INFORMATION

Site Map - How-to

Quick Bytes: HIPAA security rule

- A new publication from the National Institute of Standards and Technology (NIST) will help organizations understand the nuances of the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA). The paper, An Introductory Resource Guide for Implementing the HIPAA Security Rule, explains the security rule in detail and provides recommendations. Included are a glossary, a list of acronyms, and references to other NIST papers related to HIPAA.  @    Get the NIST report  via www.securitymanagement.com

A Site to See

- If you’ve got all day to prowl around a single site devoted to IT security, let it be Infosyssec, a portal to everything you ever wanted to know—and lots that you never knew that you needed to know—about cybersecurity. Everything from breaking computer-security news stories to dozens of news groups and mail lists to scores of niche search engines to the latest antivirus alerts. The wealth of resources that can be found in this one venue makes Infosyssec well worth the visit.@ Find the site on SM Online.

New in Plain Text

- You can use Google efficiently and effectively to find out what’s out there about your company and its Web site, thanks to Google Hacks: Tips & Tools for Smarter Searching from O’Reilly Media, Inc. But these aren’t hacks that will land you in trouble; rather, they are tweaks that will help you to find what you need more efficiently.

A Site to See

- If you’ve got all day to prowl around a single site devoted to IT security, let it be Infosyssec, a portal to everything you ever wanted to know—and lots that you never knew that you needed to know—about cybersecurity. Everything from breaking computer-security news stories to dozens of news groups and mail lists to scores of niche search engines to the latest antivirus alerts. The wealth of resources that can be found in this one venue makes Infosyssec well worth the visit.@ Find the site on SM Online.

Bomb threats in school

- If a student says to a gym teacher, “All jocks should be blown up,” should it be taken as a threat? Probably not if the student was laughing or obviously joking, but if the student has a history of making such pronouncements, the school might want to treat it as a legitimate threat. In general, the more specific the threat, the more seriously it should be taken, according to one of the latest entries into the Department of Justice’s Problem-Oriented Guides for Police, called “Bomb Threats in Schools.” The guide discusses the problem of bomb threats in schools, factors contributing to such threats, the right questions for administrators to ask themselves about the problem, and possible initiatives to prevent or respond to threats. Sixteen viable initiatives are presented, 9 involving prevention, 7 involving immediate response. For example, schools can develop a bomb-threat response plan. The guide points to an online tool developed by the Department of Homeland Security in conjunction with the New Mexico Institute of Mining and Technology for training and refresher courses on response planning. Immediate responses to a bomb threat may include recording the threat, analyzing it, evacuating the school, searching for a bomb, talking to the media, following up after the incident, and placing police officers in schools. The guide is on SM Online.

Breath of Fresh Air for Building Security

- Protecting the HVAC system from biological, chemical, and radiological weapons can be difficult. A paper by Michael MacDonald of Oak Ridge National Laboratory offers some guidance.The document helps security managers understand the various threats, pointing them to online sources for more detailed information. Also provided is an outline for performing vulnerability and threat assessments. In addition, the author explains how to reduce exposure to harmful agents and introduces readers to mitigation technologies and actions. The paper notes that no real-time biological sensor currently exists. Limited-efficacy chemical detectors and radiological sensors are available, but they are high in price.Also included is a fictitious case study that walks building managers through the process of securing a building’s HVAC system. Although targeted to managers in federal facilities, the guide is equally applicable to the private sector. Find the document online.

HIPAA

-

Have Passport, Will Travel: Field Notes for the Modern Bodyguard.

- Paul Markel, a former U.S. marine, ex-police officer, and current executive protection agent, has written an advice book for fledgling bodyguards. The book covers critical topics such as communications, confrontation, defensive tools, professionalism, legal issues, intelligence gathering, and foreign travel. It is not detailed enough to be considered a textbook on executive protection, but it probably was not meant to be.

Stepping Through the IS Audit: What to Expect, How to Prepare

- Many an executive on a business trip abroad has suffered the embarrassment of making an error in protocol or local custom. The “thumbs up” or “V for victory” gestures that are symbols of approval in the United States may have derogatory meanings elsewhere, for example. By brushing up on local culture in advance, these executives could have saved themselves heartache, embarrassment, and lost business.

Data Hiding Fundamentals and Applications: Content Security in Digital Multimedia

- Aimed at the experienced content-security professional, the book begins with a brief introduction to the types and uses of steganography. Remaining sections and chapters take the reader, step by mathematical step, through data-hiding applications such as the use of hidden watermarks in images and video to verify ownership. Also discussed are intellectual property attacks and detection and response measures for thwarting those attacks.

Private Security and the Law, Third Edition

- Charles Nemeth has released the third edition of his highly acclaimed Private Security and the Law. For years, it has proved to be an indispensable guide to civil and criminal liability stemming from acts or omissions committed by the security function. This newest edition updates the principles with new case law.

New in Plain Text

- If you want to try some of the recommended hacks from Windows XP Hacks: Tips & Tools for Optimizing Your OS, however, you’ll have to put aside any compunction you might have about tweaking the registry. You’ll also have to change your idea about what a “hack” is; in its nonpejorative form, as meant here, it simply refers to an innovative solution (and perhaps one that was never considered by the original creators) to a programming problem.

A Site to See

- Hard-core technophiles might see those same robots, which come equipped with software brains and are fully mobile, as tools to help them learn about genomes by programming them to “mate” (that is, combine their software, including some chance of mutations, to create “robot progeny”). This kind of technique—or hack, as it’s commonly known—is one example of the type of high-tech content that can be found on hack a day, a blog dedicated to technotinkerers.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.