Certified ISO 27001 Lead Auditor training in Montreal on 27-31 May

You are invited to join us in Montreal, QC, Canada for the ISO 27001 ISMS Lead Auditor training and certification on 27-31 May.

ISO/IEC 27001 Lead Auditor training enables you to develop the necessary expertise to perform an Information Security Management System (ISMS) audit by applying widely recognized audit principles, procedures and techniques.

During this training course, you will acquire the necessary knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.

Exam and certification fees are included in the training price.

registration.png

Your team, your location, your dateContact us if you have a group of 5 participants or more to organize your in-house training session in your facilities.

Advertisements

Montreal-based UN aviation agency tried to cover up 2016 cyberattack

In November 2016, the Montreal-based International Civil Aviation Organization (ICAO) was hit by the most serious cyberattack in its history, and internal documents obtained by CBC suggest key members of the team that should have prevented the attack tried to cover up how badly it was mishandled.

The cyberattack left not just ICAO vulnerable, but made sitting ducks of its partners

As the United Nations body that sets standards for civil aviation around the world, ICAO is the gateway to everyone in the aviation industry, so an uncontained cyberattack left not just ICAO vulnerable, but made sitting ducks of its partners worldwide.

The documents obtained by CBC suggest the hacker was most likely a member of Emissary Panda, a sophisticated and stealthy espionage group with ties to the Chinese government.

Read entire post Montreal-based UN aviation agency tried to cover up 2016 cyberattack | Debra Arbec | CBC

How to prevent vehicular terrorist attacks – maybe

We read of them often – last week’s incident in London near the Parliament buildings in just the latest. Over the past five years or so there have been at least 20 such events, most of them terrorist in nature, that have caused hundreds of deaths (the 2016 attack in Nice was by far the most lethal with 86 dead) and thousands of injuries.

Once investigations begin we learn that those behind these heinous attacks come from a variety of backgrounds. Some are known to the security services, others not. Some fooled authorities into thinking they no longer posed a threat (Martin Couture-Rouleau in Montreal in 2014). Others may have had ties to terrorist groups like Islamic State. In some cases IS claims the drivers as ‘soldiers’ of Islam irrespective of such links. One thing is certainly true: there is no profile.

These attacks often happen out of the blue.These attacks often happen out of the blue. A vehicle – car, van, large truck – appears out of nowhere, targeting crowds of people on a busy Toronto street, or one in Stockholm, along Las Ramblas in Barcelona or on the iconic London Bridge. The only common denominator seems to be innocent men, women and children out enjoying a nice day or commuting to work. Lives are lost, lives are shattered.

Officials struggle to come up with responses. In a perfect world, our protectors would have intelligence on those planning such acts and would take action to stop them. In light of those successful attacks it is clear this is not always the case.


A French police officer watching for road traffic infringements in Paris
A French police officer watching for road traffic infringements in Paris

What can we do?

In the absence of intelligence or forewarning some authorities decide to put up barriers. During festivals or parades dump trucks, often filled with cement, will be posted at certain intersections to prevent the entry of a terrorist bent on destruction. These measures are of course temporary.  Other countries have elected to put in place concrete bollards or barriers – or planters if they want a better and more aesthetic look – that remain as an obstacle on a more permanent basis. Structures of this sort appear to have inhibited London’s terrorist last week. They can be ugly, however, and infringe the freedom of movement of the vast majority who do not have violent intentions.

This involves installing a system in select areas that can act to slow down or stop a vehicle perceived to be speeding up in the neighbourhood of pedestriansOne possible solution is purely technological in nature. This involves installing a system in select areas that can act to slow down or stop a vehicle perceived to be speeding up in the neighbourhood of pedestrians. Would-be extremists find that their cars or vans are incapacitated, thus frustrating their designs.  This capability is already real and can serve other purposes such as stopping vehicles involved in high speed car chases.

There are of course problems with the ability to disable a car at the flick of a switch. I imagine that the system required to monitor potential bad guys would be enormously expensive. Who decides which areas should be monitored (once identified the terrorists could just move over a block)? Do we want to place this capability in the hands of police? Does it not smack of Big Brother? Even if it worked 100% of the time, a determined terrorist would be careful to bring along a knife or gun to continue his plot once his vehicle quit (yes, a guy with a knife cannot do as much damage as a guy with a car but he can still kill and wound).  This is exactly what happened to Lee Rigby in Woolich in 2013.


Sidewalk Toronto
Sidewalk Toronto is a joint effort by Waterfront Toronto and Alphabet’s Sidewalk Labs to create a new kind of mixed-use, complete community on Toronto’s Eastern Waterfront, beginning with the creation of Quayside.

Cities of the future

Maybe when we get to the cities of the future, like the plans for parts of downtown Toronto (the Sidewalk Labs project), this will all be old hat. Many seem to be ok with ever intrusive peering into our activities that they will accept that cars will be stopped if someone in authority thinks they are driven by homicidal maniacs. Then again, perhaps the backlash over FaceBook and private data will create an opposition movement to all this.

What we have to accept is that, irrespective of the technology we develop, getting to zero terrorism is a pipe dream. Don’t get me wrong, I welcome all efforts to get the tally of successful attacks as close to nil as possible. It is just that a very determined violent actor will usually find a way. We might want to get used to that.

The pluses and minuses of using ‘formers’ in counter radicalisation programs

Years ago when I was still with CSIS I was part of the debriefing of a source we were running on our counter terrorism investigations. During our chat he said something that struck me as really profound. We were talking about the radicalisation process and he noted, based on what he had observed, that the best catalysts for those thinking of joining a terrorist group or engaging in violent extremism were those who had ‘been there, done that’: i.e. other extremists.
The analogy he used at that time was that people who had street cred in violent extremist circles were like flowers and those interested in a similar experience were like bees, hanging around, landing and picking up ideas (just like bees pick up pollen). His description has remained with me to this very day.

The best catalysts for those thinking engaging in violent extremism were those who had ‘been there, done that’: i.e. other extremists.

Despite the continuing myth of the ‘lone wolf terrorist’, the path to radicalisation does not happen in a vacuum. It requires like-minded people to channel one’s desires into a useful direction. Those who share similar views can be found anywhere: family, friends, religious leaders, online… The role they play is central – a person may eventually elect to act alone (what we more accurately call ‘lone actors’) but s/he did not get radicalised on his/her own.

Experience required!

So if the real McCoy is an essential piece of the radicalisation puzzle does the opposite also apply? What I mean is: can we use a person who has direct experience in terrorism and who has decided to leave it behind to help get those not quite at that point to change their minds? This is an interesting idea and one that has actually been formalised within the Against Violent Extremism (AVE) network where ‘formers’ and the victims of terrorist acts come together to try to prevent future events of violent extremism. In truth, I like the idea although I do have reservations as I shall discuss below.

This issue came to the fore for me today when I read that two young Montrealers acquitted of trying to leave Canada to join a terrorist group (I am not sure that was the correct verdict by the way – the Crown is going to appeal I think) have been engaged by the renowned Montreal-based Centre pour la Prévention de la Radicalisation Menant à la Violence (CPRMV) to act as consultants. In keeping with what my source told me, what better way to urge others not to make the same mistake? For the record, I am a fan of the Centre and always make time to see them when I am in Montreal.

Nevertheless, is there a downside to all this? Absolutely. The challenge lies in differentiating between true deradicalisation and disengagement (the two are not the same: the latter is much easier to establish and monitor than the former).

Is there a downside to all this? Absolutely!

If someone who has disengaged from violent extremism – because s/he believes that his/her movements are being investigated – but who still holds onto the very ideas that led them to terrorism in the first place now has access to vulnerable or interested individuals they can act like the flowers I alluded to above. This would not be good.

Best case, worst case

I assume that the deployment of these two young people will be closely evaluated and controlled by the Centre. In the best case scenario they can use their earlier bone-headed decisions to convince others not to follow in their footsteps. More neutrally, their interventions may be all for nought.

The worst outcome would occur if they were able to coach others on how to avoid the attention of security intelligence and law enforcement agencies in order to leave the country or plan something here. I happen to think that this last possibility is highly unlikely, but the chances are not zero. Unfortunately, in the public’s eye organisations such as the CPRMV are only as good as their most recent failure (just as CSIS and the RCMP are).

We will continue to struggle with what to do about radicalisation to violence. Some early efforts and interventions will be successful and on other occasions our protectors (CSIS, RCMP) will have to get involved and people who pose threats to Canadian society will have to be arrested, tried and incarcerated. There is no magic bullet to any of this. I wish this CPRMV initiative well and sincerely hope I will not have to write a piece in the months to come on how it all went not according to plan.

Can we use a person who has direct experience in terrorism and has decided to leave it behind to help get those to change their minds?

Please leave your thoughts in the comment section below.

Phil Gurski

President and CEO of Borealis Threat and Risk Consulting. Phil worked as a strategic analyst in the Canadian intelligence community for over 30 years, including 15 at CSIS, with assignments at Public Safety Canada and the Ontario Provincial Police. He specializes in radicalization and homegrown Al Qaeda/Islamic State/Islamist-inspired extremism. borealisrisk@gmail.com

Attend the Anti-Bribery PECB Insights Conference in Montreal for free

Meet with Robert Lafrenière

Head of Quebec Permanent Anti-Corruption Unit (UPAC)

Attend Joe Pistone’s Conference

Joe Pistone is a former undercover FBI agent known as Donnie Brasco

ISO 37001 LI training and certification

Attend the post conference training session with ContinuityLink

Some of the world’s most critical social problems start with corruption

The second PECB Insights Conference will bring together experts, practitioners, and influencers to continue elevating our professional competencies. Exclusively, the PECB Insights Conference held in Montreal, Canada on 13-14 November 2017, will specialize in Anti-Bribery.

Purchase your ticket before 31 October and get free access to conferences!

Extend your stay in Montreal and attend the post-conference ISO 37001 Lead Implementer training

Quebec is one of the first places in the world where companies and public bodies can go to school to learn a new international standard for fighting corruption!

The new ISO 37001 standard specifies a series of internal processes and policies to help organizations prevent, detect and address bribery, including adopting whistleblower protection, developing ethics policies, appointing an internal compliance officer, providing training for employees to combat bribery, conducting risk assessments, setting up internal financial controls and developing procedures to report and investigate deviations.

The English version of this training is offered exclusively by ContinuityLink in Québec. Next session in Montreal is on 20-24 November 2017. Do you want to become a certified ISO 37001 Lead Implementer? Book your seat today!

Anti-Bribery PECB Insights Conference in Montreal: registration now open

What is the Anti-Bribery PECB Insights Conference about?

The second PECB Insights Conference will bring together experts, practitioners, and influencers to continue elevating our professional competencies. Exclusively, the PECB Insights Conference held in Montreal, Canada on 13-14 November 2017, will specialize in Anti-Bribery.

The theme will extend to facilitate learning through an outstanding professional opportunity. The second session of PECB Insights Conference will strive to provide its attendees with a unique knowledge sharing experience. The Anti-Bribery PECB Insights Conference is organized to be attended in three different tracks, such as Anti-Bribery in Politics, Anti-Bribery in Corporations, and Investigations.

Find out more about this event, or click here for registration!

One-time offer! Get a 100% discount on your PECB Anti-Bribery Conference ticket. This offer is valid until the 31st October 2017.

Extend your stay in Montreal and become a certified ISO 37001 Lead Implementer with ContinuityLink

Join us after the Conference for the ISO 37001 Anti-Bribery Lead Implementer training and certification.

Quebec is one of the first places in the world where companies and public bodies can go to school to learn a new international standard for fighting corruption!

The new ISO 37001 standard specifies a series of internal processes and policies to help organizations prevent, detect and address bribery, including adopting whistleblower protection, developing ethics policies, appointing an internal compliance officer, providing training for employees to combat bribery, conducting risk assessments, setting up internal financial controls and developing procedures to report and investigate deviations.

The English version of this training and certification is offered exclusively by ContinuityLink. Next session in Montreal is on 20-24 November 2017. Do you want to become a certified ISO 37001 Lead Implementer? Book your seat today!

Find out more about this course, and click here for registration!

Day time in Montreal is never standard; it’s ISOteric!

Montreal is 375 this year! Discover day time in our home town and join us for our ISO training and certification.

Morning in Montreal is never standard; it’s ISOteric!

Montreal is 375 this year! Discover a morning in our home town and join us for our ISO training and certification.

Ubisoft’s Watch Dogs is a wake-up call on internet security

A security expert examines if the hackers of Ubisoft’s Watch Dogs could actually take over a real smart city (interview)

One of the appealing parts about Ubisoft’s upcoming Watch Dogs video game is just how plausible its scenario is in the real world. In Watch Dogs, a hacker named Aiden Pearce and his friends take over the “city operating system” in a near-future Chicago. They spy on smartphones and use security cameras for their own surveillance. They cause traffic accidents by making street signals change unpredictably, creating an Orwellian nightmare that turns the tables on the authorities.

Could it really happen? An IBM executive I interviewed was skeptical. But Ubisoft made sure it was realistic by tapping Vitaly Kamluk, the chief malware expert at antivirus/security software firm Kaspersky Lab in Moscow. He consulted for a year and advised Ubisoft’s developers on how to balance both realism and entertainment in the game.

watch-dogs-09
The lead character can gain access to the city’s infrastructure as well as mobile phones. In Watch Dogs, every smartphone can be hacked, giving players access to the personal information of other characters – but it’s all based on real-life scenarios.

GamesBeat interviewed Kamluk, who helped uncover a cyber-espionage ring called Red October back in December, about the theme of Watch Dogs and security in the real world.

>> Read the complete interview

Source: venturebeat

Read entire post grey  Related Training grey

An ISOteric experience at PECB Insights Conference

We were invited to attend the first PECB Insights Conference in Montreal. We shared, discussed and learned a lot about Information Security. Expert speakers, tasty food, an ISOteric experience!

Thank you PECB for the invitation!


Jean-Baptiste

Canadian Forces sent to help deal with worsening flooding in Quebec

80 mm of rain expected between Friday and Saturday evening and water levels still rising

Soldiers from the Canadian Forces are expected to be on the ground on Saturday, helping prevent damage from the relentless flooding in Quebec.

Yesterday the province’s Public Security Minister Martin Coiteux said the province asked for and will receive assistance from the Canadian Armed Forces to deal with rising water levels.

Despite a Saturday morning lull in rainfall in some parts of Quebec, water levels are rising still and the flooding situation is expected to worsen.

According to Environment Canada, between Friday and Saturday evening, up to 80 millimetres of rain will have fallen in the Ottawa River and that water is headed downstream towards Montreal. “It usually takes a few days for all of that precipitation to increase the water level of those rivers,” said Bruno Marquis, Environment Canada meteorologist.

So far, 124 municipalities across the province are dealing with flooding, in the regions of Montreal, Laval, the Montérégie, Mauricie, Lanaudière and the Laurentians.

“We think it’s very appropriate to ask for additional resources, additional efforts from the armed forces and I’m very happy that we had the entire collaboration of the federal government in this respect,” said Coiteux.

Federal Public Safety Minister Ralph Goodale says the army will work with local authorities to coordinate relief efforts.

Source: CBC

Read entire post grey  Related Training grey

Quebec has a new anti-corruption hammer and it’s called ISO 37001

Québec isn’t the only place fighting corrupt and collusive practices in government and private contracting, but it is about to become one of the first places in the world where companies and public bodies will be able to go to school to learn a new international standard for fighting corruption.

Enter two former top directors of the Sûreté du Québec, Jean Bourdeau and Serge Barbeau, who this spring will begin teaching a five-day course at École de technologie supérieure in Montreal that was developed for organizations that want to certify for a new anti-bribery ISO standard launched globally last fall.

The International Organization for Standardization, or ISO, developed the new ISO 37001 with the help of an international panel over two-and-a-half years to address the fact that corruption and bribery are global problems.

“I think it’s the certification that will become the most popular because it addresses corruption,” said Bourdeau, who served as deputy general director of criminal investigations for the SQ from 1997 to 2001 and now runs a private investigation firm with Barbeau, a former general director of the SQ.

montreal-que-march-24-2017-jean-bourdeau-former-dep
Jean Bourdeau, former deputy general director of criminal investigations for the Sûreté du Québec, in Montreal, on Friday, March 24, 2017. Bordeau now has a private investigation firm and will be teaching a course at ÉTS starting in the spring. It’s a new anti-bribery certification for companies called ISO 37001. It only launched internationally in fall 2016 and is about to be offered in Quebec. Bourdeau says it’s cheaper and as effective as a municipality creating an inspector-general’s office to fight corruption

Those who are unfamiliar with ISO will have seen banners with the words “ISO 9001 Certified” outside some office buildings around Quebec. That’s one other type of certification, and it refers to a management system that was developed by the international standards-setting body to focus on customer service and satisfaction.
The new ISO 37001 specifies a series of internal processes and policies to help organizations prevent, detect and address bribery, including adopting whistleblower protection, developing ethics policies, appointing an internal compliance officer, providing training for employees to combat bribery, conducting risk assessments, setting up internal financial controls and developing procedures to report and investigate deviations.

RELATED: Now offering ISO 37001 Anti-Bribery training and certification

“It doesn’t guarantee individual integrity,” Bourdeau said, “but it guarantees that the organization is taking measures to have overall integrity.”

An ISO-certified company is required to have continual internal and external monitoring and to provide documentation to demonstrate that it continues to comply with the international standards.

The organization must designate an internal auditor, who will have to be certified by an outside ISO-certified auditing firm, and the organization has to be audited regularly by an external auditor, who also has to be ISO-certified.

There’s a lot of paperwork involved in an ISO certification, said Eric Lessard, general manager for Quebec-based PECB North America Inc., an international standards certification firm that developed the five-day course that Bourdeau and Barbeau will instruct at ÉTS.

“It’s not just about signing a code of ethics,” Lessard said. “It’s about having processes in place that are audited and documented. This is a controlled environment. This is not just simple basic policies and a whistleblower line.”

PECB has partnered with ÉTS Formation, the professional continuing education section of the École de technologie supérieure, to offer the course in French, which costs $2,795. The first session begins in May and a second course is already scheduled for September.

The English version of this training and certification is offered exclusively by ContinuityLink. Next session in Montreal is on 05-09 June. You want to become a certified ISO 37001 Lead Implementer? Book your seat today!

Source: Montreal Gazette

Read entire post grey  Related Training grey