PC Guardian Quarterly, Spring 2007, Volume III
MEASURING SECURITY ROI
Of all the steps it takes to upgrade your company's security readiness, getting management approval can be the most difficult. Documenting relevant case studies, crime stats, and headlines takes you only so far. What is the best way to make a business case to upgrade your security infrastructure to an unwilling decision maker?

Experts agree: to win approval of your security proposals, they must be put into terms that show how a security project can improve the bottom line of your company. "The ROI calculation is valuable because it creates a ratio between the expected net benefits of a project in relation to its costs, one that the (management) team can use to compare with other proposed projects and against internal investment goals and criteria," writes Tom Pisello in his article, Executive Guide: ROI. This analysis can include "estimates for factors such as the cost of downtime based on employee costs and lost sales, frequency of security incidents, benefits from automating manual security tasks and potential damage to a corporate brand. That data will help senior management determine where the value may lie in a proposed security expense," writes James M. Connolly in his article, The Science of Security ROI. Nobody said it was easy, but with a little research and analysis, your project has a better chance of getting approved. Getting good marks from management for your business acumen isn't a bad thing either.


INSIDER THREATS: “TRUST… BUT VERIFY.”
-Ronald Reagan

In most organizations, insider threats seem as far away as the Eisenhower administration. Security pros, of course, know better and recent study and survey results indicate a significant number of security breaches are committed by current employees, either by accident or on purpose. The percentage varies, but most put the number between 20% and 40%. What safeguards and controls can security managers take to "trust… but verify" their employees' intentions?

In a Computer Associates study published last July, 84% of companies it surveyed experienced a security incident in the last 12 months, and 38% of those were internal breaches. In the 2006 CSI/FBI Computer Crime and Security Survey, 39% of companies said more than 20% of their losses come from insider security breaches. Finally, in a study by Carnegie Mellon published last year, 75% of the confidential information thefts analyzed were committed by current employees. Check out this article in InformationWeek that discusses the DuPont insider breach from an employee who had accepted a job at a competitor. It offers some good advice for security managers on ways to prevent data security breaches before they cost your company unwanted headaches or worse.


SMALL DEVICE, BIG RISK - THE SMART USB DRIVE

You've seen the ads, "2 Gigabyte USB Drive $29.95." With prices so low for big storage, it's no wonder 114 million of the devices were sold in 2006, up from 85 million sold in 2005 and growing 15% per year thru 2010 (Gartner). The growth, according to Gartner, is fueled by the new "Smart" USB drives.

Industry group "USB Flash Drive Alliance" (UFDA) defines Smart USB drives as "any drive that includes additional bundled software/applications that enables programs to run from the USB drive when plugged into a computer." In a Computer World article titled IT Risks Rise on USB Drives by Jaikumar Vijayan, Smart USB drives are described by Darren Kitchen, member of HAK5, a security-related podcast run by self-described white-hat hackers: "What makes it a security nightmare is that it's a faster and automated way to do existing threats. What could have been done before in four to five minutes can now be done in a few seconds," he said.

"Companies need to think seriously about managing USB storage devices," said Jonathan Singer, an analyst at Yankee Group Research Inc. in Boston. "You can have a user walk away with a whole bunch of information, or someone's PCs could get owned by a USB device they picked up in a parking lot." Great for end users but potential trouble for security professionals, Smart USB drives up the risk factor to data and networks.
PC GUARDIAN NEWS

USB PORT SECURITY SYSTEM: A SOFTWARE-FREE SECURITY SOLUTION

In case you haven't heard, PC Guardian is now shipping a physical solution to USB drive threats that reduces the risk of data leakage, data theft, computer viruses, and malware: The USB Port Security System.

PC Guardian President and CEO Ann Laurenson says, "Our new USB Port Security System provides a simple and effective alternative to expensive software installations. It effectively blocks USB port access, yet does not impede productivity by allowing secure, continued access of authorized devices such as a keyboard and mouse." See the full press release here. Check out prices and package options here, or contact us for an evaluation sample.

THE REVOLUTIONARY PC GUARDIAN EZOLUTION™ MASTER CODED COMBO LOCK

The much anticipated Master Coded Combo is in stock and available to ship! The patent pending Master Combo system allows an end user to set his or her own combination while also giving an authorized administrator the ability to unlock and reset the lock at anytime with the innovative ComboGenie.

PCG President and CEO Ann Laurenson: "This new system provides organizations with an additional alternative for managing combination locks by eliminating (1) the need to track serial numbers and (2) the risk of lost, forgotten, or compromised combinations." Keyless security just got a lot more efficient! More information here.


NEW ONLINE LOCK MANAGEMENT FOR ADMINISTRATORS

End users have always been able to securely register their keys and combos on our website, but now PCG is introducing a new online management system for administrators to track preset locks and combinations.

Starting in mid March, security administrators who register their locks and combos online will be able to:
• View their entire inventory of locks, their serial numbers, and respective combinations
• Easily recover lost or forgotten combinations
• Assign user names or notes to locks
• Search and sort by serial numbers, names or notes
• Download the information for internal use
• Add new locks to their existing inventory
Read more about how this great new management system will make your security management life a lot easier. Authorized security administrators only!

QUICK LINKS

www.pcguardian.com

Contact Us

USB MEMORY STICKS POSE THE GREATEST RISK TO CORPORATE DATA RIGHT BEHIND HANDHELD DEVICES AND LAPTOPS*
*Survey of nearly 500 Security professionals, Ponemon Institute/Vontu 2006

PC GUARDIAN IN THE NEWS
Read the latest PC Guardian Product Review by Tech News World writer Jack Germain.

 AWARDS
PC Guardian Ezolution™ Keyed Locks were recently nominated to receive an Excellence Award from InfoSecurityProductsGuide in the Physical Security category. We would be honored if you took a few seconds to cast your confidential vote for us. Voting is open from March 8 thru March 28. Thank you!

 EVENTS
See PC Guardian Products demonstrated at these upcoming Industry Trade Shows:
CAMEX
The Douglas Stewart Company Booth #1635
March 25-27 Orlando FL

CCRA
PC Guardian Booth #418
Denver, CO April 18

Infosecurity Europe 2007
Avanquest Stand # C192
London, England, April 24-26


 NEWSLETTER FEEDBACK
Email us if you have any questions or comments to the editors of Physical Security News You Can Use. Watch for reader comments in our next newsletter in June.