first_imgAustralia has seen its second aircraft evacuation in less than a week due to a bomb threat.Passengers on a Virgin regional flight from the Sydney to the New South Wales regional town of Albury were told to evacuate the plane after the threat was discovered scrawled on a sick bag in the toilet.Passengers left the ATR turboprop through the rear door and emergency exits but, contrary to some reports, no doors were ripped off and it is understood crew did not instruct passengers to jump out and “run, run, run’’. That advice is believed to have been shouted by a passengerPolice met the flight as it landed about 9:35am and a man was arrested.“The main point to make here is that the plane landed at 9:35 am. We had all of the occupants of aeroplane secured and safe within five minutes of it landing,’’ a police spokesman said.“We’ve completely searched the aeroplane at this stage and our inquiries will continue there.’’A Virgin spokeswoman confirmed there was “a security incident” on  Virgin Australia flight VA1174.“One passenger is assisting police with their enquiries,’’ she said. “The matter is now in the hands of the New South Wales police.”Michelle McNamara, who works for a car hire company in the airport terminal, said police, firefighters and ambulance crews closed off half the terminal during the operation.“It’s normally quiet, it’s Albury Airport,” she told AAP.“It’s a bit concerning. With all that’s happening in the world, it makes you think the worst.”The incident comes less than a week after passengers aboard a Malaysia Airlines flight in Melbourne helped deal with an allegedly mentally ill man who shouted he had a bomb and tried to enter the cockpit.The 25-year-old  economy passenger, a Sri Lankan national on a student visa, jumped up just after take-off and made the bomb threats as the plane was about 4kms out from Melbourne airport last Wednesday.He was brandishing a device now believed to be a Bluetooth speaker.Police were criticised after the incident for the amount of time it took them to evacuate the plane — about 90 minutes — after it landed.The plane’s pilots had radioed to say the passenger responsible for the bomb threat had been subdued but police said they were focused on getting everyone safely off the flight.Victoria Police chief commissioner Graham Ashton said police were worried about the possibility of co-offenders or explosive devices that could be triggered by an evacuation.last_img read more

first_imgOne of the modern miracles of retail is the ability to get the right merchandise, in high volume, and across vast distances, either into point-of-sale locations or the customer’s doorstep within a matter of days, if not hours. Enter the distribution center: often an enormous building with hundreds of employees, conveyer belts, thousands of shelves of merchandise and special handling equipment. These centers are the nodes in a web that span continents or the globe for many brands we all know. Several large brands are using security entrances combined with access control systems and cameras at their distribution centers in a certain way to mitigate the risks endemic to distribution center security. Let’s take a closer look.The “Three Horsemen” of RisksDistribution centers on any given day contain millions of dollars’ worth of merchandise and typically have a very large footprint or hundreds of thousands of square feet. They also operate 24/7. Ideally, they are near an airport or highway system, and in a location with access to a ready supply of economical labor. All of these needs imply an urban location with relatively lower real estate costs. Distribution centers can also experience relatively high turnover in labor and seasonal/temporary workers to handle increases in demand of goods during holidays. Given all of these factors, there are three risks that a physical security plan should seek to address proactively using distribution center security entrances.Theft. The first and most obvious risk, of course, is theft. Relatively low wages and high-value merchandise present the constant pressure of temptation, with targets being small valuables, electronics or even food that can be hidden into clothing.- Sponsor – Violence. The second risk is violence, often originating from the employee population. There can be domestic violence in the workplace (a jilted boyfriend or husband seeking out a partner inside the facility) or ex-employees seeking retribution after being terminated. A violent event can disrupt continuity; you will have distraught employees and managers in the aftermath needing support. If the facility becomes a crime scene under investigation, you could have a shutdown of operations costing millions of dollars a day and negatively impacting loyal customers.Bad PR. The last major risk worth mentioning is the bad PR that can result from violence. All too often, we see companies from all types of verticals getting an unwanted spotlight from shootings, smart mobs, protests and domestic violence entering the workplace.Companies with distribution centers are not immune: just a few years ago, a well-known package delivery company experienced a shooting where several employees and guards were injured and killed. This made the news for weeks during the investigation, with pressure on the company to answer questions from the media. Top management wants answers and a management plan. It’s better to learn from the news now than be in the news tomorrow.To effectively mitigate the above risks, a physical security plan should seek to proactively:1) deter/prevent casual infiltration onto the premises from unauthorized individuals2) deter/prevent theft of merchandise3) deter/prevent carriage or knives/guns/weapons inside the premises4) In general, create a safe environment and a culture of safety and security among the employee population.Distribution centers are in many ways similar to the sterile concourses of today’s airports. (Some of these similarities will be addressed later in the post.) But one of the most important reasons that security entrances are being deployed today is to accurately control and monitor who is in the building, when are they in the building, and what they have on their person at all times. Only security entrances can control the passage of people through mitigating tailgating or piggybacking. Look at some best practices some of the biggest brands are deploying today: a combination of security entrances with manpower and technology to address the most prevalent risks.Layers of Physical SecurityThe Perimeter. The fenceline perimeter should discourage casual infiltration from non-employees. Since higher security practices exist inside the building, the goal at the fenceline is to primarily deter and potentially respond if an incident occurs. Typically, a tall fence is deployed with guarded entrance gates for certain vehicles (security, management, and freight). Cameras are used to record any activities along the fenceline that may occur so they can be reported or investigated after the fact.If there is parking for employees outside the fenceline, full height turnstiles are placed on the fenceline so that employees can use their credentials to unlock the turnstile and enter one at a time into the secure area.Initial Entry, Divestment and Screening. As employees enter the building, they can divest their personal belongings, such as bags, purses, metal objects, phones, keys, etc. into lockers. Some facilities allow phones or keys inside the secure area. Then, employees approach a manned booth or window to pass any allowed metal belongings into a bowl to a guard who will give them to the employee on the secure side.To enter the secure side, employees present their credentials to the access control system, walk through a metal detector doorway and a full-height turnstile. The turnstile unlocks when the credentials are valid; however it will re-lock if the detector senses a metal object. In that case, the user must back up, remove the object (put in their locker or give to the guard) and try again. The passageway and the turnstile display a red or green light to the user, telling them if they can proceed into the facility or clear the passageway and try again.Employees enter a distribution center by badging credentials, passing through a metal detector, then a one-way full height turnstile. The area is manned in case of non-compliance.Tracking Breaks and Lunches. When employees take a break or lunch during their shift, they can proceed to a snack/concession area with seating so they can eat and relax. To enter the concession area, they pass through waist-high, tripod turnstiles using their access control credentials. This setup enables data to be collected on who is on the floor or off the floor (in case of an incident) and for how long (in case of slippage).End-of-Shift Theft Deterrence. The end of the shift is the prime opportunity to squelch theft. Some companies are using a technique used in airports on passengers: random pat-downs or scans with a wand. Employees must approach an array of two waist-high turnstiles: one turnstile leads to an exit and the other to a search/pat down area with a guard. The employee presses a button that initiates a program that randomly turns on a green or red light. If the light is red, the “exit” turnstile remains locked and the “search” turnstile unlocks; the user must proceed through to get a pat down or scan with a wand. If the light is green, the “exit” turnstile unlocks and the employee can pass through the other tripod turnstile and proceed to exit.All exiting employees, whether patted down or not, proceed through a final, full-height turnstile to exit the floor. The turnstile is configured as a one-way turnstile to prevent “backflow” into the secure area and also enable the access control system to keep track of who has left the secure area for the day in case of any incidents. The employees can then access their initial divestment area, access their lockers, and exit the building.The process described in this post uses security entrances that are relatively inexpensive and ideal for deterring theft or other unwanted behaviors. If you have a big rollout at multiple locations and a limited budget, this approach can be a great fit. If you manage a single location or can invest more up front, you can increase the ROI further by deploying a security revolving door instead of a full-height turnstile. The security revolving door uses sensor technology in the ceiling to scan compartments and outright prevent attempts at tailgating or piggybacking (two people sharing a compartment together); this means you can cut down on a guard at that entrance a create a payback in less than a year.ConclusionAs you can see, security entrances work in conjunction with guards and technology at distribution centers to add an essential layer to a distribution center’s physical security plan. You can leave far less to chance or error compared to using just guards alone or swinging doors and access control. You can effectively deter and control access to the secure facility, track who is in the building 24/7, and minimize theft. In the end, security entrances enable an overall distribution center security plan that ensures maximized safety and risk mitigation. When leaving work for the day, employees press a button and a random program indicates whether they must undergo a random pat-down search or can exit freely via one-way turnstiles. Stay UpdatedGet critical information for loss prevention professionals, security and retail management delivered right to your inbox.  Sign up nowlast_img read more

first_img Leave a Comment It isn’t easy to model the processes used by knowledge workers in most business environments.  As the business environment revolves more about the use and creation of knowledge, traditional repetitive business processes are being replaced with ad hoc ‘unstructured’ business workflows.  Much like managing unstructured data in the world of ECM, ‘Unstructured’ usually implies ‘hard to manage’ or ‘hard to model’.  Unstructured workflows have typically been considered outliers to processes that could be neatly organized and graphed on a flow chart. But ‘unstructured processes’ tend to be the norm rather than the exception.  In fact, an estimated 60-70 percent of business processes are ad hoc or unstructured.Because ad hoc workflow is so hard to model, it seems a bit odd that Gartner says that the adoption of BPM by companies will be ‘imperative’ for them to do before 2013.  And the reason Gartner gives for this urgency is that knowledge workers need BPM to help them to deal with their ad hoc business processes.  Clearly Gartner must feel that BPM vendors are close to a breakthrough on how to handle ad hoc business workflows.  But modeling ad hoc workflows is anything but easy or clear.  Today, vendors typically address an ad hoc workflow as a deviation from a well-known process — what is referred to as an ‘exception’.  Exceptions occur at some point in a workflow when something unexpected happens.  Exceptions usually cause the process to get diverted to an exception node where human intervention requries a decision to be made as to how to proceed next.  But exceptions are just that, something that are out of the ordinary.  Using an exception approach to modeling ad hoc workflows seems to miss the point that knowledge workers are continually confronted with different work tasks.  BPM will need to become more innovative to truly be useful in modeling ad hoc processes.But Gartner is optimistic.  “We’re predicting that companies will finally begin to recognise that process management is not just about automating routine, repetitive, well-understood structured parts of work, but more importantly, about supporting knowledge workers whose work is much less structured.”Gartner is scheduled to discuss the future of BPM in March at a seminar, and they’ve leaked their top five predictions for BPM in 2010:1. BPM will become more agile and real time.  It will be possible for processes to self-adjust based on the sensing of patterns in user preferences, consumer demand, predictive capabilities, trending, competitive analysis and social connections.2.  BPM will be ‘imperative’ for companies to use by 2013 to avoid a chaos of inefficiencies.3. By 2014 businesses will be moving from standard business applications to ‘compositions’, custom applications that are built from components and services.4. By 2014, Business Process Networks will be used in 35 percent of projects that involve multiple organizations.5. By 2014, 40 percent of Global 2000 businesses will use comprehensive business process models for their daily work, up from 6 percent in 2009.It sounds good.  But it also sounds a bit optimistic in how quickly good predictive and agile BPM tools will be developed. February 23rd, 2010 Category: Business Process Management center_img ‹ Technology: Dealing with ‘Big Data’ Recession Forces Businesses to Improve Processes and Intelligence › Leave a Reply Cancel reply Your email address will not be published. Required fields are marked *Comment Name *E-mail *Websitelast_img read more

first_imgklint finley On September 14, 2009 New York Times readers were automatically redirected to a site hosting malmare thanks to an ad containing malicious code. On July 15 2010, TweetMeme was the victim of a similar attack and began sending its users to a “scareware” site. These are just two examples of “malvertising,” one of the fastest growing security threats on the web. It’s particularly scary because potentially any site with advertising could be a target, and users don’t even have to click the ads to trigger malware. Use a Mac? You could still fall victim to phishing scams perpetuated by malvertisers. Scary stuff. So what do you need to know?Malware Isn’t Just on “Sketchy” Sites AnymoreIn the past, users who didn’t frequent adult, gambling or other “sketchy” sites were relatively safe from harm. Now any site that contains third party content – even your own company’s web site – is at risk. Earlier this year, Dasient released a report identifying the top three security vulnerabilities enterprise web sites contain: advertising was one of the three, along with other third party content. According to ClickFacts CEO Michael Caruso, malware scammers are increasingly moving away from e-mail and buying advertising instead. An ad on a popular site can reach millions, and automated ad purchasing makes it easy to criminals to buy ads. According to Caruso, malvertisers will sometimes walk into offices impersonating legitimate buyers when automated systems aren’t available, and often pay for ads with fake or stolen credit cards.Malicous advertisements on search engine sponsored results and even organic search results is an increasing problem as well. Here’s an example of a sponsored search result found on GoogleBing by Cognitive Automation is the Immediate Future of… Related Posts Tags:#Analysis#enterprise#Trends Massive Non-Desk Workforce is an Opportunity fo… Users who click the above ad are taken to a fake Adobe Flash web site where they are encouraged to download a malicious app.Curaso also notes that it’s become extremely easy for criminals with little technical proficiency to conduct malware campaigns as exploit kits are sold on the open market from servers in places like eastern Europe and China.Users Don’t Even Have to Click the Ads to Get InfectedAccording to Chris Larsen, head of Blue Coat‘s research lab, you don’t even need to actually click on the ads. Blue Coat documented one way this is done: a site can use JavaScript to call hidden iFrames which load PDFs containing code that exploits Adobe Reader vulnerabilities.Non-Windows Users Can Also be AffectedNon-Windows users can also be targeted by malvertising via phishing scams, though they will generally have to click on the ads served. Caruso told us about an instance of malvertising in which scammers bought ads that appeared to be from a major bank. Once users clicked through to the landing page, they collected bank account information from victims.Malware has Graduated from Nuisance to Serious ThreatLarsen says that in the past there were two type of IT threats. First, mass non-targeted attacks that force or trick users into downloading malware. These have traditionally been mere nuisances for IT to deal with, as the symptoms (fake AV notifications, pop-ups, etc.) become rapidly apparent. Second, highly targeted attacks which perpetrators may spend months researching. These are more dangerous because the perpetrators are looking for specific, valuable company information.The emergence of botnets has made malware into a serious threat. Compromised machines may not show any signs of infection, leaving backdoors wide open for exploitation. Larsen says it’s been suggested that since botnet operators sell their services on the black market, those attempting to target a specific company could approach botnets with a list of IP ranges and offer to purchase control of specific machines in order to get a foothold in a specific network.Patching will Protect YouHere’s the good news: according to Larsen, most malvertising targets well known exploits. Keeping your operating systems and software patched is the best way to prevent damage from attacks.Patch management is a notoriously labor intensive and thankless process, but as NSS Labs recently noted in a report it’s one of the most important steps IT can take to protect its users.Who’s Trying to Help?ClickFacts and Dasient both offer services to scan ad networks for malicious advertising. Dasient recently landed the ad network AdOn as a client, and ClickFacts counts News Corp as a customer. Last year, Google (not to be confused with to help ad networks identify malvertisers.One stumbling block security companies face, according to Larsen, is that ad networks tend to be secretive about how they serve ads in order to circumvent ad blockers. When ad networks aren’t forth coming, it can be difficult to determine how malware is being served up and how to block it.Caruso points out that companies shouldn’t be placing blame – instead ad networks, publishers and security companies need to work together to solve the problem. IT + Project Management: A Love Affair 3 Areas of Your Business that Need Tech Nowlast_img read more