavvee nnoott rreeaacchheedd tthheeiirr lleevveell ooff iinnccoommppeetteennccee..


Here is a serious issue that has been spreading thro' out all cosmopolitan and metropolitan cities. It has happened in Bombay. We may not even know when this kind of crime will reach you. So, this is to make you aware of the situation. Also pass on the same to all known near and dear to make them aware and be alert.

We have been informed of the following scam, which is targeting females in particular. They receive a phone call from the Post Office asking them to confirm their company postcode. When this is given, they are told that they have become eligible for some gift vouchers for their co-operation and are asked to provide their home address and postcode in order to receive the vouchers. So far 90% of the women who have provided this information have been burgled as it is assumed that their homes are empty during office hours. The police are aware of this scam and the Post Office has confirmed that they are NOT conducting postcode surveys.

Also, it has been reported if you receive a telephone call from an individual who identifies himself/herself as being an AT & T Service technician who is conducting a test on that telephone line, or anyone else who asks you to do the following, don't do it.

They will state that to complete the test the recipient should touch nine, zero, the hash (90#) and then hang up. Once done, this gives full access to your phone line, which allows them to place a long distance international or chat-line calls billed to your account. The information, which the police have, suggests that many of these calls are emanating from local jails. The information has been checked out by the police and is correct: DO NOT PRESS 90# FOR ANYONE.

Would anyone reading this please pass the information on to colleagues, friends, etc. otherwise it could cost someone a lot of money.

IItt iiss vveerryy pprruuddeenntt aanndd aaddvviissaabbllee ttoo kkeeeepp aa ppeett--ddoogg!! Elder people staying alone will not only get companion but also very effective early warning system against intrusion. This security system never fails - not even false alarms!

Children would love the idea and will have more sense of commitment and responsibility!


LLiiffee iiss vveerryy pprreecciioouuss,, aabboouutt sseeccuurriittyy bbee sseerriioouuss!! BBee aawwaarree ooff sseeccuurriittyy,, ttoo ssaavvee lliiffee && pprrooppeerrttyy !!!!

P.S. - Iaddress

C:\S B T

Suggestions & feedback may be sent to us on e-mail: [email protected]

f you don't like to receive our newsletter, we apologize for bothering you. Please let me know your mail , we will move it out of our contact list, thank you!

yagi\ICISS\News Letter Feb 11.doc

mailto:[email protected]

Business

News letter feb 11