Health Benefits of Almonds and Pistachios
Disclosing Pregnancy in an Interview
Exercise Machines Used to Trim the Waist
Gender Discrimination in the Workplace
Can Quitting Gluten Be Bad for You?
Proper Technique for Running
View the original article here
Health Benefits of Almonds and Pistachios
Disclosing Pregnancy in an Interview
Exercise Machines Used to Trim the Waist
Gender Discrimination in the Workplace
Can Quitting Gluten Be Bad for You?
Proper Technique for Running
View the original article here
NASHVILLE – In the wake of the cyber attack against health benefits company Anthem, Tennessee Department of Commerce and Insurance (TDCI) regulators are urging consumers to use extreme caution when receiving emails purporting to be sent from Anthem.
Scammers are targeting current and former Anthem members by sending emails designed to capture personal information (a tactic known as “phishing”). These phishing emails are made to appear as if they are from Anthem and include a “click here” link for credit monitoring. However, these emails are NOT from Anthem and recipients are advised to NOT click on any links in the email nor should they open any email attachments.
State insurance commissioners and law enforcement authorities are still assessing the fallout from the Jan. 29 data breach of Anthem that potentially exposed the personal information of more than 80 million people. The exact number of Tennessee residents who are affected by the breach has not yet been determined. Anthem has stated it will provide state regulators with a complete list of the affected individuals by state once this is available. Anthem subsidiary Amerigroup is a TennCare managed care company. In addition, BlueCross BlueShield of Tennessee members who have sought medical care in Anthem states, including Georgia, may also be impacted.
“TDCI has been in communication with the company, its domestic regulator, and fellow state insurance regulators through the National Association of Insurance Commissioners,” said TDCI Commissioner Julie Mix McPeak. “We take very seriously the issue of cybersecurity, and we will continue to work with our partners to investigate this breach and ensure that any impacted Tennessee consumers have immediate access to remedial assistance.”
Anthem has told state insurance regulators they are diligently collecting the identities of all individuals whose information may have been involved with this security breach. State insurance commissioners, directors and superintendents are convening by weekly conference call for updates on Anthem’s progress in mitigating the situation and members of the National Association of Insurance Commissioners (NAIC) have called for a multi-state examination of Anthem and its affiliates. TDCI expects to participate in the examination to ensure protection of consumers covered by Anthem.
Click here for more information about the Anthem breach and ways consumers can protect themselves from cyber attacks.
View the original article here
Health Benefits of Almonds and Pistachios
Disclosing Pregnancy in an Interview
Exercise Machines Used to Trim the Waist
Gender Discrimination in the Workplace
Can Quitting Gluten Be Bad for You?
Proper Technique for Running
View the original article here
AppId is over the quota
AppId is over the quota
Security planning, regardless of business sector, is a company’s best effort to provide a proactive system to protect property and lives. Despite robust planning, a security director’s worst nightmare is a serious injury or death occurring on company property due to a violent criminal act. Whether managing a single location or thousands across the country, violent crimes against a customer, employee, visitor or vendor will test any company’s risk avoidance planning. The very likely result of the crime is the filing of a lawsuit.
View the original article here
Health Benefits of Almonds and Pistachios
Disclosing Pregnancy in an Interview
Exercise Machines Used to Trim the Waist
Gender Discrimination in the Workplace
Can Quitting Gluten Be Bad for You?
Proper Technique for Running
View the original article here
AppId is over the quota
AppId is over the quota
Healthcare institutions have managed workplace violence with measurable success, despite the challenges faced in hospitals, emergency rooms, mental health, nursing homes, long-term care and community healthcare facilities. The magnitude of the problem is astounding – its devastating impact looms mightily in the hearts and minds of boards of directors, C-suites and security directors as both a real institutional threat and a contentious business reality facing healthcare today.
As an institution, healthcare has adapted well to managing the complexities and propensities for violence in medical settings, but it is a particularly complex and dangerous occupation for healthcare employees, patients and bystanders.
That danger arises from exposure to violent individuals combined with the absence of strong violence prevention programs and protective regulations. Other contributing factors such as staff shortages and increased patient acuity add to the problem.
The healthcare culture’s resistance to the idea that providers are at risk is a key consideration that affects the value of aggressive prevention strategies based on responsibility, accountability and consequences.
Integration and collaboration of resources in combating workplace violence is a work in progress that benefits an engaged system. Accepting that violence in healthcare settings is truly high-risk requires a multi-dimensional and multi-disciplinary approach that holds itself accountable. To change the culture:
• Prepare for the “WHEN,” not the “IF”
• Recognize the realities and take appropriate measures
• Maximize the value of shared resources
• Enforce and support existing plans
• Adopt innovative proactive strategies
• Conduct internal and external ongoing self-assessments and validations
Waiting for the “if” can have a long-term, disastrous impact on morale, service and reputation. We see negligence in training, security and supervision in our daily operations — most vividly following catastrophic incidents that show how ill-prepared was the organization.
Training that focuses solely on compliance is a disaster waiting to happen. Generally, organizations have resorted to cost-effective approaches for training on workplace violence that include online courses without the benefit of a facilitator to ask “what if” questions.
One must recognize that the healthcare system is a business that attaches budgetary constraints to decisions that adversely affect security and training, a mindset that should be revised as soon as possible.
The U.S. healthcare system is in the beginning of a crisis. If projections are accurate, the demand for nurses will increase 40 percent, and a 400,000-hour full-time equivalent registered nurse shortfall will occur by 2020. Such realities underscore the value of integrating and collaborating resources.
Changing the culture also necessitates a balanced reliance on the doctor’s influence over safety and security by adding more voices to the discussion. Relegating the security mission solely to the security director and staff defeats the benefits of a collective effort, shared resources and a supportive senior management. Senior management involvement, essential to combating workplace violence, pertains to accountability, responsibility and consequences.
In the last 15 years, deaths resulting from workplace violence have ranked among the top four causes of occupational fatalities in American workplaces. In response, OSHA released a new compliance directive last September that offers procedures for staff who respond to workplace violence cases.
The directive, Enforcement Procedures for Investigating or Inspecting Incidents of Workplace Violence, establishes procedures for conducting inspections in late-night retail workplaces and health care and social service settings, which may be at a higher risk of workplace violence.
“Research has identified factors that may increase the risk of violence at worksites,” the directive states. “Such factors include working with the public or volatile, unstable people. Working alone or in isolated areas may also contribute to the potential for violence. ... Additionally, time of day and location of work, such as working late at night or in areas with high crime rates, are also risk factors that should be considered when addressing issues of workplace violence.”
A recent OSHA inspection of a Maine psychiatric hospital found more than 90 instances in which workers were assaulted by patients from 2008 through 2010. OSHA cited the hospital for not providing adequate safeguards against workplace violence and proposed a fine of more than $6,000.
“These incidents, and others like them, can be avoided or decreased if employers take appropriate precautions to protect their workers,” said OSHA Administrator David Michaels, Ph.D.
More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicates that an average of more than 15,000 nonfatal workplace injury cases was reported annually during this time.
Similar studies by the National Institute for Occupational Safety and Health and other organizations show that employers who implement effective safety measures can reduce the incidence of workplace violence, including:
• training employees on workplace violence
• encouraging employees to report assaults or threats
• conducting hazard analyses
• access controls
• safe rooms for use during emergencies
More than 70 percent of U.S. workplaces do not have a formal program addressing workplace violence. Studies suggest that the number of healthcare employees at risk might be even higher than the data reports simply because employees would rather protect their jobs than report incidents.
Consider dealing with the realities of worker safety by imposing patient standards of security. Without management’s creative innovation, employees might begin to confront risks with a dismissive attitude, not acknowledging the need to take appropriate measures.
In some cases, employees and management begin to accept the notion that hazards come with the job, take it or leave it. This unfortunate attitude contributes to individual and organizational risk by:
• perception of negligence or poor job performance
• employee loss of trust and confidence in the system
• stigma of victimization
• a reporting system with excessive paperwork
• no follow up or documentation
• a lack of support from management
While the debate of balance between security and management continues, the contentious realities of the need to invest in state-of-the-art physical security, access control and visitor management systems have yielded results formed from the basis for long-term security and technology ROI strategies. On the human resource side, efforts have been made to quantify and measure incidents through data collection systems and adding baselines in security programming and training.
The Joint Commission’s Sentinel Event Alerts and Data Base Reports now provide more than sufficient corroborative information and data-mining capability in justifying and applying relevant, appropriate methodologies. Armed with this consolidated data, security directors can map out courses of action consistent with policies, regulations and budgets that offer global intervention strategies and perspectives in enhancing security — showing management’s commitment. Avoid overreacting to situations but rather to have a measured response when confronting the issues of healthcare safety and security. Compliance is not prevention.
What else can be done? Consider methodologies suggested here:
• Collaborate with employee organizations and family advocates
• Dispel the myths that workplace violence is not preventable
• Integrate multiple intervention strategies
• Implement and review violence prevention and emergency response strategies frequently
• Coordinate employee training
• Coordinate and understand the legal implications of what you can and cannot do
• Synergize the organization’s capabilities to manage an agile and robust violence prevention and response plan
• Review reporting procedures
• Assess and evaluate system root causes and contributing factors
• Influence a top-down accountable management commitment
• Define a sharing role between HR and security
Senior managers must define the leader’s role in helping identify specific expectations, which might appear on annual performance reviews and ratings.
Supervisors should be held accountable for managing potential conflicts, de-escalating disputes, resolving issues and recommending changes to minimize future risks. Employee complaints and reports filed with supervision can increase credibility in reporting when expeditiously resolved, and current approaches to handling patient-employee violence must be reviewed and presented to senior management.
Create a culture of connectivity up and down the organization by integrating resources in sharing security responsibilities. Break the traditional views that withhold creative approaches to innovative thinking about alternative workplace violence prevention strategies and approaches. For example:
• Minimize employee and patient risk through frequent assessments and evaluations
• Use safe rooms and sheltering
• Do not avoid of training out of fear of disclosing concepts or impeding nursing or doctor schedules
• Include police and emergency responders in your training plans
• Promote organization-wide awareness and responsibility
In the end, your commitment is judged by your measured response. One employee once told me that his organization’s workplace violence prevention efforts are a joke. When I asked why, he responded by saying, “Because nobody ever asked me for my opinion.”
View the original article here
AppId is over the quota
AppId is over the quota
Employers have long recognized that conducting due diligence on new hires is a mission critical task. When it comes to any position dealing with Information Technology (IT), the stakes go up exponentially due to the sensitive nature of access to data and systems that operate the company.
Security professionals, CISOs and IT Directors with the responsibility to safeguard the integrity of security systems and data cannot afford to be sidetracked by insider threats such as intellectual property theft, sabotage, embezzlement or other workplace distractions. Although there are well-established processes to exercise due diligence in the United States, U.S. employers are increasingly finding that employment screening involves an international aspect.
Security professionals may encounter five situations where international background checks become important:
With the mobility of workers across international borders, it is no longer adequate to conduct screening just in the United States because a significant percentage of the U.S. population consists of immigrants.Many IT positions are filled with individuals from foreign countries in the U.S. on a H1-B1 visa.A U.S. citizen may have gone to school or worked outside the U.S.With business going global, U.S. firms are having to staff offices internationally.International screening may be needed if IT work is outsourced outside of the U.S. A survey of 350 IT managers by Amplitude Research found 61 percent of respondents who worked for companies that outsourced IT jobs to other countries said they experienced a data breach after outsourcing while just 35 percent of the companies that did not outsource had data breaches. In some instances, a firm may want to conduct due diligence on a business entity as well as the principal and workers to ensure data protections.The following will introduce you to international background checks, including the legal, cultural and practical challenges faced when obtaining information outside the U.S. International Screening vs. Domestic Screening.
Because of the perceived difficulty in performing international employment screening, some security professionals have not attempted to verify international credentials or to perform foreign criminal checks. However, the mere fact that information may be more difficult to obtain from outside of the U.S. does not relieve them from their due diligence obligation.
However, security professionals face special challenges and practical difficulties when performing international screening because every country is completely different when it comes to background checks. Techniques, information and availability of public records that are taken for granted in the United States are often times not available abroad. Outside the U.S., there is generally limited access to public records and the types of information needed for a background screening. Each country has its own laws, customs and procedures for background screenings. Other challenges include:
• Differences in courts and legal systems
• Variations when expressing foreign names in the English alphabet
• Time differences when communicating around the world
• Different means and cost of communication
• Countries with country specific forms
• Foreign calendars with different holidays
• Fraud awareness of non-legitimate foreign schools and employers
• International screenings more expensive than domestic
• Payments made in currency of foreign countries
Security professionals cannot assume the U.S. government has performed a background check on workers with a visa that relieves them of their due diligence obligation to conduct their own screening. Government efforts are not foolproof. After the events of Sept. 11, 2001, the U.S. Government has certainly increased checks on foreign visitors and workers on government “watch lists.”
However, these checks are primarily aimed at keeping terrorists and international fugitives from entering the U.S. or deporting non-citizens who commit crimes or overstay their visas. The efforts of the government, although vital, are not aimed at lesser convictions that may be relevant to job performance or verifications of credentials. Security professionals should consider screening internationally for criminal records, employment, education and publicly available terrorist lists.
There are additional challenges for international criminal searches. In some foreign countries, searches may be broad and accurate, while in other countries, searches may be conducted at the local police department level and offenses in other areas can be missed.
Another alternative available for some countries is to request that an applicant obtain their own certificate of good conduct from their local police station. However, certificates have their own drawbacks, such as covering a limited time period or geographic area, and authenticity can be an issue.
Turnaround time for international criminal searches can be much longer than domestic U.S. searches. Different countries also have different rules on the level of searches, but in most countries it is possible to obtain information of offenses of at least the felony level. Another concern is name variations. Many countries have naming conventions different than the U.S., such as using the mother’s name. Complications can also arise for applicants with names based on a non-English alphabet, such as Chinese, Arabic or Japanese that must be translated into English.
Other due diligence tools include various terrorist databases available to the public, such as the Office of Foreign Assets Control (OFAC) list maintained by the U.S. Department of the Treasury.
The challenges involved in international employment verification are augmented by all the problems associated with working internationally. To obtain background screening information, security professionals may need to schedule calls for the middle of the night, locate foreign phone numbers and overcome language barriers.
Verification of an educational degree earned abroad is critical to verify credentials and to avoid fraud. Security professionals need to determine if an applicant attended the school claimed and received the degree claimed. They also need to determine if the school is accredited and authentic or a worthless “diploma mill.” The international education verification process has three parts:
• Determine if applicant attended school claimed and received degree claimed;
• Determine if school is accredited and authentic; and
• Determine equivalency of foreign degree in terms U.S. employers can understand.
Unfortunately, the world is awash with phony schools, fake degrees and worthless diplomas. Statistics show that education fraud can run as high as 20 percent. If security professionals are not familiar with a school, they should conduct their own research.
Privacy and data protection is another crucial issue for international screening. Security professionals must consider the application of foreign privacy laws regarding the manner in which information is obtained, transmitted and utilized.
For example, the European Union (EU) passed strong privacy rules in 1998 affecting how personal data can be obtained and utilized. American background screening firms that do international searches should be a member of the U.S. Department of Commerce “Safe Harbor” program, which demonstrates a commitment to the EU privacy and data protection rules. Firms that acquire data on individuals from EU member countries without compliance with the EU rules can be in violation of EU law. A listing of firms on the Safe Harbor members list appears at https://safeharbor.export.gov/list.aspx.
In addition to the EU Privacy rules, other countries are in various stages of dealing with similar issues concerning personal consumer information. In 2004, a privacy law called the Personal Information Protection and Electronics Document Act (PIPEDA) went into effect in Canada that impacted international screening. Under PIPEDA, employers can still conduct pre-employment background screening, but only with some stringent privacy controls.
While international screening can be challenging, it is not impossible. Security professionals can find themselves in hot water by assuming international screening is too difficult or expensive and simply bypassing the process.
If the task of international screening is outsourced to a background screening firm, that firm has an obligation under the Fair Credit Reporting Act (FCRA) to take reasonable procedures to insure accuracy. If there is a negative public record, the firm must make certain the information is correct, up-to-date, and supplied in a way that does not violate any data or privacy protection rules.
Security professionals implementing an international background screening program should follow the following recommendations:
• Do not assume if a person has spent time outside the U.S. that an international check is not possible.
• Do not assume a worker with a valid visa has undergone a sufficient background check as part of the visa application.
• Be aware of international data and privacy protection laws that can potentially impact what data can be obtained and used by an employer.
• Understand that there is a difference between obtaining and using information for a job position in the U.S. as opposed to setting up offices or facilities outside of the U.S.
• If setting up offices or facilities outside the U.S., make sure you understand local law. However, in some cases, local law may allow inquires that go beyond what would be allowed in the U.S. In such circumstances, a firm may want to follow a standardized global process to the extent possible that is also consistent with U.S. laws as well.
• Perform the broadest criminal search allowed in each country for the most protection.
• At the very least, verify the highest education the applicant attained and the last employment where applicant worked.
• Be aware of the potential fraud issues for international education and employment verification.
• Use proper consent forms needed for each country.
• Keep all data confidential and secure.
• If using a background firm, ensure that it is Safe Harbor certified or National Association of Professional Background Screeners (NAPBS) accredited.
IT and Information security specialists have a much higher degree of due diligence given the sensitivity of their responsibilities. International background checks are an essential part of this risk-management.
View the original article here
Health Benefits of Almonds and Pistachios
Disclosing Pregnancy in an Interview
Exercise Machines Used to Trim the Waist
Gender Discrimination in the Workplace
Can Quitting Gluten Be Bad for You?
Proper Technique for Running
View the original article here
NASHVILLE – The Tennessee Department of Commerce and Insurance (TDCI) today officially unveiled the One Stop licensing database which streamlines how customers can apply, renew and verify their licenses.
One Stop is a customer-friendly and efficient online resource where professionals can download vital documents needed to obtain or renew their licenses. One Stop also creates more transparency because it creates a new way to verify licensees’ current information, allowing consumers to make more informed choices.
“We listened to our customers who asked for a simpler way to get the information they need – whether it’s an application form or up-to-date licensure information,” said TDCI Commissioner Julie Mix McPeak. “One Stop is the latest way that the Department is continually striving to improve our customer service.”
One Stop is an easy-to-use timesaver because it centralizes all licensure applicant information, fees and requirements. Just visit One Stop on the TDCI website at and search using the profession name, regulation name or by topic. For example, if you’re looking for a cosmetologist license, you can search for “Cosmetologist” or search using a related term such as “hair.”
Search results will include applications, renewals, verifications, reinstatements and more. Results will also include a list of requirements, fees and other important information associated with a regulation.
“TDCI is excited to be the pioneer state agency for this effort, and it is another great example of our commitment to Governor Haslam’s Customer Focused Government initiative,” said TDCI Deputy Commissioner Bill Giannini. “We will continue to improve the One Stop licensing database to meet our customers’ needs. As other agencies come on board, it will only continue to improve.”
After a soft launch in January, the One Stop licensure database has been increased to include all the professions regulated and licensed by TDCI and its Division of Regulatory Boards which serves 232,000 active licensees in 22 professions including accountancy, cosmetology, real-estate, funeral directors, and home inspectors, among others. One Stop’s other databases include TDCI’s Consumer Affairs division (which include beauty pageants, credit repair companies, debt management and health clubs) as well as those regulated by the Department of Agriculture’s Division of Consumer and Industry Services.
###
View the original article here
Health Benefits of Almonds and Pistachios
Disclosing Pregnancy in an Interview
Exercise Machines Used to Trim the Waist
Gender Discrimination in the Workplace
Can Quitting Gluten Be Bad for You?
Proper Technique for Running
View the original article here
AppId is over the quota
AppId is over the quota
True or False … in many healthcare facilities, workplace violence is exclusively a security issue? In many instances, the answer would be true. However, in order for healthcare facilities to properly address the issue of workplace violence, a collaborative team effort amongst several disciplines within the healthcare facility needs to occur.
At Metropolitan Hospital Center (MHC) in New York city we have designed a team of managers from the security, safety, risk management, patient safety, quality management, emergency, behavioral health service and human resources departments that convene on a regular basis and carry out specific functions that address workplace violence in our hospital. The team is charged with discussing/reviewing workplace violence incidents, planning and implementing countermeasures, assessing associated risks, drafting procedures and providing guidance and training to hospital staff. The team is dedicated to developing a simplified process that provides education of and awareness to the inherent dangers associated with an acute care healthcare facility, and develops practices and solutions that help prevent and respond to incidents of workplace violence.
At MHC, the Workplace Violence Prevention Team is actually a subcommittee of MHC’s Physical Environment committee. The subcommittee has direct reporting responsibilities to the Physical Environment committee as well as the hospital’s senior leadership. The subcommittee has defined a hospital-wide policy statement that outlines the commitment of hospital administration to ensuring the safety of all patients, staff and visitors, and has also developed a detailed workplace violence prevention policy and procedure. In addition, the subcommittee has created a formal documentation process for workplace violence incidents so that they can be tracked and trended in order to provide proper remedies, training and countermeasures. Equally important, the subcommittee has developed a mandatory employee training curriculum: “PREVENT, RESPOND, REPORT” that provides education and awareness for all employees on early detection of workplace violence prevention symptoms – (PREVENT), de-escalation techniques (RESPOND) and how to properly document an incident (REPORT).
The team’s multi-disciplinary composition allows for quick recognition and action on items that require a rapid response. Having the department managers of the key departments on the team helps with pertinent issues such as union concerns, safety and security matters, patient care implications and community concerns. These issues are undertaken in a proficient, straightforward manner with input from the key stakeholders, avoiding obstacles that might otherwise encumber the process, such as communication breakdowns, role responsibilities and senior management insight and support.
The collaboration of the subcommittee engaging in cross-functional alignment has proven to be a valuable strategy in Metropolitan Hospital’s workplace violence prevention program. The team’s coordinated effort has lead to more efficient management of the prevention process through effective focus, execution and analysis. The collaboration approach has also allowed for expanded program oversight without the commitment of additional resources, as well as providing a well-balanced solution approach to workplace violence incidents, their causes, their preventive measures and ultimately, their outcomes.
View the original article here
AppId is over the quota
AppId is over the quota
We have all seen the increased physical presence of security and public safety professionals. And we have all been affected by airport delays, baggage regulations and new technologies to screen us.
However, one of the most profound areas of change has been in the field of education. Learning and degree programs that were once obscure or non-existent are today growing and in demand – and not solely geared toward military servicemembers. This rise in demand is due as much from the private sector as it is from government agencies including FEMA, DoD, DHS and the FBI.
The events of 9/11 have had the unintentional, but direct result of an employment boom, giving everyday citizens an avenue to have a fulfilling career while serving the interests of their nation.
Government and private sector employers are looking for job-specific educated professionals for positions instead of employees with generic/broad degrees.
In response, many universities have begun offering degree and certificate programs geared at giving individuals the credentials they need to do their part in this growing and crucial field.
In order to offer opportunities to working adults (roughly 40 percent of American’s college students, according to The Washington Postin March 2011) many universities are offering programs both in traditional classrooms and online, allowing public safety, military servicemembers and security professionals – who are all constantly on the move – the opportunity to advance their education and their careers.
Additionally, an online platform enables individuals not currently working in the field a means of entering it without having to leave their current occupation.
At Bellevue University we have seen a drastic increase in the number of students enrolling in our Bachelor of Science in Security Management degree program. In 2007 Securitymagazine ranked Bellevue University’s program (combined bachelor’s and master’s degrees) as the largest in the nation. We are hearing from students that they need to get into the industry on the ground floor. They need applicable knowledge and skills that will prepare them to make a difference from day one, because employers want an employee who can hit the ground running.
Government agencies have noticed these educational offerings and are reaching out to colleges and universities, offering internship opportunities to help fill the need. One such program is the PALACE Acquire Internship Program. In this program, civilians assume full-time positions during a two-four year, formal training plan designed to let them experience both personal and professional growth while dealing effectively and ethically with change, complexity, and problem solving. Those in the program receive promotions and yearly salary increases based upon their performance and supervisory approval. Upon completion of the formal training plan, the PALACE Acquire Internship Program offers students a permanent position, making it a great opportunity to begin a successful civilian career with the Air Force Civilian Service.
The students in these learning programs are getting an education in addition to invaluable on-the-job experience and training, which will help lead them to a fulfilling career.
Looking at where government agencies and private sector companies are now and what’s happened over the past few years, it is expected that the next five years will see a doubling in demand for security professionals.
Perhaps the largest area of growth will be from the private sector – and it is this area that is fueling most of the growth in degree programs. Unlike the FBI and CIA, where there are age obstacles to enter employment, private sector employers do not impose age limitations.
One field in particular where demand promises to exceed expectations is cybersecurity. Currently, very few universities are offering this type of program. Many universities offer degrees in technology where students can learn general ideas and applications of information security, but Bellevue University is one of few who have created a program directly from the insights of cybersecurity subject matter experts. Currently, Bellevue University offers a Master of Science in cybersecurity, and in the fall of 2012 the Bachelor of Science in cybersecurity will launch.
Universities that have physical and online classrooms, like Bellevue University, are able to pull into classes professionals from around the world with a variety of career experience and educational backgrounds. This presents a dynamic that allows every student the opportunity to learn about the field in a more in-depth way because they learn from the real-life lessons of others in class. In addition, career-changing connections are made with other professionals from around the country.
National Security does not exist in a vacuum. As the landscape of national security continues to evolve the best universities will continue to evolve with it. To do this, universities must provide faculty with real-world experience in the field who have contacts with subject matter experts at the multiple agencies and departments that make up the security, public safety and intelligence communities. Additionally, universities must be active participants in these communities through partnerships with organizations like the Great Plains National Security Education Consortium, part of the Intelligence Community Centers of Academic Excellence program. Additionally, universities must foster relationships with national security conferences, such as the ASIS International Conference and the National Homeland Security Conference. Participation in these organizations and at these conferences provides students with a broader idea of the national security landscape and the variety of outlets available to them to stay current and relevant.
As the need for domestic and global security professionals grows, professionals interested in intelligence work need knowledge that is both current and relevant to stand out in a competitive field. Universities that offer real-life curriculum will be successful in developing students’ knowledge of current technology, security and intelligence best practices and industry preparedness.
View the original article here
AppId is over the quota
AppId is over the quota
The U.S. government continues to face a momentous, transnational threat: Mexican drug trafficking organizations (MDTOs). Mexico’s capacity to combat MDTOs, coupled with the U.S. adeptness to assist in that vein, will have significant implications for both countries and beyond and security overall.
In terms of strategic importance, Mexico is a principal trade and investment partner of the United States, with the nations sharing a 2,000-mile border. Intra-, inter-MDTO violence and the MDTO-Mexican government conflict undermine Mexico’s role as a key U.S. economic and regional security partner while, simultaneously, devastating Mexican stability. The nearly 43,000 drug-connected deaths occurring since President Calderon came to power in December 2006 are, at minimum, harbingers of the growing fragility in Mexico.
MDTOs have also killed Mexican military, law enforcement, judges, politicians, journalists and civilian targets. In doing so, they appear to have morphed into hybrid criminal-terrorist organizations As MDTO-linked violence has grown increasingly ferocious – including beheadings, public hangings and torture – fear has been injected into the Mexican populace. MDTOs are heavily armed with arsenals comprising grenades, rocket-launchers and rudimentary, tank-like vehicles.
The ramifications of such belligerence include the spurring of legal and illegal migration from the Aztec nation to the U.S. as well as spillover violence along the U.S.-Mexico border and beyond. As Rodney Benson, Chief of Intelligence at the U.S. Drug Enforcement Administration concurred in October 2011, “[T]he violent actions and corruptive influence of DTOs” threaten Mexican security. So much so that Mexico has even been characterized as a failing or failed state, although, this description – at least for now – appears to be overly pessimistic.
In 2011, Mexican President Felipe Calderon stated that his country was “facing terrorists.” Likewise, according to various U.S. government officials, including U.S. Secretary of State Hillary Clinton, the MDTO-induced violence plaguing Mexico is akin to insurgent activities. While terrorism and insurgency are not synonymous, with latter signifying higher levels of violence and potency, among other attributes, neither connotes tranquility. By whatever measure, MDTOs have instilled instability in the region.
The expansive drug-connected corruption prevalent at all levels of the Mexican government, particularly in Mexican state and municipal law police, further hampers the future of Mexico. For instance, Mexico’s Deputy Attorney General was on the take of MDTOs, at a clip of some $500,000 per month. Too, the economic and political power appended to the multi-billion dollar drug trade cannot be underestimated as it pervades and injects dysfunctional elements throughout Mexican society. Confirming the ubiquity of MDTOs’ reach is the fact that nearly 450,000 Mexicans earn a living through the drug trade. Incidentally, least we forget, U.S. voracious consumption of illegal drugs is partly responsible for the potency of MDTOs.
The 2011 National Drug Threat Assessment reported that MDTOs operate in 1,000 U.S. cities despite being headquartered in Mexico. Moreover, MDTOs are in control of the U.S. distribution of most of the heroin, marijuana and methamphetamines trade. Also, Mexico is the principal transport route for cocaine entering the United States.
In addition to drug trafficking, MDTOs are involved in other criminal activity, including money laundering, human smuggling, trafficking in persons, weapons trafficking (mostly from the U.S. to Mexico), prostitution, extortion, kidnapping, intellectual property theft and cyber crime.
Against this backdrop, in 2011 several U.S. congressmen, led by Rep. Michael McCaul (R-Texas), supported legislation that would designate six Mexican drug trafficking organizations (MDTOs) – Gulf Cartel/New Federation, Sinaloa Cartel, Los Zetas Cartel, Arellano Felix Organization, La Familia Michoacana and the Beltran Leyva Organization – as foreign terrorism organizations (FTOs) under U.S. law. The U.S. State Department’s September 2011 list enumerates 49 FTOs, including several Colombian hybrid terrorist-drug trafficking organizations. For designation as an FTO, the organization must be: foreign; engage in terrorist activity, terrorism, or have the capacity and intent to do so; and threaten U.S. nationals or U.S. national security, including U.S. national defense, foreign relations, or the economic interests.
In 2010, the U.S. Department of Justice proffered that nearly half of the key international drug trafficking organizations are associated with terrorist groups. As articulated by former National Security Advisor General James Jones in October 2010, “This lethal nexus of organized crime, narco-trafficking, and terrorism is a threat that… all of us share and should be working together to combat.”
By designating MDTOs as FTOs, additional legislative tools could be marshaled against MDTOs, including prohibiting the material support of MDTOs. As such, individuals, companies, or entities that are deemed to attempt, provide, conceal, or undertake material support to a MDTO could be penalized with up to life in prison and fines. Also, individuals receiving military-type training from or on behalf of a FTO can face up to 10 years in prison. In May 2011, Arizona Attorney General Tom Horne supported such designation, stating, “It makes an enhanced crime to supply aid to those organizations and that obviously would be a very powerful tool in fighting them.”
The material support statue has been very effective in prosecuting FTO (and non-FTO) connected terrorists. The extraterritorial reach of the material support statute against MDTOs and their abettors would complement existing U.S. laws targeting international drug-trafficking activities. FTO designation of MDTOs will heighten scrutiny of such entities and their facilitators here and abroad. Also, it might stimulate similar designations by North Atlantic Treaty Organization (NATO) and other countries, further impinging on the fortitude of MDTOs worldwide. Presently, some MDTOs are reported to have operations in West Africa.
MDTOs and their leadership could likewise be classified under U.S. law as specially designated global terrorist entities (SDGTEs) and specially designated global terrorist individuals (SDGTIs). These classifications would expand the U.S. government’s capabilities to block the assets of MDTOs and their networks. Similarly, individuals affiliated with MDTOs could be placed on the terrorist exclusion lists (TEIs), which would prevent individuals affiliated with the organization to legally enter the United States.
The application of the FTO framework to MDTOs would supplement the Foreign Narcotics Kingpin Designation Act (FNKDA), which denominates significant foreign narcotics traffickers as international criminals. FNKDA impairs foreign narcotics kingpin’s ability to legally conduct business with U.S. companies and persons. Various MDTO operatives have been classified under FNKDA.
Currently, the Mexican government opposes calls for designating MDTOs as FTOs for many reasons, including internal politics, foreign relations, economic factors and public relations. In associating MDTOs with terrorism through their denomination as a FTOs, Mexico could become synonymous with narco-terrorists, at the very least. At worst, Mexico could be perceived as a narco-state.
Given U.S. increasingly activist military forays against terrorists globally, Mexico also might fear that FTO designations could be an incipient step to the eventual initiation of U.S. military action against Mexico, in a new version of the “War on Terror”. The October 2011 revelations of a stymied Iranian government plot to assassinate the Saudi ambassador to the United States, that was to be outsourced to Los Zetas, demonstrates that the triggering of military intervention is potentially only one incident away.
Clearly, new, serious responses are warranted in light of MDTOs’ determination to penetrate Mexican state institutions, expand corruption, undermine transparency and governance, weaken the rule of law and debilitate civil society. President Calderon has undertaken important steps to fight MDTOs, particularly using the Mexican military and federal law enforcement.
To complement such efforts, the U.S. initiated the Merida Initiative in 2008 to aid Mexico (and Central American countries) to combat drug cartels and coordinate regional security. Under this framework, the U.S. is providing Mexican law enforcement, corrections professionals and military with enhanced training, equipment and data sharing in combating MDTOs. The U.S. Navy and Coast Guard are cooperating with Mexico in disparate counter-narcotics operations. Also, the U.S. has intensified U.S.-based law enforcement and intelligence activities at targeting MDTOs.
So too, the denomination of MDTOs and their operatives on terrorist-related lists – FTOs, SDGTEs, SDGTIs and TIEs – would compound efforts to eviscerate MDTOs’ baleful activities in Mexico and the United States. These proposed legal initiatives are critical in combating MDTOs. More broadly, Mexico – as the United States – must concurrently undertake expansive, integrative efforts and reforms across political, judicial, economic, educational and social paradigms such that future hybrid terrorist-drug trafficking organizations will have difficulty establishing themselves in communities on either side of the border.
View the original article here
AppId is over the quota
AppId is over the quota
Social media is playing an increasingly important role in global business marketing strategies – and for good reason. Social media has helped build international brand awareness, provide a new level of customer support and launch new products and ideas quicker than ever before.
However, as quickly as social media can build a global brand, it can tear one down at the hands of malicious insiders or hackers. And there’s money in it too. A recent report from Rand Research suggests that stolen Twitter accounts are now worth more than stolen credit cards. As cybercriminals become more sophisticated, they are also becoming more adept at stealing social media credentials and taking over accounts. We witnessed this from the hacks of several global organizations over the last year. For businesses, account takeovers can lead to the unauthorized publishing of confidential information, such as intellectual property, legal, regulatory and compliance violations, disclosure of personal data and identity theft. The results can produce lasting, compromised brand reputations and significant financial losses.
With more frequent attacks of this nature, it’s time for organizations to take a closer look at how they manage their social media accounts. The thought that “it won’t happen to me or my business” will cost everyone in the long run. It’s imperative that we take measures now to prevent hackers – as well as disgruntled employees or associates – from hijacking accounts and posting damaging content.
When a corporate social media account is compromised, unauthorized content can be viewed by millions of people across the world within seconds, causing untold damage.
For instance, in April of 2013, hackers (supposedly from the Syrian Electronic Army) accessed both the Associated Press’ (AP)and FIFA World Cup’s Twitter accounts. A single tweet from the APTwitter handle resulted in a $136.5 billion drop in the S&P 500 index’s value in minutes. The AP was able to trace the attack to one of its employees that may have inadvertently given away company passwords in a phishing scheme by hackers. For FIFA, they suffered diminished organization reputation over a tweet that suggested the decision to award Qatar the 2022 World Cup had been a result of monetary exchanges.
Burger King’s Twitter account was also targeted and compromised earlier in the year. During the hack, the company’s account was made to look like McDonald’s with a post that said Burger King had been sold to McDonald’s. This attack served as a wakeup call for all organizations that hackers are on the prowl for access into social media accounts. In fact, a day after the Burger King incident, a similar attack – possibly by the same group behind the food chain’s attack – occurred on the official Twitter page for Jeep, citing that the company was sold to Cadillac.
These hacks were caused by external groups, but there can be equally damaging incidents caused by people inside an organization that at one point were given authorized access to a company’s social media accounts. This happened to HMV, an entertainment retailer based in the UK, after the company let go of a large number of employees. One disgruntled laid-off employee, who was formerly HMV’s social media manager, took advantage of her access to the company’s Twitter account before officials realized she still had access. Her unauthorized post called attention to what she labeled as the company’s “mass execution of loyal employees who love the brand.”
It is easy for hackers to hijack global social media accounts because of the sheer volume of accounts of this type and the large number of people managing them. Enterprises have hundreds of social media accounts on Twitter, Facebook, YouTube, LinkedIn and other outlets with unique accounts for different product lines, languages, countries and stakeholders (such as consumers, partners and stockholders).
These accounts are typically set up as shared privileged accounts, meaning teams of people throughout an organization, distributed across the world, can post information to these accounts on a daily, hourly or even more frequent basis. The passwords for these are often shared among the teams, making them easy targets for hackers and malicious insiders. In addition, there is no record or accountability for each individual’s posts, leading to further challenges in securing and managing social media accounts.
Because people posting on social media accounts don’t typically have access to financial or customer information that is traditionally deemed of high value, the security on these accounts is often lax, with little management and control of the passwords. Companies may not know who has access to their social media accounts or the passwords on the accounts. To make matters worse, the same password is frequently used across multiple accounts, and the passwords are rarely changed.
Lax security opens the door for rogue current or past employees (as seen in the HMV example) or social media agency members that are disgruntled. As hackers become more sophisticated and more organized they can essentially compromise any system that is lacking proper security. Hackers use multiple methods of intrusion including dictionary attacks, social engineering, software or social media applications. For instance, the use of Twitter and Facebook accounts can introduce additional risks, as these platforms may provide hackers with access to valuable data such as passwords, APIs or other sensitive information.
Social Media Management Systems are often adopted by organizations to manage social media accounts, however these solutions are built as management tools, forgoing the necessary security measures on privileged user access. These solutions leave organizations vulnerable due to the continued use of static passwords and multiple users. In order to properly secure and protect social media accounts, they should be viewed as privileged accounts, and best practices for privileged account security must be employed to mitigate the risk of compromise.
The following preventative measures must be adopted to secure social media account access and protect an organization’s brand.
Securely store credentials: Protect social media credentials from being stolen by storing passwords for the accounts in a secure place. This will reduce the ability of hacker organizations to take over social media accounts.
Enable transparent access: Allow authorized users to seamlessly authenticate to the account without knowing their passwords, making it difficult for hackers to discover and steal credentials. Utilizing an agent-less technology securely exchanges passwords without requiring an agent on the cloud applications.
Eliminate shared credentials: Storing passwords in a digital vault requires users to log in individually for access, eliminating the accountability challenges of shared credentials.
Automate and enforce password changes: Ensure that each password is changed on a regular basis. Passwords can be changed as frequently as after every use. Regularly updating passwords reduces the chance of an outsider stealing and using a valid credential.
Trace account activity: Create a record of activity on social media accounts to trace all posts directly back to an individual authorized user. This helps identify weak areas of security and identifies rogue employees that may be posting damaging content.
Record social media administrator sessions: Record social media account administrator sessions to provide further proof and an audit trail of exactly who did what within an account.
The threat to global organizations and social media is real, it’s evolving, and the risk is increasing. Preventing account takeovers through shared privileged accounts is imperative and necessary. Privileged Account Security solutions play a critical role in protecting access to social media accounts thereby preventing embarrassing incidents that can result in brand damage.
About the Author: John Worrall is the Chief Marketing Officer at CyberArk, responsible for the company’s global marketing efforts including product marketing, branding, corporate communications and all lead generation activities including the inbound, channels and field marketing.
View the original article here
AppId is over the quota
AppId is over the quota
The roles of security, risk and business continuity management professionals have significantly evolved over the past 10 years, driven by major technological innovations, workforce globalization, increasing legal liability and regulatory actions. While technological changes can be challenging to source, procure and deploy, one such innovation – mobile computing – offers organizations a real opportunity to engage employees in ways like never before. Mobile technology allows security professionals to offer a safer workplace, eclipsing diverse cultures, geographies and governmental guidelines.
While an important step, it’s not enough for organizations to write a business continuity plan to navigate a crisis without factoring in the safety of the employees. Duty of care expectations have grown for organizations – largely due to increased legal liabilities, investor expectations, rising insurance costs and non-compliance penalties from government entities. Enterprise security executives must address the care for their constituents through a strong education and training practice. The frequency and types of potential disasters, large and small, that security and risk managers are facing, combined with the array of tech changes, have underscored the importance of changing the way responses to a situation are handled. This means going beyond a reliance on a hand-picked crisis team to empowering and engaging constituents across the organization with actionable resources.
While organizations seek to adopt software, hardware and cloud-based systems to streamline inter-departmental operations and communications, increase overall productivity and optimize HR endeavors, mobile technology is under-utilized in both security and risk management. As nearly everyone these days uses a smartphone to access all kinds of pertinent information, mobile represents an ideal platform to engage and activate thousands of individuals or departments simultaneously. From preparation and training, to as-it-happens responses to post-crisis reviews and recovery initiatives, mobile risk management applications can be utilized as a tool to gather comprehensive feedback in all phases. New advances in security and risk management technology give managers quick insight into problem areas such as new integrated mapping software that pinpoints exact trouble spots as well as incident reporting tools that offer the ability to gather and record incidents including pictures and videos. These new capabilities provide a better connection between managers and their constituents during a crisis.
Today, security, business continuity and risk managers are facing ever-increasing concerns over privacy and data intrusions. The combination of individuals becoming more reliant on technology to communicate and store information and the rise of the bring your own device (BYOD) phenomenon also creates potential vulnerabilities for an organization as well as possible advantages. Through the power of new mobile apps, risk and crisis management professionals have the opportunity to educate their constituents on how to navigate a crisis, including giving them the ability to provide updates via incident reporting, even on their own devices in a secure manner both for the organization as well as the individual. New mobile apps are able to protect company data through secure transport and storage combined with password-protected access, even at the mobile phone level. With advancements in security, mobile apps now enable organizations to empower more of its constituents to act according to protocol when a crisis hits as they have the information at their fingertips.
While regulation and compliance management is an ongoing and arduous job, the common denominator is often accessibility alignment. First and foremost, organizations must provide proper accessibility for disabilities, diverse languages, surrounding communities and even first responders.Mobile yields a great opportunity to disseminate plans, procedures and close-the-loop functionality in a secure fashion to address both compliance and regulation concerns. In many organizations, regulations, e.g., OSHA, NIOSH, EPA, stipulate how and when a particular situation must be addressed and requires detailed follow-up reporting. For example, if a water spill occurs in a factory, a supervisor can access his mobile device and utilize a mobile crisis management app to guide the workers through the proper clean-up procedure that meets compliance standards and quickly report details and final outcome back to previously-specified safety officials via the app’s incident reporting feature.
Mobile security, risk and emergency management applications offer the most efficient and direct avenue to share key information and resources to every employee, which fosters a safer working environment. In addition, it reinforces responsible stewardship of employees over the business’ assets and provides a critical feedback model, mitigates compliance and regulation issues and ultimately offers complete insight into the full lifecycle of crisis events before, during and after they arise.
View the original article here
AppId is over the quota
Error in deserializing body of reply message for operation 'Translate'. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 8705.
As school shootings continue to plague American communities, both large and small, school administrators and security experts need to look at the issue of minimizing risk from multiple angles. One of the most important issues is how to help or enable local law enforcement to respond as quickly as possible. This is the purpose of duress alarm systems, more commonly known as panic alarms.
The bottom line is that duress alarm systems have come a long way from hard-wired buttons and monitoring companies. D2R systems can provide an effective means for alerting first responders when a critical emergency arises and seconds count.
View the original article here
Health Benefits of Almonds and Pistachios
Disclosing Pregnancy in an Interview
Exercise Machines Used to Trim the Waist
Gender Discrimination in the Workplace
Can Quitting Gluten Be Bad for You?
Proper Technique for Running
View the original article here
