1. Newsletter: February 2011
Let’s professionalize the professionals…
Today it's significantly different! Yesterday we operated with fences,
gates, guards and cameras. We were worried about people taking minor
items out of the workplace. But the fences, guards and gates are not as
important these days for many businesses.
Now the assets are electronic; they are built on and live on the Internet.
The facility environment today is more open; employees want to come
and go with their electronic access card; they don't want to be stopped
by a fence or a gate. Today, they want a card in their hand and the ability to be there!
Intellectual electronic assets are much more significant. One CD could have more
property on it than you might have in whole office years ago. And yesterday they would
have had to steal the entire filing cabinet to get the same amount of information that is
on a single CD today.
A digital asset / data theft happens today, and tomorrow it is on the six o'clock news. In
the electronic age that we live in, there are not many secrets out there anymore that
cannot be hacked or found.
The things we have in place for protection must change tonight. These hackers [who
have fed Wikileaks] were able to disrupt an amazing amount of USA Government in a
short amount of time. Wikileaks is a wake-up call!
This has been going on for a period of time all over the world; it just
has become more public than ever before.
Capt S B Tyagi
For ICISS
FOOD FOR THOUGHT:
If it is not already with you, provably it will harm you: the
information, the technology – in short, ‘The Edge’!
C:S B TyagiICISSNews Letter Feb 11.doc
2. How to Enter the Field?
It is realized that many international manufactures and distributors of international repute failed
where small timers were successful in procuring the order. Though this fact is initially
perplexing, it is realized after careful study that reasons for the failure were -
• Inability to contact potential buyer,
• Lack of knowledge of procurement procedure in India,
• Products incompatibility in Indian climate, and,
• No after sale support
The Original Equipment Manufacturers (OEM) need to be appraised about the opening
opportunities of business in India. The manufacturers and distributors of the security gadgets
need to have overview of the quantum of business, and, to familiarize about the procedures
and formalities relating to procurement of such items.
DEVELOPING SENCE OF INSECURITY IN INDIA
The ruthless ambitious nature of the human being shall continue to harness unhealthy
competition. This shall result in personal aggrandizement of wealth in the hands of the few,
conversely poverty shall increase, and so shall the numbers that shall be afflicted by it.
C:S B TyagiICISSNews Letter Feb 11.doc
3. The ruthless ambitious nature of the human being shall continue to harness unhealthy
competition. This shall result in personal aggrandizement of wealth in the hands of the few,
conversely poverty shall increase, and so shall the numbers that shall be afflicted by it.
All the deteriorating conditions shall have multiplier adverse effect on the security of our
society, as also the Corporate and Industry.
That the rate of crime shall definitely continue to rise should be the foregone deduction of the
conditions prevailing in our society. Because….
Pearl S Buck, in ‘The Good Earth’ stated that, ‘when the rich get too rich,
the poor shall not sit back but react to correct the imbalance’,
NEED FOR SECURITY GADGETS IN INDIA
The prevailing conditions in India have focused every body’s attention to the security
measures in the industry, which started taking appropriate measures in this regard. The
concerted and tangible attempts by the industries have been visible since last three decades a
far as security manpower is concerned. Introduction of technical gadgets is hardly a decade
old phenomenon.
Three developments are taking place in India -
• Opening-up of economy
• Development of Information technology
• Realization that India can, and, will be a major power in the world, and, efforts of
Industries to get ready for it.
As a result ‘Industrial Security’ has gained importance and it is being treated as profit making
activity.
LARGEST INDUSTRIAL SECURITY FORCE IN THE WORLD
Government of India has established a central Para-military force called Central Industrial
Security Force (CISF), which is the only Government run Industrial security force in the world
with approximately 1 million. As it is a Central Police Organization, it is also the largest police
force in the world. Its professional security personnel are deployed in 256 industries and 16
airports. Its main efforts are to reduce the manpower by installing the security gadgets. Thus it
is also the single largest specifiers and end-user of the security gadgets.
Public Sector Undertakings (PSUs) totaling up to more then 600 in number, is the second most
security conscious sector, which also lays great emphasis to keep security unobtrusive and
cost effective by installing the security gadgets. Thus this segment is ‘The Largest’ procurer of
the security gadgets. CISF instead of procuring directly, gets is done through the PSU /
organization where its security force is deployed.
C:S B TyagiICISSNews Letter Feb 11.doc
4. ONE OF LARGEST PROCURER OF SECURITY GADGETS IN THE WORLD
As brought out above, Central Industrial Security Force (CISF) is the single largest specifiers
and end-user of the security gadgets and Public Sector Undertakings (PSUs) is ‘The Largest
Procurer’ of the security gadgets. In addition, there are more then 500 large scale industries
having their own security set-up and have started installing security gadgets.
DOMESTIC MANUFACTURES OF SECURITY GADGETS
Indian Security Gadget Industry itself is in nascent form and is generally assembling the
imported items. The ‘State-of-the-Art’ high-tech security gadgets are not being manufactured in
India.
Where from do they get the standards?
In India, the Industrial Security Consultancy needs to come to international standards!
The Consultants essentially have to be un-biased, truly professional and with up-to-date
information, without having stakes in any of the parties – may it be the Solution
Provider, Integrator, Man-power Provider or the Service Provider!
The Consultants need to prove themselves to be thorough professionals. They need to
attain certain educational and professional standards. Just being out-of-job or retired
from service and claiming to be Consultant will not do! Part time consultancy will ruin
this profession! The retired police officers or the officers of armed forces do not
automatically become Security Consultants!
They have to do lot of un-learning before learning the skill-sets of the imperatives of
Industrial Security Management, which is all together different cup-of-tea! For a person
to gainfully spend the post-retirement time is noble idea by any standard. But, the
consultancy in the field of Industrial Security Management is not similar to starting
insurance agency or consultancy on feng-sui!
In the ‘Consultation Report’, the ‘Return-on-investment’ (ROI) must be indicative in
terms of increased productivity or decrease in ‘down-time’. The Consultants need to
have scientific and methodical approach to the proposals they are offering to the
Management and must own-up these proposals till they are successfully executed and
start giving proposed ROI!
Industry-developed and regulated Standards in the field of Industrial Security
Consultancy need to go through the process of evolution and need to mature. What
presently required are the pragmatic views by the service users as they have to be very
objective, exacting and careful while awarding the consultancy assignments? The
C:S B TyagiICISSNews Letter Feb 11.doc
5. demand of professionalism and quality-consultancy from the service-users will
presently set the rule of the game.
Only time will tell – where from the Consultants will eventually get the high standards -
set them themselves or be forced by the service-users!
Sometimes ago, a thief stole a laptop computer from a restricted area in the student
administration building at the University of California at Berkeley. The laptop contained names,
addresses and Social Security numbers of 98,000 people who applied to graduate school
between fall 2001 and spring 2004; students who enrolled in graduate programs between fall
1989 and fall 2003; and recipients of doctoral degrees fro m1976 to 1999.
A university spokeswoman told the Los Angeles Times that school policy mandates that all
personal data be encrypted to ensure privacy protection. However, the files on the laptop had
been recently downloaded and were not yet encrypted.
The university is attempting to notify the individuals whose records might be compromised.
Authorities say there’s no evidence yet that the data has been misused. They believe the
computer was stolen for what it is, not what’s inside it.
This is almost old hat for Berkeley. Five months ago a hacker attacked the UC Berkeley
computer system, compromising the data of some 600,000 Californians involved in a home-
care program for seniors and the disabled.
But this latest incident raises a new issue: Should sensitive information be stored on portable
devices at all? According to the Times account, a campus employee noticed a woman leaving
the restricted area with a laptop near the time of the theft. It may have been just that simple.
Suppose the alleged thief were truly interested in the data and not the machine. Would she
have been a little more conspicuous trying to haul a mini-tower out of there?
Maybe it’s ridiculous, considering wide adoption of laptops, PDAs and cell phones, to restrict
their use to the mundane. But the risks are real. In July 2004, CSO explored the issue in “How
to Stop a Laptop Thief.”
As reported in that story, Gartner estimates that just one stolen laptop could cost a company
more than more than $6,000 for a new machine, software, restoring data and user downtime.
The cost of such an incident increases exponentially if sensitive data is compromised and falls
into the hands of a competitor or a hacker.
Technology is increasingly packing more computing power into smaller and smaller devices:
cell phones, PDAs and their hybrid cousins. What should be done to protect the information on
these devices? Biometric locks? Common sense use policies? Tell us what you think. How
does your company secure information on portable devices?
C:S B TyagiICISSNews Letter Feb 11.doc
6. Most Recent Responses:
The use of portable devices in today’s world is increasing. As security professional we must be
able to protect these devices with the knowledge they will be lost or stolen.
Lap-Tops are easy to secure so that the date is not available to the thief. Use strong
encryption and create a volume for all documents. PGP and other similar tools allow for this
and the use is very simple.
Devices like PDA’s and Blackberry Devices are more difficult in that they can have the same
types of data and are easer to loose or steal. For these devices the solution is generally a
device specific solution.
For all the devices a solution is as strong as the training and understanding that is conveyed
with the issuances of the device. That is you can put the tools on the device but if the user
does not use them or allows the tools to be compromised by walking away while logged in or
decrypted then the loss is the same as with no security.
With all access grants all users must have a clear set of training directives for the proper use of
the information they have and a true accountability action must be enforced for failure to
comply.
Basically the user is the weakest link in the design. Training and awareness are the tools used
to keep this weak link at speed with the need for security and protection of the information
assets.
How to secure the data?
The problem with portable data falling into the wrong hands is best remedied not by preventing
the data from becoming portable but by making the data secure whether it is portable or not.
Most modern workplaces empower their staff to send email, print, fax, or even save to portable
storage such as floppy disk or USB keys. With this in mind it is his highly unlikely that an
authorized user can ever be prevented from making data portable. If they really want to take it
on the road, then they will. Additionally technology limitations should never prevent a business
justification for access to data. If employees need that data on their laptop then why should we
prevent it because of technology’s inability to protect that data from unauthorized access?
The solution therefore is to develop appropriate technology that secures/encrypts information
that is deemed important enough.....whether it is portable or not. Technology departments
should take the option of not having encrypted data out of the hands of the person who uses it.
If data is sensitive, then the requirement for it to be encrypted and therefore safe should be
mandatory. With this policy in place, the question of whether it should be allowed to leave the
corporate network and reside on a laptop or any other portable device becomes irrelevant.
C:S B TyagiICISSNews Letter Feb 11.doc
7. From: Capt. Rajiv Ojha
Dear Friends,
This is a short note to reflect my feelings, feelings of a plebian amidst
agony and pain that descended on common people stretching from
Srinagar to Mumbai when the sun traversed its length on our side of
the globe to witness the death and destruction.
Terror strike in Srinagar is understandable where I have been recently
but in Mumbai it is very difficult to fathom. Still Mumbai is a resilient
city that has immediately sprung up with sheer determination to help
those who were suffering the terror inflicted by known people to face another day with
steely resolve.
The guts of Mumbaikar are unparallel and are as strong as the resolve of the Indian
Government. There is not a single person who knows from which side across the
Border the chaos is ordered. Which Military ruler sanctions such heinous crimes and
then presents the paintings to our leader, who smiles and forgets the tears and pain of
his own countrymen allowing such terrorists to create more mayhem?
Where in world, in which country it takes for the government years to make rules
stalling hijacked planes from taking off to distant lands where they are hailed as
liberators after killing, maiming and torturing innocent civilians who cannot defend
themselves?
Where in the world judiciary gives life imprisonment and keep the terrorists alive and
well fed from the money collected from the tax payers? Where in the world, the terrorist
guilty of killing innocents and awarded life imprisonment will demand better medical
facilities and food of his choice? Where indeed???
Still the resolve of common man is high. He looks behind the chaos and death of his
fellow citizens and keeping his head high moves on to face another day with deep and
painful memories of the bloody day that he witnessed with prayer on the lips that he
may live for another day or that such incidences may never happen in his lifetime ever
!!!
I salute this noble plebian of this Republic and his resolve to survive the daily battle
from Kashmir to Kanyakumari!
C:S B TyagiICISSNews Letter Feb 11.doc
8. Helmet Research
Helmets have not suddenly arrived At least 50 years of research in various fields have led to
this development. Helmets have been designed based on cadaver studies, animal
experiments, computer simulation studies, biomechanical studies and study of crash injury
patterns. Sir Huge Cairns was the first person to understand the role of helmets in preventing
severe head injuries and deaths. Before a helmet is certified it has to pass through four main
tests namely:
1. Shock absorption – Cushioning capabilities of the padding test.
2. Resistance to penetration-to make sure the shell of the helmet is strong.
3. Strength of the retention system-to test the stretching of the chin strap.
4. Rigidity-to test the structural and safety performance. Most injured motorcyclists who
do not wear helmets report that they did not expect to be injured; yet 40% of the
head injury-associated deaths were ascribed to the motorcyclist’s loss of control, not,
apparently, to some action of the driver of another motor vehicle.
5. Studies have shown that when helmet use is voluntary, it is used by 40-50 %; when it
is compulsory it is almost 100 %; no other approach has succeeded in raising helmet
use to anything close to these levels.
How is a helmet useful?
• The brain is the only organ in the body with its own safe deposit vault.
• When a major impact occurs, the skull however thick cannot absorb the entire force!
The impact only slightly attenuated is still transmitted to the underlying brain. When
direct injury occurs, the damages to brain are very serious - often irreversible.
• A helmet considerably increases the thickness of the container. The blow gets
absorbed, spreading the impact over a larger region. The intensity at any one point
is considerably diminished. The time lag also reduces the ultimate intensity reaching
the brain through the helmet, hair, skin, skull and the meninges of the brain
REASONS FOR NOT WEARING HELMETS
• “I am a good driver. How can an accident ever happen to me “?
• “But, it is not compulsory “
• “I use the scooter for very short distances” (If only the bus driver knew this
• “Where do I keep it“ (Where there is a will there is a way )
• “I may loose my hair“(How many bald motor cyclists does one see?)
• “It is so hot and uncomfortable“(If only you knew how much hotter it can get
without one!!!)
• “I may get headache and neck pain” ( at least you will still have a head )
• “Neck & Spinal Cord injuries may increase , reduced hearing &, vision,
increased fatigue & overconfidence ( Detailed studies have shown that this is not
true)
• “Ungainly appendage on a beautiful feminine head” (and we talk about equality
and women’s liberation!)
C:S B TyagiICISSNews Letter Feb 11.doc
9. • “What is to be will be” (Alas the bereaved family does not subscribe to this
oriental fatalism)
• “What about the family” (Buy three for the price of two?)
• “I have just not had the time” ( Time and tide wait for no Man)
• “A helmet is expensive” ( Obviously the contents are not )
• Adventure, recklessness, misplaced enthusiasm particularly in the young –
helmets worn only by “sissies” ( Knowledge is learning from one’s known
mistakes, wisdom is learning from another’s mistakes – alas self acquired
knowledge may be too late )
• “What about protecting other body parts” (death & major disability is due to
brain injury – protecting the brain is easy, pragmatic and effective)
The purpose of this Communication is to assist you in communicating effectively. Following are
clear practical tips that might be applicable to your daily communication within the company.
Give full attention to people while they are talking to you.
Encourage other people to talk, and ask appropriate questions.
Present your ideas so that others are receptive to your point of view.
Treat people fairly and let others know how you want to be treated.
Value teamwork and know how to build cooperation and commitment.
Show respect for people’s ideas and feelings, even when you disagree with them.
Accept differences and conflict as a normal part of any work environment, and
Know how to address them constructively.
Strive to understand other people and to be empathetic.
Be open to negative feedback, and communicate difficult truths in a respectful way.
Be able to easily win people’s trust and respect.
Check to make sure you have
In a hierarchy, every employee tends to rise to his level of
incompetence. Work is accomplished by those employees who
have not reached their level of incompetence.
Digitally signed by Capt S B Tyagi, COAS' CC*, FISM, CSC, CSP
Capt S B Tyagi, COAS' CC*, DN: CN = Capt S B Tyagi, COAS' CC*, FISM, CSC, CSP, C = IN, O
= GAIL (India) Limited, OU = Deputy General Manager (Security)
FISM, CSC, CSP Date: 2011.01.28 17:18:58 +05'30'
C:S B TyagiICISSNews Letter Feb 11.doc
10. Here is a serious issue that has been spreading thro' out all cosmopolitan and metropolitan
cities. It has happened in Bombay. We may not even know when this kind of crime will reach
you. So, this is to make you aware of the situation. Also pass on the same to all known near
and dear to make them aware and be alert.
We have been informed of the following scam, which is targeting females in particular. They
receive a phone call from the Post Office asking them to confirm their company postcode.
When this is given, they are told that they have become eligible for some gift vouchers for their
co-operation and are asked to provide their home address and postcode in order to receive the
vouchers. So far 90% of the women who have provided this information have been burgled as
it is assumed that their homes are empty during office hours. The police are aware of this
scam and the Post Office has confirmed that they are NOT conducting postcode surveys.
Also, it has been reported if you receive a telephone call from an individual who identifies
himself/herself as being an AT & T Service technician who is conducting a test on that
telephone line, or anyone else who asks you to do the following, don't do it.
They will state that to complete the test the recipient should touch nine, zero, the hash (90#)
and then hang up. Once done, this gives full access to your phone line, which allows them to
place a long distance international or chat-line calls billed to your account. The information,
which the police have, suggests that many of these calls are emanating from local jails. The
information has been checked out by the police and is correct: DO NOT PRESS 90# FOR
ANYONE.
Would anyone reading this please pass the information on to colleagues, friends, etc.
otherwise it could cost someone a lot of money.
It is very prudent and advisable to keep a pet-dog!
Elder people staying alone will not only
get companion but also very effective
early warning system against intrusion.
This security system never fails - not
even false alarms!
Children would love the idea and will have more sense of commitment and
responsibility!
C:S B TyagiICISSNews Letter Feb 11.doc
11. Life is very precious, about security be serious!
Be aware of security, to save life & property !!
Suggestions & feedback may be sent to us on e-mail: captsbtyagi@yahoo.co.in
P.S. - If you don't like to receive our newsletter, we apologize for bothering you. Please let me know your mail
address, we will move it out of our contact list, thank you!
C:S B TyagiICISSNews Letter Feb 11.doc