Volume 1, Issue 5

March 2004  

 

 

 

About Per Mar

Contact Us

 

CORPORATE OFFICE

Per Mar Security Services
Per Mar Centre
1910 East Kimberly Rd
Davenport, IA 52807
Tel# 1-800-4-PERMAR (737627)
Fax # 563-359-6700

 

New Fraud Auditing Standard SAS No. 99 [more...]

Security by Design [more...]

Can We Tape [more...]

Privacy Policies Preferred [more...]

Gone Phishing [more...]

Cool Tools [more...]

The Taxman Cometh [more...]

And Don't Forget the Use Tax [more...]

New Fraud Auditing Standard SAS 99

This year businesses are faced with a new set of fraud audit procedures that could prove to be rather costly. SAS No. 99, a new auditing standard, takes effect this year and could consume twice the time and resources of a regular audit. The Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audits provides significant guidance regarding fraud detection procedures and documentation requirements. Here's what to expect:

  • Audit team discussions: Not only will auditors review that which is provided them, they must contemplate how the organization might commit fraud. Auditors now must ask employees if fraud is taking place and who may be doing it.
  • New audit tests: Auditors must now design and use audit tests, which client businesses cannot predict. These tests must have fraud detection features that are sufficiently unpredictable, and most fraudsters will be exposed.

The new SAS No. 99 combined with Sarbanes-Oxley compliance will create a significant cost burden for many organizations. Fortune Magazine predicts the number will be north of $5 billion this year alone. However, smart organizations are seizing the opportunity to rethink their processes and confront fraud and those who commit it.

top

Security by Design

Crime prevention is not new. For centuries man has sought ways to protect himself and those in his community. One fascinating concept that has yet to reach full potential is called Crime Prevention Through Environmental Design (CPTED).

The concept is simple: crime can be reduced or in many cases eliminated, by better managing the physical environment and making potential targets within it, unavailable. This can be achieved by proper design of buildings and neighborhoods. Security experts suggest that when new buildings are being planned, security considerations should be included in the architectural design, and not added later as an afterthought when the project is completed. Aspects to consider include location, sight lines, lighting, access control, traffic management and the opportunity for concealment by those intending to do harm.

The design of a building should consider all obvious or potential entry and exit points such as doors and windows as well as internal traffic areas where access should be restricted or managed. Experience has shown that it is much easier and more cost-effective to design security features into the original construction than to add them after the project's completion. While CPTED does not address the root cause of criminal behavior, undesirable activities can be prevented by limiting the opportunities available for them. Crime prevention through environmental design is a simple idea with a bright future.

Contributed by Collin Baer

top

Can We Tape?

Security professionals and corporate investigators frequently have the need to tape-record those they interview. The need is particularly common during interviews where an admission is likely. However, many practitioners and even the lawyers who sometimes assist them don't know if or when it is permissible. Now the answer is just a mouse-click away. The Reporters Committee for Freedom of the Press, a Web site that monitors First Amendment issues, provides an easy-to-use table detailing the rules for tape recording in all 50 states. While many states still require only "one party" have knowledge of the recording, twelve states require, under most circumstances, the consent of all parties to a conversation. Those jurisdictions include California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania and Washington.

At least 24 states also have laws restricting the use of hidden cameras in private places. Many states also have statutes that concern unattended hidden cameras, not just cameras hidden on a person engaged in a conversation. Security professionals and investigators should be aware, however, that the audio portion of a videotape will be treated according to the wiretapping laws of the state in which the recording is made. Tip: Know the rules before tape recording anyone and if ever in doubt, seek the advice of a competent attorney. Regardless of the law, the careless use of tape-recorders and video can prompt invasion of privacy claims and ruin the otherwise exceptional result of an investigation.

top

Privacy Policies Preferred

The decision whether to post a security and privacy policy on a corporate web site is a voluntary matter. However, the Federal Communications Commission favors them and recommends they be clear and honest. Good policies contain four elements: notice, choice, access and security. Notice involves, "clear and conspicuous notice of [the recipient's] information practices." Choice provides users the opportunity to control how the information they provide will be used. Access speaks to the user's ability to review any information captured and contest inaccuracies and deficiencies. Security describes how the captured information will be protected against unauthorized use, access or disclosure.

Travel Tip: Banned items in luggage result in big fines. The Transportation Security Agency has begun to quietly fine travelers who accidentally violate security policies. Civil penalties now range from $250 to $10,000 for the first offense. If the TSA is able to prove intent, violators could face jail. Best advice: Be careful of what you pack and think before you travel. With the TSA intercepting more than 15,000 prohibited items each day, its tolerance is waning.

top

Gone Phishing

Spam and malicious code in the form of viruses and worms are the modern evils of our electronic world. According to security specialist MessageLabs, last May, spam accounted for 50% of all business email traffic in the U.S. for the first time. In November, in response to the SoBig and Blaster viruses, which exploited vulnerabilities in its software, Microsoft offered a $250,000 reward to anyone who could lead it to those who created the viruses. Experts believe that criminals will next combine spam with viruses. Hackers have already given the scheme a name, dubbing the mass distribution of spoofed email messages with return links that appear to come from reputable businesses, phishing. Some customers of eBay, PayPal and other online vendors have already been victims. Says one IT security manager, "It will only get worse. The Internet will remain wild and dangerous well into the 21st Century."

Top 10 Viruses / Worms of 2003

Name

Number of Interceptions

Description

SoBig.F

32,000,000

"Re: Your wicked screensaver"

Swen.A

4,000,000

Masquerades as a Microsoft security update

Klez.H

4,000,000

Comes disguised as free inoculation tool

Yaha.E

2,000,000

Free screensaver

Dumaru.A

1,100,000

Bogus Microsoft security patch

Mimail.A

1,000,000

Bogus PayPal email and URL to capture credit card info

Yaha.M

900,000

Delivers DOS attack against remote machines

SoBig.A

800,000

Harvests email addresses

BugBear.B

800,000

Captures victim's key strokes and disrupts network printers

SirCam.A

500,000

Deletes files and consumes disk space



Source: CFO Magazine, 2004

top

Fact: Women over 40 spend 50% more time playing online games each week than men, according to an AOL survey, and even beat teens in frequency of play.
Source: WSJ, 2004

Cool Tools

Road warriors who sometimes have to work on computers other than their own can now make any computer look and feel like their own. Migo couples the popularity of USB flash storage devices with advanced synchronization and data management software. This key-size device imports your desktop settings, Outlook email and Web browser favorites wherever you go. Simply plug Migo into any available USB port. When you return to your computer, plug- Migo in again and synchronize all the work you did while traveling, like you had never left your office. The device retails for $250 but is available at http://r.vresp.com/?PerMarSecurityServic/0e28f2825b/166821/c3d2f40e22 for about $138.

Keep prying eyes off your computer screen with EyeTop. EyeTops are high-tech glasses with a built-in 16 bit color LCD screen that connects to almost any device equipped with a video output jack, including portable DVD players, digital cameras and a camcorder-even a laptop. Price: about $350.

top

Quote of the month: "About as useful to Americans as socks on roosters." Timothy J. Murison on the privacy notices that banks are now required to send customers each year.

The Taxman Cometh

Millions of Americans are heading for serious tax trouble – and few of them know it. The culprit: a complex and misunderstood menace known as alternative minimum tax. AMT, as the name implies, is another way high-incomers are supposed to calculate their income tax. Originally aimed at a handful of wealthy people, this year about 3.3 million people will owe more in taxes because of it. Because of bracket creep, the tendency of rising wages to push one into ever-increasing tax brackets and the elimination of traditional deductions, the Treasury says next year more than 12 million Americans will be hit. By 2010 more than 30 million people or 37% of all households will be affected. By design, in the coming years the AMT, "will encroach dramatically on the middle class," warns a report by the Tax Policy Center in Washington, D.C. Washington insiders believe the only solution would be the massive overhaul of the regular tax system – something neither the president or congress are likely to tackle anytime soon.

Meanwhile, in order to fatten tax receipts, the IRS wants taxpayer assistance in identifying those who cheat. If you have information about an individual or organization you suspect is cheating or not paying their fair share, the IRS asks you call 800.829.0433. Although tipsters can remain anonymous, callers can receive up to 10 percent of the amount collected if they identify themselves.

top

And Don't Forget the Use Tax

Beware when shopping online or by phone, the sales tax that wasn't charged doesn't necessarily go away. It morphs into a "use tax," which is supposed to be paid when filing state tax returns. Many states this year have added a line on their tax forms for taxpayers to report out-of-state purchases on which the merchant did not collect sales tax. Tax experts say states haven't yet figured out how to track online purchases. However, they warn sellers of big ticket items maybe forced to give up client lists, and those who don't pay may also owe interest and penalties once located.

Source: Kiplinger's, 2004

top

 

Copyright © 2003-2004 PerMar Security - All rights reserved.

Duplication and distribution for commercial purposes is strictly prohibited.
Powered by SecurityNewsletters.comTM

 


You are receiving this email because you requested to receive info and updates via email. To unsubscribe, reply to this email with "unsubscribe" in the subject or simply click on the following link: Unsubscribe
This message was sent by Per Mar Security Services using VerticalResponse's iBuilder®
Per Mar Security Services
Per Mar Centre
1910 East Kimberly Rd
Davenport, IA 52807

Read the VerticalResponse marketing policy.