Monday, December 29, 2008

Awal Muharram

Assalamualaikum WBT to all muslim bro and sis. Today 1429H.. Wish u guys happy New Year Maal Hijrah celebration. It's a public holiday in Malaysia. I wish tht for this coming new year all the muslimin and muslimat wil be blessed with Allah's Rahmat. Insha Allah. My resolution? To be a better Muslim of course :)

I would like to quote some info from a web i found..

"The Islamic Calendar, which is based purely on lunar cycles, was first introduced in 638 C.E. by the close companion of the Prophet (PBUH) and the second Caliph, `Umar ibn Al-KHaTTab (592-644 C.E.) RAA. He did it in an attempt to rationalize the various, at times conflicting, dating systems used during his time. `Umar consulted with his advisors on the starting date of the new Muslim chronology. It was finally agreed that the most appropriate reference point for the Islamic calendar was the Hijrah. The actual starting date for the Calendar was chosen (on the basis of purely lunar years, counting backwards) to be the first day of the first month (1 MuHarram) of the year of the Hijrah. The Islamic (Hijri) calendar (with dates that fall within the Muslim Era) is usually abbreviated A.H. in Western languages from the latinized Anno Hegirae, "in the year of the Hegira". MuHarram 1, 1 A.H. corresponds to July 16, 622 C.E.

The Hijrah, which chronicles the migration of the Prophet Muhammad (PBUH) from Makkah to Madinah in September 622 C.E., is the central historical event of early Islam. It led to the foundation of the first Muslim city-state, a turning point in Islamic and world history.

To Muslims, the Hijri calendar is not just a sentimental system of time reckoning and dating important religious events, e.g., Siyaam (fasting) and Hajj (pilgrimage to Makkah). It has a much deeper religious and historical significance."

Tuesday, December 23, 2008

Physical Security Lessons

The newest CSO magazine featured a great article by Bill Brenner on jewelry store security. It's online via PCWorld at How Tech Caught the Jewelry Thief. I'd like to cite several excerpts and relate them to digital security.

It used to be that after a robbery, the police would review a surveillance tape for clues into who broke in, at what time and what the bad guys looked like. Since the thieves would be long gone by the time the tape was reviewed, there would often be little the authorities could do about it.

That sounds like a traditional digital forensics scenario, with the problem that it can be difficult to apprehend criminals well after the crime occurs.

But thanks to 21st-Century technology, the crooks are being watched in real time and, as a result, getting caught a lot more often.

Notice the word "watched" -- this frames the problem as one of faster detection and response.

In this Q&A, Dennis Thomas, regional loss prevention manager and certified field trainer at Zale Corp., explains how the retailer's IT operation is playing an increasingly important role in the physical security effort...

CSO: Your organization seems to be fighting back in more of a real-time fashion, as opposed to surveillance camera recordings where you would see the burglary take place long after the fact.

Thomas: Keep in mind, in the old days a crime could occur in a store with the employees there and they wouldn't always notice what was happening. With remote technology our trained operators at the command center can observe a theft in progress and notify the police in real time with important time-sensitive details like description, method of operation and where the merchandise is on the person. The police in turn are a lot more successful in making an arrest than they were five years ago.

Two points: first, Zale Corp. uses a centralize and specialize method where experts provide a service to the entire company, remotely. Second, the result is removing a threat via police arrest.

The real benefit is the increase in time notification. Let's say the operator doesn't immediately see the theft as it's happening. They can still e-mail camera images to the police, which is still faster than trying to pull video off an old VCR tape.

This sounds like Network Security Monitoring, where prevention eventually fails and sometimes intruders are smarter than you. When you know you were victimized, however, you can review your forensic evidence quickly and efficiently.

CSO: Who are you using as a vendor to operate the command center?

Thomas: We own and operate our own command center.

CSO: So you built the whole thing in house.

Zale Corp. is big enough to staff their own centralized "security operations center (SOC)". Smaller players might want to outsource, but I see more large companies building their own.

Thomas: Exactly. We worked with a local vendor to develop the technology and devised everything right down to the terminology that the operators use to communicate with the stores.

CSO: Did your command center develop gradually and organically, or was it based off of one big plan from the outset?

Thomas: It was a gradual process that took years. There were three phases: developing the technology, implementing the technology and further enhancing the system once it was operational, working out the kinks. We had our challenges as we basically ventured into uncharted territory but the technology was proven and successfully implemented the vision into the business.

No one does this correctly from day one. Developing an effective security operation is a multi-year process.

CSO: How much has this cut down on the time it takes on average to either catch the thief or at least solve a crime?

Thomas: I'll give you two statistics: First: The corporation has achieved record shrink lows for the last seven consecutive years. Second: a significant reduction in shrink [lost merchandise/revenue] as a result of burglaries. You can directly attribute that to the technology we've put in place.

This is a crucial point: Zale Corp's security department has performed a cost-benefit analysis that demonstrates how their security operation is saving money. First they had to quanitfy loss, and now they are showing how their team has reduced that loss. Note that the security team isn't "making money;" they are preventing loss.

There has been a significant increase in the number of criminals apprehended because we can get three to five cruisers out there immediately, because the police know if Zales calls, we are seeing a burglary unfolding before our eyes. We are able to verify to them immediately that it's not a false alarm.

Zale Corp. is avoiding the problem facing many MSSPs. Many MSSPs just call the customer when one of a million Snort alerts appear on an analyst's console. The customer is left to do an investigation to validate the alert. Good MSSPs (including internal ones) use an alert as an indicator to start their own investigation, backed by the necessary actionable evidence to make a decision. Then they call the customer to inform them that a problem is happening, not to ask the customer "is anything wrong?" The customer learns to trust the MSSP, because when the MSSP does call it means something.

CSO: If you are a retailer just coming to the realization that you need to adopt a system like Zale's, what are the first items you should be thinking about?

Thomas: The first thing you need to do is determine where your risk is. Is it the employee? Does the general public have access to your merchandise? Where is your shrink occurring and where will those precious dollars get the most benefit? The second thing you should do is go out and look at what your competitors are doing technologically to ensure security. Then you are able to build your system to meet the specific needs of your organization.

Again, Zale Corp. demonstrates where to begin. You can determine risk by performing preliminary monitoring to observe actual problems before implementing countermeasures. Bruce Schneier calls this monitor first.

Great article Bill Brenner!