Security jobs

The Guardian

Three Oaks student honoured for excellence in workplace safety

Melanie Rodger, who recently graduated from Three Oaks Senior High School student in Summerside, has been busy creating safe spaces at her school, work and volunteer settings.

Recently she was recognized for showing excellence in the demonstration and understanding of occupational health and safety (OCH) principals, by the Workers Compensation Board (WCB) with the Safety Matters Award during their annual public meeting.

“One of the ways to build safer workplaces is to focus on our future workforce,” said Stuart Affleck, chairman for the Workers Compensation Board. “The WCB places great importance on fostering safety champions in our next generation of workers and employers.”

Melanie participated in the OHS Leadership Program over the past year, where she worked with a partner to plan and host events designed to raise student awareness around safety in the workplace.

In the summer of 2017, she worked in a laboratory setting at University of Prince Edward Island, where she gained awareness and appreciation for safety training, and the need for personal protective equipment in certain workplace settings.

She participated in a training course at an aerospace company where workers were provided with an orientation to a new 3-D printer and learned more about effective communication of workplace hazards.

Rodger volunteers at the Prince County Hospital, in addition she serves as president of a volunteer youth board at the hospital. She has taken a leadership role in sharing knowledge about OHS with her co-workers and plans to study bioengineering at McGill University in Montreal this fall.

“We applaud Melanie and the many other students who take an interest in health and safety in the workplace,” said Luanne Gallant, CEO for the Workers Compensation Board. “Any effort to educate and engage others in discussions around safety will help benefit everyone.”

To learn more about educating young workers about workplace safety, visit the Workers Compensation Board website at or call the WCB office at 902‐368‐5680 or 1‐800‐237‐5049.

CBC

Overall crime rate in Vancouver went down in 2017, VPD says

Property crime and deadly car crashes are down, but homicides and sex offences are up slightly

Vancouver police say the rate of crime in the city dropped in 2017, with less property crime and deadly car crashes but more homicides and car theft.

The overall crime rate has gone down 1.5 per cent, according to department data released Thursday.

Property crime went down nearly two per cent, ending a five-year streak of rising rates. Break-ins to businesses also went down by nearly 18 per cent, robberies were down 23 per cent and deadly motor vehicle collisions dropped by 13 per cent.

There were 1.9 per cent more violent crimes in 2017, but when you compare those numbers for the last 10 years, there's still a decrease.

Homicides in the city went from 12 to 19 last year, for an increase of 58 per cent. Shots fired incidents were up 19 per cent, from 26 to 31.

Sex offences were also up by two per cent.

A statement from the department said motor vehicle theft is still a persistent problem.

"Theft from motor vehicles continues to be an issue in Vancouver, especially downtown," said Const. Jason Doucette. 

"While we'll continue to target offenders, drivers can help by simply not leaving anything visible in their vehicles. If thieves can see it, they're more likely to steal it."

On average, the data noted, Vancouver police responded to calls within nine minutes and 46 seconds in 2017 — about one second slower than the year before.

 

Mike Smyth: More crime, fewer cops — What is wrong with Surrey's picture?

The spasm of gang violence in Surrey has triggered an outpouring of concern in a community worried about flying bullets and the seductive lure of gang life on impressionable kids.

But it’s also re-ignited a debate in a city that always seems to get the short end of the stick compared to its Metro Vancouver neighbours.

Does Surrey have enough cops? And is the RCMP the right force to patrol mean streets plagued by some of B.C.’s highest crime rates?

Tom Gill, the city councillor considered the frontrunner for mayor in this fall’s municipal election, said the city’s RCMP detachment has added 100 more cops with plans to add more.

“The number is unprecedented,” Gill said. “No other municipality has made as significant an investment in such a short time.”

But it’s not enough to match the per capita number of police officers deployed in neighbouring cities.

According to Statistics Canada, Surrey has just 139 police officers for every 100,000 residents. Compare that to Vancouver, which has 191 cops for every 100,000 residents.

Neighbouring Delta has 163 officers per 100,000. New Westminster has 153.

Now compare the rates of serious crime in those four cities for an even starker contrast.

Surrey has a crime severity index of 117, while Vancouver, New West and Delta have severe-crime rates of 114, 79 and 54 respectively.

The bottom line: Surrey has more crime, and less cops, than its neighbours. What is wrong with this picture?

“It’s actually quite shocking,” said Stuart Parker, a candidate for city council running for the Proudly Surrey party. “The thing a gang possesses is turf. If you don’t have the personnel to compete for that turf, then you’re ceding it to the gangs that do. We need 30 to 50 per cent more officers in Surrey.”

There are also growing demands for the city to dump the RCMP and create a local municipal police force, like the ones in Vancouver, New West, Delta and several other B.C. cities.

“The RCMP has multiple levels of bureaucracy and hierarchies and a backlog of unfilled vacancies,” Parker complained. “A local force will be less top-heavy and allow us to retain police officers in the community where they were recruited.”

But the ruling Surrey First party shows no interest in replacing the RCMP.

“The party is over,” insisted Mayor Linda Hepner, who is not seeking re-election. “We are going to make life (for gangsters) as miserable as we can legally in the city of Surrey.”

Hepner made the comments while releasing a new anti-gang strategy following a rash of deadly violence, including the daylight shooting death of 47-year-old hockey coach Paul Bennett, gunned down in his driveway on June 23.

The report includes recommendations to expand anti-gang youth programs and double the size of the RCMP’s gang enforcement unit in the city.

“It will give us more boots on the ground that will get in the face of gangsters and get them out of our city,” Dwayne McDonald, Surrey’s RCMP assistant commissioner, told Global News reporter Janet Brown.

“My message is, ‘You’re not welcome in Surrey. We are coming for you. You can run. You can hide. But we will find you, we will arrest you and we will put you in jail.’”

But McDonald said the additional anti-gang officers will be moved into the unit from other duties, not new hires. And he declined to say how many officers are actually in the gang unit now for “security reasons.”

“Disappointing,” responded Gurpreet Sahota, the community leader who fired up 5,000 protesters at a recent Wake Up Surrey anti-gang rally. “We need more police officers. And everybody in Surrey is talking about the need for a local police department. Neither was mentioned in the report.”

He questions why a promise to double the size of the city’s anti-gang unit is supposed to reassure anyone when police won’t say how many officers are in the unit to start with.

And why wasn’t the promised “Inadmissible Patrons Program” to ban gangsters from bars started years ago, when a similar program has been running in Vancouver for a decade?

Watch for these issues to heat up as the campaign for mayor gets closer — especially if Liberal MLA Rich Coleman, a former police officer, decides to challenge Gill for the job.

“That recent shooting (of hockey coach Paul Bennett) happened 10 blocks from my house,” said Coleman, who called for more street cops and increased gang surveillance.

“You need intelligence-gathering,” Coleman said. “You need to be visible on the street. You need to use statistical models to know where the hot spots are, target your resources and then push back on crime.”

But Gill said Coleman’s previous controversial oversight of casino gambling — the subject of a scathing recent report on money laundering — should disqualify the former solicitor general from the mayor’s job.

“You really have to rethink whether you can support an individual like that,” Gill said.

It’s clear that gang warfare, and political warfare, are both on the rise in Surrey.

    HelpNetSecurity

    Four tips for keeping security worries away this summer

    As the summer weather heats up, so does the desire to cut out of the office early and finish the workday from the park, a local pub patio or maybe the family cottage.

    Now is the time where many of us take advantage of the ability to work remotely – using portable devices and free Wi-Fi or mobile hotspots to stay connected. While many managers are fairly flexible on this type of ‘perk’ if the position allows, IT security experts understand that is comes with some risk. To offset this, steps should be taken to ensure data and access is secure while at work, home or on the go. 

    Consider working remotely. Where do you start? The first thing you’re going to do is to sign into email or your white-listed business application of choice to access the files you need to do your job. Doing so in the office versus doing so on a busy summer patio poses different threats. Still, there are a couple of steps organizations can take to keep remote employees happy, while maintaining security. Here are four main ones to consider:

    1. “Just enough” access

    Whether it’s the summer vacation season or the middle of winter, this tip still applies. Limit the access entitlements that employees have to only what they need to do their jobs and nothing more. This sounds straightforward and simple, but it’s often a surprise at how much access employees can accumulate.

    Often referred to as ‘access creep,’ the term refers to the additional access employees have received over time that was never turned off. This could be due to a previous role in another department or a special project the employee worked on. The idea here is that if employees only have the bare minimum of access and nothing more—should something happen and an employee’s access is compromised somehow—the risk to the company is lower than it would have been otherwise.

    2. “Only when needed” access

    There’s going to be roles that require elevated access to important data, as it’s the nature of business. But there are things organizations can do to limit that access with by putting extra protections in place so that the access is only granted when necessary.

    A single sign-on solution is great for enabling employees to be able to access various applications from one simple location, but implementing a risk-based authentication that requires additional authentication if certain parameters are detected will help ensure additional safety measures are in place. For example, when the employee is detected in the office, they can click in without issue. When they are trying to access that application from elsewhere on their personal network though, additional authentication will be required to make certain they truly are who they say they are.

    3. “Sorry, not now” access denial

    In the same vain as the ‘only when needed’ access scenario, there may be situations or applications that organizations are going to decide they do not want to allow any access to outside of their strict controls. Through the use of an advanced authentication tool with Geo-Fencing included, organizations can configure a policy to limit access to only those users in the allowed location.

    4. “I forgot my password” access

    There’s nothing more frustrating than trying to get something done so you can sign off for the day and getting hit with password request. For example, consider trying to access a previous application you were working in to upload work (i.e. Box, Dropbox), and you are asked to enter a password you don’t remember.

    In the case of remote working, due to some of the tips I described above, it’s not uncommon to be asked for that password once you’re out of your network. However, unless you’re used to working remotely and can recall it on the fly, it can be a real inhibitor of getting work done when you’re not at the office. This is where a self-service password reset tool is not only a godsend for the end user, but it also alleviates calls to the help desk and can increase security. The reason for this is that customized—or pre-written—challenge questions are more secure than verifying a user’s identity on the phone before resetting a password or unlocking an account.

    We should all be allowed to enjoy some fun in the sun this vacation season. By incorporating some—or all—of these strategies, organizations can better prepare themselves for the inevitable summer ‘WFH’ requests and allow their employees to do just that. In doing so, companies will achieve a more secure environment for their employees who plan on sneaking in some much-needed family time.

    It world Canada

    UK minimum cyber security standard should be followed in Canada, says expert

    There’s no shortage of advice to infosec leaders about what they ought to be doing to tighten the IT security of their organization, starting with the Center for Internet Security’s critical security controls . But what if the board and C-suite wants to tell departments what they must do?

    The recently-issued minimum cyber security standard for U.K. government departments is a good place to start. In seven pages the government sets out what it expects departments to adhere to — and exceed wherever possible.

    This concise document goes along with the more detailed best practices security policy framework for protecting government assets, first published in 2014, to comply with the U.K. national cyber security strategy.

    Those two documents can be granular, and in some ways ‘here’s how you do it’. The minimum cyber security standard is ‘here’s what you better be doing.’

    So, for example, one of the first standards is “Departments shall identify and manage the significant risks to sensitive information and key operational services.”

    Here’s another notable must: “Access shall be removed when individuals leave their role or the organization. Periodic reviews should also take place to ensure appropriate access is maintained.”

    And another: “Multi-factor authentication shall be used where technically possible, such as where administrative consoles provide access to manage cloud based infrastructure, platforms or services. Multi-factor authentication shall be used for access to enterprise level social media accounts.”

    Four sections

    The standard is broken down into four sections infosec pros will recognize for creating a strategy: Identify, Protect, Detect and Respond. Within each department heads are mandated to take certain action. This means if there is a failure the government can ask, ‘Why wasn’t this done?”

    “This is a  useful starting point for Canadian authorities,” said David Swan, the Alberta-based director of cyber intelligence at the Centre for Strategic Cyberspace + Security Science, an international consultancy. “All levels of government can use it. The requirements of the standard can be integrated into any regulatory framework. The standard can be expanded or included in other guidance. In the corporate environment, this level of knowledge should be required by boards of directors, CEOs, CSOs and CISOs. Organizations that don’t require this level of knowledge are essentially ‘co-operative victims’, unaware of their risk, cyber threat and consequences.”

    The standard does allow some implementation flexibility. So the definition of ‘sensitive’, ‘essential’, ‘important’ and ‘appropriate’ are left open. “However , the document adds, “departments are accountable for the effectiveness of these decisions.”

    U.K. departments “shall understand and manage security issues that arise because of dependencies on external suppliers or through their supply chain,” the standard says. That includes ensuring that the standards are met by the suppliers of third party services, such as hardware, software, consulting or cloud providers  However, those third parties could meet compliance in one of several ways. One is if the supplier holds a valid Cyber Essentials2 certificate as a minimum.

    The U.K. Cyber Essentials program has accredited bodies issue certificates to private sector companies attesting they have met certain minimum security standards. Last month, when it released the latest Canadian cyber security standard Ottawa said it is looking to set up a similar program here.

    Related Articles

    Ottawa vows to make Canada a global leader in cyber security

    Ottawa has released its long-awaited update to its national cyber security strategy, promising to better protect Canadians from cyber crime,...

    June 12th, 2018 Howard Solomon @howarditwc

    However, the Canadian program may take some time. The government said it will first consult with the private sector and potential certification bodies.  At this point it isn’t known who those certification firms could be. In the U.K. they include many IT security consulting companies, who have expertise in the area. The department of Innovation, Science and Economic Development (ISED) will be responsible for approving the Canadian program. The Communications Security Establishment (CSE), which oversees security for federal systems, will define a basic set of measures SMEs would have to follow. And the Standards Council of Canada will approve certification bodies to assure evaluate SMEs have met the standard.

    Note where the U.K. mimimum standard starts: “There shall be clear lines of responsibility and accountability to named individuals for the security of
    sensitive information and key operational services.”