January 2014, No. 5

Quick Links

 

 

Register Now

 

Sponsor/Exhibit  

  

 

Register Now  

 

Sponsor/Exhibit

 

In This Issue 

Widup Assumes ASIS Presidency, Board Gains International Members

 

ASIS MIDDLE EAST 2014

  

Register for ASIS Middle East 2014

  

ASIS INTERNATIONAL NEWS

 

2014 ASIS Membership Renewal

 

  Contribute to ME Dynamics and Earn CPEs

 

Roy Bordes Award Application Now Open 

 

Be a Sponsor or Exhibitor at ASIS Middle East 2014 and ASIS Europe 2014

 

HEADLINES

 

   

Terrorist Attack in Diplomatic Quarter of Kabul Kills at Least 21 People

 

 
 
 
 

 

EDUCATION AND EVENTS 

 

Application Period Open for University of Phoenix Full-Tuition Scholarships  

 

Global Agenda

 

Professional Development

Join us on Facebook

ASIS 5th Middle East Security Conference & Exhibition
Dubai, UAE, February 16-18, 2014

Like us on Facebook

 
ASIS 13th European Security Conference & Exhibition
The Hague, The Netherlands, April 1-3, 2014

Like us on Facebook

Join us on LinkedIn

Join the ASIS International Group

View our profile on LinkedIn 

 

Join the ASIS Middle East Network

View our profile on LinkedIn  

 

Join the ASIS Europe Network

View our profile on LinkedIn 


Join the ASIS Asia-Pacific Network

View our profile on LinkedIn 

Follow us on Twitter

Follow us on Twitter

President's Perspective

ASIS President Richard E. Widup, CPP, shares his insights on a range of membership and industry issues in his President's Perspective columnRead the latest here.

Did You Like This Issue?

The ASIS International EMEA Bureau strives to present content of the highest quality to ASIS members. 


Please contact the 
editor to provide feedback on this newsletter or to submit an article for publication. 

ASIS International EMEA Bureau

Queries about ASIS International Middle East events, membership, benefits, resources, or certification, can be addressed to:

ASIS International EMEA Bureau

300 Avenue de Tervueren, 1150 Brussels, Belgium.

Tel: +32 2 645 26 74

Fax:+32 2 645 26 71 

middleeast@asisonline.org

www.asisonline.org 

Middle East Links

Visit the ASIS Middle East 2014 event Web site:   

www.asisonline.org/dubai

 

Visit our Middle East chapters' Web sites at the following links:

www.asisabudhabi.com

    

www.asisdubai.org

 

www.asisbahrain.org

 

www.asisqatar.org

Not Yet a Member?

The top reasons you benefit from becoming an ASIS International member:

- Unrivalled networking opportunities with more than 38,000 of your industry peers.

- Up-to-date information, including industry best practices, new technologies, and emerging trends. 

- A complimentary subscription to Security Management magazine, the leading security industry publication. 

- Opportunities to build a professional reputation and credentials.

- Tailored professional development programs to fit your specific career goals. 
- Advocacy of the security industry to the government and business communities.
- Board-certified, professional designations. 

- Members-only access to new career opportunities in security management. 

- Access to more than 300 peer-reviewed, security-related publications. 

- Discounts on program and ASIS Seminar and Exhibits registration, merchandise, and certification programs. 


 More Information... .

Select ASIS International-Published Titles Now Available for Purchase for
Amazon Kindle 

Schedule Your Professional Development Now

A comprehensive calendar is available here. Register early and save by taking advantage of early bird rates. Realize additional savings by booking your hotel room before the deadline. Plan ahead to get ahead

Welcome to the fifth edition of ASIS International's ME Dynamics, the monthly newsletter for ASIS members in the Middle East covering ASIS news, chapter news, and important Middle East headlines.

 

The ASIS EMEA Bureau invites members to submit updates or articles to share with ASIS members in the Middle East. 

 

Please note that board certified professionals are entitled to up to 9 CPE credits per article.


The deadline for the next issue is February 10
.

 

In this issue: Richard E. Widup, CPP, takes up the ASIS presidency. European Union cybersecurity agency ENISA identifies best practices and recommendations to improve the security of supervisory control and data acquisition systems. The adoption of the Bahraini law on the protection of classified government information has been shelved. A new malicious program could potentially affect any computer used for banking in any country. Statoil publishes its internal report on the terrorist attack at the gas facility of In Amenas. 

  

Please add regionalnewsletters@asisonline.org to your personal address book or safe sender list to ensure correct delivery of your monthly newsletter.  

   

B1Widup Assumes ASIS Presidency, Board Gains International Members

  

 

On the first of January, 2014, Richard E. Widup, CPP, began his one-year term of office as president in of ASIS International. Widup is the 59th president of ASIS, succeeding Geoffrey T. Craighead, CPP, who became chairman of the ASIS Board of Directors.

In their leadership positions, both Widup and Craighead serve on the Board Management Committee of the ASIS Board of Directors. The Board Management Committee directs the activities between meetings of the full Board. These volunteer leaders maintain the strategic continuity of the programs, products, and services that ASIS provides.

The 2014 ASIS Board Management Committee is as follows: 

  • President: Richard E. Widup, CPP, senior director of corporate security, Purdue Pharma LP (United States) 
  • President-Elect: Dave N. Tyson, CPP, senior director global information security, business process, and technology, S. C. Johnson & Son, Inc. (United States) 
  • Treasurer: David C. Davis, CPP, senior manager, Northrup Grumman (United States) 
  • Secretary: Thomas J. Langer, CPP, vice president of security, BAE Systems, Inc. (United States) 
  • Chairman of the Board: Geoffrey T. Craighead, CPP, vice president, Universal Protection Service (United States)   

The 2014 ASIS International Board of Directors

Three new members were elected in August 2013 to serve on the Board of Directors for a three-year term that also started on January 1:
  • Christina Duffey, CPP, vice president, Paragon Security (Canada) 
  • Godfried Hendriks, CPP, managing director and consultant, GOING Consultancy BV (The Netherlands) 
  • Richard F. Lisko, CPP, vice president and general manager/South Texas Region, Allied Barton Services (United States) 

Of note, this year's board represents the growing global diversity of the organization. Chairman Craighead is a native Australian and President-Elect Tyson is from Canada, which is also the home of Board Member Duffey; Board Member Hendriks is Dutch. 

 

c2ASIS Middle East 2014

  

a1Register for ASIS Middle East 2014

 

Register now for ASIS Middle East 2014 and get access to 33 high-level educational sessions delivered by industry leaders.    

 

The ASIS 5th Middle East Security Conference & Exhibition will take place on February 16-18, 2014, at the Intercontinental Dubai Festival City, in Dubai, United Arab Emirates (UAE).

  

The event will take place under the patronage of His Excellency Sultan Bin Saeed Al Mansouri, minister of economy of the UAE and under the honorary chairmanship of His Excellency Lt. Gen. Dhahi Khalfan Tamim, deputy-chairman of Dubai police and public security.

 

Speakers will include:  

 

Keynote

Abdulrahman F. Al-Wuhaib 
Senior Vice President, Downstream 
Saudi Aramco 
Saudi Arabia

Keynote 
Prof. Martin Gill 
Managing Director, Perpetuity Research & Consultancy International 
United Kingdom  

 

Topic: How offenders say they get around security measures: why they say it is easy

 

 

Keynote

Prof. Dr. Leonard Yong 
Senior Consultant 
EuroMaTech Training & Management Consultancy 

United Kingdom and Dubai, UAE

 

Topic: Applying emotional excellence at the workplace  

 
Six Reasons why you should be at ASIS Middle East 2014:  
  1. Hear industry leaders from important companies and organizations speak about the latest developments, trends and innovations in security.
  2. Apply lessons learned from other industries to your own sector.
  3. Connect with high-level security professionals from all over the Middle East and beyond.
  4. Become motivated by new ideas and information.
  5. Form new partnerships and reconnect with familiar faces in the industry.
  6. Get social and join discussions on Facebook, LinkedIn and Twitter.   

  

In addition to the educational sessions delegates will get access to networking events and to the exhibition.


Entry to the exhibition is free of charge for preregistered visitors, if registered before February 5, 2014.

Please click here to access the conference program.

 Fees:

 

Regular Rate

Onsite Rate

ASIS Member

U.S. $1,295

U.S. $1,395

Nonmember

U.S. $1,550

U.S. $1,650

Government/Military/
Law Enforcement

U.S. $1,050

U.S. $1,150

Partner Organizations

U.S. $1,325

U.S. $1,425

Group Rate

(minimum 5 delegates per company)

U.S. $995

U.S. $995

Single Day Member

U.S. $675

U.S. $800

Single Day Nonmember

U.S. $775

U.S. $900

President's Reception Only

(included in full delegate rate)

U.S. $115

U.S. $115

Lunch Ticket

U.S. $50

U.S. $50

  

 

 Like us on Facebook  View our profile on LinkedIn 

 

c3ASIS International News

  

e42014 ASIS Membership Renewal

It's time to renew your ASIS International membership for 2014. Don't let your member benefits be interrupted.

 

To renew, click on this link or visit the  "My ASIS"  section of the ASIS Web site; after signing in, select the "My Transactions" tab to see the dues renewal invoice. Your membership can be identified by the "Member Type" populated in the far right column. Please select the invoice and choose "Add to Cart."

 

For assistance, contact ASIS Member Services via e-mail at asis@asisonline.org or by phone at +1.703.519.6200 from 9 a.m. to 5 p.m. Eastern Time, Monday through Friday.

 

Stay connected in 2014. Renew your membership today

  

n1Contribute to ME Dynamics and Earn CPEs

 

ASIS International invites members to submit articles that will be published in the future editions of ME Dynamics.

Whether you would like to write a case study, an article about legislation in your own country, or about threats and opportunities for the security profession, any article that allows the sharing of knowledge and best practices with other ASIS members is welcome.

Board certified professionals are entitled to up to 9 CPE credits per article.

General writing guidelines: 

  • Articles must be in English only.
  • Articles should not exceed 500 words.
  • Sales or marketing submissions will not be accepted

Please contact the editor with questions or for more information.

w1Roy Bordes Award Application Now Open

The Roy Bordes Award for Physical Security provides the winning chapter with a customized, two-day, locally delivered, physical security education program. Established in 2008, the award pays the cost of instructors, their travel and accommodations, and collateral materials. Award funds are limited, necessitating that additional meeting expenses will be the host chapter's responsibility. All chapters are invited to compete for the award, however, preference will be given to developing chapters working to expand membership and educational offerings. Chapters may submit one application annually. Relatives of ASIS Foundation Board of Trustees are not eligible for the award. The award application period ends March 11

 

Please click here for more information.

   

a4Be a Sponsor or Exhibitor at ASIS Middle East 2014 and ASIS Europe 2014

 

 

Does your organization's strategic plan call for growth in the Middle East, and Europe? If so, sponsorship of ASIS Middle East 2014, and ASIS Europe 2014 offers a great way to gain exposure and to raise the visibility of your brand, products, and services among key decision makers in these regions. 


Click on these links to review and select from an extensive list of sponsorship and exhibit opportunities:

Identify the event that is most in line with your organization's marketing strategy and budget, or contact ASIS to shape a tailored package that best suits your company's needs.

For further information on other ASIS global conferences, contact the ASIS EMEA/AP Bureau: Tel: +32 2 645 26 74; e-mail: europe@asisonline.org.  

 

c5Headlines

  

q3EU Cyber Security Agency ENISA Argues for Better Protection of SCADA Systems

 

 

How long can we afford having critical infrastructures that use unpatched supervisory control and data acquisition (SCADA) systems? The European Union's (EU) cybersecurity Agency ENISA argues that the EU member states could proactively deploy patch management to enhance the security of SCADA systems.

Much of Europe's critical infrastructure resides in sectors such as energy, transportation, water supply. These infrastructures are largely managed and controlled by SCADA systems -- a subgroup of industrial control systems. In the last decade, SCADA technology has gone from isolated systems into open architecture and standard technologies that are highly interconnected with other corporate networks and the Internet.

A consequence of this transformation is the increased vulnerability to outside attacks. One way to enhance the security of SCADA is through the application of patches. At the moment, two of the key important issues with patching are the failure rate of patches (60 percent) and the lack of patches, as less than 50 percent of the 364 public vulnerabilities had patches available for SCADA.

ENISA identified several best practices and recommendations regarding patching that can improve the security posture of SCADA environments: 

  • Compensating Controls :
    • Increase in-depth defence through network segmentation to create trusted zones that communicate using access controls;
    • Hardening the SCADA systems by removing unnecessary features;
    • Usage of techniques such as application whitelisting and deep packet inspection;
  • Patch management program and service contract:
    • Asset owners should also establish a patch-management service contract to define the responsibilities of both the vendor and the customer in the patch management process;
    • Asset owners should always conduct their own tests, either virtually or by maintaining separate systems to test on.
  • Certified systems should be recertified after a patch is applied.

 

Source: The European Network and Information Security Agency

 

Please click here for more.

d10Terrorist Attack in Diplomatic Quarter of Kabul Kills at Least 21 People 

According to BBC News, a suicide bomber blew himself up outside a restaurant on January 17. Gunmen then entered the room and opened fire. The two attackers were shot dead after a two-hour exchange of gunfire.

Hashmat Stanekzai, a spokesman for Kabul's police command, said, "We have established that 21 people --13 foreigners and eight Afghans -- were killed in the attack." Two members of the European Union's (EU) police-training mission in Afghanistan were among the 21 people believed to have been killed, the EU has announced. Four Afghan employees of the United Nations also lost their lives, as did the International Monetary Funds' country director, Wabel Abdallah.

The attack targeted a popular restaurant located in the diplomatic quarter of Kabul that is close to the United States' embassy and the headquarters of by the North Atlantic Treaty Organization (NATO). According to BBC News, the international clientele, as well as the liberal atmosphere, made the restaurant a target for terrorists.

The country is going to hold presidential elections in April. The international force led by NATO will withdraw its troops by the end of the year. The United States is, however, trying to maintain a small force after 2014. The EU's police-training mission, EUPOL Afghanistan, has a mandate that expires at the end of 2014. The mandate is expected to be extended to 2016.  

 

Source: BBC News

 

Please click here for more.

d6
Bahraini Secret Information Bill Postponed

 

 

The adoption of a bill aimed at protecting classified government information has been shelved due to disagreements on its content, Gulf Daily News reports.

The draft legislation classifies information as top secret, secret, and limited.

It also states that officials who leak top-secret documents will be sentenced to up to 10 years in jail, or fined between BHD 2,000 and BHD 5,000, or both. While officials leaking secret information and documents to the public will be sentenced to up to seven years in jail or fined between BHD 1,000 and BHD 3,000, or both.

Those acquiring secret information through illegal channels will be sentenced to up to 10 years in jail. Finally, anyone trying to break into a prohibited area or hack the computer system to get documents and information will be sentenced to up to five years in jail.

If approved, Bahrain could be the first country in the region to introduce such a law.

The draft law has been referred to the council's foreign affairs, defence and national security committee for further review.

However, Woman and Child Committee chair Rabbab Al Arrayedh warned that implementing the law would harm Bahrain's reputation. "I still believe the interior and defence ministries need to protect its secrets, but I don't believe that it is necessary in other ministries like the education ministry, which should be transparent and open," she said.

Committee Chair Dr. Shaikh Khalid bin Khalifa Al Khalifa said the law was necessary in the wake of an "information revolution." He stated, "We can't underestimate secrets in each ministry, for example, the finance ministry has a lot of documents that can't be leaked out to the public," he said. "Information revolution can be good and bad, it could lead to more transparency and at the same time jeopardize the country."  

 

Source: Gulf Daily News

 

Please click here for more.

d7Saudi Court Convicts 15 of Terrorism

Defence News reported on January 8 that a Saudi court has sentenced 15 terrorists to serve jail sentences of between two and 15 years. Seven other defendants in the case are yet to be sentenced, according to United Arab Emirates' state news agency Wam.

Among other charges the 15 alleged terrorists were convicted of were accommodating one of al-Qaida's most dangerous members, traveling to various countries to participate in battle, conspiring against the security apparatus, weapons and communications training, financing al-Qaida militants, and the possession of weapons and ammunition.

Three days before the defendants were convicted, five were convicted for their part in a bomb plot against a refinery in the Red Sea port city of Yanbu.

Saudi authorities have undertaken a massive crackdown on the jihadist network during the past decade, which prompted many of its militants to shift base to neighboring Yemen.

Source: Defence News  

 

Please click here for more.

d8

New Malicious Program Could Attack Any Bank in Any Country

According to Emirates 24/7, Kaspersky Lab has announced that a new program has infected several thousands of computers used for online banking.

The program, called Neverquest, steals usernames and passwords to bank accounts as well as all the data entered by the user into the modified pages of a banking Web site. Special scripts for Internet Explorer and Firefox are used to facilitate these thefts, giving the malware control of the browser connection with the cybercriminal's command server when visiting the sites of 28 sites on the list, including those that belong to large German, Italian, Turkish, Indian, and international banks, as well as payment systems. Another function helps the malicious users replenish their list of targeted banks and develop code to be seeded on new Web sites that were previously not on the target list.

Kaspersky Lab noted that the holiday period in particular is prone to high malicious user activity, with experts reporting instances as early as November when posts were made in hacker forums about buying and selling databases to access bank accounts and other documents used to open and manage the accounts to which stolen funds are sent. Neverquest appeared on the market even earlier -- an advert looking for a partner to work with the Trojan on the servers of a group of cybercriminals, with their support, was posted in July 2013.

Protection against threats such as Neverquest requires more than just standard antivirus technology. Users need a dedicated solution that secures transactions. In particular, the solution must be able to control a running browser process and prevent any manipulation by other applications.  

 

Source: Emirates 24/7

 

Please click here for more.

d9Statoil Publishes Its Report on the In Amenas Terrorist Attack

Statoil published its report on the In Amenas terrorist attack last September.

The In Amenas attack began on January 16, 2013, when a group of terrorists took more than 800 people hostage near In Amenas, Algeria. After four days, the Algerian special forces raided the site in an effort to free the hostages. Forty people were killed, as well as 29 terrorists.

The main objectives of the investigation requested by the Statoil Board were to clarify the chain of events and to facilitate learning and further improvements within risk assessment, security, and emergency preparedness. 

 

The main conclusions of the investigation are: 


On the attack--

  • The sum of outer and inner security measures failed to protect the people at the site from the attack on In Amenas. The Algerian military were not able to detect or prevent the attackers from reaching the site. Security measures at the site were not constructed to withstand or delay an attack of this scale, and relied on military protection working effectively.
  • Neither Statoil nor the joint venture could have prevented the attack, but there is reason to question the extent of their reliance on Algerian military protection. Neither of them conceived of a scenario where a large force of armed attackers reached the facility.

 

On security in Statoil--

  • Statoil has established a security risk management system, but the company's overall capabilities and culture must be strengthened to respond to the security risks associated with operations in volatile and complex environments.

 

The report gives 19 recommendations within the following areas of security at In Amenas and other facilities in Algeria: organization and capabilities, security risk management systems, emergency preparedness and response, and cooperation and networks.

 

The company will now ensure that the recommendations are integrated and a prioritized part of the initiated improvement program in the security area. The board of directors has endorsed the improvement program, and will continuously follow up its implementation and consider the need for further measures.

 

The program contains actions to ensure that the organization adapts to an ever-changing threat scenario:

  • Strengthen management, skills and capacity within risk analysis, security evaluation and security work.
  • Improve management systems and work processes within safety and security.
  • Closer integration of work related to physical, personnel and IT security
  • More training and increased standardization within emergency preparedness
  • Strengthened cooperation with public authorities, in Norway and abroad, and in the industry's own networks and organizations within areas such as intelligence, safety and security analysis and actions.

 

The investigation team has conducted 136 interviews and a series of meetings with relevant external and internal players. The investigation team has visited Algeria and In Amenas, and has met representatives of government authorities in the Algeria, Canada, Japan, Norway, the United Kingdom and the United States. The team has also held regular meetings with Statoil employees working in In Amenas.

"Although there are areas in which we have not found all answers, and where the ongoing criminal investigations will provide more information, I think we can give a good description of what happened at In Amenas between 16 and 19 January. We are positive that we have a solid basis for answering the question as to what Statoil can learn from this," says Head of the Investigation Team Torgeir Hagen.  

 

Source: Statoil

 

Please click here for more.

 

c6Education and Events

  

w2Application Period Open for University of Phoenix Full-Tuition Scholarships

Each scholarship will allow a prospective student the opportunity to complete an undergraduate or master's degree programme through the College of Criminal Justice and Security at University of Phoenix. Recipients may choose to attend a University of Phoenix physical campus or attend University of Phoenix online.


Applicants must meet all admission requirements for the university, and maintain good standing throughout the term of their scholarship. The scholarship is open to security practitioners worldwide.


A committee comprised of members from the Foundation Board of Trustees, the ASIS International Board of Directors, and the Professional Certification Board will review applicants and select the scholarship recipients.


Applications will be taken starting on February 4 through April 15.  

 

 Please click here for more.

a22ASIS Global Agenda

February 16-18, 2014 -- ASIS 5th Middle East Security Conference & Exhibition, Dubai, UAE 

Registration is open!


March 13-14, 2014 -- ASIS 24th New York City Security Conference & Exhibition, New York, USA

Registration is open!

 

April 1-3, 2014 -- ASIS 13th European Security Conference & Exhibition, The Hague, The Netherlands

Registration is open! 

 

May 5-6, 2014 -- 7th Annual CSO Roundtable Summit, Miami, FL, USA 

 

June 3-6, 2014 --  Effective Management for Security Professionals, Madrid, Spain

 

September 29-October 2, 2014 -- ASIS 60th Annual Seminar & Exhibits, Atlanta, GA, USA

a23Professional Development

Webinars

Subscribe today and get all webinars FREE between now and December 31, 2014!  


Webinar Archive 
 

 

This month highlighting: Practical Applications of Video Analytics

 

Full list of archived titles

  

e-Learning 

  

Full list of programs

 

Classroom Programs and Webinars

 

2014 at a glance.

ASIS MIDDLE EAST. ADVANCING SECURITY WORLDWIDE. 2014
To unsubscribe please contact the editor
.