Anti-Counterfeit Steps By Drugmakers Sought:
Legislators' Goal Is to Halt Illegal Sales
By Mary Pat Flaherty and Gilbert M. Gaul
Washington Post Staff Writers
Saturday, January 17, 2004; Page A11
Congressional lawmakers asked five of the nation's largest drugmakers yesterday to explain what they are doing to stop counterfeit drugs from entering the marketplace. The letters are part of a widening effort in Congress and among federal agencies to crack down on the illegal distribution of prescription drugs.
The House Energy and Commerce Committee said it was acting 'in light of the public health concerns.' The committee contacted Eli Lilly and Co., GlaxoSmithKline, Johnson & Johnson, Pfizer and Serono -- companies whose products have been the target of counterfeiters.
'Despite the best efforts of many companies, the counterfeit drug problem is getting worse every day,' committee spokesman Ken Johnson said. 'If we're going to turn the tide, clearly it will take a greater cooperation between the private sector and the federal government.'
Spokesmen for the five companies said they welcomed the request. The spokesmen for Serono and Johnson & Johnson said their companies already have added tracking devices to expensive product lines that have experienced counterfeiting. Serono, Johnson & Johnson and Lilly said they have also tightened their distribution systems.
In October, reports by The Washington Post identified widespread failures in the distribution system for medications, including sales of counterfeit drugs and the rise in sales of controlled drugs online with little medical supervision.
The letters to drug manufacturers follow earlier requests by Congress to several major credit card companies, shippers and Internet search engines about their role in the sale or delivery of narcotics bought from illicit Internet pharmacies."
17 January 2004
16 January 2004
Executive Office for Terrorist Financing and Financial Crime
U.S. Treasury: "
Mission
EOTF/FC develops and implements U.S. government strategies to combat terrorist financing domestically and internationally, develops and implements the National Money Laundering Strategy as well as other policies and programs to fight financial crimes, participates in the Department’s development and implementation of U.S. government policies and regulations in support of the Bank Secrecy Act and the USA Patriot Act, represents the United States at focused international bodies dedicated to fighting terrorist financing and financial crimes; and develops U.S. government policies relating to financial crimes."
Mission
EOTF/FC develops and implements U.S. government strategies to combat terrorist financing domestically and internationally, develops and implements the National Money Laundering Strategy as well as other policies and programs to fight financial crimes, participates in the Department’s development and implementation of U.S. government policies and regulations in support of the Bank Secrecy Act and the USA Patriot Act, represents the United States at focused international bodies dedicated to fighting terrorist financing and financial crimes; and develops U.S. government policies relating to financial crimes."
Meeting Stringent 21 CFR Part 11 and GxP Standards - US FDA
What Should You Do Now?
The FDA’s guidance will provide assistance to organizations
in the development and implementation of their risk-based
compliance approach. For organizations that have already
initiated Part 11 and risk-based compliance programs, the
guidance can be used to streamline and focus efforts on
areas that are most significant from a quality, safety and
efficacy perspective. The guidance should prompt
organizations to evaluate whether:
1. The organization has a risk-based approach to
determine areas that are the most significant from
a product quality, safety and efficacy perspective;
2. Existing Part 11 efforts are focused on processes and
systems that pose the highest risk to product quality,
safety and efficacy;
3. The organization has a consistent process to document
risk assessment decisions and a method of linking these
decisions to the compliance and validation approach
for a particular process or technology area;
4. Related compliance efforts such as HIPAA, Part 11,
Sarbanes-Oxley and others are aligned to achieve the
most efficient and effective compliance approach;
5. The organization is positioned from a people, process
and technology standpoint to realize the potential
benefits that could be realized by applying the
principles outlined in the guidance documents.
The FDA’s guidance will provide assistance to organizations
in the development and implementation of their risk-based
compliance approach. For organizations that have already
initiated Part 11 and risk-based compliance programs, the
guidance can be used to streamline and focus efforts on
areas that are most significant from a quality, safety and
efficacy perspective. The guidance should prompt
organizations to evaluate whether:
1. The organization has a risk-based approach to
determine areas that are the most significant from
a product quality, safety and efficacy perspective;
2. Existing Part 11 efforts are focused on processes and
systems that pose the highest risk to product quality,
safety and efficacy;
3. The organization has a consistent process to document
risk assessment decisions and a method of linking these
decisions to the compliance and validation approach
for a particular process or technology area;
4. Related compliance efforts such as HIPAA, Part 11,
Sarbanes-Oxley and others are aligned to achieve the
most efficient and effective compliance approach;
5. The organization is positioned from a people, process
and technology standpoint to realize the potential
benefits that could be realized by applying the
principles outlined in the guidance documents.
15 January 2004
"Synergistic Security to Protect Life, Property and Data
SecureWorld Expo:
By Paul Byron Pattak
President, The Byron Group, Ltd.
For an organization to fully protect itself, it must focus with equal vigor and the application of resources against threats to life, physical property and information. Protecting any one alone or any two in combination is not enough. It is not just that an attack can come through either physical or information means. IT may be used to cause physical harm, physical means may be used to damage IT resources, and attacking personnel can degrade the capability to protect either physical assets or IT assets. Adversaries will look for any weakness to exploit, and only a full-fledged unified protection and assurance strategy that is synergistic in its scope and effect will truly yield the best results.
COMMENT:
=======================================================
I think this about sums up the whole scenario. I met Paul well over a year ago while he was visiting his colleagues at Digital Sandbox. What a refreshing paragraph to read over and over.
By Paul Byron Pattak
President, The Byron Group, Ltd.
For an organization to fully protect itself, it must focus with equal vigor and the application of resources against threats to life, physical property and information. Protecting any one alone or any two in combination is not enough. It is not just that an attack can come through either physical or information means. IT may be used to cause physical harm, physical means may be used to damage IT resources, and attacking personnel can degrade the capability to protect either physical assets or IT assets. Adversaries will look for any weakness to exploit, and only a full-fledged unified protection and assurance strategy that is synergistic in its scope and effect will truly yield the best results.
COMMENT:
=======================================================
I think this about sums up the whole scenario. I met Paul well over a year ago while he was visiting his colleagues at Digital Sandbox. What a refreshing paragraph to read over and over.
"US Probes Online Terror Talk
Overseas Security Advisory Council:
from BBC News
Article ID: D138166
Intelligence agencies are investigating a series of internet warnings, said to be issued by al-Qaeda, about major terrorist attacks on the United States.
The messages - posted on several Islamist websites - include claims that an entire city could be destroyed.
This week, a statement, said to be from al-Qaeda intelligence services, warned the countdown to hit America had begun.
'It will be an even stronger strike than nuclear weapons so be prepared, oh mujahideen holy soldiers,' it said.
The statement concluded that unless America and its allies withdrew from Iraq, Afghanistan and all Islamic countries, the organisation had ordered the elimination of US leaders and their supporters.
Wishful thinking?
Another statement, repeated three times in recent days, was posted on an Islamist internet forum called the Mujahideen Network.
It claimed to be from the Islamic nation to the American people, and boasted that its group now had the ability to destroy an entire US city.
There are a lot of such messages on the internet - some not necessarily new - and their authors are hard to identify.
It makes it almost impossible to determine whether these really are final warnings before an attack, like those of 11 September, or just wishful thinking by al-Qaeda sympathisers.
But US and UK intelligence services are taking the messages, and their content, seriously.
Copyright 2004 BBC News. All rights reserved."
from BBC News
Article ID: D138166
Intelligence agencies are investigating a series of internet warnings, said to be issued by al-Qaeda, about major terrorist attacks on the United States.
The messages - posted on several Islamist websites - include claims that an entire city could be destroyed.
This week, a statement, said to be from al-Qaeda intelligence services, warned the countdown to hit America had begun.
'It will be an even stronger strike than nuclear weapons so be prepared, oh mujahideen holy soldiers,' it said.
The statement concluded that unless America and its allies withdrew from Iraq, Afghanistan and all Islamic countries, the organisation had ordered the elimination of US leaders and their supporters.
Wishful thinking?
Another statement, repeated three times in recent days, was posted on an Islamist internet forum called the Mujahideen Network.
It claimed to be from the Islamic nation to the American people, and boasted that its group now had the ability to destroy an entire US city.
There are a lot of such messages on the internet - some not necessarily new - and their authors are hard to identify.
It makes it almost impossible to determine whether these really are final warnings before an attack, like those of 11 September, or just wishful thinking by al-Qaeda sympathisers.
But US and UK intelligence services are taking the messages, and their content, seriously.
Copyright 2004 BBC News. All rights reserved."
Gaming Company gains first BS 7799-2 Certification in Asia
Macau – Macau Slot (Sociedade de Lotarias e Apostas MĂștuas de Macau) has been awarded the BS 7799-2:2002 Information Security Management certification from BSI Management Systems. According to BSI, a developer of standards and provider of international certification and assessment services, Macau Slot is the first gaming company to gain such a certification in Asia.
One of the key objectives for implementing the BS 7799 system is to provide a secured environment for the customers' as well as the company's data. BS 7799 will effectively protect all customer information as the entire data process from creation, execution to destruction; all such activities are controlled and monitored by the standard. In addition, the system will also enhance internal information management for Macau Slot, whose staff can then carry out their tasks under a unified information management standard.
One of the key objectives for implementing the BS 7799 system is to provide a secured environment for the customers' as well as the company's data. BS 7799 will effectively protect all customer information as the entire data process from creation, execution to destruction; all such activities are controlled and monitored by the standard. In addition, the system will also enhance internal information management for Macau Slot, whose staff can then carry out their tasks under a unified information management standard.
14 January 2004
Are you impacted by the Gramm-Leech Bliley Act (GLBA)?
If your business performs any of the following business processes, the likelihood is that you are. GLBA requires the organization to take reasonable steps to select and retain service providers who maintain appropriate safeguards for covered data and information. GLBA mandates that this Information Security Program be subject to periodic review and adjustment. The most frequent of these reviews will occur within IT Security & Policy where constantly changing technology and constantly evolving risks indicate the wisdom of regular reviews. Processes in other relevant areas of the organization such as data access procedures and the training program should undergo regular review.
Examples of Activities the FTC is Likely to Consider as a Financial Product or Service includes:
1. Student (or other) loans, including receiving application information, and the making or servicing of such loans
2. Financial or investment advisory services
3. Credit counseling services
4. Tax planning or tax preparation
5. Collection of delinquent loans and accounts
6. Sale of money orders, savings bonds or traveler’s checks
7. Check cashing services
8. Travel agency services provided in connection with financial services
9. Real estate settlement services
10. Money wiring services
11. Issuing credit cards or long term payment plans involving interest charges
12. Personal property and real estate appraisals
13. Career counseling services for those seeking employment in finance, accounting or auditing
14. Services provided by a principal, broker or agent with respect to life, health, liability or disability insurance products
15. Obtaining information from a consumer report
16. Providing or issuing annuities
The plan itself as well as the related data retention policy should be reevaluated annually in order to assure ongoing compliance with existing and future laws and regulations.
Examples of Activities the FTC is Likely to Consider as a Financial Product or Service includes:
1. Student (or other) loans, including receiving application information, and the making or servicing of such loans
2. Financial or investment advisory services
3. Credit counseling services
4. Tax planning or tax preparation
5. Collection of delinquent loans and accounts
6. Sale of money orders, savings bonds or traveler’s checks
7. Check cashing services
8. Travel agency services provided in connection with financial services
9. Real estate settlement services
10. Money wiring services
11. Issuing credit cards or long term payment plans involving interest charges
12. Personal property and real estate appraisals
13. Career counseling services for those seeking employment in finance, accounting or auditing
14. Services provided by a principal, broker or agent with respect to life, health, liability or disability insurance products
15. Obtaining information from a consumer report
16. Providing or issuing annuities
The plan itself as well as the related data retention policy should be reevaluated annually in order to assure ongoing compliance with existing and future laws and regulations.
Digital Signatures and European Laws
Overseas Security Advisory Council: "
from Security Focus Article ID: D138119
People who do business on the Internet require security and trust. In electronic commerce and communication you can't see the person you are speaking with, you can't see the documents that prove one's identity, and you can't even know if the web site you are connected to belongs to the society it says. You must also ask yourself: is this indeed the contract my business partner has sent to me or has someone unauthorized seen and changed it before it reached my desk? What will happen if I have problems with the contract and I must take it to a court of law?
To answer these juridical necessities the European Union adopted a community framework for electronic signatures some time ago (directive 1999/93/EC of the European Parliament and the council of December 13, 1999, on a community framework for electronic signatures) that has been implemented in various European countries. The European directive is used for business in which European partners (persons or societies) or public administrations are involved. It also means that if an American organization enters into an electronic contract with a European society it has to respect European requirements to ensure the contract is valid. This paper will address these issues and then provide an overview of current trends within various countries in Europe."
from Security Focus Article ID: D138119
People who do business on the Internet require security and trust. In electronic commerce and communication you can't see the person you are speaking with, you can't see the documents that prove one's identity, and you can't even know if the web site you are connected to belongs to the society it says. You must also ask yourself: is this indeed the contract my business partner has sent to me or has someone unauthorized seen and changed it before it reached my desk? What will happen if I have problems with the contract and I must take it to a court of law?
To answer these juridical necessities the European Union adopted a community framework for electronic signatures some time ago (directive 1999/93/EC of the European Parliament and the council of December 13, 1999, on a community framework for electronic signatures) that has been implemented in various European countries. The European directive is used for business in which European partners (persons or societies) or public administrations are involved. It also means that if an American organization enters into an electronic contract with a European society it has to respect European requirements to ensure the contract is valid. This paper will address these issues and then provide an overview of current trends within various countries in Europe."
13 January 2004
Telecommunications vulnerabilities pose significant threat to banking sector
Continuity Central: "
A US working group of banking experts is recommending that the private sector find ways to develop ‘secure and resilient’ telecommunications essential for critical banking functions. The group, known as the Working Group on Government Securities Clearance and Settlement, issued detailed recommendations to the government last week.
The Working Group’s focus is on two financial institutions, the Bank of New York and JP Morgan Chase, which constitute the US's principal resource for clearing services and include clearing services for government securities. Clearing and settlement services involve a comparison of trade details, such as price and terms, and an exchange of payments.
Industry, the Federal government, and state governments have been considering the resilience of wholesale banking activities since terrorists destroyed key telecommunications infrastructure on 9/11. The attacks revealed serious operational vulnerabilities, including the concentration of risks created by dependence on the two banking institutions.
A US working group of banking experts is recommending that the private sector find ways to develop ‘secure and resilient’ telecommunications essential for critical banking functions. The group, known as the Working Group on Government Securities Clearance and Settlement, issued detailed recommendations to the government last week.
The Working Group’s focus is on two financial institutions, the Bank of New York and JP Morgan Chase, which constitute the US's principal resource for clearing services and include clearing services for government securities. Clearing and settlement services involve a comparison of trade details, such as price and terms, and an exchange of payments.
Industry, the Federal government, and state governments have been considering the resilience of wholesale banking activities since terrorists destroyed key telecommunications infrastructure on 9/11. The attacks revealed serious operational vulnerabilities, including the concentration of risks created by dependence on the two banking institutions.
"Audit committees must pre-approve audit and non-audit services
boardmember.com Resource Center -:
Sarbanes-Oxley Act
The SEC also requires audit committees to pre-approve audit and non-audit services provided by auditors. The SEC rule adopts the following list of prohibited non-audit services as set forth in Section 202 of SOA: (i) bookkeeping services, (ii) financial information systems design and implementation, (iii) appraisal services, (iv) actuarial services, (v) internal audit outsourcing, (vi) management functions, (vii) human resources services, (viii) broker-dealer services, (ix) legal services, and (x) expert opinion services provided as an advocate of management. The SEC rule is generally applicable to services performed on or after May 6, 2003. They do not apply to services provided on or before May 6, 2004, if (a) the services are pursuant to a contract in existence on May 6, 2003, and (b) the services are not otherwise prohibited by SEC rules or by some other authoritative or professional body. The requirements apply fully to foreign private issuers. If there is no audit committee or equivalent body, the full board must perform the pre-approval function.
With respect to the services noted in (ii), (iii), (iv) and (v), the SEC provided an exception for circumstances in which “it is reasonable to conclude” that the results of these services will not be subject to audit procedures during a financial statement audit. Because engaging accounting firms on the basis of these exceptions is not without risk, audit committees should insist that these determinations be conclusive and beyond question, and not based on a borderline assessment. The committee should formulate its own assessment and not rely solely on the judgment of management and the auditor. There is also accountability to investors if the audit committee pre-approves non-audit services. The nature and amount of such fees must be reported in the proxy disclosures in the annual proxy statement to investors for fiscal periods ending on or after December 15, 2003, with the SEC encouraging early compliance.
Because the ultimate objective is to preserve the external auditor's independence, some audit committees have chosen to avoid non-audit services altogether. Our survey notes that nearly 13 percent of audit committees for large companies prohibit all non-audit services. Nearly three out of four audit committees – 72 percent – have adopted formal procedures governing nonaudit services rendered to their companies by external auditors. The SEC staff is of the view that pre-approval policies and procedures must be specific enough that management is not in the position of making judgments about whether a given service meets the committee’s definition of pre-approved services. The use of monetary limits, schedules of services without detailed explanation, or "broad, categorical approvals" is inadequate. Audit committees should evaluate their pre-approval policies and procedures accordingly so they understand precisely what they are approving.
Sarbanes-Oxley Act
The SEC also requires audit committees to pre-approve audit and non-audit services provided by auditors. The SEC rule adopts the following list of prohibited non-audit services as set forth in Section 202 of SOA: (i) bookkeeping services, (ii) financial information systems design and implementation, (iii) appraisal services, (iv) actuarial services, (v) internal audit outsourcing, (vi) management functions, (vii) human resources services, (viii) broker-dealer services, (ix) legal services, and (x) expert opinion services provided as an advocate of management. The SEC rule is generally applicable to services performed on or after May 6, 2003. They do not apply to services provided on or before May 6, 2004, if (a) the services are pursuant to a contract in existence on May 6, 2003, and (b) the services are not otherwise prohibited by SEC rules or by some other authoritative or professional body. The requirements apply fully to foreign private issuers. If there is no audit committee or equivalent body, the full board must perform the pre-approval function.
With respect to the services noted in (ii), (iii), (iv) and (v), the SEC provided an exception for circumstances in which “it is reasonable to conclude” that the results of these services will not be subject to audit procedures during a financial statement audit. Because engaging accounting firms on the basis of these exceptions is not without risk, audit committees should insist that these determinations be conclusive and beyond question, and not based on a borderline assessment. The committee should formulate its own assessment and not rely solely on the judgment of management and the auditor. There is also accountability to investors if the audit committee pre-approves non-audit services. The nature and amount of such fees must be reported in the proxy disclosures in the annual proxy statement to investors for fiscal periods ending on or after December 15, 2003, with the SEC encouraging early compliance.
Because the ultimate objective is to preserve the external auditor's independence, some audit committees have chosen to avoid non-audit services altogether. Our survey notes that nearly 13 percent of audit committees for large companies prohibit all non-audit services. Nearly three out of four audit committees – 72 percent – have adopted formal procedures governing nonaudit services rendered to their companies by external auditors. The SEC staff is of the view that pre-approval policies and procedures must be specific enough that management is not in the position of making judgments about whether a given service meets the committee’s definition of pre-approved services. The use of monetary limits, schedules of services without detailed explanation, or "broad, categorical approvals" is inadequate. Audit committees should evaluate their pre-approval policies and procedures accordingly so they understand precisely what they are approving.
Council on Competitiveness Survey - Security is Considered Good for Business
Council on Competitiveness
Security Is Considered Good for Business
Companies are beginning to see security as an investment rather
than a sunk cost. In last year’s survey, just 24 percent of companies
believed that changes in security could improve their longterm
productivity versus 69 percent that did not. In the
2003 survey, by contrast, opinions have completely flip-flopped;
71 percent of companies now believe that increased security
spending will improve long-term productivity—with security
costs offset by gains in business continuity, productivity or competitiveness—
versus only 26 percent that disagree.
Companies that believe security is a top or high priority
(83 percent and 69 percent, respectively) and companies that
have conducted security assessments in the past 6 months
(78 percent) hold this belief most strongly.
Companies with less awareness of or attention to security are less
likely to believe there is a positive return from security investment.
For instance, just 62 percent of companies that have conducted
security assessments in the last 12 months and 50 percent
that have done so in the last 2 years believe security initiatives
will create positive returns. These findings indicate that companies
that have studied security more closely and recently have
discovered it is a good investment.
Security Is Considered Good for Business
Companies are beginning to see security as an investment rather
than a sunk cost. In last year’s survey, just 24 percent of companies
believed that changes in security could improve their longterm
productivity versus 69 percent that did not. In the
2003 survey, by contrast, opinions have completely flip-flopped;
71 percent of companies now believe that increased security
spending will improve long-term productivity—with security
costs offset by gains in business continuity, productivity or competitiveness—
versus only 26 percent that disagree.
Companies that believe security is a top or high priority
(83 percent and 69 percent, respectively) and companies that
have conducted security assessments in the past 6 months
(78 percent) hold this belief most strongly.
Companies with less awareness of or attention to security are less
likely to believe there is a positive return from security investment.
For instance, just 62 percent of companies that have conducted
security assessments in the last 12 months and 50 percent
that have done so in the last 2 years believe security initiatives
will create positive returns. These findings indicate that companies
that have studied security more closely and recently have
discovered it is a good investment.
12 January 2004
Welcome to Authentix
Welcome to Authentix: "SOLUTIONS: Risk Analysis
Successful anti-counterfeit and anti-diversion programs are under-pinned by a thorough understanding of the commercial or fiscal issues faced by the client. In many instances this is achieved through our structured Risk Analysis workshop in which we determine the principal weaknesses in our clients supply chain and processes. Where prudent, we supplement this with in-market or Internet surveillance to identify the areas of risk and estimate the extent of illicit trading or brand abuse.
A thorough analysis of risk provides three principal benefits for clients, namely:
It provides an independent, objective assessment of the supply chain
weaknesses that counterfeiters and diverters are most likely to exploit.
It provides an actionable list of improvements that clients can implement themselves.
It provides the foundation for a successful and sustainable security program.
COMMENT:
=============================================================
We don't normally advocate endorsement of a particular company. However, if we are going to be serious about the interdiction of sources for terrorist funding then we need to look at the entire supply chain. How can we get more embedded in the risk mitigation of funding sources for terrorism? Talk with Authentix. Tell them 1SecureAudit sent you to find out more about how they might assist your organization. They won't know who we are, but we know who they are.
Successful anti-counterfeit and anti-diversion programs are under-pinned by a thorough understanding of the commercial or fiscal issues faced by the client. In many instances this is achieved through our structured Risk Analysis workshop in which we determine the principal weaknesses in our clients supply chain and processes. Where prudent, we supplement this with in-market or Internet surveillance to identify the areas of risk and estimate the extent of illicit trading or brand abuse.
A thorough analysis of risk provides three principal benefits for clients, namely:
It provides an independent, objective assessment of the supply chain
weaknesses that counterfeiters and diverters are most likely to exploit.
It provides an actionable list of improvements that clients can implement themselves.
It provides the foundation for a successful and sustainable security program.
COMMENT:
=============================================================
We don't normally advocate endorsement of a particular company. However, if we are going to be serious about the interdiction of sources for terrorist funding then we need to look at the entire supply chain. How can we get more embedded in the risk mitigation of funding sources for terrorism? Talk with Authentix. Tell them 1SecureAudit sent you to find out more about how they might assist your organization. They won't know who we are, but we know who they are.
Citibank Warns on New Internet 'Phishing' Scam
"Citibank Warns on New Internet 'Phishing' Scam:
By Jonathan Stempel
NEW YORK (Reuters) - Citibank on Monday warned customers not to fall for an e-mail fraud that urges them to log into a bogus Web site to verify that their accounts have not been tampered with.
'It's a scam,' said Mark Rodgers, a spokesman for the bank, a unit of Citigroup Inc. (C.N: Quote, Profile, Research) 'Consumers have reported receiving fraudulent e-mails that appear to be from Citibank, but which are in fact sent by impostors.'
It was not immediately clear how many customers received or acted upon the e-mail. The e-mail is similar to one last August when an Internet scammer threatened to close Citibank checking accounts if customers failed to divulge personal information.
Other recent fake e-mails include one from 'Citibank Security Department' seeking account information to help the bank upgrade its computer servers, and one from 'Accounts Management' seeking credit card information so that customers might 'maintain the Citibank experience.'
These are examples of 'phishing' -- the use of spam, or junk e-mail, to lure people to bogus Web sites that look like those of reputable companies, and deceive them into divulging personal data. The term is derived from the act of computer thieves 'fishing' for private data.
Many scam e-mails carry grammatical or typographical errors, or return addresses at sites such as Yahoo.com or Juno.com.
Rodgers said Citibank works 'aggressively' with law enforcement to stop such scams. Customers receiving suspicious e-mails should notify Citibank at (Citibank Web Site), where a list of known fraudulent e-mails is posted, he said.
The new e-mail, purporting to be from Citibank, said that on January 10, the bank blocked some accounts 'connected with money laundering, credit card fraud, terrorism and check fraud activity.' It said the bank sent account data to government authorities, and may have changed some accounts."
By Jonathan Stempel
NEW YORK (Reuters) - Citibank on Monday warned customers not to fall for an e-mail fraud that urges them to log into a bogus Web site to verify that their accounts have not been tampered with.
'It's a scam,' said Mark Rodgers, a spokesman for the bank, a unit of Citigroup Inc. (C.N: Quote, Profile, Research) 'Consumers have reported receiving fraudulent e-mails that appear to be from Citibank, but which are in fact sent by impostors.'
It was not immediately clear how many customers received or acted upon the e-mail. The e-mail is similar to one last August when an Internet scammer threatened to close Citibank checking accounts if customers failed to divulge personal information.
Other recent fake e-mails include one from 'Citibank Security Department' seeking account information to help the bank upgrade its computer servers, and one from 'Accounts Management' seeking credit card information so that customers might 'maintain the Citibank experience.'
These are examples of 'phishing' -- the use of spam, or junk e-mail, to lure people to bogus Web sites that look like those of reputable companies, and deceive them into divulging personal data. The term is derived from the act of computer thieves 'fishing' for private data.
Many scam e-mails carry grammatical or typographical errors, or return addresses at sites such as Yahoo.com or Juno.com.
Rodgers said Citibank works 'aggressively' with law enforcement to stop such scams. Customers receiving suspicious e-mails should notify Citibank at (Citibank Web Site), where a list of known fraudulent e-mails is posted, he said.
The new e-mail, purporting to be from Citibank, said that on January 10, the bank blocked some accounts 'connected with money laundering, credit card fraud, terrorism and check fraud activity.' It said the bank sent account data to government authorities, and may have changed some accounts."
GLBA Check up for Administrative Safeguards
GLBA Questions for Compliance:
Administrative Safeguards
1) Do you check references prior to hiring employees who will have access to customer information?
2) Do you ask every new employee to sign an agreement to follow your organization's confidentiality and security standards for handling customer information?
3) Do you train employees to take basic steps to maintain the security, confidentiality and integrity of customer information, such as:
a. locking rooms and file cabinets where paper records are kept;
b. using password-activated screensavers;
c. using strong passwords (at least eight characters long);
d. changing passwords periodically, and not posting passwords near employees' computers;
e. encrypting sensitive or confidential customer information when it is transmitted electronically over networks or stored online;
f. referring calls or other requests for customer information to designated individuals who have had safeguards training; and
g. recognizing any fraudulent attempt to obtain customer information and reporting it to appropriate law enforcement agencies.
4) Do you instruct and regularly remind all employees of your organization's policy - and the legal requirement - to keep customer information secure and confidential. This includes providing employees with a detailed description of the kind of customer information you handle (name, address, account number, and any other relevant information) and posting reminders about their responsibility for security in areas where such information is stored - in file rooms, for example?
5) Do you limit access to customer information to employees who have a business reason for seeing it? For example, grant access to customer information files to employees who respond to customer inquiries, but only to the extent they need it to do their job.
6) Do you impose disciplinary measures for any breaches?
7) Do you use appropriate oversight or audit procedures to detect the improper disclosure or theft of customer information? For example, supplement each of your customer lists with at least one entry (such as an account number or address) that you control, and monitor use of this entry to detect all unauthorized contacts or charges.
8) Do you maintain systems and procedures to ensure that access to nonpublic consumer information is granted only to legitimate and valid users? For example, use tools like passwords combined with personal identifiers to authenticate the identity of customers and others seeking to do business with the financial institution electronically.
9) Do you notify customers promptly if their nonpublic personal information is subject to loss, damage or unauthorized access?
If you were unable to answer yes to all of these questions you may have significant risk exposure to your organization, both legally and reputationally.
Administrative Safeguards
1) Do you check references prior to hiring employees who will have access to customer information?
2) Do you ask every new employee to sign an agreement to follow your organization's confidentiality and security standards for handling customer information?
3) Do you train employees to take basic steps to maintain the security, confidentiality and integrity of customer information, such as:
a. locking rooms and file cabinets where paper records are kept;
b. using password-activated screensavers;
c. using strong passwords (at least eight characters long);
d. changing passwords periodically, and not posting passwords near employees' computers;
e. encrypting sensitive or confidential customer information when it is transmitted electronically over networks or stored online;
f. referring calls or other requests for customer information to designated individuals who have had safeguards training; and
g. recognizing any fraudulent attempt to obtain customer information and reporting it to appropriate law enforcement agencies.
4) Do you instruct and regularly remind all employees of your organization's policy - and the legal requirement - to keep customer information secure and confidential. This includes providing employees with a detailed description of the kind of customer information you handle (name, address, account number, and any other relevant information) and posting reminders about their responsibility for security in areas where such information is stored - in file rooms, for example?
5) Do you limit access to customer information to employees who have a business reason for seeing it? For example, grant access to customer information files to employees who respond to customer inquiries, but only to the extent they need it to do their job.
6) Do you impose disciplinary measures for any breaches?
7) Do you use appropriate oversight or audit procedures to detect the improper disclosure or theft of customer information? For example, supplement each of your customer lists with at least one entry (such as an account number or address) that you control, and monitor use of this entry to detect all unauthorized contacts or charges.
8) Do you maintain systems and procedures to ensure that access to nonpublic consumer information is granted only to legitimate and valid users? For example, use tools like passwords combined with personal identifiers to authenticate the identity of customers and others seeking to do business with the financial institution electronically.
9) Do you notify customers promptly if their nonpublic personal information is subject to loss, damage or unauthorized access?
If you were unable to answer yes to all of these questions you may have significant risk exposure to your organization, both legally and reputationally.
11 January 2004
Hedge Funds Lose Millions in Parmalat Debacle
Hedge Funds Lose Millions in Parmalat Debacle: "
By Elif Kaban and Gerard Wynn
LONDON (Reuters) - Hedge funds trading convertible bonds had significant exposure to the troubled Italian food group Parmalat and have lost millions of dollars in the fall-out, industry sources said on Friday.
The losses have hit hedge fund returns both in the United States and Europe, but industry sources said the market was seen weathering the storm because most losses were manageable.
Many were hurt after being caught out by the slump in the value of Parmalat convertible bonds since the start of December.
'We had a good December but that's almost completely been wiped out by Parmalat,' said one London-based fund manager. 'A lot of hedge funds had Parmalat exposure and the smoke hasn't cleared yet. Many people are just keeping quiet.'
Parmalat had 6.8 billion euros of declared publicly and privately traded bonds yet to mature when the crisis broke on Dec. 19 when a 3.95 billion euro account held by a Cayman Islands unit with Bank of America was declared false.
About 40 percent of the bonds were convertibles and some industry sources estimated that 80 percent of these were held by hedge funds.
Such figures are hard to verify in a secretive offshore industry where hedge fund managers have no disclosure requirements and are not regulated by any watchdog."
By Elif Kaban and Gerard Wynn
LONDON (Reuters) - Hedge funds trading convertible bonds had significant exposure to the troubled Italian food group Parmalat and have lost millions of dollars in the fall-out, industry sources said on Friday.
The losses have hit hedge fund returns both in the United States and Europe, but industry sources said the market was seen weathering the storm because most losses were manageable.
Many were hurt after being caught out by the slump in the value of Parmalat convertible bonds since the start of December.
'We had a good December but that's almost completely been wiped out by Parmalat,' said one London-based fund manager. 'A lot of hedge funds had Parmalat exposure and the smoke hasn't cleared yet. Many people are just keeping quiet.'
Parmalat had 6.8 billion euros of declared publicly and privately traded bonds yet to mature when the crisis broke on Dec. 19 when a 3.95 billion euro account held by a Cayman Islands unit with Bank of America was declared false.
About 40 percent of the bonds were convertibles and some industry sources estimated that 80 percent of these were held by hedge funds.
Such figures are hard to verify in a secretive offshore industry where hedge fund managers have no disclosure requirements and are not regulated by any watchdog."
10 January 2004
Plans fail to prevent 'IT disasters - AU
ZDNet UK - News - Plans fail to prevent 'IT disasters'
Andy McCue
silicon.com
Although nearly all large companies have a business continuity plan, more than half have suffered an 'IT disaster' during the past five years, according to new research.
Some of the UK's leading companies are inadequately protected from IT disasters, according to a survey of FTSE100 firms.
Research by Compass Management Consulting covering 55 companies in the FTSE100 found that while 98 per cent have a business continuity plan (BCP) in place, 58 per cent have still suffered an 'IT disaster' in the past five years.
The most common disasters suffered by respondents included hardware failure (22 per cent) and utilities failure (18 per cent), followed by deliberate or malicious damage (14 per cent).
It is the latter cause that companies are increasingly unprepared for, according to Debbie Rosario, senior consultant at Compass Management Consulting, who said that more than a third of firms did not consider deliberate or malicious damage at all in their continuity planning.
'There's not the degree of correlation between the types of disaster and the BCP. The focus appears to be on the technology but technology is getting more reliable.'
She said that while almost all organisations now have business continuity in plans in place there seem to be wide variations in their effectiveness. Only 38 per cent suffering an IT disaster actually invoked the measure to solve the problem, while of those who did 71 per cent still reported that their business was impacted.
Rosaria said: 'It doesn't necessarily mean those business continuity plans are good or extensive.'
And while terrorism remains way down the list of actual incidents and priorities for IT departments, Rosario warned that firms are still leaving themselves exposed, with almost half not including security breaches in their continuity plans."
COMMENT:
==================================================
Audited Software Quality Assurance controls should handle the rogue programmer who installs a back door for later use but what about the exploited vulnerabilities once the code is already in production. This goes back to effective risk management systems to prevent and mitigate attacks on assets in production by hardening them in a test environment first. Correct Business Crisis and Continuity Management does not skip over this type of attacker because it uses a systematic approach through a secure enterprise architecture. The key focus here is to be able to anticipate threats through more effective combinations of training and testing in the lab. Then, providing proactive change management tools and systems to identify vulnerable assets and rapidly make the most likely targets the first priority for risk treatments.
Andy McCue
silicon.com
Although nearly all large companies have a business continuity plan, more than half have suffered an 'IT disaster' during the past five years, according to new research.
Some of the UK's leading companies are inadequately protected from IT disasters, according to a survey of FTSE100 firms.
Research by Compass Management Consulting covering 55 companies in the FTSE100 found that while 98 per cent have a business continuity plan (BCP) in place, 58 per cent have still suffered an 'IT disaster' in the past five years.
The most common disasters suffered by respondents included hardware failure (22 per cent) and utilities failure (18 per cent), followed by deliberate or malicious damage (14 per cent).
It is the latter cause that companies are increasingly unprepared for, according to Debbie Rosario, senior consultant at Compass Management Consulting, who said that more than a third of firms did not consider deliberate or malicious damage at all in their continuity planning.
'There's not the degree of correlation between the types of disaster and the BCP. The focus appears to be on the technology but technology is getting more reliable.'
She said that while almost all organisations now have business continuity in plans in place there seem to be wide variations in their effectiveness. Only 38 per cent suffering an IT disaster actually invoked the measure to solve the problem, while of those who did 71 per cent still reported that their business was impacted.
Rosaria said: 'It doesn't necessarily mean those business continuity plans are good or extensive.'
And while terrorism remains way down the list of actual incidents and priorities for IT departments, Rosario warned that firms are still leaving themselves exposed, with almost half not including security breaches in their continuity plans."
COMMENT:
==================================================
Audited Software Quality Assurance controls should handle the rogue programmer who installs a back door for later use but what about the exploited vulnerabilities once the code is already in production. This goes back to effective risk management systems to prevent and mitigate attacks on assets in production by hardening them in a test environment first. Correct Business Crisis and Continuity Management does not skip over this type of attacker because it uses a systematic approach through a secure enterprise architecture. The key focus here is to be able to anticipate threats through more effective combinations of training and testing in the lab. Then, providing proactive change management tools and systems to identify vulnerable assets and rapidly make the most likely targets the first priority for risk treatments.
FBI: Man demanded jet fly to Australia
CNN.com - FBI: Man demanded jet fly to Australia:
WASHINGTON (CNN) -- An American Eagle commuter flight from New York to Washington was diverted Saturday because a threat was made by a passenger 'against the aircraft,' an airline spokeswoman said.
An FBI spokesperson said the threat involved a note given to someone on the plane. The spokesperson also said a man made demands to be flown to Australia.
A Transportation Security Administration official told CNN that the man's note stated he had a bomb on the plane. One man is in FBI custody.
American Eagle Flight 4959, carrying 19 passengers, was headed from LaGuardia Airport in New York to Reagan National Airport in Washington.
Federal authorities said there were five crew members, but Lisa Bailey, a spokeswoman for the airline, said there were three crew members.
The flight was diverted to Dulles International in Washington and landed at noon.
It was moved to an isolated area and was being searched by a K-9 unit, according to a spokeswoman from the Metropolitan Washington Airports Authority.
The federal government owns Reagan National Airport, but it is operated by Airports Authority under a 50-year lease agreement. Planes landing at Reagan follow a flight path which brings them closer to the Capitol and White House.
Passengers were interviewed by law officers after landing.
The plane, an Embraer Regional Jet, model 135, usually seats 37 passengers, the airline said. The jet has a range just under 2,000 miles when fully fueled. The air distance between New York and Sydney, Australia is 9,933 miles."
WASHINGTON (CNN) -- An American Eagle commuter flight from New York to Washington was diverted Saturday because a threat was made by a passenger 'against the aircraft,' an airline spokeswoman said.
An FBI spokesperson said the threat involved a note given to someone on the plane. The spokesperson also said a man made demands to be flown to Australia.
A Transportation Security Administration official told CNN that the man's note stated he had a bomb on the plane. One man is in FBI custody.
American Eagle Flight 4959, carrying 19 passengers, was headed from LaGuardia Airport in New York to Reagan National Airport in Washington.
Federal authorities said there were five crew members, but Lisa Bailey, a spokeswoman for the airline, said there were three crew members.
The flight was diverted to Dulles International in Washington and landed at noon.
It was moved to an isolated area and was being searched by a K-9 unit, according to a spokeswoman from the Metropolitan Washington Airports Authority.
The federal government owns Reagan National Airport, but it is operated by Airports Authority under a 50-year lease agreement. Planes landing at Reagan follow a flight path which brings them closer to the Capitol and White House.
Passengers were interviewed by law officers after landing.
The plane, an Embraer Regional Jet, model 135, usually seats 37 passengers, the airline said. The jet has a range just under 2,000 miles when fully fueled. The air distance between New York and Sydney, Australia is 9,933 miles."
09 January 2004
New net banking scam
New net banking scam:
Jennifer Sexton
The Australian
CUSTOMERS of the nation's five leading banks are unwittingly being siphoned of their savings online, after logging on to official internet banking websites.
Federal police are investigating the latest international banking scam involving the use of online 'trojans' to steal personal account details via computers, which don't have anti-virus protection.
The perpetrators, believed to be working out of Russia and Latvia, recruit other local account holders to accept and transfer the funds in exchange for a cut of the proceeds.
Customers of the National, Commonwealth, ANZ, Westpac and St George have all fallen prey to the scam when using computers without updated anti-virus firewalls.
These computers have been located at home, in libraries and internet cafes.
Tim Ireland, National savings account holder and an employee of The Australian, was robbed of $9000 just before Christmas. The fraudster's first attempt on December 2 last year at a $10,000 withdrawal was knocked back due to insufficient funds. One minute later $5000 was withdrawn.
The following morning a $5000 withdrawal was rejected but immediately after the remaining $4000 was depleted.
'Rather than selling people on the convenience of internet banking, the banks should be making clear the high risk of exposure to hackers should you access your account from a computer you can't vouch for,' said Mr Ireland, whose funds were reimbursed after a 14-day investigation by the bank.
The Australian Bankers Association was yet to officially warn of this particular scam, but the National's customer resolutions representative, Glenn Leyden, admitted in a letter to Mr Ireland on Christmas Eve that none of the major banks had escaped it."
Jennifer Sexton
The Australian
CUSTOMERS of the nation's five leading banks are unwittingly being siphoned of their savings online, after logging on to official internet banking websites.
Federal police are investigating the latest international banking scam involving the use of online 'trojans' to steal personal account details via computers, which don't have anti-virus protection.
The perpetrators, believed to be working out of Russia and Latvia, recruit other local account holders to accept and transfer the funds in exchange for a cut of the proceeds.
Customers of the National, Commonwealth, ANZ, Westpac and St George have all fallen prey to the scam when using computers without updated anti-virus firewalls.
These computers have been located at home, in libraries and internet cafes.
Tim Ireland, National savings account holder and an employee of The Australian, was robbed of $9000 just before Christmas. The fraudster's first attempt on December 2 last year at a $10,000 withdrawal was knocked back due to insufficient funds. One minute later $5000 was withdrawn.
The following morning a $5000 withdrawal was rejected but immediately after the remaining $4000 was depleted.
'Rather than selling people on the convenience of internet banking, the banks should be making clear the high risk of exposure to hackers should you access your account from a computer you can't vouch for,' said Mr Ireland, whose funds were reimbursed after a 14-day investigation by the bank.
The Australian Bankers Association was yet to officially warn of this particular scam, but the National's customer resolutions representative, Glenn Leyden, admitted in a letter to Mr Ireland on Christmas Eve that none of the major banks had escaped it."
Regulators to Expand Fund Probe
Regulators to Expand Fund Probe:
Spitzer Says Targets to Include Institutions Bankrolling Illegal Trades
By Brooke A. Masters
Washington Post Staff Writer
Friday, January 9, 2004; Page E01
The sprawling mutual fund investigation will soon target financial institutions that helped bankroll illegal trading by hedge funds and other big investors, New York Attorney General Eliot L. Spitzer and federal regulators said yesterday.
Since September, Spitzer and the Securities and Exchange Commission have brought legal actions against half a dozen fund companies and brokerage firms for improperly allowing big clients or insiders to engage in 'market timing,' a predatory practice that allows short-term traders to profit at the expense of long-term mutual fund investors.
Now regulators are training their sights on 'the financing of these trading patterns,' Spitzer told a gathering of Washington Post editors and reporters.
He would not discuss specific targets, but sources familiar with the investigation said the SEC and Spitzer are examining Bank of America and a handful of other major financial institutions in Canada and the United States. The first cases are likely to be brought in the next two months, the sources said.
SEC enforcement chief Stephen M. Cutler also would not name targets, but he likened this phase of the investigation to cases brought against several major banks for allegedly helping Enron Corp. make earnings look better by disguising the true nature of financial transactions."
Spitzer Says Targets to Include Institutions Bankrolling Illegal Trades
By Brooke A. Masters
Washington Post Staff Writer
Friday, January 9, 2004; Page E01
The sprawling mutual fund investigation will soon target financial institutions that helped bankroll illegal trading by hedge funds and other big investors, New York Attorney General Eliot L. Spitzer and federal regulators said yesterday.
Since September, Spitzer and the Securities and Exchange Commission have brought legal actions against half a dozen fund companies and brokerage firms for improperly allowing big clients or insiders to engage in 'market timing,' a predatory practice that allows short-term traders to profit at the expense of long-term mutual fund investors.
Now regulators are training their sights on 'the financing of these trading patterns,' Spitzer told a gathering of Washington Post editors and reporters.
He would not discuss specific targets, but sources familiar with the investigation said the SEC and Spitzer are examining Bank of America and a handful of other major financial institutions in Canada and the United States. The first cases are likely to be brought in the next two months, the sources said.
SEC enforcement chief Stephen M. Cutler also would not name targets, but he likened this phase of the investigation to cases brought against several major banks for allegedly helping Enron Corp. make earnings look better by disguising the true nature of financial transactions."
08 January 2004
New threats, regulatory woes to cause '04 security headaches
SearchSecurity.com | New threats, regulatory woes to cause '04 security headaches:
By Edward Hurley
Experts predict many of next year's security issues will grow from seeds sown in 2003.
Regulatory compliance will likely be the main driver for infosecurity spending and implementation. While most companies have a pretty good handle on the Health Insurance Portability and Accountability Act (HIPAA), a couple of new regulations entered the fray that companies will address this year. California passed the Security Breach Notification Act (SB 1386), which requires that companies disclose security breaches that may have compromised specific personal information on California residents.
But many observers say that the Sarbanes-Oxley Act will be the law that really drives infosecurity. Passed in response to the corporate governance scandals of 2002, the law doesn't directly address security. However, it mandates that the CEO and CFO sign off on the integrity of a company's financials (including internal controls), forcing upper-level management to take a personal interest in security.
Michael Rasmussen, director of information security at Forrester Research, predicts a similar law will be passed this year mandating upper-level management sign off on their company's information security plans."
By Edward Hurley
Experts predict many of next year's security issues will grow from seeds sown in 2003.
Regulatory compliance will likely be the main driver for infosecurity spending and implementation. While most companies have a pretty good handle on the Health Insurance Portability and Accountability Act (HIPAA), a couple of new regulations entered the fray that companies will address this year. California passed the Security Breach Notification Act (SB 1386), which requires that companies disclose security breaches that may have compromised specific personal information on California residents.
But many observers say that the Sarbanes-Oxley Act will be the law that really drives infosecurity. Passed in response to the corporate governance scandals of 2002, the law doesn't directly address security. However, it mandates that the CEO and CFO sign off on the integrity of a company's financials (including internal controls), forcing upper-level management to take a personal interest in security.
Michael Rasmussen, director of information security at Forrester Research, predicts a similar law will be passed this year mandating upper-level management sign off on their company's information security plans."
European banks to spend $4bn on Basel II compliance
finextra news: European banks to spend $4bn on Basel II compliance:
08 January 2004 - Europe's banks will spend almost $4bn on credit risk management software and services over the next two years in order to comply with Basel II regulations, according to forecasts by Datamonitor.
Spending will reach $1.93bn in 2004 and peak at $2bn in 2005 as firms scramble to meet the 2006 deadline for compliance.
Datamonitor says preliminary activities such as regulation interpretation and business impact planning in banks are now giving way to IT implementation.
According to the research, Switzerland and Germany currently stand out ahead in Basel II efforts in Europe. Datamonitor says this is due to strong regulatory pressures at a local level associated with capital adequacy requirements.
The UK, Spain, Benelux and the Nordic countries are midway in terms of Basel II implementation but banks in France and Italy are lagging in preparation.
Datamonitor says any banks that lag behind in implementing Basel II compliance systems will provide technology vendors with 'rich pickings'.
Despite having progressed with Basel II, Datamonitor says the UK is still one of the countries - along with France and Italy - that will lead growth rates in credit risk/Basel II spending. According to the research, these countries have either a larger proportion of financial firms that are late in preparing for Basel II or the disparity in preparation levels between the leaders and laggards is wider.
08 January 2004 - Europe's banks will spend almost $4bn on credit risk management software and services over the next two years in order to comply with Basel II regulations, according to forecasts by Datamonitor.
Spending will reach $1.93bn in 2004 and peak at $2bn in 2005 as firms scramble to meet the 2006 deadline for compliance.
Datamonitor says preliminary activities such as regulation interpretation and business impact planning in banks are now giving way to IT implementation.
According to the research, Switzerland and Germany currently stand out ahead in Basel II efforts in Europe. Datamonitor says this is due to strong regulatory pressures at a local level associated with capital adequacy requirements.
The UK, Spain, Benelux and the Nordic countries are midway in terms of Basel II implementation but banks in France and Italy are lagging in preparation.
Datamonitor says any banks that lag behind in implementing Basel II compliance systems will provide technology vendors with 'rich pickings'.
Despite having progressed with Basel II, Datamonitor says the UK is still one of the countries - along with France and Italy - that will lead growth rates in credit risk/Basel II spending. According to the research, these countries have either a larger proportion of financial firms that are late in preparing for Basel II or the disparity in preparation levels between the leaders and laggards is wider.
Corporate Fraud off to a great start in 2004...What's new?
By Peter L. Higgins
We did a quick analysis today on what's in the news, or better said, how much corporate fraud is off to a great start for 2004! What's new? It's all new.
Your search for fraud / today returned:
27 articles - New York Times
8 articles - Wall Street Journal
Topics of Interest include:
New President Ireland to Press For Immigration Policy Action
Italy Gets Set To Re-Examine How It Regulates
Prosecutors Charge Executive and Lawyer With Fraud Over IPO
Scandal Reaches Far and High
Stricter Rules on Bonds Are Sought
Tyco Former Director Testifies
U.S. Government Removes Its Ban on Bids by MCI
What Mutual-Fund Scandal?
Searching other sites such as the BBC and LA Times produced similar results. Why is it that fraud is such a news worthy item? Or at least this word is used so frequently as an adjective. Definition of Fraud:
Fraud n 1: DECEIT, TRICKERY 2: TRICK 3: IMPOSTER, CHEAT
Fraudulent adj : characterized by, based on, or done by fraud: DECEITFUL
Is it that people like reading about cheats and impostors because they enjoy seeing how they get caught? Is it that they feel better that they aren't the only ones? Or is it that they want to make sure that they don't make the same mistakes.
Our organizations today are full of everyday cheats, impostors and fraudulent activity. The sales person who inflates their expense report so they can afford to buy the wife a nice piece of jewelry is just as much a crook as Andrew Fastow of Enron or Calisto Tanzi of Parmalat. It's not as if they don't know any better. They do know that they are cheating or being deceitful. They do it because they can, and no one has told them to stop.
The risks of employing people to run an organization are going to multiply until we figure out ways to keep humans out of each business process. And even then, human greed or lust for power or some other innate motivation will cause someone to figure out how to beat the system. As an investor and as a business owner you can only do one thing that will diminish your losses.
Be proactive. Be preventive. And be Relevant. All the locks, safes, controls, alarms, fences, procedures, education, laws and penalties will not stop the loss events. Only one thing will keep you from a total loss or complete business paralysis.
Change.
We've all heard it over and over. Yet we continue to dismiss the fact that our organization is different today than it was yesterday. That the world has changed since the cold war. That zeros and ones could arguably be our most valuable assets. Information and data will endure beyond the life span of any human leader or organization through out history.
The zeros and ones game is a change management game. Those who master the art of managing information will be able to adapt faster than the attackers. Whether they be digital, human or mother nature.
How do you feel about the integrity of your loss event database? The speed that you get the correct answer. What if the answer was never correct? Guess what. The risk factors being played out today are different than it was last month. Or last year.
Collusion. Embezzlement. Churning. Market manipulation. Limit Breach. Wrongful termination. Harassment. Non-adherence. Failure of due diligence. Input error. Insufficient capacity. Reconciliation failure. Inappropriate contract terms. Product complexity. Poor advice. Obsolescence. Network failure. Project overruns. Programming error. Bug. Security breach. Money Laundering. Terrorism. Arson. Robbery. Blackmail. Vandalism. Natural disaster. Bankruptcy. Breach of service. Loss of power. Regulations. Laws. New employees. And the list goes on.
Have a great day!
We did a quick analysis today on what's in the news, or better said, how much corporate fraud is off to a great start for 2004! What's new? It's all new.
Your search for fraud / today returned:
27 articles - New York Times
8 articles - Wall Street Journal
Topics of Interest include:
New President Ireland to Press For Immigration Policy Action
Italy Gets Set To Re-Examine How It Regulates
Prosecutors Charge Executive and Lawyer With Fraud Over IPO
Scandal Reaches Far and High
Stricter Rules on Bonds Are Sought
Tyco Former Director Testifies
U.S. Government Removes Its Ban on Bids by MCI
What Mutual-Fund Scandal?
Searching other sites such as the BBC and LA Times produced similar results. Why is it that fraud is such a news worthy item? Or at least this word is used so frequently as an adjective. Definition of Fraud:
Fraud n 1: DECEIT, TRICKERY 2: TRICK 3: IMPOSTER, CHEAT
Fraudulent adj : characterized by, based on, or done by fraud: DECEITFUL
Is it that people like reading about cheats and impostors because they enjoy seeing how they get caught? Is it that they feel better that they aren't the only ones? Or is it that they want to make sure that they don't make the same mistakes.
Our organizations today are full of everyday cheats, impostors and fraudulent activity. The sales person who inflates their expense report so they can afford to buy the wife a nice piece of jewelry is just as much a crook as Andrew Fastow of Enron or Calisto Tanzi of Parmalat. It's not as if they don't know any better. They do know that they are cheating or being deceitful. They do it because they can, and no one has told them to stop.
The risks of employing people to run an organization are going to multiply until we figure out ways to keep humans out of each business process. And even then, human greed or lust for power or some other innate motivation will cause someone to figure out how to beat the system. As an investor and as a business owner you can only do one thing that will diminish your losses.
Be proactive. Be preventive. And be Relevant. All the locks, safes, controls, alarms, fences, procedures, education, laws and penalties will not stop the loss events. Only one thing will keep you from a total loss or complete business paralysis.
Change.
We've all heard it over and over. Yet we continue to dismiss the fact that our organization is different today than it was yesterday. That the world has changed since the cold war. That zeros and ones could arguably be our most valuable assets. Information and data will endure beyond the life span of any human leader or organization through out history.
The zeros and ones game is a change management game. Those who master the art of managing information will be able to adapt faster than the attackers. Whether they be digital, human or mother nature.
How do you feel about the integrity of your loss event database? The speed that you get the correct answer. What if the answer was never correct? Guess what. The risk factors being played out today are different than it was last month. Or last year.
Collusion. Embezzlement. Churning. Market manipulation. Limit Breach. Wrongful termination. Harassment. Non-adherence. Failure of due diligence. Input error. Insufficient capacity. Reconciliation failure. Inappropriate contract terms. Product complexity. Poor advice. Obsolescence. Network failure. Project overruns. Programming error. Bug. Security breach. Money Laundering. Terrorism. Arson. Robbery. Blackmail. Vandalism. Natural disaster. Bankruptcy. Breach of service. Loss of power. Regulations. Laws. New employees. And the list goes on.
Have a great day!
07 January 2004
Poor integration puts M&A at risk
Poor integration puts M&A at risk
By Gabrielle Costa
The Age
More than three-quarters of mergers and acquisitions are dismal failures because predatory companies fail to ask basic, pertinent questions about the mechanics of integrating a new business into existing structures, according to human resources consultancy firm DDI.
Inadequate communication, poor leadership, inappropriate corporate structures and misaligned internal systems are some of the factors that result in 77 per cent of predatory companies failing to even recoup the costs of their investment - let alone improve their bottom line.
Ian Paterson, general manager of DDI, which has advised 75 per cent of Australia's top 100 companies, said that the 77 per cent failure rate for M&A was extracted from worldwide data but would probably be closely reflected in Australia.
His comments follow this week's release of research by Thomson Financial showing that, in 2003, mergers and acquisitions involving Australian companies had risen to almost $US70 billion ($A91 billion), up 66 per cent on 2002.
This comes after KPMG Corporate Finance forecast M&A activity would continue to strengthen this year as a result of sound economic fundamentals, economic stability and a strong sharemarket. "
By Gabrielle Costa
The Age
More than three-quarters of mergers and acquisitions are dismal failures because predatory companies fail to ask basic, pertinent questions about the mechanics of integrating a new business into existing structures, according to human resources consultancy firm DDI.
Inadequate communication, poor leadership, inappropriate corporate structures and misaligned internal systems are some of the factors that result in 77 per cent of predatory companies failing to even recoup the costs of their investment - let alone improve their bottom line.
Ian Paterson, general manager of DDI, which has advised 75 per cent of Australia's top 100 companies, said that the 77 per cent failure rate for M&A was extracted from worldwide data but would probably be closely reflected in Australia.
His comments follow this week's release of research by Thomson Financial showing that, in 2003, mergers and acquisitions involving Australian companies had risen to almost $US70 billion ($A91 billion), up 66 per cent on 2002.
This comes after KPMG Corporate Finance forecast M&A activity would continue to strengthen this year as a result of sound economic fundamentals, economic stability and a strong sharemarket. "
FEMA On-line Course Offers CERT Training
FEMA On-line Course Offers CERT Training:
WASHINGTON, D.C. – The Department of Homeland Security’s Federal Emergency Management Agency (FEMA) has an on-line, independent study course that can serve as either an introduction to those joining Community Emergency Response Teams (CERTs) or as a refresher to current volunteer team members.
“While nothing can replace the in-person training local jurisdictions offer to CERT volunteers, this independent course augments their education and serves to reinforce the knowledge they’ve gained,” said Michael D. Brown, Under Secretary of Homeland Security for Emergency Preparedness and Response. “This new independent study course underscores the importance that FEMA places on CERT and its importance to communities across the nation.”
CERT members work with a community’s emergency management officials to provide assistance in a disaster by helping victims, organizing spontaneous volunteers at a disaster site and supporting emergency responders.
Specialists at FEMA’s Emergency Management Institute developed the course, which is part of the institute’s extensive independent study program. The course, Introduction to Community Emergency Response Teams, IS 317, has six modules with topics that include an introduction to CERT, fire safety, hazardous material and terrorist incidents, disaster medical operations, and search and rescue. It takes between six and eight hours to complete the course; those successfully finishing it receive a certification of completion. The course is located at: CERT Training Online.
The course can be taken by anyone interested in CERT, but only those who are actual CERT volunteers can take the in-person training FEMA offers.
On March 1, 2003, FEMA became part of the U.S. Department of Homeland Security. FEMA's continuing mission within the new department is to lead the effort to prepare the nation for all hazards and effectively manage federal response and recovery efforts following any national incident. FEMA also initiates proactive mitigation activities, trains first responders, the National Flood Insurance Program and the U.S. Fire Administration.
COMMENT:
==================================================
1SecureAudit is leading a project to create a Corporate Emergency Response Team for all the businesses in a commercial building in Fairfax County, VA. We highly recommend that CERT volunteers take the FEMA online courses while they are waiting for the official county certified training in the classroom. In our case, the demand exceeds the capacity of the instructors so you could be waiting up to 8 weeks to get your team officially trained.
WASHINGTON, D.C. – The Department of Homeland Security’s Federal Emergency Management Agency (FEMA) has an on-line, independent study course that can serve as either an introduction to those joining Community Emergency Response Teams (CERTs) or as a refresher to current volunteer team members.
“While nothing can replace the in-person training local jurisdictions offer to CERT volunteers, this independent course augments their education and serves to reinforce the knowledge they’ve gained,” said Michael D. Brown, Under Secretary of Homeland Security for Emergency Preparedness and Response. “This new independent study course underscores the importance that FEMA places on CERT and its importance to communities across the nation.”
CERT members work with a community’s emergency management officials to provide assistance in a disaster by helping victims, organizing spontaneous volunteers at a disaster site and supporting emergency responders.
Specialists at FEMA’s Emergency Management Institute developed the course, which is part of the institute’s extensive independent study program. The course, Introduction to Community Emergency Response Teams, IS 317, has six modules with topics that include an introduction to CERT, fire safety, hazardous material and terrorist incidents, disaster medical operations, and search and rescue. It takes between six and eight hours to complete the course; those successfully finishing it receive a certification of completion. The course is located at: CERT Training Online.
The course can be taken by anyone interested in CERT, but only those who are actual CERT volunteers can take the in-person training FEMA offers.
On March 1, 2003, FEMA became part of the U.S. Department of Homeland Security. FEMA's continuing mission within the new department is to lead the effort to prepare the nation for all hazards and effectively manage federal response and recovery efforts following any national incident. FEMA also initiates proactive mitigation activities, trains first responders, the National Flood Insurance Program and the U.S. Fire Administration.
COMMENT:
==================================================
1SecureAudit is leading a project to create a Corporate Emergency Response Team for all the businesses in a commercial building in Fairfax County, VA. We highly recommend that CERT volunteers take the FEMA online courses while they are waiting for the official county certified training in the classroom. In our case, the demand exceeds the capacity of the instructors so you could be waiting up to 8 weeks to get your team officially trained.
'Dirty Bomb' Was Major New Year's Worry
'Dirty Bomb' Was Major New Year's Worry
By John Mintz and Susan Schmidt
Washington Post Staff Writers
Wednesday, January 7, 2004; Page A01
With huge New Year's Eve celebrations and college football bowl games only days away, the U.S. government last month dispatched scores of casually dressed nuclear scientists with sophisticated radiation detection equipment hidden in briefcases and golf bags to scour five major U.S. cities for radiological, or 'dirty,' bombs, according to officials involved in the emergency effort.
The call-up of Department of Energy radiation experts to Washington, New York, Las Vegas, Los Angeles and Baltimore was the first since the weeks after the Sept. 11, 2001, attacks. It was conducted in secrecy, in contrast with the very public cancellation of 15 commercial flights into this country from France, Britain and Mexico -- the other major counterterrorism response of the holiday season.
The new details of the government's search for a dirty bomb help explain why officials have used dire terms to describe the reasons for the nation's fifth 'code orange' alert, issued on Dec. 21 by Homeland Security Secretary Tom Ridge. U.S. officials said they remain worried today -- in many cases, more concerned than much of the American public realizes -- that their countermeasures would fall short.
'Government officials are surprised that people [in the United States] aren't more hyped about all this,' said one source familiar with counterterrorism preparations.
Even now, hundreds of nuclear and bioweapons scientists remain on high alert at several military bases around the country, ready to fly to any trouble spot. Pharmaceutical stockpiles for responding to biological attacks are on transportable trucks at key U.S. military bases."
By John Mintz and Susan Schmidt
Washington Post Staff Writers
Wednesday, January 7, 2004; Page A01
With huge New Year's Eve celebrations and college football bowl games only days away, the U.S. government last month dispatched scores of casually dressed nuclear scientists with sophisticated radiation detection equipment hidden in briefcases and golf bags to scour five major U.S. cities for radiological, or 'dirty,' bombs, according to officials involved in the emergency effort.
The call-up of Department of Energy radiation experts to Washington, New York, Las Vegas, Los Angeles and Baltimore was the first since the weeks after the Sept. 11, 2001, attacks. It was conducted in secrecy, in contrast with the very public cancellation of 15 commercial flights into this country from France, Britain and Mexico -- the other major counterterrorism response of the holiday season.
The new details of the government's search for a dirty bomb help explain why officials have used dire terms to describe the reasons for the nation's fifth 'code orange' alert, issued on Dec. 21 by Homeland Security Secretary Tom Ridge. U.S. officials said they remain worried today -- in many cases, more concerned than much of the American public realizes -- that their countermeasures would fall short.
'Government officials are surprised that people [in the United States] aren't more hyped about all this,' said one source familiar with counterterrorism preparations.
Even now, hundreds of nuclear and bioweapons scientists remain on high alert at several military bases around the country, ready to fly to any trouble spot. Pharmaceutical stockpiles for responding to biological attacks are on transportable trucks at key U.S. military bases."
06 January 2004
Beyond Compliance: The Business Value of Sarbox
Beyond Compliance: The Business Value of Sarbox
Investing in Sarbanes-Oxley could offer a competitive edge, according to a recent TowerGroup report. The report suggests that investing appropriately could be an opportunity to change how the organization tackles related IT transformation.
'In the compliance mindset, which is manifested in a quantitative and qualitative top-down approach, risk and control data is extracted from across diverse business lines for comparison purposes. Measurable business improvements will be confined to a focused set of actions,' the report says.
The report also says that forward-thinking institutions will look beyond the immediate concerns of Sarbanes-Oxley and 'pursue the legislation's broader strategic opportunities for risk mitigation, operational efficiency and business-process transformation.' In order to do this, the organization must look at compliance issues as a whole and leverage other improvements made for issues such as the USA Patriot Act and Basel II.
The recommendation? A bottom-up approach to interpreting data and records from various sources. The report suggests that rules-based engines, business-process models and quantitative analytics be used to mitigate risk and improve operational efficiency. Ultimately, this information will provide essential information that will help managers make better decisions at a lower cost."
Investing in Sarbanes-Oxley could offer a competitive edge, according to a recent TowerGroup report. The report suggests that investing appropriately could be an opportunity to change how the organization tackles related IT transformation.
'In the compliance mindset, which is manifested in a quantitative and qualitative top-down approach, risk and control data is extracted from across diverse business lines for comparison purposes. Measurable business improvements will be confined to a focused set of actions,' the report says.
The report also says that forward-thinking institutions will look beyond the immediate concerns of Sarbanes-Oxley and 'pursue the legislation's broader strategic opportunities for risk mitigation, operational efficiency and business-process transformation.' In order to do this, the organization must look at compliance issues as a whole and leverage other improvements made for issues such as the USA Patriot Act and Basel II.
The recommendation? A bottom-up approach to interpreting data and records from various sources. The report suggests that rules-based engines, business-process models and quantitative analytics be used to mitigate risk and improve operational efficiency. Ultimately, this information will provide essential information that will help managers make better decisions at a lower cost."
Parmalat SEC Suit May Expand, Cover $1.5 Bln in Bonds
Parmalat SEC Suit May Expand, Cover $1.5 Bln in Bonds
Jan. 6 (Bloomberg) -- The U.S. Securities and Exchange Commission may expand its case against Parmalat Finanziaria SpA by adding allegations that the bankrupt Italian food company committed fraud in selling $1.5 billion in bonds and notes to U.S. investors, an SEC official said.
Lawrence West, the enforcement official overseeing the Parmalat case, said the agency may widen a complaint filed last week in New York to add bonds sold in the U.S. from 1998 to 2002.
``It is possible that we would do that,'' West said about the new fraud claim in an interview. The original complaint cited alleged fraud in a planned sale of $100 million in notes to U.S investors last year. That sale fell through after Parmalat's auditors questioned some company accounts.
By expanding the New York complaint to cover securities actually sold in the U.S., the SEC may seek higher fines. U.S. law lets courts assess fines for the total amount of money gained from a fraudulent bond sale. In the original complaint, the SEC sought only unspecified ``substantial civil penalties.''"
Jan. 6 (Bloomberg) -- The U.S. Securities and Exchange Commission may expand its case against Parmalat Finanziaria SpA by adding allegations that the bankrupt Italian food company committed fraud in selling $1.5 billion in bonds and notes to U.S. investors, an SEC official said.
Lawrence West, the enforcement official overseeing the Parmalat case, said the agency may widen a complaint filed last week in New York to add bonds sold in the U.S. from 1998 to 2002.
``It is possible that we would do that,'' West said about the new fraud claim in an interview. The original complaint cited alleged fraud in a planned sale of $100 million in notes to U.S investors last year. That sale fell through after Parmalat's auditors questioned some company accounts.
By expanding the New York complaint to cover securities actually sold in the U.S., the SEC may seek higher fines. U.S. law lets courts assess fines for the total amount of money gained from a fraudulent bond sale. In the original complaint, the SEC sought only unspecified ``substantial civil penalties.''"
Letter bombs throw fright into EU brass
London Free Press: News Section - Letter bombs throw fright into EU brass:
Two more blew up, although no one was hurt, and officials are tightening security.
AP
BRUSSELS -- The explosion of two more letter bombs yesterday left European Union officials seeking immediate security improvements and the head of the EU legislature warned legislators to be on the alert, even in their homes. Since two small bombs were set off outside the home of European Commission President Romano Prodi on Dec. 21, seven letter bombs have targeted senior EU officials, spreading confusion and outrage even though the mailed incendiary devices have produced no injuries."
Two more blew up, although no one was hurt, and officials are tightening security.
AP
BRUSSELS -- The explosion of two more letter bombs yesterday left European Union officials seeking immediate security improvements and the head of the EU legislature warned legislators to be on the alert, even in their homes. Since two small bombs were set off outside the home of European Commission President Romano Prodi on Dec. 21, seven letter bombs have targeted senior EU officials, spreading confusion and outrage even though the mailed incendiary devices have produced no injuries."
05 January 2004
COSO Draft Enterprise Risk Management Framework
The Institute of Internal Auditors UK and Ireland Online - Risk And Control
Author: Dr Keith Blacker
What does the standard mean for internal auditors? What are the key points that internal auditors need to consider as part of their approach to reviewing the processes that enable management to manage their enterprise risks and providing assurance to management that what they are doing is facilitating rather than hindering risk management? This document provides some pointers."
Author: Dr Keith Blacker
What does the standard mean for internal auditors? What are the key points that internal auditors need to consider as part of their approach to reviewing the processes that enable management to manage their enterprise risks and providing assurance to management that what they are doing is facilitating rather than hindering risk management? This document provides some pointers."
Board of Directors BCCM Responsibilities...
By Peter L. Higgins
The Board of Directors and Senior Management are responsible for Business Crisis and Continuity Management (BCCM) of the Enterprise. Why is BCCM important to shareholders of the organization? Because done right, it lowers volatility in earnings growth and return on capital. This means that with less uncertainty the organization will improve its risk adjusted valuation in the eyes of regulators, creditors and insurers. A more secure posture in the market place also produces added returns in reputation, competitive advantage, employee safety and shareholder value.
To find out more about the Critical Factors in Business Crisis and Continuity Management visit Count Down from Six, a webinar for executives and board directors.
The Board of Directors and Senior Management are responsible for Business Crisis and Continuity Management (BCCM) of the Enterprise. Why is BCCM important to shareholders of the organization? Because done right, it lowers volatility in earnings growth and return on capital. This means that with less uncertainty the organization will improve its risk adjusted valuation in the eyes of regulators, creditors and insurers. A more secure posture in the market place also produces added returns in reputation, competitive advantage, employee safety and shareholder value.
To find out more about the Critical Factors in Business Crisis and Continuity Management visit Count Down from Six, a webinar for executives and board directors.
The Australian: Private targets alert
The Australian: Private targets alert
By Ean Higgins
ON May 6, at the South Australian ballistic missile test site of Woomera, bomb experts will light off five tonnes of the high explosive Hexolite.
It promises to be what, in Irish Republican Army parlance, will be a 'spectacular'. The blast material, a mixture of RDX and TNT, will gauge the extent to which it blows to smithereens various materials.
One might think it would be a test of how to produce better armour for tanks or concrete for military bunkers. But no, the aim will be to see how various materials in buildings stand up to explosions.
A couple of townhouses and various commercial structures made of standard brick and concrete block among other materials are being built to be blown up from different distances. While it will be a Defence Science and Technology Organisation show, many of the observers will be from business groups including a busload from Engineers Australia.
The bomb master, or as he prefers to be known, trial manager, Major Keith Parker, said the experiment would test 'how much load will go on to buildings' during explosions.
While this test will provide lessons for building standards generally, including against accidents, the terror factor will be top of mind.
The message seems to be getting through to government and the business community that commercial interests rather than conventional military, government or civil infrastructure are the most likely terrorist targets."
By Ean Higgins
ON May 6, at the South Australian ballistic missile test site of Woomera, bomb experts will light off five tonnes of the high explosive Hexolite.
It promises to be what, in Irish Republican Army parlance, will be a 'spectacular'. The blast material, a mixture of RDX and TNT, will gauge the extent to which it blows to smithereens various materials.
One might think it would be a test of how to produce better armour for tanks or concrete for military bunkers. But no, the aim will be to see how various materials in buildings stand up to explosions.
A couple of townhouses and various commercial structures made of standard brick and concrete block among other materials are being built to be blown up from different distances. While it will be a Defence Science and Technology Organisation show, many of the observers will be from business groups including a busload from Engineers Australia.
The bomb master, or as he prefers to be known, trial manager, Major Keith Parker, said the experiment would test 'how much load will go on to buildings' during explosions.
While this test will provide lessons for building standards generally, including against accidents, the terror factor will be top of mind.
The message seems to be getting through to government and the business community that commercial interests rather than conventional military, government or civil infrastructure are the most likely terrorist targets."
03 January 2004
Banks feel the heat from Parmalat scandal
Banks feel the heat from Parmalat scandal
Sat January 3, 2004 07:12 AM ET Reuters
(Page 1 of 2)
By William Schomberg and Antonella Ciancio
MILAN, Jan 3 (Reuters) - International banks felt the heat from the multi-billion-euro Parmalat (PRFI.MI: Quote, Profile, Research) scandal on Saturday as the U.S. SEC said it was investigating whether they were negligent or reckless by selling the food firm's bonds.
With Parmalat's disgraced founder Calisto Tanzi facing a new round of questioning in a Milan jail, Italian prosecutors were also focusing on the banks amid one of the world's biggest ever corporate crises.
A senior inspector from the U.S. Securities and Exchange Commission was quoted on Saturday as saying that the way Bank of America (BAC.N: Quote, Profile, Research) and other banks sold billions of euros (dollars) worth of Parmalat bonds was being examined. 'We need to understand if they acted in a way that was negligent or reckless or otherwise,' Lawrence West, associate director of enforcement at the SEC, told Italian newspaper Corriere della Sera.
The SEC has launched its own probe into what it has called 'one of the most brazen corporate financial frauds in history.'
Parmalat's crisis exploded just over two weeks ago when a new management team trying to save the food group revealed a four-billion-euro hole in its accounts."
Sat January 3, 2004 07:12 AM ET Reuters
(Page 1 of 2)
By William Schomberg and Antonella Ciancio
MILAN, Jan 3 (Reuters) - International banks felt the heat from the multi-billion-euro Parmalat (PRFI.MI: Quote, Profile, Research) scandal on Saturday as the U.S. SEC said it was investigating whether they were negligent or reckless by selling the food firm's bonds.
With Parmalat's disgraced founder Calisto Tanzi facing a new round of questioning in a Milan jail, Italian prosecutors were also focusing on the banks amid one of the world's biggest ever corporate crises.
A senior inspector from the U.S. Securities and Exchange Commission was quoted on Saturday as saying that the way Bank of America (BAC.N: Quote, Profile, Research) and other banks sold billions of euros (dollars) worth of Parmalat bonds was being examined. 'We need to understand if they acted in a way that was negligent or reckless or otherwise,' Lawrence West, associate director of enforcement at the SEC, told Italian newspaper Corriere della Sera.
The SEC has launched its own probe into what it has called 'one of the most brazen corporate financial frauds in history.'
Parmalat's crisis exploded just over two weeks ago when a new management team trying to save the food group revealed a four-billion-euro hole in its accounts."
30 December 2003
Virginia's Institute for Defense and Homeland Security -- November - December 2003 Newsletter
Virginia's Institute for Defense and Homeland Security -- November - December 2003 Newsletter:
Guest Column
Offense vs. Defense: The Risk Management Clock is Ticking
By Peter L. Higgins, 1SecureAudit
What side of the risk field do you play on in your organization? A mix of both offense and defense is a prudent way to hedge any potential losses. Unfortunately, many don't spend nearly enough time being proactive and managing future risk.
Proactive and preventive risk management requires a layered and active intelligence program. It assumes that dedicated resources and personnel are spending a majority of their time scanning the horizon for new threats. It means devoting more time to asking, 'What if'? This kind of investment will produce the new thinking and strategy that can prevent a potential new loss.
At a recent conference, Ms. Frances Fragos-Townsend, Deputy National Security Advisor for Combating Terrorism in the National Security Council, addressed this exact topic of proactive risk management. She urged businesses to get out of consequence-management mode and into the risk-management mode. She was right on target. Businesses don't spend enough time thinking ahead and looking toward the horizon. We need to be actively thinking about where the next risk of loss will come from and prepare for it.
How many play minutes did your board of directors spend in the last meeting on dealing with consequences (defense) as opposed to managing the risks of the future (offense). For a look at what risks your company and our planet will face in the next two decades, take a look at the Seven Revolutions Initiative, which attempts to describe what the world will look like in 2025. This goal of this project is to promote strategic, forward-looking thinking among current and future leaders about how the world will change over the next 25 years and what that change will mean for international leadership. One visit to the Seven Revolutions website will convince you that we all have a tremendous amount of planning to do if we are going to be able to respond to the risk and change ahead of us."
Guest Column
Offense vs. Defense: The Risk Management Clock is Ticking
By Peter L. Higgins, 1SecureAudit
What side of the risk field do you play on in your organization? A mix of both offense and defense is a prudent way to hedge any potential losses. Unfortunately, many don't spend nearly enough time being proactive and managing future risk.
Proactive and preventive risk management requires a layered and active intelligence program. It assumes that dedicated resources and personnel are spending a majority of their time scanning the horizon for new threats. It means devoting more time to asking, 'What if'? This kind of investment will produce the new thinking and strategy that can prevent a potential new loss.
At a recent conference, Ms. Frances Fragos-Townsend, Deputy National Security Advisor for Combating Terrorism in the National Security Council, addressed this exact topic of proactive risk management. She urged businesses to get out of consequence-management mode and into the risk-management mode. She was right on target. Businesses don't spend enough time thinking ahead and looking toward the horizon. We need to be actively thinking about where the next risk of loss will come from and prepare for it.
How many play minutes did your board of directors spend in the last meeting on dealing with consequences (defense) as opposed to managing the risks of the future (offense). For a look at what risks your company and our planet will face in the next two decades, take a look at the Seven Revolutions Initiative, which attempts to describe what the world will look like in 2025. This goal of this project is to promote strategic, forward-looking thinking among current and future leaders about how the world will change over the next 25 years and what that change will mean for international leadership. One visit to the Seven Revolutions website will convince you that we all have a tremendous amount of planning to do if we are going to be able to respond to the risk and change ahead of us."
25 December 2003
2004 Insights and Perspectives
By Peter L. Higgins
One only has to look into the mirror of 2003 to see where our world is headed. The globe is preparing itself for the next major breakpoint in its history of commerce and business. Our organizations are in anarchy and the consumers of our products and services are shifting before our eyes.
You only have to look back on the past years major headlines of the New York Times to gain some perspective on where we are headed in the next 12 months. Social consciousness is seeping into the workplace and management is keenly aware of the change factors on the corporate doorstep for 2004.
Several new waves of change are upon us. As providers of products and services to the consumers of the planet, whether businesses or individuals, the writing is on the walls of the corporate boardroom. Survive.
The tides of change are upon us. Look no further than the Seven Revolutions Initiative. See 7 Revs. The social, technological and demographic facets are enough to make anyone wonder where we are all headed in the next 20 years. The financial and healthcare industries are putting the building blocks in place to sustain a dramatic shift in who their customers are today and whom they will be tomorrow.
To survive in 2004 and beyond, the corporate gray matter will have to respond to the changing consumer. See LOHAS 8 to gain more insight on how the thought leaders of corporations large and small are changing to address the demands of a $227 BILLION, values-based consumer market. These are consumers who value health, the environment, social justice, personal development and sustainable living.
2004 will be another year of corporate malfeasance seeded with wondrous accounts of incivility. Spawned by the empowered employee to become a whistle blower and a new generation of crime fighters, now Elliot Ness has transformed into a man named Elliott Spitzer. Ness, was every bit as honest, diligent, and hard working as his modern counter-part but also flawed in terribly human ways. Whether cleaning up the illegal and social misdeeds of the Ness 1920s and 1930s or Spitzers 2000s requires an understanding of the core motivations of the being we call human.
The generations of young workers and consumers on this planet will pay for something they can believe in, rather than something that is less than socially and morally bankrupt. They will work all day in the global banking software development department and work late into the night developing the next Bugbear or Nimda code to impress their peers developing malicious code on the Internet. They will design the new marketing campaign for the next gas guzzling SUV by day and ride home that same evening in their brand new foreign hybrid using electric power.
2004 will be a year of heightened sensitivity to security and terrorism. Our processes and systems will be adjusted and tweaked to accommodate the new threats. The Board Room Buzz will be more about how to protect those vital corporate assets and how to survive the next crisis. What will be most interesting is how the governments of the world cooperate to become more of a global partner on this front. We sense already a growing cooperation among world leaders to deter and defend our citizens from the spread of fear and uncertainty.
Finally, 2004 will be the year we find greater appreciation for things like:
The evening glimmer of sunlight on clean water. The wave from the neighbor who lives next door. Our faith in what or whomever we believe in. Those who serve, so we can remain free of threats or illness to our loved ones and our own well-being. The signs that our bodies are healthy. The hope that exists in all of us for finding peace of mind. In 2004, look with fresh eyes on everyday things.
One only has to look into the mirror of 2003 to see where our world is headed. The globe is preparing itself for the next major breakpoint in its history of commerce and business. Our organizations are in anarchy and the consumers of our products and services are shifting before our eyes.
You only have to look back on the past years major headlines of the New York Times to gain some perspective on where we are headed in the next 12 months. Social consciousness is seeping into the workplace and management is keenly aware of the change factors on the corporate doorstep for 2004.
Several new waves of change are upon us. As providers of products and services to the consumers of the planet, whether businesses or individuals, the writing is on the walls of the corporate boardroom. Survive.
The tides of change are upon us. Look no further than the Seven Revolutions Initiative. See 7 Revs. The social, technological and demographic facets are enough to make anyone wonder where we are all headed in the next 20 years. The financial and healthcare industries are putting the building blocks in place to sustain a dramatic shift in who their customers are today and whom they will be tomorrow.
To survive in 2004 and beyond, the corporate gray matter will have to respond to the changing consumer. See LOHAS 8 to gain more insight on how the thought leaders of corporations large and small are changing to address the demands of a $227 BILLION, values-based consumer market. These are consumers who value health, the environment, social justice, personal development and sustainable living.
2004 will be another year of corporate malfeasance seeded with wondrous accounts of incivility. Spawned by the empowered employee to become a whistle blower and a new generation of crime fighters, now Elliot Ness has transformed into a man named Elliott Spitzer. Ness, was every bit as honest, diligent, and hard working as his modern counter-part but also flawed in terribly human ways. Whether cleaning up the illegal and social misdeeds of the Ness 1920s and 1930s or Spitzers 2000s requires an understanding of the core motivations of the being we call human.
The generations of young workers and consumers on this planet will pay for something they can believe in, rather than something that is less than socially and morally bankrupt. They will work all day in the global banking software development department and work late into the night developing the next Bugbear or Nimda code to impress their peers developing malicious code on the Internet. They will design the new marketing campaign for the next gas guzzling SUV by day and ride home that same evening in their brand new foreign hybrid using electric power.
2004 will be a year of heightened sensitivity to security and terrorism. Our processes and systems will be adjusted and tweaked to accommodate the new threats. The Board Room Buzz will be more about how to protect those vital corporate assets and how to survive the next crisis. What will be most interesting is how the governments of the world cooperate to become more of a global partner on this front. We sense already a growing cooperation among world leaders to deter and defend our citizens from the spread of fear and uncertainty.
Finally, 2004 will be the year we find greater appreciation for things like:
The evening glimmer of sunlight on clean water. The wave from the neighbor who lives next door. Our faith in what or whomever we believe in. Those who serve, so we can remain free of threats or illness to our loved ones and our own well-being. The signs that our bodies are healthy. The hope that exists in all of us for finding peace of mind. In 2004, look with fresh eyes on everyday things.
24 December 2003
IC3 - Internet Crime Complaint Center
IC3 - Internet Crime Complaint Center:
The Internet Fraud Complaint Center (IFCC) was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints, research, develop and refer the criminal complaints to law enforcement agencies for any investigation they deem to be appropriate. The IFCC was intended, and continues to emphasize serving the broader law enforcement community, to include federal, as well as state and local agencies, which are combating Internet crime and in many cases participating in Cyber Crime Task Forces.
Since its inception, the IFCC has received complaints crossing the spectrum of cyber crime matters, to include on-line fraud in its many forms, Intellectual Property Rights (IPR) matters, Computer Intrusions (hacking), Economic Espionage (Theft of Trade Secrets), On-line Extortion, International Money Laundering, Identity Theft and a growing list of Internet facilitated crimes. Over the past three years it has become increasingly evident that, regardless of the label placed on a cyber crime matter, the potential for it to overlap with another referred matter is substantial.
The IFCC is therefore being renamed the Internet Crime Complaint Center (IC3), to better reflect the broad character of such matters having a cyber (Internet) nexus referred to the IC3, and to minimize the need for one to distinguish 'Internet Fraud' from other potentially overlapping cyber crimes."
The Internet Fraud Complaint Center (IFCC) was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints, research, develop and refer the criminal complaints to law enforcement agencies for any investigation they deem to be appropriate. The IFCC was intended, and continues to emphasize serving the broader law enforcement community, to include federal, as well as state and local agencies, which are combating Internet crime and in many cases participating in Cyber Crime Task Forces.
Since its inception, the IFCC has received complaints crossing the spectrum of cyber crime matters, to include on-line fraud in its many forms, Intellectual Property Rights (IPR) matters, Computer Intrusions (hacking), Economic Espionage (Theft of Trade Secrets), On-line Extortion, International Money Laundering, Identity Theft and a growing list of Internet facilitated crimes. Over the past three years it has become increasingly evident that, regardless of the label placed on a cyber crime matter, the potential for it to overlap with another referred matter is substantial.
The IFCC is therefore being renamed the Internet Crime Complaint Center (IC3), to better reflect the broad character of such matters having a cyber (Internet) nexus referred to the IC3, and to minimize the need for one to distinguish 'Internet Fraud' from other potentially overlapping cyber crimes."
Europe steps up security during Christmas festivities
Europe steps up security during Christmas festivities.:
Security across Europe has been heightened amid fears of possible attacks over Christmas and New Year, prompting France to put its fighter planes on alert and Britain to deploy thousands of police on the streets of London.
The general nervousness was reinforced by public warnings from the United States over the past few days of an 'elevated' general level of risk of attack domestically, and a 'specific' threat in the Gulf kingdom of Bahrain.
Although European officials made no mention of any specific danger to their countries, they stressed that a higher level of vigilance was needed because of the symbolic target that Christmas festivities presented.
'It is a sensitive time of year,' French Defence Minister Michele Alliot-Marie told Europe 1 radio.
She explained that her country's security forces had been on 'orange' alert, the third-highest level, since the beginning of December, meaning stepped-up patrols of airports, train stations and shops as well as churches, synagogues and mosques.
'We have also done so in regards to protecting our air space, with our fighter planes on permanent alert,' she said.
In Britain, the head of London's Metropolitan Police force, John Stevens, told BBC radio there had been a 'quantum leap' in terrorist activity and threats since the September 11 attacks in the United States in 2001."
Security across Europe has been heightened amid fears of possible attacks over Christmas and New Year, prompting France to put its fighter planes on alert and Britain to deploy thousands of police on the streets of London.
The general nervousness was reinforced by public warnings from the United States over the past few days of an 'elevated' general level of risk of attack domestically, and a 'specific' threat in the Gulf kingdom of Bahrain.
Although European officials made no mention of any specific danger to their countries, they stressed that a higher level of vigilance was needed because of the symbolic target that Christmas festivities presented.
'It is a sensitive time of year,' French Defence Minister Michele Alliot-Marie told Europe 1 radio.
She explained that her country's security forces had been on 'orange' alert, the third-highest level, since the beginning of December, meaning stepped-up patrols of airports, train stations and shops as well as churches, synagogues and mosques.
'We have also done so in regards to protecting our air space, with our fighter planes on permanent alert,' she said.
In Britain, the head of London's Metropolitan Police force, John Stevens, told BBC radio there had been a 'quantum leap' in terrorist activity and threats since the September 11 attacks in the United States in 2001."
Rigid IT compounds business risk
Rigid IT compounds business risk:
By Robert Jaques
AccountancyAge
Rigid IT infrastructures compound business risk and the problem is set to get worse as the pace of change in commerce increases, industry experts have warned.
Link: End of an era for the IT industry
According to GartnerG2, the analyst's research service, enterprises can improve returns and reduce risk by integrating previously autonomous business processes to create a new scope of management capabilities.
This process, which GartnerG2 dubs business process fusion, can dramatically increase IT infrastructure flexibility."
The analyst said that business process fusion will drive stronger alignment of IT with core business processes, and provide linkage of operational and management processes.
By Robert Jaques
AccountancyAge
Rigid IT infrastructures compound business risk and the problem is set to get worse as the pace of change in commerce increases, industry experts have warned.
Link: End of an era for the IT industry
According to GartnerG2, the analyst's research service, enterprises can improve returns and reduce risk by integrating previously autonomous business processes to create a new scope of management capabilities.
This process, which GartnerG2 dubs business process fusion, can dramatically increase IT infrastructure flexibility."
The analyst said that business process fusion will drive stronger alignment of IT with core business processes, and provide linkage of operational and management processes.
23 December 2003
And to All, a Good Night...
And to All, a Good Night:
The coming years promise an increase in security planning to support strategic business planning. Will it be a CSO's dream come true or one big nightmare.
BY ANONYMOUS
WHAT'S KEEPING YOU awake at night these days? Sharing such security concerns with one another is nothing new. And we mostly do it for good reasons: It's one part learning, one part giving back, and one part enlightened self-interest. The idea is that your problems today will likely be my problems tomorrow, especially if we're in the same business sector.
So I think I keep a fairly good handle on what is in front of us as CSOs, but I'm always struck by the insights of my fellow security colleagues when I ask them about their concerns. I hear a lot about balance—or, more specifically, imbalance. I hear about more risk, less resources. More to do, less to do it with. More regulations, higher expectations.... Well, you get the picture.
"The risk landscape is hugely visible, perhaps the highest it has been in my 25 years in the business," says one security exec. Terrorism now dominates the public mind-set and creates the mistaken impression that it is a much greater threat than anything else. We need to strike the right balance between our biggest worries—people and process integrity, workplace violence, fraud, product tampering, counterfeiting—and terrorism.
The coming years promise an increase in security planning to support strategic business planning. Will it be a CSO's dream come true or one big nightmare.
BY ANONYMOUS
WHAT'S KEEPING YOU awake at night these days? Sharing such security concerns with one another is nothing new. And we mostly do it for good reasons: It's one part learning, one part giving back, and one part enlightened self-interest. The idea is that your problems today will likely be my problems tomorrow, especially if we're in the same business sector.
So I think I keep a fairly good handle on what is in front of us as CSOs, but I'm always struck by the insights of my fellow security colleagues when I ask them about their concerns. I hear a lot about balance—or, more specifically, imbalance. I hear about more risk, less resources. More to do, less to do it with. More regulations, higher expectations.... Well, you get the picture.
"The risk landscape is hugely visible, perhaps the highest it has been in my 25 years in the business," says one security exec. Terrorism now dominates the public mind-set and creates the mistaken impression that it is a much greater threat than anything else. We need to strike the right balance between our biggest worries—people and process integrity, workplace violence, fraud, product tampering, counterfeiting—and terrorism.
Official: Numerous people on terror lists blocked from U.S.
CNN.com - Official: Numerous people on terror lists blocked from U.S. - Dec. 23, 2003:
New warnings for possible al Qaeda attacks abroad
WASHINGTON (CNN) -- Numerous people named on America's terrorist watch lists have been prevented from entering the United States since December 1, after 'credible' intelligence pointed to possible major terrorist attacks, a government official said Tuesday.
The official, who would not provide specifics, said the people were turned back at various locations. Another government official said a handful of flight crew members from other countries also have been stopped in recent days.
The United States has been working with airlines and governments of other countries in an attempt to improve their security, especially after Sunday's move by the Department of Homeland Security to raise the nation's terror threat level from 'elevated' (yellow) to 'high' (orange).
In addition, a senior State Department official said Tuesday the U.S. government has received intelligence that al Qaeda is planning attacks against U.S. interests in Saudi Arabia, Bahrain, Yemen and Kenya. The official said the intelligence spells out 'a general threat of attack' against U.S. interests in those countries, but does not mention a specific target."
New warnings for possible al Qaeda attacks abroad
WASHINGTON (CNN) -- Numerous people named on America's terrorist watch lists have been prevented from entering the United States since December 1, after 'credible' intelligence pointed to possible major terrorist attacks, a government official said Tuesday.
The official, who would not provide specifics, said the people were turned back at various locations. Another government official said a handful of flight crew members from other countries also have been stopped in recent days.
The United States has been working with airlines and governments of other countries in an attempt to improve their security, especially after Sunday's move by the Department of Homeland Security to raise the nation's terror threat level from 'elevated' (yellow) to 'high' (orange).
In addition, a senior State Department official said Tuesday the U.S. government has received intelligence that al Qaeda is planning attacks against U.S. interests in Saudi Arabia, Bahrain, Yemen and Kenya. The official said the intelligence spells out 'a general threat of attack' against U.S. interests in those countries, but does not mention a specific target."
Efforts to beat money laundering 'flawed'
Telegraph | Money | Efforts to beat money laundering 'flawed':
By Andrew Cave
Government measures aimed at tackling money laundering suffer from 'serious design problems', according to a report from the European Policy Forum.
The report, Policing of Financial Transactions, by the forum's president, Graham Mather, assesses the impact of the 'dragnet technique' used by regulators since the September 11 attacks brought new urgency to the issue of how terrorism is funded.
Citing a backlog of 58,000 suspicious activity reports in Britain in May, he says there can be 'little confidence' that the system could cope with the 100,000 such reports expected this year or the 150,000 expected in 2004.
He adds: 'The evidence gives grounds for serious concern that current anti money laundering initiatives are not working as well as could be hoped.'"
By Andrew Cave
Government measures aimed at tackling money laundering suffer from 'serious design problems', according to a report from the European Policy Forum.
The report, Policing of Financial Transactions, by the forum's president, Graham Mather, assesses the impact of the 'dragnet technique' used by regulators since the September 11 attacks brought new urgency to the issue of how terrorism is funded.
Citing a backlog of 58,000 suspicious activity reports in Britain in May, he says there can be 'little confidence' that the system could cope with the 100,000 such reports expected this year or the 150,000 expected in 2004.
He adds: 'The evidence gives grounds for serious concern that current anti money laundering initiatives are not working as well as could be hoped.'"
22 December 2003
Quake With 6.5 Magnitude Strikes California Coast
Quake With 6.5 Magnitude Strikes California Coast : "(Update4)
Dec. 22 (Bloomberg) -- A 6.5-magnitude earthquake struck the central California coast, causing three deaths, injuries and fires near the epicenter in San Simeon, home of Hearst Castle. The temblor swayed buildings as far away as San Francisco and Los Angeles.
The quake at 11:15 a.m. California time was centered about six miles from San Simeon and about 250 miles northwest of Los Angeles, the U.S. Geological Survey said on its Web site. Stronger aftershocks may be felt, Ross Stein, a physicist for the agency, said at a news conference.
``We just have a typical magnitude 6.5 earthquake, which has fortunately occurred far from populated areas,'' Stein said.
Three people were killed when a clock tower collapsed in Paso Robles, 30 miles east of San Simeon, said Greg Renick, a spokesman for the state Office of Emergency Services. A building collapse in Paso Robles, which has a population of 26,000, left some people trapped, said Sergeant Bob Adams of the Paso Robles Police Department. A hospital was damaged and two people were injured at a winery around San Luis Obispo, 42 miles from San Simeon, CNBC reported.
``It felt like a wave -- it was kind of like a rolling feeling,'' said Shannan Hudnall, 20, a front-desk clerk at the Pismo Lighthouse Suites in Pismo Beach, California, a resort town in San Luis Obispo County. ``Everything wiggled around and just rattled.''
Airports, Roads, Businesses
The quake lasted about 30 seconds. Larger airports reported no delays, and authorities said major roads and bridges were fine. Intel Corp., Cisco Systems Inc., Royal Dutch Petroleum Co. and other companies with operations in the state reported no damage."
Dec. 22 (Bloomberg) -- A 6.5-magnitude earthquake struck the central California coast, causing three deaths, injuries and fires near the epicenter in San Simeon, home of Hearst Castle. The temblor swayed buildings as far away as San Francisco and Los Angeles.
The quake at 11:15 a.m. California time was centered about six miles from San Simeon and about 250 miles northwest of Los Angeles, the U.S. Geological Survey said on its Web site. Stronger aftershocks may be felt, Ross Stein, a physicist for the agency, said at a news conference.
``We just have a typical magnitude 6.5 earthquake, which has fortunately occurred far from populated areas,'' Stein said.
Three people were killed when a clock tower collapsed in Paso Robles, 30 miles east of San Simeon, said Greg Renick, a spokesman for the state Office of Emergency Services. A building collapse in Paso Robles, which has a population of 26,000, left some people trapped, said Sergeant Bob Adams of the Paso Robles Police Department. A hospital was damaged and two people were injured at a winery around San Luis Obispo, 42 miles from San Simeon, CNBC reported.
``It felt like a wave -- it was kind of like a rolling feeling,'' said Shannan Hudnall, 20, a front-desk clerk at the Pismo Lighthouse Suites in Pismo Beach, California, a resort town in San Luis Obispo County. ``Everything wiggled around and just rattled.''
Airports, Roads, Businesses
The quake lasted about 30 seconds. Larger airports reported no delays, and authorities said major roads and bridges were fine. Intel Corp., Cisco Systems Inc., Royal Dutch Petroleum Co. and other companies with operations in the state reported no damage."
By the Numbers
By the Numbers:
ID fraud should be a top-five business priority for line-of-business decision-makers at retail institutions. Growth rates are indeed troublesome.
John Adams
THE FINANCIAL INDUSTRY IS EMERGING from a period of considerable media attention on identity fraud in the U.S. Part of the hoopla was fueled by a lack of realistic data and objective analysis of the number of identity fraud incidents and the dollar losses incurred. While Financial Insights believes ID fraud is not as large a problem as recent reports from government agencies have indicated, the problem warrants significant attention and should be a top-five business priority. Institutions must get started sooner rather than later, as growth rates are very troublesome.
Institutions will absorb most losses.
Financial Insights’ projections for direct fraud loss resulting from ID theft and ID fraud in the retail finance industry in 2003 is about $4.2 billion, doubling to about $9 billion in 2006. The good news for consumers, at least, is that they will be on the hook for only about $200 million of this year’s losses.
ID fraud should be a top-five business priority for line-of-business decision-makers at retail institutions. Growth rates are indeed troublesome.
John Adams
THE FINANCIAL INDUSTRY IS EMERGING from a period of considerable media attention on identity fraud in the U.S. Part of the hoopla was fueled by a lack of realistic data and objective analysis of the number of identity fraud incidents and the dollar losses incurred. While Financial Insights believes ID fraud is not as large a problem as recent reports from government agencies have indicated, the problem warrants significant attention and should be a top-five business priority. Institutions must get started sooner rather than later, as growth rates are very troublesome.
Institutions will absorb most losses.
Financial Insights’ projections for direct fraud loss resulting from ID theft and ID fraud in the retail finance industry in 2003 is about $4.2 billion, doubling to about $9 billion in 2006. The good news for consumers, at least, is that they will be on the hook for only about $200 million of this year’s losses.
21 December 2003
US National Threat Level Raised to Code Orange
DHS | Department of Homeland Security | DHS Home Page:
Statement By U.S. Department of Homeland Security Secretary Tom Ridge
December 21 - Today, The United States Government raised the national threat level from an Elevated to High risk of terrorist attack - or from Code Yellow to Code Orange. We know from experience that the increased security that is implemented when we raise the threat level, along with increased vigilance, can help disrupt or deter terrorist attacks.
The U.S. Intelligence Community has received a substantial increase in the volume of threat related intelligence reports. These credible sources suggest the possibility of attacks against the homeland around the holiday season and beyond.
In addition to knowing that homeland security professionals at all levels are working to keep our communities safe, we ask individual Americans to do a few additional things during this time of heightened alert. I have said it before - and I am saying it again - homeland security begins at home. Never has that been more true. Your awareness and vigilance can help tremendously, so please use your common sense and report suspicious packages, vehicles, or activities to local law enforcement.
Finally - no matter your faith or culture - now is the time of year for important celebrations. So, I encourage you to continue with your holiday plans. Gather with your family and friends and enjoy the spirit of this season. There is no doubt that we have a lot to be thankful for - not the least of which the opportunity to live in the greatest country in the world. It is a country that will not be bent by terror. It is a country that will not be broken by fear. But instead, we are a country blessed with a population marked by goodwill and great resolve. We will show the terrorists both this holiday season - goodwill toward our fellow men, readiness and resolve to protect our families and our freedom."
Statement By U.S. Department of Homeland Security Secretary Tom Ridge
December 21 - Today, The United States Government raised the national threat level from an Elevated to High risk of terrorist attack - or from Code Yellow to Code Orange. We know from experience that the increased security that is implemented when we raise the threat level, along with increased vigilance, can help disrupt or deter terrorist attacks.
The U.S. Intelligence Community has received a substantial increase in the volume of threat related intelligence reports. These credible sources suggest the possibility of attacks against the homeland around the holiday season and beyond.
In addition to knowing that homeland security professionals at all levels are working to keep our communities safe, we ask individual Americans to do a few additional things during this time of heightened alert. I have said it before - and I am saying it again - homeland security begins at home. Never has that been more true. Your awareness and vigilance can help tremendously, so please use your common sense and report suspicious packages, vehicles, or activities to local law enforcement.
Finally - no matter your faith or culture - now is the time of year for important celebrations. So, I encourage you to continue with your holiday plans. Gather with your family and friends and enjoy the spirit of this season. There is no doubt that we have a lot to be thankful for - not the least of which the opportunity to live in the greatest country in the world. It is a country that will not be bent by terror. It is a country that will not be broken by fear. But instead, we are a country blessed with a population marked by goodwill and great resolve. We will show the terrorists both this holiday season - goodwill toward our fellow men, readiness and resolve to protect our families and our freedom."
20 December 2003
Real-Life Experiences with Business Continuity
Real-Life Experiences with Business Continuity:
By Rich Schiesser.
When a disaster occurs, it often reveals the true measure of an organization's preparedness. An unplanned business interruption occurred recently in the company where Rich Schiesser works. This article presents some of the valuable lessons the company learned from this event.
During the past several years, a moderately-sized residential mortgage company in Southern California had been growing steadily into a major player among financial lending institutions. A sizable investment in IT systems helped fuel this growth, and raised the awareness of the importance of assembling a highly proficient IT business-recovery team. The composition of this team was an interesting mixture of IT technical specialists, business analysts, and professional contingency planners. Their charter was to develop and test business and technical recovery plans to enable critical business functions to be restored to full operation in minimal time following a disaster.
One of the most critical of these business functions was the company's asset-management unit. The IT business-continuity team had already developed the business and technical recovery plans for this area, and had conducted a tabletop simulation with business users to validate their plans. The next step was to schedule a full operational-recovery exercise for asset management. Such an exercise would take months of planning to ensure that the test objectives were all identified, agreed upon, and realistic—and, most importantly, would not in any way affect production. The exercise was scheduled for November of 2003. Actual events beyond the planners' control resulted in the date moving up by several months.
In late July of 2003, the manager of asset management was preparing for his quarterly meeting with investors. One of the topics he planned to highlight during his presentation was the company's business-recovery capabilities. Little did he know just how real a demonstration the investors would see. The company's IT business-continuity team was about to demonstrate its effectiveness in responding to unplanned events.
By Rich Schiesser.
When a disaster occurs, it often reveals the true measure of an organization's preparedness. An unplanned business interruption occurred recently in the company where Rich Schiesser works. This article presents some of the valuable lessons the company learned from this event.
During the past several years, a moderately-sized residential mortgage company in Southern California had been growing steadily into a major player among financial lending institutions. A sizable investment in IT systems helped fuel this growth, and raised the awareness of the importance of assembling a highly proficient IT business-recovery team. The composition of this team was an interesting mixture of IT technical specialists, business analysts, and professional contingency planners. Their charter was to develop and test business and technical recovery plans to enable critical business functions to be restored to full operation in minimal time following a disaster.
One of the most critical of these business functions was the company's asset-management unit. The IT business-continuity team had already developed the business and technical recovery plans for this area, and had conducted a tabletop simulation with business users to validate their plans. The next step was to schedule a full operational-recovery exercise for asset management. Such an exercise would take months of planning to ensure that the test objectives were all identified, agreed upon, and realistic—and, most importantly, would not in any way affect production. The exercise was scheduled for November of 2003. Actual events beyond the planners' control resulted in the date moving up by several months.
In late July of 2003, the manager of asset management was preparing for his quarterly meeting with investors. One of the topics he planned to highlight during his presentation was the company's business-recovery capabilities. Little did he know just how real a demonstration the investors would see. The company's IT business-continuity team was about to demonstrate its effectiveness in responding to unplanned events.
19 December 2003
U.S. Homeland Security Not Confirming New York Threat
U.S. Homeland Security Not Confirming New York Threat (Update3):
Dec. 19 (Bloomberg) -- The U.S. Department of Homeland Security and New York City police said they have no information to confirm a threat to New York City reported by ABC News.
``The New York City Police Department has no credible intelligence pointing to a specific or imminent terrorist threat to New York City,'' Michael O'Looney, deputy commissioner for public information, said in a written statement.
The ABC television network earlier said U.S. intelligence has gotten information that New York is under what the TV network called a ``credible and imminent'' threat of a terrorist attack, possibly by a female suicide bomber. ABC cited unidentified ``sources'' in a report on its Web site. ABC said information was received through intercepted communications, and no specific target was identified.
In a later report, ABC said authorities are evaluating a ``surge of information'' related to possible threats to a number of U.S. cities including New York, Los Angeles and Washington, and that the credibility of the New York threat was still being weighed. In the threats to other cities, no mode of attack, specific cells or locations were identified, ABC said."
Dec. 19 (Bloomberg) -- The U.S. Department of Homeland Security and New York City police said they have no information to confirm a threat to New York City reported by ABC News.
``The New York City Police Department has no credible intelligence pointing to a specific or imminent terrorist threat to New York City,'' Michael O'Looney, deputy commissioner for public information, said in a written statement.
The ABC television network earlier said U.S. intelligence has gotten information that New York is under what the TV network called a ``credible and imminent'' threat of a terrorist attack, possibly by a female suicide bomber. ABC cited unidentified ``sources'' in a report on its Web site. ABC said information was received through intercepted communications, and no specific target was identified.
In a later report, ABC said authorities are evaluating a ``surge of information'' related to possible threats to a number of U.S. cities including New York, Los Angeles and Washington, and that the credibility of the New York threat was still being weighed. In the threats to other cities, no mode of attack, specific cells or locations were identified, ABC said."
Sarbanes-Oxley’s Audit Committee Deadline Sparks Fear, Loathing
Sarbanes-Oxley’s Audit Committee Deadline Sparks Fear, Loathing:
Boardroom Buzz
by Randy Myers
As U.S. businesses work overtime to convince the public that they’ve improved their corporate governance practices, it’s easy to find CEOs publicly praising the Sarbanes-Oxley Act and its new mandates for audit committees. But in the trenches, where corporate directors are charged with making sure those mandates are implemented, reviews are much more mixed.
Many board members report good progress in staffing their audit committees with independent directors, establishing confidential whistleblower complaint systems, and putting audit committees in charge of the outside auditors. But there are still plenty of companies where directors are “kind of confused,” says University of Georgia accounting professor Dennis R. Beresford, former chairman of the Financial Accounting Standards Board and a director of three public companies (Kimberly-Clark, Legg Mason, and MCI). “At each company that I’m involved in,” he says, “we have charters that we’re updating and checklists we’re using, but it’s still hard to keep track of everything.”
With the deadline for meeting the new audit committee requirements still months away—companies have until their first annual shareholders’ meeting after January 15, 2004—directors seem most bothered by the rule that compels a public company to put a financial expert on its audit committee or explain to the investing public why it doesn’t have one. As defined by the Securities and Exchange Commission, the audit committee’s financial expert must, among other things, understand generally accepted accounting principles (GAAP). And that, says Thomas R. Beecher Jr., an attorney and the lead director of Albany International, a pulp and paper supplier, “is trying to raise board competency to an unreasonable level of knowledge. Getting anybody to accept that responsibility will not be easy unless they’ve just retired from an accounting firm.”
18 December 2003
BankRI Announces Security Measures in Response to Stolen Laptop; Potential Release of Data Poses No Risk to BankRI Accounts
BankRI Announces Security Measures in Response to Stolen Laptop; Potential Release of Data Poses No Risk to BankRI Accounts:
PROVIDENCE, R.I.--(BUSINESS WIRE)--Dec. 18, 2003--Bank Rhode Island said today that its principal data service provider, Fiserv, Inc., reported the theft of a laptop computer that contained some BankRI customer information.
The Bank emphasized that it had no indication that this information has been misused or been improperly accessed. As a precaution, BankRI has notified all customers whose information was potentially included on the stolen laptop, is monitoring accounts for unusual activity, and has augmented its internal security procedures.
'There is no risk to any BankRI accounts as a result of this incident,' said Merrill Sherman, President & CEO. 'We deeply regret this incident and sincerely apologize for any anxiety or inconvenience this may cause.'
An investigation into the theft is ongoing as are efforts to recover the stolen laptop. 'Fiserv has been proactive in addressing this incident,' said Sherman, 'and we are assisting them, the FBI and law enforcement agencies in their investigation.'
The information on the laptop potentially included 43,000 customers' names, addresses, and social security numbers, but did not include key account access data such as personal identification numbers (PIN), account passwords, debit or ATM card information, or other financial data. Fewer than 100 BankRI account numbers were included. These, however, were not identified by customer name."
PROVIDENCE, R.I.--(BUSINESS WIRE)--Dec. 18, 2003--Bank Rhode Island said today that its principal data service provider, Fiserv, Inc., reported the theft of a laptop computer that contained some BankRI customer information.
The Bank emphasized that it had no indication that this information has been misused or been improperly accessed. As a precaution, BankRI has notified all customers whose information was potentially included on the stolen laptop, is monitoring accounts for unusual activity, and has augmented its internal security procedures.
'There is no risk to any BankRI accounts as a result of this incident,' said Merrill Sherman, President & CEO. 'We deeply regret this incident and sincerely apologize for any anxiety or inconvenience this may cause.'
An investigation into the theft is ongoing as are efforts to recover the stolen laptop. 'Fiserv has been proactive in addressing this incident,' said Sherman, 'and we are assisting them, the FBI and law enforcement agencies in their investigation.'
The information on the laptop potentially included 43,000 customers' names, addresses, and social security numbers, but did not include key account access data such as personal identification numbers (PIN), account passwords, debit or ATM card information, or other financial data. Fewer than 100 BankRI account numbers were included. These, however, were not identified by customer name."
WMD exercises planned - AU
WMD exercises planned:
By Patrick Walters
AUSTRALIAN security forces and diplomats will take part in five new exercises early next year aimed at intercepting weapons of mass destruction carried on sea, air and land.
In two days of talks just concluded in Washington, officials from 16 countries agreed on a series of exercises including an air interception scenario to be staged at a German airport.
Under the US-led Proliferation Security Initiative, participating countries are trying to improve their ability to interdict nuclear, biological and chemical weapons with particular focus on the threat posed by North Korea and Iran.
Of the five training scenarios agreed for 2004, Italy will host two, and the US, France, Germany and Poland one each, according to US officials.
The exercises will involve police and customs officials as well as military forces."
By Patrick Walters
AUSTRALIAN security forces and diplomats will take part in five new exercises early next year aimed at intercepting weapons of mass destruction carried on sea, air and land.
In two days of talks just concluded in Washington, officials from 16 countries agreed on a series of exercises including an air interception scenario to be staged at a German airport.
Under the US-led Proliferation Security Initiative, participating countries are trying to improve their ability to interdict nuclear, biological and chemical weapons with particular focus on the threat posed by North Korea and Iran.
Of the five training scenarios agreed for 2004, Italy will host two, and the US, France, Germany and Poland one each, according to US officials.
The exercises will involve police and customs officials as well as military forces."
Event Management Systems Defend Against Information and Regulatory Overload
Security Event Management Systems Defend Against Information and Regulatory Overload: "
Yankee Group
Executive Summary
Network and security administrators daily must sift through terabytes of information written as access logs, intrusion detection system (IDS) alerts, and vulnerability and threat information. Most log information is archived without being read. Organizations also need to comply with regulations protecting the confidentiality and integrity of customer and financial information. Defining audit policies and managing log data have become pressing needs in regulated industries.
In this report, we discuss the market for security event management (SEM) systems, which are repositories for log information that manipulate and display the data in a meaningful way. Vendors created SEM systems to assist security administrators with developing policies, managing logs, responding faster to virus and hacker threats, and using the information available to continue improving defenses. SEM vendors are rising to these challenges with extensive device support, better correlation of events and robust data storage architectures. Exhibit 1 illustrates the distributed architecture of a leading security event management system.
The growing number of risks and increasing complexity of our security defenses guarantee SEM a place in the overall security solution and create an opportunity for overlapping network and systems management vendors to add value by integrating with a new breed of security solutions. This report defines a road map for the evolution of SEM. It profiles the leaders and challengers in this $90 million market and forecasts revenue growth for the next five years."
Yankee Group
Executive Summary
Network and security administrators daily must sift through terabytes of information written as access logs, intrusion detection system (IDS) alerts, and vulnerability and threat information. Most log information is archived without being read. Organizations also need to comply with regulations protecting the confidentiality and integrity of customer and financial information. Defining audit policies and managing log data have become pressing needs in regulated industries.
In this report, we discuss the market for security event management (SEM) systems, which are repositories for log information that manipulate and display the data in a meaningful way. Vendors created SEM systems to assist security administrators with developing policies, managing logs, responding faster to virus and hacker threats, and using the information available to continue improving defenses. SEM vendors are rising to these challenges with extensive device support, better correlation of events and robust data storage architectures. Exhibit 1 illustrates the distributed architecture of a leading security event management system.
The growing number of risks and increasing complexity of our security defenses guarantee SEM a place in the overall security solution and create an opportunity for overlapping network and systems management vendors to add value by integrating with a new breed of security solutions. This report defines a road map for the evolution of SEM. It profiles the leaders and challengers in this $90 million market and forecasts revenue growth for the next five years."
17 December 2003
Homeland Security and European Commission Reach Agreement on PNR Data
DHS | Department of Homeland Security | Homeland Security and European Commission Reach Agreement on PNR Data:
Press Releases
For Immediate Release
Office of the Press Secretary
In an historic effort to keep the United States' and European Union's borders safer from terrorism and international crime while protecting travelers' privacy, Department of Homeland Security (DHS) Secretary Tom Ridge and European Commissioner Frits Bolkestein have reached an agreement regarding the legal transfer of Passenger Name Record (PNR) data to Homeland Security. The agreement finds that Homeland Security's handling of the PNR data is sufficient for an 'adequacy finding.'
'This determination by the European Commission enhances the Homeland Security mission of fighting terrorism and crime while still ensuring that the privacy of travelers will be protected,' said Ridge. 'After a year of frank and earnest negotiations, this outcome shows the world that the United States and the European Union share the goals of keeping our people safe and our air travel network secure.'
This finding by the European Commission affirms under European law that protections to be implemented by Homeland Security are appropriate to guard passenger privacy. By using 34 key elements of PNR data at borders and ports of entry, U.S. Customs and Border Protection (CBP) officers will be able to better screen passengers for the purposes of preventing and combating terrorism and transnational crimes. The PNR data will be generally retained for no longer than three and one-half years.
Additionally, the Department will continue to negotiate with the European Commission to reach a permanent agreement for the transfer of PNR data to the Transportation Security Administration (TSA) for operational use by the Computer Assisted Passenger Prescreening System II (CAPPS II), which will identify high-risk passengers for additional screening.
After review by the European Parliament, the agreement will enter into effect and be in place for three and one-half years with renegotiations beginning in two and one-half years."
Press Releases
For Immediate Release
Office of the Press Secretary
In an historic effort to keep the United States' and European Union's borders safer from terrorism and international crime while protecting travelers' privacy, Department of Homeland Security (DHS) Secretary Tom Ridge and European Commissioner Frits Bolkestein have reached an agreement regarding the legal transfer of Passenger Name Record (PNR) data to Homeland Security. The agreement finds that Homeland Security's handling of the PNR data is sufficient for an 'adequacy finding.'
'This determination by the European Commission enhances the Homeland Security mission of fighting terrorism and crime while still ensuring that the privacy of travelers will be protected,' said Ridge. 'After a year of frank and earnest negotiations, this outcome shows the world that the United States and the European Union share the goals of keeping our people safe and our air travel network secure.'
This finding by the European Commission affirms under European law that protections to be implemented by Homeland Security are appropriate to guard passenger privacy. By using 34 key elements of PNR data at borders and ports of entry, U.S. Customs and Border Protection (CBP) officers will be able to better screen passengers for the purposes of preventing and combating terrorism and transnational crimes. The PNR data will be generally retained for no longer than three and one-half years.
Additionally, the Department will continue to negotiate with the European Commission to reach a permanent agreement for the transfer of PNR data to the Transportation Security Administration (TSA) for operational use by the Computer Assisted Passenger Prescreening System II (CAPPS II), which will identify high-risk passengers for additional screening.
After review by the European Parliament, the agreement will enter into effect and be in place for three and one-half years with renegotiations beginning in two and one-half years."
16 December 2003
Calpers Sues NYSE, Firms, Alleging Fraudulent Trades
Calpers Sues NYSE, Firms, Alleging Fraudulent Trades: "
(Bloomberg) -- The California Public Employees' Retirement System, the largest U.S. pension fund, sued the New York Stock Exchange and seven specialist firms alleging they used the trading system to profit at the expense of investors.
The specialists, who match buyers and sellers, used their knowledge of pending orders to trade for their own accounts, and intervened in trades when it wasn't necessary, said Calpers President Sean Harrigan. ``The NYSE not only knew these practices existed, but perpetuated them. It profited from them,'' he said.
The aim of the lawsuit is to recoup at least $150 million in trading losses and to push the NYSE to more governance and regulatory changes, Harrigan said. Calpers, which has $155 billion in assets, has pressed the NYSE to separate its regulatory and commercial functions and Harrigan said the specialists are ``the poster child of a failed system of self-regulation.''
(Bloomberg) -- The California Public Employees' Retirement System, the largest U.S. pension fund, sued the New York Stock Exchange and seven specialist firms alleging they used the trading system to profit at the expense of investors.
The specialists, who match buyers and sellers, used their knowledge of pending orders to trade for their own accounts, and intervened in trades when it wasn't necessary, said Calpers President Sean Harrigan. ``The NYSE not only knew these practices existed, but perpetuated them. It profited from them,'' he said.
The aim of the lawsuit is to recoup at least $150 million in trading losses and to push the NYSE to more governance and regulatory changes, Harrigan said. Calpers, which has $155 billion in assets, has pressed the NYSE to separate its regulatory and commercial functions and Harrigan said the specialists are ``the poster child of a failed system of self-regulation.''
Bush signs bill aimed at controlling spam
InfoWorld: Bush signs bill aimed at controlling spam:
By Stacy Cowley, IDG News Service
President George W. Bush signed a bill into law Tuesday establishing federal rules for commercial e-mail and penalties for unsolicited mass spamming.
Known as the CAN-SPAM Act, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 takes effect Jan. 1. The law prohibits the use of false header information in bulk commercial e-mail and requires unsolicited messages to include opt-out instructions. Penalties for violations include fines of up to US$250 per e-mail, capped at up to $6 million.
The bill's authors, Montana Republican Senator Conrad Burns and Oregon Democrat Senator Ron Wyden, praised the legislation as a powerful tool for countering the spam onslaught cluttering inboxes.
'Swift and aggressive enforcement will be essential, and Senator Burns and I will continue to push the Federal Trade Commission and others to use the tools this law gives them to fight against spam,' Wyden said in a written statement."
By Stacy Cowley, IDG News Service
President George W. Bush signed a bill into law Tuesday establishing federal rules for commercial e-mail and penalties for unsolicited mass spamming.
Known as the CAN-SPAM Act, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 takes effect Jan. 1. The law prohibits the use of false header information in bulk commercial e-mail and requires unsolicited messages to include opt-out instructions. Penalties for violations include fines of up to US$250 per e-mail, capped at up to $6 million.
The bill's authors, Montana Republican Senator Conrad Burns and Oregon Democrat Senator Ron Wyden, praised the legislation as a powerful tool for countering the spam onslaught cluttering inboxes.
'Swift and aggressive enforcement will be essential, and Senator Burns and I will continue to push the Federal Trade Commission and others to use the tools this law gives them to fight against spam,' Wyden said in a written statement."
15 December 2003
Finance sector bracing for upswing in Internet fraud
Finance sector bracing for upswing in Internet fraud - Computerworld
Cyberscams expected to soar in 2004, experts say
Story by Bernhard Warner
DECEMBER 15, 2003 ( REUTERS ) - LONDON -- Banking officials and computer security experts predicted today that the wave of cyberscams targeting the financial services sector will soar in 2004 as the industry braces for a new onslaught of fraud schemes.
The gloomy prediction comes amid a string of e-mail and Web site spoofing scams preying on banking customers.
Police call the relatively new phenomenon 'phishing,' so named because fraudsters try to lure unwitting customers into divulging their bank details.
In the past few months, a rash of e-mails posing as correspondence from some of the world's biggest banks have flowed into various e-mail in-boxes. The scams have been reported in the U.K., the U.S. and Australia, to name a few.
'We see phishing as just the toe in the water,' said a security expert at one of the U.K.'s largest banks who spoke on condition of anonymity at a summit in London dedicated to security matters in the financial services industry.
'It's like credit card fraud. Phishing is not big yet. But it will be,' the expert said."
Cyberscams expected to soar in 2004, experts say
Story by Bernhard Warner
DECEMBER 15, 2003 ( REUTERS ) - LONDON -- Banking officials and computer security experts predicted today that the wave of cyberscams targeting the financial services sector will soar in 2004 as the industry braces for a new onslaught of fraud schemes.
The gloomy prediction comes amid a string of e-mail and Web site spoofing scams preying on banking customers.
Police call the relatively new phenomenon 'phishing,' so named because fraudsters try to lure unwitting customers into divulging their bank details.
In the past few months, a rash of e-mails posing as correspondence from some of the world's biggest banks have flowed into various e-mail in-boxes. The scams have been reported in the U.K., the U.S. and Australia, to name a few.
'We see phishing as just the toe in the water,' said a security expert at one of the U.K.'s largest banks who spoke on condition of anonymity at a summit in London dedicated to security matters in the financial services industry.
'It's like credit card fraud. Phishing is not big yet. But it will be,' the expert said."
Tube attack exercise shows flaws | UK
BBC NEWS | UK | England | Tube attack exercise shows flaws:
More work needs to be done on plans for dealing with a terror attack on London after a simulation on the Tube threw up glaring deficiencies, says a report.
Hundreds of emergency personnel were involved in the pretend chemical attack on Bank station in September.
The report into the exercise found that while much had been done to improve responses, more action was needed.
It found new rescue plans for the Underground were needed and rescuers could not talk through their gas masks.
Rescuers wore full protective clothing on the premise that the attack could be similar to that on the Tokyo underground in 1995 when deadly sarin gas was released.
It left 12 people dead and thousands seriously ill, including firefighters who tried to rescue victims.
In the London exercise, decontamination units were set up at ground level and the immediate area around the strike - the so-called "Hot Zone" - was sealed off.
More work needs to be done on plans for dealing with a terror attack on London after a simulation on the Tube threw up glaring deficiencies, says a report.
Hundreds of emergency personnel were involved in the pretend chemical attack on Bank station in September.
The report into the exercise found that while much had been done to improve responses, more action was needed.
It found new rescue plans for the Underground were needed and rescuers could not talk through their gas masks.
Rescuers wore full protective clothing on the premise that the attack could be similar to that on the Tokyo underground in 1995 when deadly sarin gas was released.
It left 12 people dead and thousands seriously ill, including firefighters who tried to rescue victims.
In the London exercise, decontamination units were set up at ground level and the immediate area around the strike - the so-called "Hot Zone" - was sealed off.
Hacking for Dollars
OSAC -Hacking for Dollars
from Newsweek International
The lone computer geek a bit rebellious, but with a heart of gold is being eclipsed by the hardened professional criminal, who uses the Internet for spying, stealing and extortion.
In the high-tech battlefield of cyberspace, the thirtysomething Russian with the jet black goatee and the new denim coat considers himself a freedom fighter a descendant of those legendary computer geeks whose cyberstunts drove the establishment wild and helped define a unique Internet culture. Like his hacker predecessors, he has his own subversive code, this one tinged with the slogans of anti-globalization. He talks of 'freedom,' 'the unhindered flow of ideas' and the need to break the stranglehold of 'monster corporations like Microsoft.' (He won't hack into Russian companies.) 'I live in the shadows. That is where I want to be,' says the hacker we'll call him Dmitry over a late-night meal in a Moscow restaurant. 'I don't need to prove anything to anyone.'
Dig a little deeper and you'll find there's something that differentiates this New Age cybersurfer from his high-minded brethren. Last year Dmitry netted $300,000 stolen from major American corporations. Like a slick businessman, Dmitry arrives for his secret rendezvous with NEWSWEEK accompanied by his lawyer. He works as part of a hacker team, composed of 10 or so experienced criminals, each with his own specialty. His job: to break into networks, opening the way for his confederates to steal and decode company information. He'll work 16-hour days for six months preparing for an assault on a Western corporation that might last just minutes. 'It's like a military attack,' he says. 'At first you do intelligence. You watch their behavior. You get ready for X-Hour. When you're 90 percent sure of success, you attack.'"
from Newsweek International
The lone computer geek a bit rebellious, but with a heart of gold is being eclipsed by the hardened professional criminal, who uses the Internet for spying, stealing and extortion.
In the high-tech battlefield of cyberspace, the thirtysomething Russian with the jet black goatee and the new denim coat considers himself a freedom fighter a descendant of those legendary computer geeks whose cyberstunts drove the establishment wild and helped define a unique Internet culture. Like his hacker predecessors, he has his own subversive code, this one tinged with the slogans of anti-globalization. He talks of 'freedom,' 'the unhindered flow of ideas' and the need to break the stranglehold of 'monster corporations like Microsoft.' (He won't hack into Russian companies.) 'I live in the shadows. That is where I want to be,' says the hacker we'll call him Dmitry over a late-night meal in a Moscow restaurant. 'I don't need to prove anything to anyone.'
Dig a little deeper and you'll find there's something that differentiates this New Age cybersurfer from his high-minded brethren. Last year Dmitry netted $300,000 stolen from major American corporations. Like a slick businessman, Dmitry arrives for his secret rendezvous with NEWSWEEK accompanied by his lawyer. He works as part of a hacker team, composed of 10 or so experienced criminals, each with his own specialty. His job: to break into networks, opening the way for his confederates to steal and decode company information. He'll work 16-hour days for six months preparing for an assault on a Western corporation that might last just minutes. 'It's like a military attack,' he says. 'At first you do intelligence. You watch their behavior. You get ready for X-Hour. When you're 90 percent sure of success, you attack.'"
12 December 2003
The rise and rise of IT continuity
The rise and rise of IT continuity:
Information systems remain the number one mission critical priority for most businesses.
David Honour explains why this is so and looks at the key priorities in this area.
The discipline of business continuity emerged from the primordial swamps of computer disaster recovery. In the early days most companies simply ensured that data was backed up regularly. Larger enterprises normally utilised centralised mainframes which were supported through hot, or warm site recovery centre contracts. However, although some of the business continuity solutions remain current, the nature and complexity of the systems that need protecting have changed vastly.
According to recent research by the Business Continuity Institute and the Chartered Management Institute information systems remain the number one mission critical priority for most businesses. A survey published in March found that 79 percent of the business continuity plans of UK organisations cover IT functions; far in advance of any other area. Finance came second in importance (57 percent) followed by facilities management (53 percent) , human resources (53 percent) and security (51 percent). There are a variety of reasons why the protection of information systems is of such vital importance:
The importance of data
Data is the lifeblood of information systems, which, in turn, are the lifeblood of most organisations. Yes, people are incredibly important assets to businesses, but few firms would go out of business due to the loss of an employee, however highly valued. Many more companies would go out of business if they irretrievably lost critical information. According to the National Archives & Records Administration in Washington, 93 percent of companies that lose their data centre for 10 days or more due to a disaster file for bankruptcy within one year of the disaster. Even short periods of downtime can be very costly."
Information systems remain the number one mission critical priority for most businesses.
David Honour explains why this is so and looks at the key priorities in this area.
The discipline of business continuity emerged from the primordial swamps of computer disaster recovery. In the early days most companies simply ensured that data was backed up regularly. Larger enterprises normally utilised centralised mainframes which were supported through hot, or warm site recovery centre contracts. However, although some of the business continuity solutions remain current, the nature and complexity of the systems that need protecting have changed vastly.
According to recent research by the Business Continuity Institute and the Chartered Management Institute information systems remain the number one mission critical priority for most businesses. A survey published in March found that 79 percent of the business continuity plans of UK organisations cover IT functions; far in advance of any other area. Finance came second in importance (57 percent) followed by facilities management (53 percent) , human resources (53 percent) and security (51 percent). There are a variety of reasons why the protection of information systems is of such vital importance:
The importance of data
Data is the lifeblood of information systems, which, in turn, are the lifeblood of most organisations. Yes, people are incredibly important assets to businesses, but few firms would go out of business due to the loss of an employee, however highly valued. Many more companies would go out of business if they irretrievably lost critical information. According to the National Archives & Records Administration in Washington, 93 percent of companies that lose their data centre for 10 days or more due to a disaster file for bankruptcy within one year of the disaster. Even short periods of downtime can be very costly."
Cyber-terror is here for real
Cyber-terror is here for real:
from Al-Jazeera
Security agents are confronting a new threat - teams of computer hackers aiming to maximise the death toll in armed attacks by paralysing the emergency rescue services.
Since the 11 September attacks, police and intelligence officials have been forced to add a new dimension to their planning: groups of highly skilled 'cyber-terrorists'.
'The first cyber-terrorism attack will most likely not be somebody targeting a company. What we will see is a blended, or multi-prong attack,' said Richard Starnes, director of incident response for British telecom firm Cable & Wireless and an adviser to Scotland Yard's Computer Crime Unit.
A potential scenario might be this: A truck carrying explosives races towards the main entrance of a city centre rail station at rush hour, just as a computer whiz hacks into the emergency response telephone network.
Paralysis
There is a huge blast. With the communications system knocked out, police and rescue units are paralysed. Emergency teams lose precious minutes attending to the scene and the toll of dead and injured climbs.
This type of chain of events was, until recently, spoken about in hypothetical terms. Now, police forces and intelligence agencies around the world say it's not a matter of if, but when."
from Al-Jazeera
Security agents are confronting a new threat - teams of computer hackers aiming to maximise the death toll in armed attacks by paralysing the emergency rescue services.
Since the 11 September attacks, police and intelligence officials have been forced to add a new dimension to their planning: groups of highly skilled 'cyber-terrorists'.
'The first cyber-terrorism attack will most likely not be somebody targeting a company. What we will see is a blended, or multi-prong attack,' said Richard Starnes, director of incident response for British telecom firm Cable & Wireless and an adviser to Scotland Yard's Computer Crime Unit.
A potential scenario might be this: A truck carrying explosives races towards the main entrance of a city centre rail station at rush hour, just as a computer whiz hacks into the emergency response telephone network.
Paralysis
There is a huge blast. With the communications system knocked out, police and rescue units are paralysed. Emergency teams lose precious minutes attending to the scene and the toll of dead and injured climbs.
This type of chain of events was, until recently, spoken about in hypothetical terms. Now, police forces and intelligence agencies around the world say it's not a matter of if, but when."
Subscribe to:
Posts (Atom)