The SaVE Component of the Clery Act

Posted on 1, Sep | Posted by Christine L. Peterson, CPP, ISP

Are You Ready for October 1, 2014?

college studentsAccording to the CDC, on average, 1 in 5 women (18.3%) and 1 in 71 men (1.4%) reported experiencing rape at some time in their lives. In a study of undergraduate women, 19% said that they experienced an attempted or completed sexual assault since entering college (Source: http://www.cdc.gov/violenceprevention/pdf/sv-datasheet-a.pdf). The victimization of college students is not new, and this article will not address whether the problem is getting better or worse. The issue is that dating violence, domestic violence, sexual assault (including rape but not limited to rape), and stalking are crimes. Beginning October 1, 2014, colleges and universities are required to meet new requirements of the Jeanne Clery Act. The Campus Sexual Violence Elimination Act (SaVE) component of the Clery Act will require institutions of higher learning to compile statistics for incidents of dating violence, domestic violence, sexual assault, and stalking. In addition there are policies, procedures, training, and other programs that pertain to these incidents that must be included in an annual security report (ASR).

In this article we will provide the requirements of the Clery Act, the SaVE component, and Title IX requirements as they currently exist and hopefully provide college compliance personnel with information that they can utilize to meet the current requirements. The purpose of this article is to address administrators who are the key to an institution’s ability to meet the requirements of the Clery Act and its SaVE component.

The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act, 20 U.S.C.§ 1092(f)(2011)) is a federal statute requiring colleges and universities participating in federal financial aid programs to maintain and disclose campus crime statistics and security information. It is a requirement of the entire institution, not a requirement limited to the security department. This is an important distinction and one that too many college and university administrators fail to recognize and embrace. Until administrators recognize this distinction and put in place top-down responsibility and accountability for Clery Act compliance, institutions will be at risk.

A single event could lead to a full scale investigation by the U.S. Department of Education (ED), applicable civil fines of up to $35,000 per violation, and potential loss of federal student financial aid programs. This is in addition to the potential damage to the reputation and brand of the school, potential lawsuits by victims and others, and a drop in applications. Yet we find that many colleges and universities are still confused by the requirements, especially as they relate to Clery geography and the identification and training of Campus Security Authorities (CSAs). Most institutions are making at least a basic attempt to meet the requirements but do not have the resources or training to understand or implement a program at anything greater than a cursory level. With the additional requirements under SaVE, this is only expected to get worse before it gets better. In addition victims, legislators, and the President have made sexual violence on campuses a priority by sharing their experiences, creating task forces, and designing legislation. This will put more pressure on institutions to address the issues on a campus-by-campus basis and may lead to substantially greater penalties.

On March 7, 2013, President Obama signed the Violence Against Women Reauthorization Act of 2013 (VAWA) (Pub. Law 113-4), which, among other provisions, amended section 485(f) of the Higher Education Act (HEA), otherwise known as the Clery Act. The Clery Act requires institutions of higher education to comply with certain campus safety-related and security-related requirements. Notably, VAWA amended the Clery Act to require institutions to compile statistics for incidents of dating violence, domestic violence, sexual assault, and stalking and to include certain policies, procedures, and programs pertaining to these incidents in their annual security reports. It is intended to increase transparency about sexual violence on campuses, guarantee victims enhanced rights, provide for standards in institutional conduct proceedings, and provide the campus community a broader awareness and prevention educational programs (Source: https://www.federalregister.gov/articles/2014/06/20/2014-14384/violence-against-women-act).

The law is not in its final form as of the creation of this article. However, institutions are required to implement and have in place the required policy disclosures and programs related to SaVE no later than October 1, 2014. The collection of campus crime statistics as they relate to SaVE is currently in effect beginning with the 2014-2015 reporting period. Failure to collect and report statistics for domestic violence, dating violence, and stalking (as defined by VAWA) can result in civil penalties of up to $35,000 per violation for substantial misrepresentations of the number, location, or nature of crimes required to be reported, or for violation of any other safety or security-related provision of the HEA. In addition, violations can lead to the limitation or suspension of federal student aid eligibility or the loss of eligibility to participate in federal student aid programs.

A summary of the current proposed regulations as they are published in the Federal Register on June 27, 2014, is as follows:

  • Require institutions to maintain statistics about the number of incidents of dating violence, domestic violence, sexual assault, and stalking that meet the proposed definitions of those terms.
  • Revise the definition of “rape” to reflect the Federal Bureau of Investigation’s recently updated definition in the UCR Summary Reporting System, which encompasses the several categories of sexual assault that are used in the UCR National Incident-Based Reporting System.
  • Revise the categories of bias for the purposes of Clery Act hate crime reporting to add gender identity and to separate ethnicity and national origin into independent categories.
  • Require institutions to provide and describe in their annual security reports primary prevention and awareness programs to incoming students and new employees. These programs must include: A statement that the institution prohibits the crimes of dating violence, domestic violence, sexual assault, and stalking; the definition of these terms in the applicable jurisdiction; the definition of consent, in reference to sexual activity, in the applicable jurisdiction; a description of safe and positive options for bystander intervention; information on risk reduction; and information on the institution’s policies and procedures after a sex offense occurs;
  • Require institutions to provide and describe in their annual security reports ongoing prevention and awareness campaigns for students and employees. These campaigns must include the same information as in the institution’s primary prevention and awareness program;
  • Define the terms “awareness programs,” “bystander intervention,” “ongoing prevention and awareness campaigns,” “primary prevention programs,” and “risk reduction.”
  • Require institutions to describe each type of disciplinary proceeding used by the institution; the steps, anticipated timelines, and decision-making process for each type of disciplinary proceeding; and how the institution determines which type of proceeding to use based on the circumstances of an allegation of dating violence, domestic violence, sexual assault, or stalking;
  • Require institutions to list all of the possible sanctions that the institution may impose following the results of any institutional disciplinary proceedings for an allegation of dating violence, domestic violence, sexual assault, or stalking;
  • Require institutions to describe the range of protective measures that the institution may offer following an allegation of dating violence, domestic violence, sexual assault, or stalking;
  • Require institutions to provide for a prompt, fair, and impartial disciplinary proceeding in which (1) officials are appropriately trained and do not have a conflict of interest or bias for or against the accuser or the accused; (2) the accuser and the accused have equal opportunities to have others present, including an advisor of their choice; (3) the accuser and the accused receive simultaneous notification, in writing, of the result of the proceeding and any available appeal procedures; (4) the proceeding is completed in a reasonably prompt timeframe; (5) the accuser and the accused are given timely notice of meetings at which one or the other or both may be present; and (6) the accuser, the accused, and appropriate officials are given timely access to information that will be used after the fact-finding investigation but during informal and formal disciplinary meetings and hearings.
  • Define the terms “proceeding” and “result.”
  • Specify that compliance with these provisions does not constitute a violation of section 444 of the General Education Provisions Act (20 U.S.C. 1232g), commonly known as the Family Educational Rights and Privacy Act of 1974 (FERPA).

The proposed regulations would (Source: https://www.federalregister.gov/articles/2014/06/20/2014-14384/violence-against-women-act):

  • Add and define the terms “Clery Geography,” “dating violence,” “domestic violence,” “Federal Bureau of Investigation’s (FBI) Uniform Crime Reporting (UCR) program (FBI’s UCR program),” “hate crime,” “Hierarchy Rule,” “programs to prevent dating violence, domestic violence, sexual assault, and stalking,” “sexual assault,” and “stalking.”
  • Require institutions to address in their annual security reports their current policies concerning campus law enforcement, including the jurisdiction of security personnel, as well as any agreements, such as written memoranda of understanding between the institution and police agencies, for the investigation of alleged criminal offenses.
  • Require institutions to address in their annual security reports their policies to encourage accurate and prompt reporting of all crimes to the campus police and the appropriate police agencies when the victim of a crime elects to or is unable to make such a report.
  • Require institutions to provide written information to victims about the procedures that one should follow if a crime of dating violence, domestic violence, sexual assault, or stalking has occurred, including written information about the preservation of evidence, how and who to report offenses to, victim’s options for support by local law enforcement and campus authorities and victim’s rights and the institution’s responsibilities regarding order of protection or similar orders issued by a court or institution.
  • Require institutions to address in their annual security reports how the institution will complete publicly available recordkeeping requirements, including Clery Act reporting and disclosures, without the inclusion of identifying information about the victim;
  • Require institutions to address in their annual security reports how the institution will maintain as confidential any accommodations or protective measures provided to the victim, to the extent that maintaining such confidentiality would not impair the ability of the institution to provide the accommodations or protective measures.
  • Require institutions to specify in their annual security reports that they will provide written notification to students and employees about existing counseling, health, mental health, victim advocacy, legal assistance, visa and immigration assistance, and other services available for victims both within the institution and in the community.
  • Require institutions to specify in their annual security reports that they will provide written notification to victims about options for, and available assistance in, changing academic, living, transportation, and working situations and clarify that the institution must make these accommodations if the victim requests them and if they are reasonably available, regardless of whether the victim chooses to report the crime to campus police or local law enforcement.
  • Require institutions to specify in their annual security reports that, when a student or employee reports to the institution that the student or employee has been a victim of dating violence, domestic violence, sexual assault, or stalking, whether the offense occurred on or off campus, the institution will provide the student or employee a written explanation of the student’s or employee’s rights and options.
  • Require institutions to maintain statistics about the number of incidents of dating violence, domestic violence, sexual assault, and stalking that meet the proposed definitions of those terms.
  • Revise the definition of “rape” to reflect the FBI’s recently updated definition in the UCR Summary Reporting System, which encompasses several categories of sexual assault that are used in the UCR National Incident-Based Reporting System.
  • Revise and update the definitions of “sex offenses,” “fondling,” “incest,” and “statutory rape” in Appendix A to subpart D of part 668 to reflect the FBI’s updated definitions.
  • Emphasize that institutions must, for the purposes of Clery Act reporting, include in their crime statistics all crimes reported to a campus security authority.
  • Clarify that an institution may not withhold, or subsequently remove, a reported crime from its crime statistics based on a decision by a court, coroner, jury, prosecutor, or other similar non-campus official.
  • Specify that Clery Act reporting does not require initiating an investigation or disclosing identifying information about the victim.
  • Revise the categories of bias for the purposes of Clery Act hate crime reporting to add gender identity and to separate ethnicity and national origin into independent categories.
  • Specify how institutions should record reports of stalking, including how to record reports in which the stalking included activities in more than one calendar year or in more than one location within the institution’s Clery Act-reportable areas, and how to determine when to report a new crime of stalking involving the same victim and perpetrator.
  • Create an exception to the requirements of the Hierarchy Rule in the UCR Reporting Handbook for situations in which an individual is a victim of a sex offense and a murder during the same incident so that the incident will be included in both categories.
  • Clarify that an institution must withhold as confidential the names and other identifying information of victims when providing timely warnings.
  • Implement the requirements pertaining to an institution’s educational programs to promote the awareness of dating violence, domestic violence, sexual assault, and stalking by requiring specific information about awareness campaigns, programs, policies and procedures, and definitions be included in the annual security report that they publish annually.
  • Implement requirements pertaining to an institution’s procedures for campus disciplinary action in cases of alleged dating violence, domestic violence, sexual assault, or stalking.
  • Prohibit retaliation by an institution or an officer, employee, or agent of an institution against any individual for exercising their rights or responsibilities under any provision under the Clery Act.

Legislation is written as a response to a problem that is not being addressed appropriately. Assigning roles and responsibilities for compliance is the first step, but an effective program will require a comprehensive and coordinated effort that includes people, processes and technology – as does any security program. Training and gap analysis will be an on-going requirement to the development of a compliant program and a safer campus for all students and employees.

On the surface the new requirements under SaVE look onerous, but just as in the case of the earlier version of the Clery Act, there are specific components that support each other and begin with the policy statements. The 2013 amendment is expected to raise the level of response and prevention of sexual violence in institutions of higher learning by raising awareness, increasing transparency, and providing for accountability. The framework of the new requirements provide for victim’s rights, conduct proceedings, and education programs and have the support of bipartisan legislation and victims who are currently working to increase the current penalties for non-compliance.

In today’s environment the consensus is that the threat of lost funding and imposition of $35,000 fines per violation are not driving compliance. Legislators now explore the possibility of imposing new penalties including fines of up to $150,000 per violation or up to 1% of the institution’s operating budget.

Is your institution ready for October 1, 2014? Can it afford not to be?

Continue reading

Assessment Completed at University of Maryland Eastern Shore

Posted on 14, Nov | Posted by RMA

Risk Management Associates, Inc. completed its assessment of the University of Maryland Eastern Shore security program. The assessment began with the review of security-related policies and procedures and other related documents. Members of the RMA team visited the UMES campus to conduct independent observations and interviews with approximately 100 individual stakeholders. Local law enforcement was contacted, and both police calls for service and reported crime data at each campus and the surrounding areas were requested and reviewed. Copies of any internal security-related incident reports were obtained and evaluated. A report of findings and recommendations was provided.

The University of Maryland Eastern Shore (UMES) is a land-grant, historically black college founded in 1886 as the Delaware Conference Academy. Since its beginning, the institution has had several name changes and governing bodies. It was Maryland State College from 1948 until 1970, when it became one of the five campuses that formed the University of Maryland. In 1988, it became a member of the then eleven campus (now thirteen) University of Maryland System, now known as the University System of Maryland. UMES is approved by the state of Maryland and fully accredited by the Middle States Association of Colleges and Schools.

Continue reading

RMA Presents at CSI Week at Meredith College

Posted on 25, Oct | Posted by RMA

Chris Peterson presented Enemies at the Gate – or Are They Already Inside? as part of CSI Week at Meredith College. CSI Week allows students at Meredith to explore career opportunities in law enforcement and related fields. The event is sponsored by the Sociology and Criminology Programs, and the Sociology & Criminology Club (and with the support of Political Science, Accounting, & Social Work).

Other presenters during the week included:

  • Special Agent Jahaira Torrens spoke about Homeland Security Investigations.
  • Cat Flowers, owner of Cat Eye Detective Agency, presented.
  • Police Officer and Social Worker Renea Lockhart spoke about domestic violence and being both an officer and a social worker.
  • U.S. Marshals talked about the work they do tracking down fugitives and other law enforcement activities.
  • Wake Country Prosecutors spoke about their work.
  • RPD Gang Unit talked about their work with gang prevention and dealing with gangs in Raleigh.
  • Crime Scene Analysis, RPD patrol officer, CCBI investigator (the local CSI) and a detective from Raleigh Police talked about how they work and investigate a crime scene.
  • Cary Police Department crime mapping analyst Elise Pierce spoke about her work in the use of Crime Scene mapping to facilitate the work of police in Cary.

Chartered in 1891, Meredith College is one of the largest independent private women’s colleges in the U.S. Meredith also offers coeducational graduate programs in business, education and nutrition, as well as post-baccalaureate certificate programs in pre-health and business, a dietetic internship program, a didactic program in dietetics and a paralegal program. Meredith’s programs – undergraduate and graduate — challenge each individual student to think deeply, push hard, discover new strengths and grow even stronger. Meredith has been cited as one of the “best colleges” in the region and the country by U.S. News & World Report, The Princeton Review and Forbes.com.

Continue reading

Termination Guidelines

Posted on 16, Oct | Posted by Julius Stanley Carroll, CPP, CFE

pink slipTerminations are often a stressful situation, both for the terminated employee and for the individual responsible for conducting the termination. Listed below are some guidelines that could help diffuse volatile situations and make the process run more smoothly.

  1. Always plan the termination. Think it through.
  2. Always have two supervisors/managers present during the termination. The meeting should be cordial and professional but also attempt to accommodate the employee’s feelings and concerns. Regardless of whether the employee becomes angry or upset, do not resort to harsh words or language.
  3. If you feel the termination might become heated, contact security and discuss prior to the termination. If you don’t have a security director, obtain guidance from a company like RMA that has security professionals who have participated in hundreds of outplacements.
  4. If the employee is known to be highly volatile and potentially prone to violence, consider having security present and ensure you have an appropriate plan to respond to those concerns. Provide reason(s) for the termination. However, do not engage in a debate. The decision has been made and arguments should be avoided.
  5. Carefully choose the room to be used for the termination.
    • When possible use a room with two access points.
    • Remove or hide things that can be used as a weapon. Keep the room “clean” (sanitize).
    • The setting should be private. Allow the employee to retain their dignity.
  6. Try to avoid Thursday and Friday as a day for the termination. Monday and Tuesday is better. Select a time during the day when there are fewer employees around.
  7. If offering a separation package, avoid a detailed review of the package at the termination meeting. The employee will likely remember little of that discussion. Do, however, tell the employee that the package is confidential and must not be discussed with others.
  8. If the termination goes as planned:
    • Retrieve all company property i.e. keys, ID badge, monies, etc.
    • Do not let the individual go back to his or her personal workspace but ascertain if the individual has personal belongings such as a purse or medications that you need to retrieve for them. Advise the individual all their personal property will be mailed/shipped to them.
    • Do not let the individual leave the facility and come back into the facility.
    • Walk the individual out of the facility and watch them leave the property but do it in a cordial way.
    • Notify the proper facility managers of the termination so the individual can’t get back into the facility.
    • Have the individual removed from the card access system immediately
  9. If the termination becomes heated, never challenge or argue with the employee.
    • Advise the individual to leave the property. If they don’t comply, call 911.
    • Do nor challenge or argue.
    • Report to HR and Safety/Security immediately.
    • Be prepared to go into lock-down.
Continue reading

Held Hostage by a Dishonest Employee

Posted on 16, Sep | Posted by Russell W. Gilmore, CISSP, CISM, EnCE

power shiftI recently was involved in a case in which a company employee was discovered using a company credit card for personal reasons. This happens occasionally, and one would think that immediately terminating the employee would resolve the issue. But what happens when the employee is the one and only IT person for the company?

Many companies have only one person to manage all of their IT needs. There is nothing wrong with this. Considering that 99.7 percent of U.S. employer firms are a small business (http://www.sba.gov/sites/default/files/FAQ_Sept_2012.pdf), having a sole IT person may be very common. The problem with this situation is the lack of oversight and management of the IT person by company executives and owners. What are the consequences caused by this scenario? How can companies and organizations prevent the backlash experienced when a single person has the “keys to the kingdom”?

This issue can occur in any business with a small IT staff. This particular case involved an employee who had been with the company for eight years. In that time, the employee came to be the only person who dealt with all IT issues. He managed the website, the phone system, the internet service, all servers, all workstation, the data connections for multiple facilities – you get the point. The employee could have brought the company to a standstill for several days if not several weeks, if he had wanted to do so. It was not until deciding that he needed to be fired that someone finally asked the question “What does he do and can we do it without him?” The answer was, “No.”

In this case, the employee was being terminated for cause. What if he had been hit by a bus? The company would still be in the same position. The only option left for the company was to hire someone to come in and inventory the network to help them prepare for the employee’s termination. This involved hundreds of man hours. Fortunately, the transition was successful and the company lost no production time.

There are several steps that can be taken to prevent this from occurring in your business. The person responsible for a company’s IT needs should document everything and provide this documentation to management or ownership in a reviewable format on a regular basis. This document should be considered a living document, and any time there is a network change or system change, the document should be edited to reflect the change. The document should include but not be limited to:

  • A list of service providers and all information needed to contact this service provider for support or changes. This includes the Internet service provider, phone service provider, web hosting company, cell phone provider, cloud services, or any other service provider used by the company.
  • Administrator passwords. These can be sealed in an envelope and/or put in a safe.
  • Device passwords and configuration. Think about firewalls, switches, wireless routers, and other equipment.
  • Software passwords and configurations. The IT administrator may be the only person aware of specialized software used in the office that requires specialized configuration or passwords. Make sure this information is documented and available to company executives.
  • Procedures for backing up and restoring systems.
  • A “What if…” document. This document would include instructions on how to deal with and recover from system outages, power outages, or other unique IT failures.

Depending on your network, the information needed in this document will differ. The best way to determine what you may need to document is to sit back and think of the problems created if your IT person were gone. What questions would you have? The document should answer all of these questions. It is also important to make the person responsible aware that this document is a “Continuity of Operations” document. There are many reasons why an IT employee may not be able to come to work, but their absence should not disable any part of the IT infrastructure.

It is also critical to make sure there are two people on the point-of-contact list with all service providers. The second person on the list should be an owner or executive of the company. If the IT person should be unable to perform his or her duties for any reason, the executive or owner of the company can call the service provider and make necessary changes without jumping through a lot of hoops to gain ownership of the service.

Finally, have a third party review this information at least once a year. That third party could be an outside consultant or even a current employee with knowledge of the network and need for business continuity. An outside consultant has the advantage of being objective when looking at an environment and utilizing their experience to help direct and drive a “Continuity Plan” that will protect the company in the event of any number of unexpected events.

Continue reading

RMA Presents Bring-Your-Own-Device Policies at RTP CFO Forum

Posted on 6, Sep | Posted by RMA

Chris Peterson and http://www.rmasecurity.com/about-rma/team-profiles/russell-w-gilmore/ presented BYOD (Bring Your Own Device): Issues and Implications for Companies at the September RTP CFO Forum. The program discussed security issues and considerations for companies when employees connect personal devices to the company network. What issues need to be considered to accommodate lawsuits, audits, and records requests? How can companies prepare for lost or stolen devices? What steps can and should be taken when terminating employees?

The RTP CFO Forum serves the greater Raleigh, Durham and Chapel Hill region, supporting over 200 senior financial executives. The Forum is designed to provide interactive networking and discussion of technical and strategic topics in an environment created exclusively for senior-level peers. CPE is provided on select topics.

The RTP CFO FORUM is scheduled for the first Friday of every month, from 7:30AM – 9:00AM. Attendance is limited to CFOs or senior financial professionals in similar positions. The RTP CFO Forum is sponsored by Hughes Pittman & Gupton, LLP.

Continue reading

Stealing on the Way Out

Posted on 12, Aug | Posted by Russell W. Gilmore, CISSP, CISM, EnCE

Having to terminate an employee is never easy. To make the process even more difficult, consider the recent survey conducted by Harris Interactive on behalf of Courion which stated that 19% of employees age 18 to 34 would take company data with them if they knew they were about to be fired. Read the full story here.

Depending on the employee’s position at the company, the termination process could be quite cumbersome. Before terminating an employee, it is good to think about their role in the company and what they have access to or control over. Each situation is different and should not be handled in a cookie-cutter fashion. Terminating the IT manager will involve different issues than terminating a sales person.

What steps can you take to minimize risk? Strong policies and procedures are a good starting point. If an employee knows that severe repercussions may result for data theft, he or she may decide against the theft.

As we’ve said before, there are opportunities for companies to preserve data and protect themselves prior to the termination process or as part of the termination procedure itself (When Employees Leave Data Should Stay). When it is evident that an employee must be terminated, steps should be taken to image the computer or devices used by the employee, even if a future computer forensic analysis is not needed. It may even be beneficial to image the computer prior to termination and again after termination. I have often been called to recover data deleted by an employee after they have learned of their impending termination.

As a consultant, I have assisted in a number of terminations, and they are all different. Proper preparation and forethought will not only benefit the company but protect the employee as well.

Continue reading

Security in the Office – A Checklist

Posted on 30, Jul | Posted by Christine L. Peterson, CPP, ISP

  • Comply with and support your company’s safety and security program and regulations, and insist that others do the same.
  • Protect wallets, keys, purses, and other personal valuables on the job. This especially includes smartphones and tablets.
  • Challenge strangers in restricted areas. The best way to approach this is from a helpful perspective, such as “Can I help you?”
  • Do not discuss company affairs off the job.
  • When leaving the office, even for a short period of time, clean up and secure your work space, with special attention to confidential documents. Also provide for the protection of company equipment assigned to you.
  • If you handle money as a part of your job, insist on positive identification before you cash checks, and refuse obviously counterfeit or questionable currency.
  • If you work in a retail establishment or any other business, guard against shoplifting and employee theft within the frameworks of the law. To deter shoplifting, speak to all customers in your area. Be wary of bulky coats, large shopping bags, partially opened umbrellas, and folded newspapers. Know your company’s policy on dealing with shoplifters, and adhere to it.
  • Make certain your employer has clear and adequate guidelines for handling complaints of sexual harassment.
  • Retain security guards, because they provide a substantial deterrent to the criminal’s expectation of success.
Continue reading

NC companies’ secrets at risk, cyber terrorism experts say

Posted on 22, Jul | Posted by RMA

In this day and age, sometimes it is difficult to discern truth from fiction. Greg Baker is an expert in the area of cyber terrorism and a leader in developing public/private relationships that work. In the later years of his career with the FBI, he was the face of InfraGard North Carolina.

InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.

We recommend this article on cyber terrorism and data theft. Both Greg Baker and Ryan Johnson provide good insight on the problem and steps that can be taken to lessen the possibility of your company becoming a victim of this costly crime. Take stock in what your company should do to enhance the security surrounding its sensitive and important data. Do some research and don’t be afraid to ask questions. It can be beneficial to have someone from the outside review and analyze the strengths and weaknesses of you company’s network and provide advice on what steps can be taken to secure your company network, systems, and data.

Whether a company works on classified contracts or not they are at risk of cyber terrorism. Most of the time, companies do not even realize that they may be a target. No one wants to find out that their systems have been compromised, but most either have or will be. How does your company address its cyber vulnerabilities?

Read the original article here.

Meat, tobacco, furniture and surgical products are just a few of the North Carolina exports booming in the Chinese market. North Carolina businesses’ secrets are also in high demand overseas, and cyber terrorism experts say many companies are not doing enough to fend off hackers.

Continue reading

RMA Awarded Project for BCBSNC

Posted on 27, Jun | Posted by RMA

RMA will conduct a comprehensive Security Assessment of the Chapel-Hill, Durham and Winston-Salem Campuses of BlueCross and BlueShield of North Carolina. The objective of this project will be to provide a precise and accurate assessment of the threat environment and security profile toward the end of identifying discrepancies or gaps between threat or desired performance and the reality of practice and preparation found in the field. The typical result of this assessment is the formulation of recommendations based on prioritized threats and operational deficiencies that fall within the limits of the client’s budget and ability to make the needed changes.

For generations, Blue Cross and Blue Shield of North Carolina (BCBSNC) has offered its customers high quality health insurance at a competitive price and has led the charge toward better health and health care in our state. BCBSNC is a fully taxed, not-for-profit North Carolina company with headquarters in Chapel Hill and major operations centers in Durham and Winston-Salem. BCBSNC employs more than 4,000 North Carolinians and serves more than 3.7 million customers.

Continue reading