Hidden Security Cameras
Hidden Cameras are installed in most public places such as department stores, shopping malls, multiplexes, railway stations, airports, casinos, banks, etc. As their name suggests, these cameras are kept in places concealed to the public and they surreptitiously record people’s movements. They are connected to monitors or TV screens. Any incriminating move immediately shows up on the screens, which are manned by security personnel.
Security Cameras are very small and compact in size. Some modern cameras are so small that they measure just a couple of inches across and only a few millimeters in thickness. Bigger versions are available, but they are not popular as it is difficult to conceal them. Miniature and sub-miniature versions of Security Cameras are mostly used.
Large establishments use several hidden Security Cameras in various strategic points and then connect all of them together by cables. These are then networked onto a single CCTV monitor. CCTV screens are closely monitored by security guards. The advantage of having a CCTV Hidden Security Camera is that multiple views can be obtained simultaneously on the same screen.
Several methods are adopted to camouflage Security Cameras. They may be affixed inside ceiling fans, table lamps, in frames of paintings, or some other such camouflaged place. Some appliances use extreme deceptive tactics to hide their cameras. There are toys, lamps, clocks and other appliances which actually may be highly disguised Security Cameras.
They can be either wired or wireless. Despite their small size, they have a built-in recorder that records and simultaneously broadcasts images over the screen. Usually these cameras are installed at specific vantage points on or near the ceilings. Plaster is used to attach the plastic body of the camera to the wall. Tiny camera mounts are also available, but bring the camera more into view.
Some countries, like Great Britain, are trying to bring the whole of their public life into the view of Hidden Cameras. There are about 25 million hidden Security Cameras being used worldwide and millions of dollars are being spent for their purchase and research.
Rental Property Owner-Landlord Requirements!
The responsibilities of a Rental Landlord:
You have to keep the building you are renting, in a well maintained condition, and, you must also ensure that your property is safe for tenants to live in.
Failure to fulfill your responsibilities
Poorly maintained rental property will always have a greater risk of a variety of accidents occurring.
What you have to be aware of here, is the fact that should your building be the cause of an injury to the tenant, or a members of the public, you could be liable for a claim to be made against you!
The Effect
A poorly maintained building will become an increasing liability and will be a bigger drain on your resources.
It will also not attract the best tenants, and as a consequence, if you are housing problem tenants, the problems you have will start to really build and build.
To help you avoid the time consuming problems that may occur with a poorly maintained rental property, I have noted a number of areas for you to be at least aware of.
Building Fabric
According to the Landlord and Tenant Act of 1985, you have to maintain your rented property and keep it in an acceptable condition on the inside and on the outside.
Furniture
“The Furniture and Furnishings (Fire Safety Amendment) Regulations 1993″ covers the necessity to ensure that if your property has faulty or unsafe furniture and fittings, this could result in serious injury to your tenant or a guest. It could even result in death!
Therefore, always check your furniture is fire resistant with an appropriate “Fire Triangle” labels, and always ensure your furniture is safe to use.
Gas Appliances: The Gas Safety (Installation and Use) Regulations 1998 covers the latest requirements for all gas appliances in a rental property.
An annual Gas safety check is a regulatory requirement for all rental properties in your rental portfiolio, and ensures that gas appliances are working in a safe and satisfactory manner.
In the UK, all gas safety checks must be carried out by qualified Gas Engineers.
Electrical safety: The Electrical Equipment (Safety) Regulations 1994 covers your requirement to have all fuses, electrical equipment and electrical wiring checked.
Each year it is a statutory requirement to have an Annual Electrical Safety Certificate issued by a fully qualified Electrician. This check ensures all appliances and wirings and fuses are safe to use and not a danger to the tenants and not a fire hazard.
Smoke Detectors: Smoke detectors and smoke alarms are covered under the following legislation “The Building Regulations1991-Smoke Alarms”. It is highly recommended that, at the very least, smoke alarms are located in “areas at most risk” throughout the property.
These smoke detectors can either be battery operated, or mains operated. Please note that after 1992 (in the United Kingdom), it became mandatory for all properties to have mains operated smoke detectors fitted.
Energy Performance Certificates
These certificates are also known as EPCs, and all rental property must have this type of certificate displayed in a prominent position in the rented property.
This certificate can only be obtained by a person who has the required qualification to carry out such work.
Finally
The above list of requirements may seem onerous, but it gives both you, and the tenant “peace of mind” and ensures that you have a property that is safe to rent out.
Failure to comply with the above legislative requirements is merely a cost cutting exercise, and the consequences of not having complied will make you liable for what could be very expensive damages claims.
The costs of being compliant far outweighs the costs of not being compliant.
Everyone has so much to do these days, and you may find that you cannot devote sufficient time to your rental property portfolio. If this is the case, there are many rental companies able to look after your property for you and ensure that all the legislative requirements are looked after on your behalf.
Yes, they do charge a fee for their work, but the fee they charge will buy you peace of mind as you will know that your property is fully compliant and easier to rent out.
High Efficiency of Solar Generator Protection
Have you ever considered the consequences of losing power in your home for more than a few hours? What about a few days, a week, or even longer? Our nation’s power grid is vulnerable to natural or man-made disaster. Invisible and reliable electric power goes unnoticed until the lights or other electrical appliances won’t come on. It would be prudent for consumers to prepare for more costly and less reliable supply of energy as our aging electrical grid falls behind demand. Every year natural disasters such as hurricanes, tornadoes, snowstorms and ice storms wreak havoc all across the country that leaves millions of people without power.
It seems nearly endless when you start researching power outages. Look what has happened in just the last six months with all of the devastating tornadoes and floods in America. It is not a matter of if but when an electrical disaster will occur!
Man-made outages could be just as devastating as anything Mother Nature can throw at us. Our nation’s power grid is completely interconnected and highly vulnerable to collapse, especially in times of high demand. All it takes is failure in one area-which can be caused by lightning strikes, simple equipment failure or transmission lines sagging and shorting out on trees-to cause a “domino effect” of failures over large areas. It happened in 2003 when trees (in a rural area of Ohio) shorted out some lines, ultimately causing a cascading failure of more than 256 power plants.
The current opposition to nuclear and coal power will leave many with higher electrical costs. President Obama commented, “under my plan of a cap and trade system, electricity rates would necessarily skyrocket.”
Solar storms are also of great concern. Solar storms occur when bursts of electricity erupt from the surface of the sun. Between now and 2013 the sun’s solar activity is expected to hit a peak not seen since the 1800s. Severe solar storms have the potential to literally melt electrical transformers and other equipment.
In a report recently released from the Heritage Foundation, a leading U.S. think tank, national security experts warned President Obama about another catastrophic threat. If an enemy nation or even a terrorist detonated an electromagnetic pulse (EMP) weapon above the continental United States, the effects would be similar to that of as catastrophic solar storm…perhaps even worse.
In any case, whether by Mother Nature or man-made catastrophe, the only person you can truly count on is yourself to come to the rescue. The government proved that with Hurricane Katrina in 2005. It was reported that New Orleans went from a modern internet-driven society to a third-world country in the space of nine hours.
The use of a solar powered generator is one solution that will reduce electricity costs and protect consumers when the electrical grid is threatened. It would be a perfect solution to any “lights out” scenario you may find yourself in.
A solar powered generator collects free energy from the sun and sends it to the solar battery for storage or immediate use. Here are some of the benefits a solar powered generator offers:
*Instant backup electrical power in any outage.
*An endless supply of free electricity that is automatically stored for use when you need it.
*You are able to permanently reduce electric bills.
*There is available plug-in-technology that allows one person to set it up in a few minutes and immediately have electrical power.
*Solar powered generators have no maintenance, no noise, and no trouble starting in cold weather and do not emit any deadly fumes.
*Solar powered generators do not require gas.
*You will have total immunity to government interference and control. Remember, the government does not own the sun!
*There are multiple uses for solar power electricity. You could run essential appliances such as a fridge, freezer, a sump pump, cell phones, shortwave radios, TV’s, lights, furnace fans, computers, printers and much more.
You can see that a little planning ahead can avoid great problems. Solar powered generators can be a very economical purchase that provides free electricity. Solar powered generators will only become more valuable as future natural or man-made failures of the grid are a reality for each of us.
Stop Spam Before it Enters Your Network
Unsolicited e-mail to people on your network has become the modern day technological plague. It’s mainly a nuisance, but also a security risk that creates an entry point for viruses on your network. Not only does it consume bandwidth and server space, but it also decreases productivity due to required, daily user maintenance. The result: lost time and money.
Controlling spam is a growing task for many organizations. To minimize man hours and lower your risk of a virus attack, spam should be blocked before it even hits your network. What are your options to protect your network?
Hosted or managed services
Incoming e-mail is routed through the vendor’s network and filtered before being delivered to your network.
Pros: Eliminates the hassle of additional hardware or software installation on your network.
Cons: Privacy issues.
Dedicated security appliances
In this case, the appliance is deployed just behind your network firewall. Incoming e-mail is filtered before it reaches your mail server.
Pros: Provides virtually immediate protection with minimal setup on your network.
Cons: Support, redundancy and backup may be required, but not included in original cost.
Software.
There are several products available that filter spam at the mail server or client level. Filters are set by the network administrator or user.
Pros: May be more cost effective.
Cons: Spam has already entered the network before it is filtered.
Which option is best to protect the security of your network?
In the end, it is a matter of personal preference and deciding which solution best fits the needs of your organization.
Basement Fire Prevention
There are many hazards in the basement that can cause a fire so it is important to do a thorough inspection of the basement to help detect some of those fire hazards that may exist there.
The presence of hazards like combustibles, electricity, and heat generators, all packed un-attended in your basement is dangerous and requires precautionary attention. To allow emergency escape, make sure there is always a clear path towards the exit.
Hazardous Vapors and Liquids
In your basement you will most likely find flammable liquids that give off vapors which are heavier than air. These vapors can ignite by even a small spark from the furnace or hot water heater.
It is advisable to store these flammable liquids outside in a shed, and that they are stored in approved containers that are kept away from heat, sparks and open flames. Do not smoke in the vicinity of these products.
If these products must be stored in the basement, make a suitable clearance of at least 3 feet around appliances such as the furnace or hot water heater.
Storing Safely
To keep the storage amount of combustible materials that will fuel a fire down to a minimum, clean out once a year or have a garage sale. You should not store lawn mowers, snow blowers and propane tanks indoors as they contain flammable liquids, that release vapors heavier than air and present a serious fire and breathing hazard.
Electrical Safety
Electrical boxes that are overfused are a serious fire hazard. Bypassing circuit fuses can create a potential fire risk. If a fuse blows it means that the wiring or some electrical device connected to the circuit is defective, or there may be too many connected appliances that are causing overload.
It is important to never use an extension cord for appliances that need a permanent supply of power such as the air conditioner, fridge, and freezer, as this can cause the cord to overheat and ignite.
All fixtures should be properly secured, wires should be properly insulated from each other, and junction boxes should be covered properly.
Child Safety
You should not allow children to play in the basement if it is used for storage. Matches and lighters should be stored in a locked box and out of the reach of children.
Moving Into Your New Home – A Checklist For Your New House
Moving to a new house can be a hectic time for the whole family. There are so many details to think about that some can be easily overlooked. Unpacking is not the only thing you should worry about. The things you need to do can range from taking care of your finances to installing fire extinguisher cabinets. Organization is the key in making the whole process of unpacking and getting ready for your new home easier. With this in mind, here is a helpful checklist you can use after moving to your new place.
1.The first thing you have to do is to install new locks. Since you are new to the building or area, you still probably have no idea who has a copy of your current keys. This will ensure that no one can get inside the house except you and your family.
2.Inspect and make sure all your appliances are not damaged during the move. Some insurance policies have limited time in which to make a claim. If there is damage, report it immediately.
3.Important documents and receipts related to your move should be placed in a safe and locked drawer. Save all receipts of the money spent on the moving process, the permanent improvements and damages that were fixed so you can use these for tax deduction purposes later on.
4.Check the house for any damage and have preventive maintenance as early as possible.
5.Find and register your children into their new schools. The sooner your children will get used to a regular routine, the easier it is for them to settle in your new place.
6.Have an emergency storage close to your house exit. Keep all poisons, medicines, and other dangerous substances away from children and kept in child-proof cabinets.
7.Flashlight, matches, batteries and candles should not be placed within children’s reach. Place it in a top drawer with a lock.
8.Keep in touch with insurance companies including household, health and automobiles. Check if you are currently covered or if you need to create new policies with a new company. This is important especially if you are moving to a new state.
9.Take care of your finances by opening up new bank accounts.
10.Inform your old residence or post office of your change of address so that your mails will be forwarded to your new place.
11.Have smoke and fire alarms installed inside your new house. If there are old ones already installed, check if it is still functioning properly and change batteries. Purchase fire extinguishers for your kitchen and garage. Have them placed in fire extinguisher cabinets to keep them from being damaged.
12.Ask your doctors and dentist for referrals in your new town and have a copy of your old records.
After you are settled in to your new home and followed this checklist, you should introduce yourself to your new neighbors. In no time you and your family will feel adjusted to your new place and enjoy bonding with your new neighbors and friends.
Dealing With Post Tenant Cleaning Deposits
If you own rental properties then you are very aware of why you need to charge your renters a security deposit and a cleaning deposit. Often renters who are behind on their rent will move out at the last possible moment and skip town. They will leave you with a horrible mess inside your rental units, including dirty walls, dirty carpets with huge stains, oil spots on the driveway, and even leave the bathrooms in deplorable conditions.
This is quite common and before you get too upset you need to know that this is human nature. People that own their own home tend to take care of it much better than people who reside in someone else’s. Especially renters who know they’re going to leave and feel like they are paying rent each month but it’s going towards nothing, no equity stake.
Often renters will want their cleaning deposits back and they will attempt to clean up the property. But you must warn them that it has to be in perfect condition, as if it looks like a new home or a new apartment because you are going to rent it to someone else. So often, former tenants will curse and swear at the property manager or the rental homeowner trying to get their cleaning deposits back.
Many times you cannot give them their security deposit back because there are things that are broken in the home. These things cost money and they have to be paid for. Often they cost more than the security deposit and often tenants will destroy carpeting, patios, and leave stains on the driveway that will never come up.
There are often broken shelves in the garage and broken appliances in the kitchen. This is why I recommend that rental property owners have a checklist and spend lots of time going through every single possible cubbyhole in the entire home or apartment before they give back the security deposit or the cleaning deposit.
Property Managers should also make sure that the tenants know that they will not receive those monies right away, and if something is wrong, the property owner has the right to get bids from local contractors and see that the items are fixed or cleaned prior to giving the renters back the difference; if any. Please consider all this.
Wireless Network Vlans – How to Implement Wireless Vlans
The wireless access points operate as bridges with no routing defined anywhere on the wireless network segment. All VLANs are defined on the wired switches and mapped with specific SSIDs at each access point. The maximum number of VLANs and SSIDs per access point that can be mapped is 16. The wireless client attaches or associates with a specific SSID which in turn will map client with membership in a specific VLAN.
There is an option to configure the maximum number of wireless client associations allowed per SSID improving network performance and availability. The access point is assigned a primary SSID with the 802.11 standard, advertising it with beacons on that segment to all wireless clients. There is a guest SSID defined that companies should define a VLAN policy for that group or with access control list security policies denying access to the corporate network. Guest traffic for the most part should be directed across the internet unless they have specific network rights.
VLAN membership of each wireless client is assigned considering what servers are most accessed, specific company department and security rights. Device types such as a scanner with less security won’t be assigned the same VLAN as an engineering group with sensitive information and 802.1x security.
VLAN 1 is the default native VLAN and doesn’t tag traffic. The native VLAN number assigned on the wired switches must match the VLAN assigned at all attached access points on that network segment. The native VLAN is sometimes assigned to network management traffic or the RADIUS server. Companies will implement access control lists at each network switch to filter traffic securing the management VLAN traffic. With most designs the native VLAN isn’t mapped to a SSID except with connecting root bridges and non root bridges. Define an infrastructure SSID for infrastructure devices such as a repeater or workgroup hub and map the native VLAN allowing those devices to associate with non root bridge and root bridges.
Wireless clients configured with 802.1x authentication will have a RADIUS server configured with mapped SSIDs per wireless client. This is called RADIUS SSID control. The server sends the list to the access point where the client is allowed to associate with an access point should they be a member of one or several SSIDs. RADIUS VLAN control assigns each client with a specific VLAN and default SSID. The mapping can be overridden with the RADIUS sever configuration. During authentication the wireless client is assigned to that specific VLAN. The employee however can’t be a member of any wired VLAN except that. Policy group filters or class map policies can be defined per VLAN. You should deny all infrastructure devices to be members of any non-infrastructure SSID. Wireless clients will see all broadcasts and multicasts of all mapped VLANs unless 802.1x per VLAN encryption is implemented with TKIP, MIC and broadcast keys.
Trunking is implemented to switch traffic between network segments that have multiple VLANs defined. Each VLAN defines a separate broadcast domain comprised of a group of employees with a company department. The trunk is a physical switch port interface with defined Ethernet subinterfaces configured with 802.1q or ISL encapsulation. Those packets are tagged with specific VLAN number before it is sent between access point and wired network switch. The access point Ethernet interface is configured as a hybrid trunk. Access control lists should be defined at the wired switch Ethernet interface that drops packets from VLANs not defined with any SSID.
VLAN 100 = 192.168.37.x – SSID = Engineers
VLAN 200 = 192.168.38.x – SSID = Guest
VLAN 300 = 192.168.39.x – SSID = Sales
Device Hardening, Vulnerability Scanning and Threat Mitigation for Compliance and Security
All security standards and Corporate Governance Compliance Policies such as PCI DSS, GCSx CoCo, SOX (Sarbanes Oxley), NERC CIP, HIPAA, HITECH, GLBA, ISO27000 and FISMA require devices such as PCs, Windows Servers, Unix Servers, network devices such as firewalls, Intrusion Protection Systems (IPS) and routers to be secure in order that they protect confidential data secure.
There are a number of buzzwords being used in this area – Security Vulnerabilities and Device Hardening? ‘Hardening’ a device requires known security ‘vulnerabilities’ to be eliminated or mitigated. A vulnerability is any weakness or flaw in the software design, implementation or administration of a system that provides a mechanism for a threat to exploit the weakness of a system or process. There are two main areas to address in order to eliminate security vulnerabilities – configuration settings and software flaws in program and operating system files. Eliminating vulnerabilites will require either ‘remediation’ – typically a software upgrade or patch for program or OS files – or ‘mitigation’ – a configuration settings change. Hardening is required equally for servers, workstations and network devices such as firewalls, switches and routers.
How do I identify Vulnerabilities? A Vulnerability scan or external Penetration Test will report on all vulnerabilities applicable to your systems and applications. You can buy in 3rd Party scanning/pen testing services – pen testing by its very nature is done externally via the public internet as this is where any threat would be exploited from. Vulnerability Scanning services need to be delivered in situ on-site. This can either be performed by a 3rd Party Consultant with scanning hardware, or you can purchase a ‘black box’ solution whereby a scanning appliance is permanently sited within your network and scans are provisioned remotely. Of course, the results of any scan are only accurate at the time of the scan which is why solutions that continuously track configuration changes are the only real way to guarantee the security of your IT estate is maintained.
What is the difference between ‘remediation’ and ‘mitigation’? ‘Remediation’ of a vulnerability results in the flaw being removed or fixed permanently, so this term generally applies to any software update or patch. Patch management is increasingly automated by the Operating System and Product Developer – as long as you implement patches when released, then in-built vulnerabilities will be remediated. As an example, the recently reported Operation Aurora, classified as an Advanced Persistent Threat or APT, was successful in infiltrating Google and Adobe. A vulnerability within Internet Explorer was used to plant malware on targeted users’ PCs that allowed access to sensitive data. The remediation for this vulnerability is to ‘fix’ Internet Explorer using Microsoft released patches. Vulnerability ‘mitigation’ via Configuration settings ensures vulnerabilities are disabled. Configuration-based vulnerabilities are no more or less potentially damaging than those needing to be remediated via a patch, although a securely configured device may well mitigate a program or OS-based threat. The biggest issue with Configuration-based vulnerabilities is that they can be re-introduced or enabled at any time – just a few clicks are needed to change most configuration settings.
How often are new vulnerabilities discovered? Unfortunately, all of the time! Worse still, often the only way that the global community discovers a vulnerability is after a hacker has discovered it and exploited it. It is only when the damage has been done and the hack traced back to its source that a preventative course of action, either patch or configuration settings, can be formulated. There are various centralized repositories of threats and vulnerabilities on the web such as the MITRE CCE lists and many security product vendors compile live threat reports or ‘storm center’ websites.
So all I need to do is to work through the checklist and then I am secure? In theory, but there are literally hundreds of known vulnerabilities for each platform and even in a small IT estate, the task of verifying the hardened status of each and every device is an almost impossible task to conduct manually.
Even if you automate the vulnerability scanning task using a scanning tool to identify how hardened your devices are before you start, you will still have work to do to mitigate and remediate vulnerabilities. But this is only the first step – if you consider a typical configuration vulnerability, for example, a Windows Server should have the Guest account disabled. If you run a scan, identify where this vulnerability exists for your devices, and then take steps to mitigate this vulnerability by disabling the Guest Account, then you will have hardened these devices. However, if another user with Administrator privileges then accesses these same servers and re-enables the Guest Account for any reason, you will then be left exposed. Of course, you wont know that the server has been rendered vulnerable until you next run a scan which may not be for another 3 months or even 12 months. There is another factor that hasn’t yet been covered which is how do you protect systems from an internal threat – more on this later.
So tight change management is essential for ensuring we remain compliant? Indeed – Section 6.4 of the PCI DSS describes the requirements for a formally managed Change Management process for this very reason. Any change to a server or network device may have an impact on the device’s ‘hardened’ state and therefore it is imperative that this is considered when making changes. If you are using a continuous configuration change tracking solution then you will have an audit trail available giving you ‘closed loop’ change management – so the detail of the approved change is documented, along with details of the exact changes that were actually implemented. Furthermore, the devices changed will be re-assessed for vulnerabilities and their compliant state confirmed automatically.
What about internal threats? Cybercrime is joining the Organised Crime league which means this is not just about stopping malicious hackers proving their skills as a fun pastime! Firewalling, Intrusion Protection Systems, AntiVirus software and fully implemented device hardening measures will still not stop or even detect a rogue employee who works as an ‘inside man’. This kind of threat could result in malware being introduced to otherwise secure systems by an employee with Administrator Rights, or even backdoors being programmed into core business applications. Similarly, with the advent of Advanced Persistent Threats (APT) such as the publicized ‘Aurora’ hacks that use social engineering to dupe employees into introducing ‘Zero-Day’ malware. ‘Zero-Day’ threats exploit previously unknown vulnerabilities – a hacker discovers a new vulnerability and formulates an attack process to exploit it. The job then is to understand how the attack happened and more importantly how to remediate or mitigate future re-occurrences of the threat. By their very nature, anti-virus measures are often powerless against ‘zero-day’ threats. In fact, the only way to detect these types of threats is to use File-Integrity Monitoring technology. “All the firewalls, Intrusion Protection Systems, Anti-virus and Process Whitelisting technology in the world won’t save you from a well-orchestrated internal hack where the perpetrator has admin rights to key servers or legitimate access to application code – file integrity monitoring used in conjunction with tight change control is the only way to properly govern sensitive payment card systems” Phil Snell, CTO, NNT
See our other whitepaper ‘File-Integrity Monitoring – The Last Line of Defense of the PCI DSS’ for more background to this area, but this is a brief summary -Clearly, it is important to verify all adds, changes and deletions of files as any change may be significant in compromising the security of a host. This can be achieved by monitoring for should be any attributes changes and the size of the file.
However, since we are looking to prevent one of the most sophisticated types of hack we need to introduce a completely infallible means of guaranteeing file integrity. This calls for each file to be ‘DNA Fingerprinted’, typically generated using a Secure Hash Algorithm. A Secure Hash Algorithm, such as SHA1 or MD5, produces a unique, hash value based on the contents of the file and ensures that even a single character changing in a file will be detected. This means that even if a program is modified to expose payment card details, but the file is then ‘padded’ to make it the same size as the original file and with all other attributes edited to make the file look and feel the same, the modifications will still be exposed. This is why the PCI DSS makes File-Integrity Monitoring a mandatory requirement and why it is increasingly considered as vital a component in system security as firewalling and anti-virus defences.
Conclusion Device hardening is an essential discipline for any organization serious about security. Furthermore, if your organization is subject to any corporate governance or formal security standard, such as PCI DSS, SOX, HIPAA, NERC CIP, ISO 27K, GCSx Co Co, then device hardening will be a mandatory requirement. – All servers, workstations and network devices need to be hardened via a combination of configuration settings and software patch deployment – Any change to a device may adversely affect its hardened state and render your organization exposed to security threats – file-integrity monitoring must also be employed to mitigate ‘zero-day’ threats and the threat from the ‘inside man’ – vulnerability checklists will change regularly as new threats are identified