The Control Policy Group

Large installations such as casinos and airports are attractive targets for well-financed, highly motivated attackers. Thanks to a standard, vendor-neutral protocol, terrorists and criminal attackers no longer need drills, car bombs and Stinger missiles to attack the asset,

How did that happen?

Remote Monitoring is an essential part of the physical, perimeter and insider security used by airports, casinos and high-security installations such as nuclear power plants.

Unlike 10-15 years ago – remote monitoring is now performed using the standard TCP/IP networking protocol. A central Network Control Center (NCC) is sited on the corporate network, with IP connectivity to multiple remote devices (such as IP cameras), systems and networks, for surveillance, monitoring and control purposes.

By replacing an IP camera with a laptop computer -  an attacker can use  the IP surveillance  device end point as a back-door that enables  entry and exploitation of the entire corporate network.

The potential damage of such a back-door attack on a remote monitoring system is enormous.

Read more

The two biggest security issues today for a business both from an operational and regulatory perspective are fraud and data loss. An  insider, often colluding with an outsider, can cause large scale damage to the business by manipulating transactions.

Read this excellent post on Israeli Software

The two top categories of operational risk are Internal and External Fraud, but what IS “operational risk” exactly?

The best definition of operational risk comes from Basel II, which defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

Although originally designed for the banking system where regulatory safeguards are designed to  protect against large scale failure of the banking system and the economy; a systematic approach to operational risk management is important for any kind of organization

Read more