Category Archives: Information Security

Confidential Informants – Where is it going?

Posted on by

Much is being written about the ‘Confidential Informant‘ culture in the US and it is fair to say that in many ways this is positive.  However, as is normally the case, the negative has to be reported and inevitably it is this, which receives the most airtime.  Of course, using informants is not just an activity adopted in the US, it is without doubt a global culture.

The difference is the rules that determine how you use informants, particularly when it comes to managing and regulating them.   More important is how the risk assessment is considered and measured along with the individual’s rights and welfare.  Officers and supervisors have to ensure they have done what is possible to mitigate any risk.  The clear documentation of this is important, because if things do go wrong, and a positive trail of management can be followed, it will protect all participants; informants and officers alike.

In the UK the regulation of informants, or sources, is very robust. There is not only legislation, but very clear guidelines on the use and management of sources.  In the US, the recent introduction of ‘Rachel’s Law’ is being written into all Florida Police Departments’ standard operating procedures and of course, this brings more transparency and management. Other countries are also following suit.

What I have found interesting is that the use of informants is generally to achieve an objective; to prevent and detect crime.  Whether this is simply to record intelligence that can then be fed into the bigger picture, or indeed intelligence that a crime is about to be committed, the means to the end is just the same. Many officers who deal with informants are dedicated professionals with a high level of training. Unfortunately, I suspect where it can fall down, is the lack of ability to accurately record all the details when dealing with an informant. This is important because if clear data and structured information can be recorded and maintained when dealing with informants, the added protection not only to the informant but the officer is incalculable. This is reinforced by a firm but accountable management structure that would come with this type of regime.

It is becoming very obvious that the simple use of a spreadsheet or in-house Access database is not sufficient to manage all the information and requirements asked of officers involved in the handling of informants.  A move to a more robust and professionally developed electronic system is going to be necessary. In addition to this, the providers of these systems will also need to have knowledge not only of the electronic system requirements, but a strong awareness of the practicalities of handling informants and the infrastructure that supports the activities along with good comprehension of the business process. Strong and knowledgeable Consultants are going to be the key for this type of task along with the ability to ensure the product to process fit is exact.

Is your browser letting you down?

Posted on by

Recent publicity over browser vulnerabilities re-enforces the view that it is vital for your system security that you maintain the software levels (especially critical updates) of your chosen browser.

Microsoft Internet Explorer 6 (IE6) is still widely used in the enterprise, which given the focus information security now has in many organisations, I find surprising. Released in 2001, IE6 has been dogged with issues of security and incomplete support for web standards such as CSS and XHTML, which hinders application development.

Both IE7 and the latest version, IE8, offer huge performance benefits, improved support for web standards and hardened security – something which Microsoft continues enhance for these later versions.

Microsoft has issued advisory notices, telling users to upgrade to IE8 to secure against the vulnerability that allowed hackers to infiltrate and steal source code from some of the world’s biggest technology companies. The French and German government’s recommendation that users move to another browser has certainly added to the weight to the discontinued use of IE6.

There is a wider debate about whether or not users running IE6 should migrate to Google Chrome, Firefox, Safari or Opera as these browsers are deemed to be more secure and implement common web standards in full, which makes application development and support far easier. However, to say IE7 or IE8 are not good browsers would be unfair. IE7 is a massive improvement on IE6 and IE8 builds on improvements further.

If you are using IE6, then sooner or later you will be forced to upgrade as new web sites and applications simply will not function as new web standards are adopted.

The reasons for not upgrading are usually down to internal costs or that existing deployed applications only work with IE6 and whilst I can sympathise with both of these reasons I believe securing your enterprise and reputation is far more important; therefore, my advice is simple, upgrade now!