Daily Archives: 26/07/2013

The Security Institute set to launch The Knowledge Centre

The Knowledge Centre is intended to be a key research and professional development resource for Institute members wishing to increase their knowledge base on specific security subject subjects, while also serving as an essential tool to support the studies of student members.

Headed up by director Angus Darroch-Warren CSyP, The Knowledge Centre will provide members with information sources including research papers, articles, dissertations and links to websites.

It’s recognised by The Security Institute that ‘Security’ covers a broad and diverse set of specialisms relating to: “The protection of people, information and other assets through the prevention, elimination and mitigation of risks and threats”. This includes intelligence gathering, research and information technology.

The Security Institute: pioneering education for security professionals

The Security Institute: pioneering education for security professionals

On that basis, The Knowledge Centre will be structured around the following 16 categories, reflecting the parameters and scope of contemporary security practice:

• Business Management
• Business Resilience
• Counter Terrorism
• Counter Fraud
• Crime and Criminology
• Critical National Infrastructure
• Defence and International Security
• Governance and Compliance
• Information Security
• Investigations
• IT and Cyber Security
• Law and Legislation
• Personnel Security
• Physical Security
• Security Professionalism
• Security Risk Management

These categories will provide a framework for the development of the new Research Directorate and its services, as well as providing new learning resources for the Institute’s vocational courses.

Gus Darroch-Warren CSyP

Gus Darroch-Warren CSyP

The Knowledge Centre will be launched in phases and, much like any learning platform, it will be continuously developed as additional information is added or existing material (or web links) are updated.

Launch timetable for The Knowledge Centre

Launch of the 16 front pages of the new website takes place on 31 July. This will allow the Institute’s membership to see how the website is structured, including documents under the following headings: ‘Useful websites’, ‘Published Academic and Research Sources’, ‘Theses and Dissertations’, ‘Government and Organisational Reports’, ‘Legislation, Standards and Guidelines’, ‘Editorials and Commentaries’ and ‘Additional Resources’.

Dr Alison Wakefield

Dr Alison Wakefield

The Knowledge Centre is a key project of The Security Institute’s new Research Directorate which is being run by Dr Alison Wakefield (Head, Internal and External Research), Jerry Woods CSyP (Good Practice Guides), Mike Gillespie (Cyber Research/Strategy) and Angus Darroch-Warren (The Knowledge Centre).

Jerry Woods

Jerry Woods CSyP

It fits both with the objectives of the Institute and the Register of Chartered Security Professionals with regard to education of the membership and the sector as a whole. In particular those studying for the The Security Institute’s Certificate and Diploma (as well as undergraduate and post-graduate students at the various universities and colleges) will benefit from a centralised information resource.

The Knowledge Centre provides exciting additional benefit to the membership, particularly student members, and will demonstrate the expertise that The Security Institute holds within its membership. It also represents one of the first efforts by the security profession on the international stage to define what constitutes security in the new millennium, in turn conveying this to the members and the wider security community.

Want to be involved as a volunteer in The Knowledge Centre Project?

A number of ‘Champions’ from among The Security Institute’s membership have been identified and appointed to lead each of the categories, but the Institute is still looking for members to become involved in this exciting project.

Many of those ‘Champions’ have completed, or are undertaking, doctoral level research in their area of expertise, and will be in a position to communicate their knowledge of key information resources to the membership.

Future development will see each category, headed by its appointed ‘Champion’, broken down into sub-categories and further web pages, matching the above structure. These may be specific to an industry (eg oil and gas, pharmaceuticals, financial services) or form a subset within an existing section (eg physical security may require separate sections on detection systems, CCTV or access control).

Management of a category is not considered to be onerous and represents an ideal opportunity for members to contribute to an Institute project, particularly those who are unable to participate in other events and activities or who are based internationally.

It offers the opportunity to gain valuable CPD points under the ‘Other Contributions’ banner without the cost of travel.

If you’re interested in becoming involved with this project, please contact Helen Corbett (The Security Institute’s senior administrator) on (tel) 08453 707717 or via e-mail at: helen@security-institute.org to register your interest

Leave a comment

Filed under IFSECGlobal.com News

Forensic Science in the UK: response by University of Leicester forensic scientist to Science and Technology Committee inquiry into closure of the FSS

The Science and Technology Committee has published the results of a follow-up inquiry into the closure of the Forensic Science Service (FSS). Read more about this here: http://www.bbc.co.uk/news/science-environment-23436303

Expert comment on the matter has now been offered by Dr John Bond OBE, senior lecturer in forensic science at the University of Leicester Department of Chemistry and co-lead of the Alec Jeffreys Forensic Science Institute at the University.

The Government's decision to close the Forensic Science Service has caused much debate in the security world

The Government’s decision to close the Forensic Science Service has caused much debate in the security world

This is what Dr John Bond OBE has to say…

“It comes as no surprise to me that, two years on from the closure of the Forensic Science Service (FSS), the Science and Technology Committee continues to be concerned over forensic science provision in the UK.

“The closure of the FSS in 2012 showed a remarkable lack of appreciation by the Government over what was happening across the public sector as a result of budget cuts and austerity. Like any other public body, the police service looked to save money and escalated a trend that had been simmering away for some years. That is, why not undertake ‘low level’ forensic work themselves rather than pay for it? This has led to an expansion of evidence recovery and screening work by police forces, removing this from the (now private) forensic providers.

“Not only has this led to unpredictable revenue for the forensic providers but it has has placed an increased burden on shrinking police resources to undertake this forensic examination work themselves.

“The Committee acknowledges the work of the Forensic Regulator in ensuring that all labs undertaking forensic work meet minimum standards, but also acknowledges the difficulties some police forces are having in meeting these standards.

“A cornerstone of good forensic scientific practice is to have those analysing and interpreting forensic evidence independent and remote from those prosecuting, something recognised in the US National Academy of Sciences report on Strengthening Forensics in 2009.

Dr John Bond OBE. Photo: University of Leicester

Dr John Bond OBE. Photo: University of Leicester

“Having more and more work undertaken within police premises by those working alongside investigators can only encourage the suggestion that the forensic process is not truly independent.”

In desperate need of a new strategy

“I would agree with the committee that forensic science in this country now desperately needs a strategy, along with adequate funding to police forces to purchase their forensic science needs, which are based on what is proven to provide good and cost-effective evidence.

“I would also endorse the comment made by the committee with regard to the lack of investment in forensic science research, although work is now in hand to address this through the Government-sponsored Technology Strategy Board which, earlier this year, set up a Forensic Science Special Interest Group.

“I sit on the Steering Committee for this Group and we are actively pursuing current issues in forensic science, including quality standards as well as research funding. Last month, the Group held a well-attended meeting at the University of Leicester to pursue these issues with local police forces, academics and the private sector.”

Leave a comment

Filed under IFSECGlobal.com News

IBM unveils new software to help companies identify and predict security risk

As cyber attacks increase in volume and severity, IBM’s QRadar Vulnerability Manager helps to identify, sort, contextualise and prioritise network vulnerabilities.

IBM has unveiled an integrated security intelligence solution that helps organisations identify key vulnerabilities in real-time, while also reducing the total cost of security operations.

IBM QRadar Vulnerability Manager (QVM) gives security officers a prioritised view across their entire network, helping them to quickly strengthen and fortify defences. By aggregating vulnerability information into a single view, security teams can see the results from multiple network, endpoint, database or application scanners for quick review and management.

IBM’s X-Force team has catalogued more than 70,000 known vulnerabilities and the National Vulnerability Database is adding an average of 15 newly discovered vulnerabilities every day. The rapid expansion of social, mobile and cloud computing can further increase the number of potential vulnerabilities, in turn expanding the threat landscape.

Part of the IBM Security Intelligence Platform, QRadar Vulnerability Manager combs through security holes to help close them to potential exploits, excluding those hidden behind firewalls, associated with inactive applications or otherwise unreachable from external attacks. By simply activating a license key, this new software can automatically scan the network and perform the analysis helping security teams more effectively direct their limited staff resources.

IBM QVM Screenshot

IBM QVM Screenshot

“Security Intelligence is about putting all the available data into context, and making it useful for each client’s unique security needs,” said Brendan Hannigan, general manager of IBM’s Security Systems Division. “We’ve relentlessly expanded QRadar’s capabilities. Tight integration of vulnerability management is the next natural extension.”

Designed to address gaps in vulnerability management solutions

IBM QRadar Vulnerability Manager helps clients reduce the remediation and mitigation burden by aggregating vulnerability information into a single risk-based view where it can be quickly prioritised.

Security teams can see the results from multiple network, endpoint, database or application scanners alongside the latest X-Force Threat Intelligence alerts and incident reports from the National Vulnerability Database. The new offering also includes its own embedded, PCI-certified scanner which can be scheduled to run periodically or triggered based on network events.

“QRadar Vulnerability Manager is a breakthrough for the IT security industry,” said Murray Benadie, managing director at Zenith Systems (an IBM Business Partner). “It can cut a huge list of vulnerabilities in half, if not more. Users will quickly see vulnerabilities on their networks without trying to mash products together – that’s how information falls through the cracks. This is a true game changer.”

Intrusion prevention solution provides ‘Virtual Patch’ when remediation isn’t available

IBM is enhancing its intrusion prevention platform with the introduction of the IBM Security Network Protection XGS 5100. Fully integrated with IBM QRadar Security Intelligence Platform, the platform now provides ongoing network data feeds to help identify stealthy Secure Socket Layer attacks (SSL: a security protocol to enable Web sites to pass sensitive information securely in an encrypted format), in addition to helping provide real-time protection from advanced threats and heightened levels of network visibility and control.

This enhanced intrusion prevention platform also includes IBM’s ‘Virtual Patch’ technology to provide vulnerability protection when a software patch is not yet available.

IBM QVM Dashboard

IBM QVM Dashboard

Additionally, IBM is also announcing a new version of the IBM Security zSecure Suite, a mainframe security solution with IBM QRadar Security Intelligence Platform integration. This combined solution helps provide organisations with enterprise-wide visibility of mainframe security events, supported with automated real-time threat alerts and customised compliance reporting.

To learn more, visit http://www.ibm.com/security/vulnerability/

About IBM Security

IBM’s security portfolio provides the security intelligence to help organisations holistically protect their people, data, applications and infrastructure.

IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more.

The company operates one of the world’s broadest security R&D and delivery organisations, monitoring 15 billion security events per day in more than 130 countries and holding more than 3,000 security patents.

For more information on IBM security visit: http://www.ibm.com/security

Leave a comment

Filed under IFSECGlobal.com News