1 Physical Security for Cyborgs Roger G. Johnston, Ph.D., CPP Vulnerability Assessment Team Argonne National Laboratory
2 Argonne National Laboratory ~$738 million annual budget 1500 acres, 3400 employees, 4400 facility users, 1500 students R&D and technical assistance for government & industry
3 Vulnerability Assessment Team (VAT) The greatest of faults, I should say, is to be conscious of none. -- Thomas Carlyle ( ) A multi-disciplinary team of physicists, engineers, hackers, & social scientists. The VAT has done detailed vulnerability assessments on hundreds of different security devices, systems, & programs. Sponsors DHS DoD DOS IAEA Euratom DOE/NNSA private companies intelligence agencies public interest organizations
4 Definition Security Theater: sham or ceremonial security; Measures that ostensibly protect people or assets but that actually do little or nothing to counter adversaries. Actual Courtroom Testimony: Witness (a Physician): He was probably going to lose the leg, but at least maybe we could get lucky and save the toes.
5 Security Theater 1. Best way to spot it is with an effective thorough VA. 2. Next best is to look for the characteristic attributes: Sense of urgency A very difficult security problem Involves fad and/or pet technology Questions, concerns, & dissent are not welcome or tolerated The magic security device, measure, or program has lots of feel good aspects to it Strong emotion, over confidence, arrogance, ego, and/or pride related to the security Conflicts of interest No well-defined adversary No well-defined use protocol No effective VAs; no devil s advocate The technical people involved are mostly engineers Intense desire to save the world leads to wishful thinking People who know little about security or the technology are in charge
6 Facts About Locks 1. Locks are meant to delay, complicate, and discourage unauthorized access. 2. All locks can be defeated quickly, even by sufficiently motivated amateurs. 3. Ways to defeat locks include picking, bumping, rifling, jiggling a blank key, drilling out the lock, attacking the electronics, etc. - Who are you and how did you get in here? - I'm a locksmith. And, I'm a locksmith. -- Lieutenant Frank Drebin in Police Squad
7 Blunder: Cheap Locks on Security Hardware
8 Facts About Access Control Devices For most AC systems (including biometrics), it s easy to tamper with the: power I do not care to belong to a club that software accepts people like me as members. hardware -- Groucho Marx ( ) database tamper switch microprocessor communications key or password door lock or turnstile
9 9 9
10 Facts About Access Control Devices For most AC systems (including biometrics), it s easy to: clone the signature of an authorized person do a man-in-the-middle (MM) attack access the database or password counterfeit the device install a backdoor The first time we ever made love, I said, Am I the first man who ever made love to you? She said, You could be. You look damn familiar. -- Ronnie Bullard
11 Backdoor or MM Attacks The importance of a cradle-to-grave, secure chain of custody: As with most security devices, AC devices can usually be compromised in 15 seconds (at the factory or vendor, on the loading dock, in transit, in the receiving department, or after being installed). Most security devices have little built-in security or ability to detect intrusion/tampering. Sometimes security implementations look fool proof. And by that I mean proof that fools exist. -- Dan Philpott
12 Security of Security Products
13 Remote Toggling On/Off of Cheating I have been called dumb, crazy man, science abuser, Holocaust denier, villain of the month, hate-filled, warmonger, Neanderthal, Genghis Khan, and Attila the Hun. And I can just tell you that I wear some of those titles proudly. -- Oklahoma Senator James Inhofe
14 Blunder: Wrong Assumptions about Counterfeiting Usually much easier than developers, vendors, & manufacturers claim. Often overlooked: The bad guys usually only needed to mimic only the superficial appearance of the original and (maybe) some of the apparent performance of the product or the security device, not the thing itself, or its real performance. Rarely is full reverse engineering necessary. Sincerity is everything. If you can fake that, you ve got it made. -- George Burns ( )
15 Access Control (AC) Question: Is that really your AC device, or is it a counterfeit or a tampered version? ( perhaps one that lets anybody in, with occasional random false rejects to look realistic.) Check at random, unpredictable times with random, unpredictable people that the unauthorized are rejected. I was the kid next door s imaginary friend. -- Emo Philips
16 Access Control (AC) Blunders Bad door or turnstile design Not registering when the door is opened Not tracking who exits No role-based access; Not changing access with promotions & personnel changes Not securing the equipment and personnel that make ID badges "Badges? We don't need no stinkin' badges! -- From the movie The Treasure of the Sierra Madre (1948) [The actual dialog was, Badges? We ain't got no badges. We don't need no badges! I don't have to show you any stinkin' badges! ]
17 Biometrics Blunders All the blunders of access control, plus: Not understanding how easy it is to counterfeit a biometric signature though why would an adversary bother? Downloading the entire database to satellite stations Not turning off the enroll function on satellite stations Believing the snake oil & bogus performance specs I m always amazed to hear of accident victims being identified by their dental records. If they don t know who you are, how do they know who your dentist is? -- Paul Merton
18 Terminology (tamper-indicating) seal: a device or material that leaves behind evidence of unauthorized entry. I d say, It s a Buttmaster, Your Holiness. -- Suzanne Somers on how she would respond if the Pope asked her the name of the exercise machine she promotes
19 Terminology (con t) defeating a seal: opening a seal, then resealing (using the original seal or a counterfeit) without being detected. attacking a seal: undertaking a sequence of actions designed to defeat it. Radisson Welcomes Emerging Infectious Diseases -- Sign outside a Radisson Hotel
20 Seal Fact A seal is not a lock. Yanking a seal off a container is not defeating it! 20
21 Seals Some examples of the commercial seals Example Seal Applications: customs cargo security counter-terrorism nuclear safeguards counter-espionage banking & couriers drug accountability records & ballot integrity evidence chain of custody weapons & ammo security IT security medical sterilization instrument calibration tamper-evident packaging waste management & HAZMAT accountability
22 Seals are easy to defeat: Percent of seals that can be defeated in less than a given amount of time by 1 person using only low-tech methods 244 different kinds of seals
23 Summary of Seals Results parameter mean median attack time 1.4 mins 43 secs cost of tools & supplies $78 $5 marginal cost of attack 62 9 time to devise successful attack 2.3 hrs 12 mins
24 Seal Facts 1. All seals need a unique identifier (like a serial number). 2. A seal must be inspected, either manually or with an automated reader, to learn anything about tampering or intrusion. The person doing this must know exactly what they are looking for. 3. Unlike locks & safes, defeating seals is more about fooling people & the inspection protocol than beating hardware. 4. Adhesive label seals do not provide effective tamper detection, even against amateurs. It s better to be looked over than overlooked. -- Mae West ( ) in Belle of the Nineties,
25 Seal Use Protocol A seal is no better than its formal and informal use protocol......how the seal is: manufactured procured shipped stored checked out installed inspected removed destroyed after use And how the seal data and reader are stored & protected and How the seal installers/inspectors are trained.
26 Pressure Sensitive Adhesive Label Seals Lifting & Counterfeiting are easy. Lifting is usually the most likely attack. The difficulty of either attack is almost always greatly over-estimated by seal manufacturers, vendors, & users. If the recipient doesn t know what the seal and envelope (or container) is supposed to look like, you are wasting your time. [This information cannot accompany the seal.] Nothing is like it seems, but everything is exactly like it is. -- Yogi Berra
27 Installation It is essential to feel the surface to check that the adversary hasn t pre-treated it to reduce adhesion. Full adhesion requires 48+ hours. A PSA seal is particularly easy to lift the first few minutes to hours. Heat can help. For the third goal, I blame the ball. -- Saudi goalkeeper Mohammed Al-Deayea
28 Inspection Smell can be a powerful tool for detecting attacks. Or use a handchemical sniffer ($150-$9K). held (As with all seals) compare the seal side-by-side with an unused seal you have protected. Check size, color, gloss, font, & digit spacing/alignment. Carefully examine the surface area outside the perimeter of the label seal. The best test for tampering is to closely observe how the label seal behaves when it is removed.
29 Pressure Sensitive Adhesive Label Seals A blink comparator is a very powerful tool for detecting tampering with PSA label seals.
30 The Good News: Countermeasures Most of the seal attacks have simple and inexpensive countermeasures, but the seal installers & inspectors must understand the seal vulnerabilities, look for likely attacks, & have extensive hands-on training. Also: better seals are possible! The prophet who fails to present a bearable alternative and yet preaches doom is part of the trap he postulates. -- Margaret Mead ( )
31 Conventional Seal: Stores the evidence of tampering until the seal can be inspected. But this alarm condition is easy to erase or hide (or a fresh seal can be counterfeited). Anti-Evidence Seal: When the seal is first installed, we store secret information that tampering hasn t been detected. When the seal is opened this Anti-Evidence is quickly erased. There s nothing left to erase, hide, or counterfeit. Don t play what s there, play what s not there. -- Miles Davis ( ) 31
32 20+ New Anti-Evidence Seals better security no hasp required no tools to install or remove seal can go inside the container 100% reusable, even if mechanical Talking Cargo Seal can monitor volumes or areas, not just portals anti-gundecking automatically verifying that the seal was inspected Tie Dye Seal Chirping Tag/Seal Time Trap
33 Tampering with Urine Drug Tests It s easy to tamper with urine test kits. Most urine testing programs (government, companies, athletes) have very poor security protocols. Emphasis has been on false negatives, but false positives are equally troubling. Serious implications for safety, courts, public welfare, national security, fairness, careers, livelihood, reputations, sports. Journal of Drug Issues 39, (2009)
34 Confusing Inventory & Security Inventory Counting and locating stuff No nefarious adversary May detect innocent errors by insiders, but not surreptitious attacks by insiders or outsiders. Security Meant to counter nefarious adversaries (insiders and outsiders) Watch out for mission creep: inventory systems that come to be viewed as security systems!
35 Examples of confusing Inventory & Security rf transponders (RFIDs) contact memory buttons GPS Usually easy to: * lift * counterfeit * tamper with the reader * spoof the reader from a distance Very easy to spoof, not just jam!
36 A Sampling of RFID Hobbyist Attack Kits Available on the Internet Commercial: $20 Car RFID Clone (Walmart) Commercial: Used for faking RFID tags, reader development. RFID Skimmers, Sniffers, Spoofers, and Cloners; oh my! Documents, code, plans needed to build your own: free. There is a huge danger to customers using this (RFID) technology, if they don't think about security. -- Lukas Grunwald (creator of RFDump)
37 Facts About Prox Cards All the vulnerabilities of regular access control technologies. Plus, they are RFIDs (so they re really not secure)! It had only one fault. It was kind of lousy. -- James Thurber ( )
38 GPS: Not a Security Technology The private sector, foreigners, and 90+% of the federal government must use the civilian GPS satellite signals. These are unencrypted and unauthenticated. They were never meant for critical or security applications, yet GPS is being used that way! GPS signals can be: Blocked, Jammed, or Spoofed
39 Spoofing Civilian GPS Receivers Easy to do with widely available GPS satellite simulators. These can be purchased, rented, or stolen. Not export controlled. Many are surprisingly user friendly. Little expertise is needed in electronics, computers, or GPS to use them. Spoofing can be detected for ~$15 of parts retail (but there s no interest).
40 GPS Spoofing
41 GPS Spoofing 600 mph! pegged signal strength
42 GPS Spoofing
43 Some Potential GPS Spoofing Attacks Crash national utility, financial, telecommunications & computer networks that rely on GPS for critical time synchronization Steal cargo or nuclear material being tracked by GPS Install false time stamps in security videos or financial transactions Send emergency response vehicles to the wrong location after an attack Interfere with military logistics (DoD uses civilian GPS for cargo) Interfere with battlefield soldiers using civilian GPS (against policy, but common practice anyway) Spoof GPS ankle bracelets used by courts and GPS data loggers used for counter-intelligence The creativity of the adversary is the only limitation
44 Blunder: Poor Insider Threat Countermeasures Employee disgruntlement is a risk factor for workplace violence, sabotage, theft, espionage, and employee turnover (which is not good for security). While disgruntlement is certainly not the only insider threat issue, it is an important one. Question on a job application form: Do you support the overthrow of the government by force, subversion, or violence? Answer from one applicant: Violence.
45 Blunder: Poor Insider Threat Countermeasures Phony or non-existent grievance & complaint resolution processes (Note: if good, they ll be used a lot) Employee perceptions are the only reality! Phony or non-existent anonymous whistle blower program & anonymous tip hot line No constraints on bully bosses or HR tyranny Emphasis on being fair instead of treating EVERYBODY well Not managing expectations. Wow if only a face could talk! -- Sportscaster John Madden during Super Bowl coverage
46 Warning: Multiple Layers of Security ( Security in Depth ) Increases cost & complexity Multiple layers of bad security do not equal good security. Often mindlessly applied: the layers are not automatically backups for each other, or may even interfere with each other Leads to complacency Tends to be a cop-out to avoid improving any 1 layer or thinking critically about security How many sieves do you have to stack before the water won t leak through? Security is only as good as the weakest link. -- old adage
47 So Why So Much Bad Physical Security? I watch a lot of game shows and I ve come to realize that the people with the answers come and go, but the man who asks the questions has a permanent job. -- Gracie Allen (1895? 1964) Security Theater is easy, thinking and Real Security is hard Committees, bureaucrats, & other knuckleheads are in charge People & organizations aren t used to thinking critically about it Physical Security as a Taking Out the Garbage slam dunk thing If it s important, somebody must have thought it through Myth Lots of hype, snake oil, & bad products Blind faith in precedence and authorities Physical security is not a well developed field
48 Physical Security: Scarcely a Field at All - You can t (for the most part) get a degree in it from a major 4-year research university. - Not widely attracting young people, the best & the brightest. - Few peer-review, scholarly journals or R&D conferences. - Lots of Snake Oil & Security Theater - Shortage of models, fundamental principles, metrics, rigor, R&D, standards, guidelines, critical thinking, & creativity. - Often dominated by bureaucrats, committees, groupthink, linear/concrete/wishful thinkers. Harry Solomon: I didn t have enough experience to sell hot dogs, so they made me a security guard Third Rock from the Sun
49 What Physical Security Could Learn From Cyber Security Vulnerabilities are numerous, ubiquitous, inevitable, & constantly evolving They don t automatically mean somebody has been screwing up Scapegoating isn t very helpful Security is not binary, it s a continuum Customer focus: productivity has to be an issue in security How to motivate good security practice among regular employees Past criminals can make good consultants Technology is not a panacea security is really about people Regular employees are the security, not the enemy of security Lose the coat & tie!
50 What Cyber Security Could Learn From Physical Security Discipline, Leadership, Organizational Skills, & Being a Team Player Understanding where you fit into the organization Techniques for dealing with upper management Making the business case for security Effective project management & budgeting; meeting deadlines Females can be very effective security professionals Street smarts, people skills, & a good understanding of psychology Dealing with Social Engineering & the Insider Threat Realization that good cyber security requires good physical security Maybe that T-shirt could be washed once in a while!
51 For More Information... Related papers, reports, and presentations are available from (includes Security Maxims) If you look for truth, you may find comfort in the end; if you look for comfort you will get neither truth nor comfort only soft soap and wishful thinking to begin, and in the end, despair. -- C.S. Lewis ( )
52 Supplemental material
53 Talking Truck Cargo Seal: An Anti-Evidence, Audio Seal Seal: $15 of parts (retail) Reader: $40 of parts (retail) I hope you believe you understand what you think I said, but I m not sure you realize that what you ve heard is not what I meant. -- Richard Nixon ( )
54 Talking Truck Cargo Seal: Sample Slogans At Least One Fire Extinguisher per Dozen Trucks The Best People You Can Hire for $8 an Hour The Center Lane Marker is Only a Suggestion Amphetamines Aren t for Amateurs We Break for Small, Furry Animals Not in Front of the Teamsters! Mad Max Works for Us We Eat Our Road Kill The Go in Cargo We ll Make it Fit!
55 Security Cameras Research (for the most part) shows that security cameras: - Don t prevent crime - Can sometimes help solving crimes - Can be useful for criminal prosecution Common Sense Rule: If you re going to bother having a security camera, make sure the resolution is sufficient to recognize your own mother. The video recording system is the main cause of poor quality images. Shoot a few scenes out of focus. I want to win the foreign film award. -- Billy Wilder ( )
Vulnerability Assessments, Physical Security, and Nuclear Safeguards Roger G. Johnston, Ph.D., CPP Vulnerability Assessment Team Argonne National Laboratory 630-252-6168 email@example.com http://www.ne.anl.gov/capabilities/vat
Viewpoint Paper Being Vulnerable to the Threat of Confusing Threats with Vulnerabilities* Roger G. Johnston Vulnerability Assessment Team Nuclear Engineering Division Argonne National Laboratory The following
LAUR-04-1937 Talk for the Business Contingency Planning Conference, May 23-27, 2004 (Las Vegas, NV) Think GPS Offers High Security? Think Again! Roger G. Johnston, Ph.D., CPP Jon S. Warner, Ph.D. Vulnerability
Basic Terminology C.A. Pickett Tamper Indicating Device (TID) A device designed to leave non-erasable, unambiguous evidence of access or entry. TID s are often referred to as seals, because they seal something
ERI Safety Videos DVDs, Digital Media & Custom Production 1319 DOT HAZMAT SECURITY AWARENESS TRAINING Leader s Guide Safety Source Productions DOT HAZMAT SECURITY AWARENESS TRAINING This easy-to-use Leader
SECURITY IN TRUCKING A CHECKLIST FOR FLEET OPERATORS SECURITY IN TRUCKING A CHECKLIST FOR FLEET OPERATORS This checklist for fleet security has been compiled by the Private Motor Truck Council of Canada
What is identity theft? You might hear stories on the news about stolen identities, but what is identity theft? When someone uses the personal information that identifies you, like your name, credit card
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
FOOD DEFENSE STRATEGIES: Four Ways to Proactively Protect Your Brand Food Defense: Proactively protecting the food supply chain is paramount for protecting company profitability, liability, and survival.
Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns by Sharon D. Nelson, Esq. and John W. Simek 2013 Sensei Enterprises, Inc. It seems like everybody is talking about the
The Essentials Series: Code-Signing Certificates What Are Certificates? sponsored by by Don Jones W hat Are Certificates?... 1 Digital Certificates and Asymmetric Encryption... 1 Certificates as a Form
Integrating Routing Software With Your Business Process Workflow Appian Software for Routing and Logistics from TMW Systems 2012 TMW Systems Inc. Cleveland Dallas Raleigh Indianapolis Oklahoma City Vancouver
1 February 2010 Volume 2, Issue 1 The Merchant Serving Florida State University s Payment Card Community Individual Highlights: Skimming Scam 1 Skimming at Work 2 Safe at Home 3 Read your Statement 4 Useful
Showing Interest and Expressing Appreciation Starting Point 29 Showing Interest and Expressing Appreciation Section 1 Starting Point: Treating people well A. Warm Up: Discuss the following questions with
CASE STUDY OF INDUSTRIAL ESPIONAGE THROUGH SOCIAL ENGINEERING Ira S. Winkler National Computer Security Association 10 South Courthouse Avenue Carlisle, Pennsylvania 17013 firstname.lastname@example.org (717) 258-1816
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
PRESENTER'S GUIDE "DOT IN-DEPTH HAZMAT SECURITY TRAINING" For the Department of Transportation's 49 CFR 172.700 Subpart H Training Requirements Quality Safety and Health Products, for Today...and Tomorrow
Cyber Security Response to Physical Security Breaches INTRODUCTION Physical break-ins and other unauthorized entries into critical infrastructure locations, such as electrical power substations, have historically
Chapter 4 Legal Ethics Yes. You read that right legal ethics. Har de har. Go ahead. Get it out of your system. How about this one? Why do scientists prefer using lawyers over lab rats? There are some things
Task # Section/Control Description 1 Security Management System 1.1 Is there a manager or supervisor responsible for implementing security within the company? Please provide the security manager s name
Federal Bureau of Investigation SSA John Caruthers Cyber Criminal Section SSA Kenneth Schmutz Cyber National Security Section April 11, 2012 FBI Mission Cyber Threats FBI Response 1. Protect the United
June 2012 The Digital Divide: How the Online Behavior of Teens is Getting Past Parents Parent Disconnect Despite the obvious disconnect between teens online behaviors and parents knowledge of them, parents
PART I : NAVIGATING HEALTH CARE SECTION ONE Hospitals, Clinical Trials & Ambulance Service 1. Should my dad just sign all those hospital consent forms or actually question them? 2. What is a hospital Patient
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
PST bares the truth about performance management myths & reality (#1 of 3) Setting up a performance management system can deliver tremendous results. We ve seen it deliver hundreds of millions of dollars
A Guide For Homeowners If you are ever sued, your standard homeowners or auto policy will provide you with some liability coverage, paying for judgments against you and your attorney's fees, up to a limit
REAL SECURITY IS DIRTY INFORMATION SECURITY AND RISK MANAGEMENT ARE PURSUITS OF BRUTAL SELF- REFLECTION. The most logical business decisions come from facing ugly truths. Before any business spends a dime
Why Johnny Can't Encrypt: A Usability Study of PGP Jan Sousedek Technische Universität Berlin, Germany Erasmus program Summer semester 2008 Seminar: Internet Security email@example.com Abstract Interfaces
Information Technology Security for Small Business (video script) Descriptive Text for the Visually Impaired August 11, 2009 By Joan Porter Visual: Images related to computer and internet use and images
Introduction The Electronic Safety and Security Design Reference Manual (ESSDRM) is designed to educate and inform professionals in the safety and security arena. The ESSDRM discusses trends and expertise
Corporate Recruiter Tells All Tips, Secrets, and Strategies to Landing Your Dream Job! By Ryan Fisher INTRODUCTION It pains me to see so many people working day after day at unsatisfying jobs with limited
Large Truck and Bus Traffic Enforcement 1.0 Instructor Guide December 11, 2014 Slide 1 Large Truck and Bus Traffic Enforcement 1 Welcome students to the Large Truck and Bus Traffic Enforcement topic. Module
Annual Education 2014 Why? Protecting patient information is an essential part of providing quality healthcare. As Mission Health grows as a health system and activities become more computerized, new information
Business Security Tips Smarter Ways To Help Protect Your Business / Deterrence / is smarter deterrence external threats Make It Difficult For Criminals To Get Into Your Business. Locks, Lighting And Landscaping
WHY DO I NEED DATA PROTECTION SERVICES? Data processing operations have evolved with breathtaking speed over the past few years, expanding from very large mainframe operations to small business networks.
The Basics of Home Security Topics Covered: Home Security Basics Home Security Guides Home Security Products and Services The Value of Insurance in Home Protection Top Ten Tips for Your Home Security Essentials
White Paper PCI DSS: An Evolving Standard PCI 3.0 and 3.1 Key Requirements Explained 2015 SecurityMetrics PCI DSS: An Evolving Standard 2 PCI DSS An Evolving Standard The Payment Card Industry Data Security
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice
MILITARY SECRETS DECODED: How You Can Track and Locate Equipment and Assets Like the Military TABLE OF CONTENTS Introduction 2 Auto ID Systems Choosing Barcode, RFID, or Both 3 Total Accountability 4 Turnkey
DEFINE YOUR SALES PROCESS TO GROW YOUR BUSINESS Internet Marketing 101: How Small Businesses Can Compete with the Big Guys DEFINE YOUR SALES PROCESS TO GROW YOUR BUSINESS A strong and effective sales team
You are probably reading this guide because you were recently in an automobile accident. Now you are faced with some difficulties. The tasks of managing your care and your insurance claim can be confusing
Identity Theft Crime Victim Assistance Kit INTRODUCTION In the course of a busy day, you may write a check at the grocery store, charge tickets to a ball game, rent a car, mail your tax returns, change
Beyond the Polyester Veil : A Personal Injury Negotiations Case Study I m going to tell you something else almost as useful.i m going to tell you the big secret of handling your personal injury case. For
FREE REPORT: The Top 5 Tax Secrets The IRS Doesn t Want You To Know And How To Use Them To Reduce Your Stress And Save You Money ESPECIALLY During Tough Economic Times Guaranteed! Dear Taxpayer, Believing
82-02-67 DATA SECURITY MANAGEMENT INTRODUCTION TO PENETRATION TESTING Stephen Fried INSIDE What is Penetration Testing? Terminology; Why Test? Types of Penetration Testing; What Allows Penetration Testing
Systems An introduction to the basic concepts and arguments for owning a home security system. By Intruder Prevention Page 2 of 22 Legal Information: This is a reference guide and is to be used for informational
By James Thomas DTEC 6823 Summer 2004 What is a firewall? Firewalls for small business A firewall is either hardware, software or a combination of both that is used to prevent, block or should I say try
A conversation with Scott Chappell, CMO, Sessions Online Schools of Interviewed by: Steven Groves, StevenGroves.com Guy R. Powell, DemandROMI Can you talk to us a little bit about Sessions and what Sessions
HOW TO PROTECT YOUR DATA INTRODUCTION Every day in the news, we hear about data breaches. Are you concerned your sensitive business, customer and supplier data is not protected? Do you have a secret sauce
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
OPSEC and Safe Social Networking Agenda Introduction Did you know? Social media access What not to post Privacy settings Geotagging Social Media OPSEC for units Social media concerns for Families and Family
White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking
rd 3 5 July 11-12, 2015 Moses Exodus 2-4; Jeremiah 29:11 God has a plan for us. th Connect Time (20 minutes): Five minutes after the service begins, split kids into groups and begin their activity. Remember
Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:firstname.lastname@example.org Outline of Information Security Introduction Impact of information Need
Guide on how to choose an Employment Lawyer to represent you* Do you need an Employment Lawyer to help you with a problem you may have? Are you unsure as to how to do this? If so, hopefully this article
Message from the Ministry of Community Safety and Correctional Services The Ontario Association of Chiefs of Police (OACP) is conducting its first public education and awareness campaign on crime prevention.
1 2 Hour CEU 2 Course Objectives The purpose of this program is to provide nurses with information about the Health Insurance Portability and Accountability Act (HIPAA), especially as it relates to protected
Marquee Manage and secure your workplace by controlling who, what, when, why, where and how people are allowed in your facility. Securing the Workplace Executive Summary OPTIMIZE TODAY S WORKPLACE Protecting
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
This was a very short story written as an extra for Frostbitten. It takes place before the book begins, and launched the investigation that eventually led Elena and Clay to Alaska. Recruit Have you ever
GUIDE TO PROTECTING YOUR BUSINESS GT44GPBW As a small business owner, fraud is a significant threat to your business. According to a 2012 study by the Association of Certified Fraud Examiners, the smallest
What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs email@example.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices
Special Guide For General, Business And Life Insurance Buyers Seven Costly Insurance Traps & How To Published by Avoid Them PTY LTD The proof in the pudding is when you have a claim, and that s where our
Chapter 1 Setting the Groundwork Understanding Essential Basic Concepts Investors new to financial markets are often intimidated by the seemingly endless stream of new and unfamiliar terminology and the
Meeting the Information Security Management Challenge in the Cyber-Age November 2015 David Lam, CISSP, CPP Vice-President Citadel Information Group Copyright 2015. Citadel Information Group. All Rights
Supply Chain Security Audit Tool - Warehousing/Distribution This audit tool was developed to assist manufacturer clients with the application of the concepts in the Rx-360 Supply Chain Security White Paper:
Cyber Security Awareness Internet Safety Intro www.staysafeonline.org 1 What is Cyber Security? Cyber Security is the body of technologies, processes and practices designed to protect from attack, damage
Simple Tabletop Exercise, Cyber Security Breach Unusual Water Quality Scenario Scenario #3 Facilitator s Guide Scenario Summary Background: It is summer in Zenith City. The end of the city s fiscal year
Using coping statements to avoid common thinking traps Did you know that your thoughts affect how you see yourself and the world around you? You may look at a situation one way, even though there are many
FBI CHALLENGES IN A CYBER-BASED WORLD Federal Bureau of Investigation Assistant General Counsel Robert Bergida 202-651-3209 Overview Cyber Threats FBI Mission FBI Response Terrorism remains the FBI s top
Learn. Act. Share. Human trafficking is the buying and selling of men, women and children within countries and across borders in order to exploit them for profit. The trafficker takes away the basic human
BACKGROUND WAREHOUSE SECURITY BEST PRACTICE GUIDELINES CUSTOMS-TRADE PARTNERSHIP AGAINST TERRORISM In the aftermath of September 11, U.S. Customs and Border Protection (CBP) in cooperation with its trade
Protecting Yourself from Identity Theft Guide 4 Because you don t have to be the next victim Desert Schools Money Matters Series Guiding you toward financial success Table of Contents How ID theft happens.............................
Fraud Prevention Checklist for Small Businesses 11 Ways to Minimize the Risk and Impact PAYMENT SOLUTIONS Fraud can have a devastating impact on small businesses. Prevention and mitigation strategies can
How to Prevent It What to Do If You Are a Victim www.tn.gov/consumer www.tn.gov/safety Tennessee Division of Consumer Affairs Identity theft happens when someone steals your personal information and uses
The TrainingFolks Approach The importance of superior management, leadership and interpersonal skills are critical to both individual and organizational success. It is also critical to apply these skills