S E C T I O N
Newsletter
About Newsletter
Editorial
IISSM News
Training Programme
Book Review
Book Reference
Responses
Article
Monthly Summary
Print Newsletter
HomeNewsletterArticle
Volume No. 5,   Issue No. 5,   October 2006

Top management must know the
dimensions of security

By D. Murali
Update laws; invest in policies, procedure, human training: Goyal
(Courtesy: Mr. Rakesh Goyal, Sysman Computer Pvt. Ltd., Mumbai)

Chennai , Oct. 13

Are you surprised by the news of data theft currently raging on? Answers vary. "We're surprised, they're most alarming. This is clearly a matter we need to investigate further in the information commission's office," says Mr David Smith, the Deputy Information Commissioner (UK). The Information Commissioner's Office (www.ico.gov.uk)is the UK's independent authority set up to promote access to official information and to protect personal information.

The reference is to the October 5 report by www.channel4.com in its `Dispatches' programme - that "personal details of hundreds of thousands of Britons are being sold illegally in India, on a vast scale". Nearly 40 per cent of the world's largest companies now have call centres in India, said Channel 4, and spoke of how Ms Sue Turton's `12-month undercover investigation' revealed `just how easy it is to buy secret financial information for as little as £8 - from your address and bank account number to the security code on a debit card'.

Data farming

Infiltrating `criminal networks', Ms Turton had discovered not just data protection breaches but "a new phenomenon known as `data farming' - the unauthorised `harvesting' of personal data to be sold on or exchanged for profit." On this, however, computer experts closer home may not be surprised, it seems.
"Not surprising. This was overdue. If Channel 4 would have not done it, someone else would have exposed such crimes," says Mr Rakesh Goyal, Director of Centre for Research and Prevention of Computer Crimes, and Managing Director of Sysman Computers (P) Ltd, Mumbai. "Data theft happens not only at BPOs but at other IT installations, whether banks or telecom companies, ISPs or Government and other organisations."

Mr Goyal points out how one can get CDs containing data such as `list of bank customers, gold credit-card-holders, limousine-owners, big-tax-payers, mobile-owners and so on for Rs 300-Rs 900,' and asks, "From where has this data come?"

Somewhere in the middle

How does India fare in terms of IT security compared to other countries? "Somewhere in middle. Better than the `real Third-World countries' but worse than many western countries," says Mr Goyal. "Security, including IT security, is a function of mental state and a management process. Technology is only a facilitator. If the top management does not know the dimensions of IT security and/or is not serious about IT security, they are opening the floodgates, inviting the thief, so to say, to steal their IT assets."

Mr Goyal insists that our laws need to be up-to-date, and the culture to follow the rules of law should be reinforced. "Many of our laws are old. Our IT Act, 2000 is 40 IT-years old, because it does not address the existing technology," he rues. "Also, prosecution and judicial processes are cumbersome, delay-prone, vulnerable to corruption, and unaware of legal-technological issues."
What mechanisms can an IT/ITeS (IT enabled services) company install to detect leakage of data? These companies, and also R&D/banks should address IT security by technological implementation, and investing in policies, procedures and human training, opines Mr Goyal. "First, define security policies to make data / information leak proof by using technology." Work for being certified for IT security standard - ISO-27001 (BS7799), he advises.

Is there anything that IT companies can do to prevent the recurrence of incidents such as what Channel 4 has highlighted? "If IT security, both technological and procedural/human is properly defined, implemented and monitored, the risk of Channel-4 type incidents will be reduced considerably," hopes Mr Goyal. "Only, genius criminals will find a way to breach security, not novices, as happening now."

Would insurance cover help? "It may reduce financial liability, but not the loss-of-credibility, customer-confidence and risk of loss-of-business due to bad publicity," reasons Mr Goyal. "Further, it depends on the amount of cover and conditions attached to it. Let's not forget that no insurance company would like to insure any IT installation without reasonable IT security."

© Copyright 2000 - 2006 The Hindu Business Line

Email from Sysman Computers Pvt. Ltd, Mumbai.

Go Top

Special Event Management For Law Enforcement

by Elliott Grollman, Maj. MPC USAR (Ret.), Adjunct Professor, Criminal Justice, USA.

PART I - LAW ENFORCEMENT ISSUES

Times have changed dramatically within law enforcement. Years ago the focus was on the individual police office who single handily resolved anything and everything on his beat. As the challenges to law enforcement changed, law enforcement had to change is responses and its tactics. It had to start to specialize and to work as a team. In the past, when incidents such as a hostage / barricade / violence in the workplace type of situation occurred; police learn to respond with crisis management teams which included patrol officers, tactical officers, intelligence officers, bomb technicians, negotiators, crisis counselors, communications personnel, EMT's, and any other disciplines needed to resolve the situation. This was of course even before Sept. 11.

Today a new and different mission is challenging the law enforcement community. That mission is that of special event management. What is so different about special event management for law enforcement is its primary emphasis is on the planning phase instead of the response phase; the multi-jurisdictional nature of a special event, and the multiple disciplines that must come together for a major special event.

Gone are the days when all we had to do is to direct traffic at a special event. What is new and different in dealing with so many issues that are not law enforcement in nature but if not dealt with during the planning phase can become a police problem later on during the event. An example would be a crowd, which turns rowdy when the host committee oversold tickets, and the police have to respond to quell a disturbance.

While some cities like Washington, D.C., and New York have special events almost every day and have a great deal of experience in handling these types of events, no jurisdiction is exempt from them. Rock concerts, demonstrations, political rallies and conventions, government events, private events, parades, VIP visits, etc are just a sample of some of the events that police agencies could have to deal with. All of this planning is necessary just for the event to occur without problems. Now in a post 9/11 world, add the threat of terrorism to your event, and you really have your work cut out for you. Law enforcement has taken many lessons from the military. Military operations are planned out to the "nth" degree. When I was an MP Operations Officer, I learned two axioms in planning our battalion missions which I am sure are familiar to most veterans. The first " Prior Planning Prevents Piss Poor Performance" and the second is " If you Fail to Plan, you Plan to Fail". This would be good advice for law enforcement to consider.

When law enforcement agencies have been tasked with an event there are many things to do. First is to form a law enforcement/security committee to deal with issues that are the responsibility of law enforcement and security agencies. The event must of course be identified. Is it one event or multiple events and are they all on one day and are they all at one venue site or multiple sites. Once that has been determined; all those police and security agencies that have any piece of the action (jurisdiction) for all the events and sites need to have a representative on the committee. If the bulk of the events are in one jurisdiction, normally that agency will chair the committee, however all agencies need to be represented. If the event is designated as a National Special Security Event by the Secretary of Homeland Security, then a specific federal agency will be designated as the lead. Along with the issue of jurisdiction is that of permits. Which events require permits and which agencies will be issuing them? Have the event sponsors applied for permits to the appropriate agencies?

Another big law enforcement concern in dealing with special events is that of traffic and traffic control. How will the event impact traffic? What streets will have to be closed and for how long? What traffic control posts need to be established? Will there be special no parking areas designated for the event? And of course don't forget having tow trucks available to move vehicles during the event.

Will the event involve a parade? If so, is there a permit? What is the route and what streets will be closed? Have maps of the route been made and have they been distributed to the public?

A successful event depends as much on command as it does on advance planning. During the planning phase when it will be determined which police agencies will be involved, issues of command and control must be identified. Where will the command post(s) be? Who will be in charge and of what? Is the Incident Command System (ICS) being used for the event? If federal agencies are involved, will the National Incident Management System (NIMS) being used? Also don't forget the liaison to the other agencies such as fire, EMS, etc. If the event has been designated as a National Special Security Event (NSEE) has the Dept. of Defense been tasked to assist and if so, in what way. Have specific agencies been assigned the responsibilities for crisis or consequence management?

Critical to operational and event planning is intelligence. It is crucial that intelligence gathering go on prior to and during the event. Is there background information on the event or on the group? Have fliers been distributed about the event?

Is anyone monitoring press coverage about the event? Of course a threat assessment for the event needs to be conducted for the event.

After the initial planning considerations have started, next comes specific operational planning. What manpower is going to be needed for the event? How many officers and supervisors will be needed for the event and for how many shifts and how many sites? Which specific units such as bomb squad, SWAT, haz-mat, etc. will be needed for the event? Are there any reserve or auxiliary units available to assist in the operation? Where will the manpower stage for the event? Also will there be any training sessions prior to the event such as civil disturbance training?

Another issue that has become more and more one of concern is that of vending. Whenever a special event is held, vendors will come out of the woodwork. In most jurisdictions, vendors must have permits and may sell from only authorized locations. Many police agencies have vending enforcement units who deal with these issues on a routine basis. If specific merchandise is being marketed for an event, there is often an issue of counterfeiting of that merchandise. Some event sponsors will have a team of lawyers established to deal with those counterfeiters and will work with the police in these areas.

Another critical factor for special events is the attendance of VIP's. The planning for dignitary protection is very involved. Is the presence of the VIP what the event is or is the VIP merely attending the event? Does the VIP have a protection detail? Are they law enforcement and of course if so, will be armed. Or is the protection detail private security; which brings many issues of its own. Will there be multiple details? Will each detail have a motorcade and how large will it be? What is the arrival and departure time of the motorcade? Do you know the routes of each motorcade? Are post standers needed at any of the events due to the presence of the VIP's? Has coordination been made regarding hotels, airports and hospital for the VIP?

Is the event a high profile event that could be considered a high profile target? Has tactical response been considered. Are sniper teams, roof top details, bomb squad units, hazardous materials units, aviation units part of the operation? If so have they conducted their mission planning?

When the different venue sites were identified, have site assessments been done at each location. Have physical security surveys been done on each site and determination made for post standers and manpower and who will control access to the event? Do we have blueprints or photos of each site?

Another critical part of event planning is that of accreditation. How will access control be handled? Will law enforcement use their credentials or will there be special ID, pins, or photos used for the event. Will there be special parking areas and parking passes as well.

Events with international participants bring a whole new challenge to law enforcement. What countries will participate and what languages will be spoken.? How will law enforcement deal with foreign nationals and those involved with immigration and similar issues? Will the police have trusted personnel on duty during the event who speak all the languages that will be spoken at the events? Has contact been made with the embassies involved? Will anyone with diplomatic immunity be at the event? How will the police deal with a visitor who seeks asylum?

Will the event involve a demonstration or will there be a demonstration in response to the event? If so, does intelligence indicate whether the demonstration will be peaceful or will there be acts of civil disobiendence or violence? Is there a designated demonstration area and has the group applied for a permit? Are arrest teams designated? What jurisdiction will make the arrest and what are the probable charges? Where will the prisoners be processed and will they be housed if not released?

Now that you have considered everything we already discussed and have done all the planning necessary and considered all the resources needed to handle the event , add in the threat of a terrorist attack aimed at your event.

In part II, we will address those planning concerns for those issues that are not specifically law enforcement but can still impact on an event and on law enforcement and security if they go bad.

ELLIOTT GROLLMAN
MAJ. MPC USAR (RET.)
ADJUNCT PROFESSOR
CRIMINAL JUSTICE

Go Top