A Map of the Muslim Protests Around the World

The "Atlanitc Wire" has produced an interactive map of the Muslim protests around the world following the uproar over a 14-minute Anti-Islam YouTube video.  View the map at: http://www.theatlanticwire.com/global/2012/09/map-muslim-protests-around-world/56865/?goback=%2Egde_4255954_member_163860546
 
If you are an international traveller you may find this map useful together with advice from the UK Foreign and Commonwealth website: http://www.fco.gov.uk/en/travel-and-living-abroad/travel-advice-by-country/ or the US State Department: http://travel.state.gov/travel/cis_pa_tw/tw/tw_1764.html

Griffin Security Group is an independent company that has been providing specialist security and business protection end-to-end solutions for our clients for more than 16 years. In that time we have developed bespoke services to meet client requirements and we provide a comprehensive and holistic service worldwide covering the full range of business protection services including: information, physical, personnel, IT and technical security, as well as business continuity, crisis management and disaster recovery planning solutions.

Risk Management (Security) - Level 4 Certified Course

Griffin Security Solutions Limited is holding another of it's certified Level 4 courses in Risk Management (Security) from 12th to 16th November 2012.

 

 

 

 

 

 

 

 

 

 

 

The course is accredited by the Highfield Awarding Body for Compliance (HABC) and endorsed by the Association of Security Consultants.

The Course

This course is designed to provide individuals the necessary knowledge and skills to be able to confidently undertake a variety of security related management and practitioner roles in a variety of corporate, commercial and other business sectors. The course is based on best practice principles and International and National standards (ISO 27001/2, 28000, 31000, BS25999) and recognised best business practice.  

Who should attend?

This accredited course is aimed at security managers and practitioners / individuals who are looking to develop their skills and professional knowledge, whilst attaining a recognised Level 4 qualification.

 

There are no pre-requisites for attending this course.

 

Location

The course will be held at The Olde Barn in Marston, near Grantham, Lincolnshire. This charming rustic hotel is set in the countryside surrounding Grantham and in the heart of England. The hotel is one mile from the A1 road and 7 miles from Grantham Railway Station (on the East Coast Mainline).

 

Accommodation

This is a 5-day residential course that will be held Monday to Friday. (Accommodation can be provided on Sunday if required.)

 

Course Fees

The inclusive fee will be £1650 plus VAT (payable in advance)

 

Booking Information

For further details and to reserve a place, please contact:

 

Nikki Ashe

Telephone: 01636 643 915

Email: Nikki.ashe@griffin-group.co.uk

 

 

 

 

 

Security Concerns when using Contract Cleaners

The United Kingdom press are reporting that Members of Parliament are calling for stricter security checks on House of Commons cleaners, postal workers and other staff after two laptops were stolen from an MP’s office.

 

For the last 18+ years I have been conducting security surveys and audits of government departments and commercial organisations around the world and it is clear that organisations do not regard contract cleaning (and similar contractors) as a threat to their business.

During the working day organisations protect their premises with control of entry and sometimes with security guards.  Then at night they go home and allow unsupervised contract clearers to have free access to their office and then wonder why items are stolen of information leaked!  Of course, very few impose a “clear desk policy” or lock away documents and valuable equipment.  

In many cases, the cleaners are not dedicated to a particular site and even when they are, they are replaced at times of sickness or holidays by unknown staff.

This is complete madness!  Companies might just as well leave their offices unlocked.  Why bother securing your premises during the working day only to leave them unprotected during the evening.

Worst of all, I have experienced many incidences where the cleaners have been responsible for locking the building and setting the alarms as they leave.  Clearly, management do not see this as an issue – until there is a theft (e.g. The House of Commons) or sensitive material goes missing.

It is time that government departments, corporations and businesses stopped this nonsense and implemented stricter controls upon the use of unsupervised contractors.

Griffin Security Group is an independent company that has been providing specialist security and business protection end-to-end solutions for our clients for more than 16 years.  In that time we have developed bespoke services to meet client requirements and we provide a comprehensive and holistic service worldwide covering the full range of business protection services including: information, physical, personnel, IT and technical security, as well as business continuity, crisis management and disaster recovery planning solutions.

A Tribute to a Good Friend and Colleague

Mrs Joan Broughton

 
Our good friend and former colleague passed away on Sunday 8^th April following her long battle with cancer.

Joan worked with us until her illness took-over and she was not well enough to do so.

She will be sadly missed by all those who knew her.

Joan was born in Nottingham and moved to Newark as a child.  She and her husband, Tony, were married in 1959 whilst he was on leave from National Service in Germany.

For many years the Joan and Tony were involved in the family garage business until they sold it in the 1970s.  They opened the Appleton Hotel in Newark and later turned this into the Appleton Day Nursery.

Joan worked as the head receptionist for a dental practice in Newark before joining the Griffin Security Group.

AVAILABILITY OF YOUR DATA IN THE CLOUD

Once again the concerns surrounding the use of THE CLOUD have reached the media headlines.

Last month Megaupload, one of the internet's largest file-sharing sites, was shut down by US prosecutors after it was claimed users were illegally sharing music and movies.  (The site's founders have been charged with violating piracy laws.)

 

What this means is that users from around the world who uploaded their files to the Megaupload “Cloud “are no longer able to access their data. 

 
The US Justice Department have said, “It is important to note that Mega clearly warned users to keep copies of any files they uploaded" and added that "Megaupload.com expressly informed users through its Frequently Asked Questions and its Terms of Service that users have no proprietary interest in any of the files on Megaupload's servers, they assume the full risk of complete loss or unavailability of their data, and that Megaupload can terminate site operations without prior notice.”

 I wonder how many users read these Terms and Conditions and realized that they could lose access to their data.  If they have not backed-up the data themselves, it is probably lost – all their files and photographs, for example, have gone for good.  Businesses who have been using Megaupload for the storage of their data will no longer be able to access it.

 What do we learn from this –

•  Users are ultimately responsible for the security, integrity and availability of their own data, even when it is held by a third-party service provider.
• Even when data is stored on “The Cloud”, users must keep their own copies of the data.  Whether it is s short Internet outage or a longer-term closure of service, users still need to be able to access their own data when they want it.
• Users lose the rights to their own data once it is stored in “The Cloud”.

TERRORIST THREATS TO FOOD AND DRINKS INDUSTRY

Today’s (5^th June 2011) in The Sunday Telegraph is, “SHOPS WARNED OVER TERRORIST THREAT TO FOOD.”

The Critical Centre for the Protection of National Infrastructure (CPNI) recently sent a report to companies in the food industry warning them of possible threats to their manufacturing operations.

The media are now suggesting links between the E.coli outbreak in Germany and the vulnerabilities to the World food chain.  The recent E.coli outbreak has demonstrated how quickly bacteria can be spread – currently this highly virulent strain of E.coli has resulted in 18 people dead and 18,000 people seriously ill.  According to The Sunday Telegraph report, Klaus-Dieter Zastrow, chief doctor for hygiene at Berlin’s Vivantes hospital, said: “It’s quite possible that there’s a crazy person out there who thinks 'I’ll kill a few people or give 10,000 people diarrhoea’.”

I wonder how many company executive and managers in the food and drinks industry are familiar with  PAS 96:2010 - Defending food and drink.  This Publically Available Specification (PAS) provides “Guidance for the deterrence, detection and defeat of ideologically motivated and other forms of malicious attack on food and drink and their supply arrangements.”  The opening statement in the PAS says:

“The food and drink industry in the UK – the food sector of the national infrastructure – could be under threat from ideologically motivated groups.  The threat extends that from criminals who use extortion and from individuals with a grudge.  It is different in nature from the (natural) hazards which the industry is well versed in handling.  The threat is unlikely to decline in the foreseeable future.”

These security concerns extend far beyond the shore of the UK.  In the USA food bioterrorism has become a major concern after documents were found in Afghanistan apparently referring to plans by terrorists to contaminate supplies.

All food production facilities and the supply chains should review their security controls to ensure that not only the physical security protective measures are effective but also the human factors, including screening of staff and the close supervision of staff.

Griffin Security Group

www.griffin-group.co.uk

Security of Cloud Computing

Once again we return to the subject of Cloud Computing and outsourcing the storage of data.

Before you enter into a contract with a Cloud Computing provider and start to upload your data, you should at least consider these areas of concern:

·         Where is the data stored?  Because you are uploading data via the internet you are unlikely to know where your data is being hosted.  Ask the provider where the data centers are located – in your own country or overseas.

·         Who has access to your data? – Privileged users are likely to be able to access your data because they are able to bypass the physical, logical and personnel controls.  Ask your provider what security vetting they carry out on the privilege access staff and what monitoring of their access is conducted.

·         Data Segregation - Data in the cloud is typically in a shared environment alongside data from other customers.  Find out how your provider segregates your data from that of other clients.  Is data encrypted on their servers?

·         Regulatory compliance – You are ultimately responsible for the security and integrity of your own data, even when it is held by an outsource provider.  Cloud providers should be subjected to external audits and security certification, i.e. ISO/IEC 27001:2005.  If your provider cannot provide evidence of audits and certification, look for someone who does.

·         Business Continuity & Data Recovery – Who do you know that your data will always be available when you want to access it?  What provisions has your provider made for business continuity and data recovery?  How long will this take?  Do you have local backups of the data you have stored remotely?

·         How will you access your data if your Internet connections fail? – Access to your data is reliant upon your being able to access the Internet.  It is quite common for Internet connections to fail and sometimes this can takes days before the connectivity is restored.  Once again, Do you have local backups of the data you have stored remotely?

·         Computer forensics support - Investigating inappropriate or illegal activity may be impossible in cloud computing!  The analyst firm Gartner warns, “Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then your only safe assumption is that investigation and discovery requests will be impossible."

·         What is the long-term viability of the provider? – If your provider were to “go bust”, how would you be able to recover your data?  What if the outsource provider were to be acquired by another company; would the provisions you have already contracted (especially those relating to location, access and security be retained).

Users of Cloud Computing Services need to understand the potential risks to their data.  They should ensure that the fundamental principles of Information Security are maintained:

·         Confidentiality - Ensuring that information is accessible only to those authorized to have access

·         Integrity - The assurance that data has not been changed inappropriately, whether by accident or deliberately malign activity.

·         Availability – Ensuring that data is available to access whenever it is required.

 

www.griffin-group.co.uk