www. secu reroi.

com

SECURE

december 2005 • issue two

Perfect
Practice
In order to provide significant value and return on
investment (ROI) for the pre-employment screening
program, proper policies and diligent management
must be in place.
SecureROi n December 2005 3
 inside…
features
15 Perfect Practice
In order to provide significant value and return on
investment (ROI) for the pre-employment screening
program, proper policies and diligent management must be
in place.
DECEMBER 2005 By David Saddler
V o l u me I , N u mber I I

Dave Saddler
publisheR
19 Channeling ROi
EDITORIAL As the Security Director for Comcast Cable
Communications, Midwest Division, Ron Hnilica
DAVE SADDLER
has learned the importance of demonstrating ROI.
EDITOR
By Ron Hnilica
JOE RICCI

22
Managing Editor

Susan Clark BluePRints of Success

Managing Editor
A term often used in law enforcement is force
ART & DESIGN multiplication. It refers to the ability, mostly through
technology, for officers to stretch resources, be in more
Jacki Silvan
places than one and have a positive impact on the
Art Director ability to protect and serve.
KIM WITT By David Saddler
marketing assistant

ADVERTISInG
Dave Saddler
publisheR
newsflash 6
301.613.0740 No Consensus on FEMA Focus
dave@secureroi.com Animal ID Fights Agroterrorism
DHS Awards More Than $15M
Efforts to Tighten Borders Continue
Published six times a year. Executive
offices at 12154 Damestown Road,

10 techrules
#615, North Potomac, MD 20878.
SUBSCRIPTION: $295 one year.

The Perils of Wireless Networking

POSTMASTER: Send address Fencing Out Malicious Code
changes to SecureROI, 12154
DOT’s Security Off Track
Darnestown Road, #615, North
Potomac, MD 20878 Quick Bytes

newmarket 25
© 2005 Cloud Concepts, LLC

4 SecureROi n December 2005

SecureROi n December 2005 9
12.05

newsfl
g o v e r n m e n t ag e n c i e s

No Consensus on FEMA Focus

Even before the Feder al E mergen c y M anage men t Agen c y (FE MA) was deluged with criticism for its poor
handling of the emergency response effort after Hurricane Katrina, a plan to drastically reorganize the agency had been put forth by
Department of Homeland Security (DHS) Secretary Michael Chertoff.
Under that proposal, which is a part of the total restructuring plan for DHS, FEMA would be tasked solely with response and recovery. The
preparedness functions would be consolidated under a new undersecretary for preparedness, who would be responsible for facilitating grants
and overseeing nationwide preparedness efforts, including telecommunications, cybersecurity, and critical infrastructure. Both the director of
FEMA and the undersecretary would report directly to Chertoff.
The proposed reorganization, which leaves FEMA under DHS,
falls short of some critics’ recommendations that FEMA be given
back the independent agency status that was taken from it when
it was merged under DHS. But the integrated approach is still
championed by James Jay Carafano, senior fellow at the Heritage
Foundation and coauthor of DHS 2.0, the report credited with
prompting Chertoff ’s package of proposed changes.
The proposed changes will make FEMA directly responsible to
the secretary, removing the layer of bureaucracy and management
duties that go along with being an undersecretary, says Carafano.
He adds that this move will help the agency better focus on its
historic mission: response.
A tighter focus could also help FEMA respond more efficiently,
says Paul Light, professor of public service at New York University.
“I’d like to see FEMA focus much more tightly on the 36 hours
after an event and then the recovery,” he says.
But some experts question whether splitting up preparedness
and response can work, noting that efficient response to disasters
depends almost entirely on whether preparedness has been
effective.
“We’re facing a structural problem,” according to Scott
Fosler, former president of the National Academy of Public
Administration, which did two studies of FEMA in the 1990s

6 SecureROi n December 2005

 ash
after Hurricane Andrew that were used as the basis for the
reorganization of the agency during the Clinton Administration.
Fosler worries that the plans to remove the preparedness
function from FEMA will result in less communication.
Moreover, FEMA should never have been incorporated within
DHS, Fosler says. Restructuring it within that department simply
reinforces a wrongheaded path.
Carafano, however, says that because the head of FEMA
Page 6: Illustration: Peter Neu, Dreamstime.com | Page 7: Illustratoin: Scott Weichert, Dreamstime.com
and the undersecretary for preparedness will both report to
the secretary, the organizational problems Fosler fears will be
mitigated.
In addition, the preparedness directorate will support FEMA
with training resources and will continue to rely on FEMA’s
subject-matter expertise to advise the preparedness function.
For first responders, however, the success of the
reorganization will be measured in the amount of funding
available. “Our focus has remained on the need to have both
preparedness and response portions of emergency management
funded properly,” and first responders should have the authority
they need to get the job done, says Jeff Zack, spokesman for the
International Association of Firefighters.
But maintaining funding and staffing levels becomes much
more difficult as bureaucracy becomes more complicated, says
Pietro Nivola, senior fellow at The Brookings Institution. FEMA
has had significant staffing and funding problems in the past, says
Nivola, and its reorganization may not help.
While adequate funding is critical, it is hoped that the
reorganization will begin to fix the problems that led to the
bungled response to Hurricane Katrina.
deterring terrorism
Animal ID Fights
Agroterrorism
Animals bred for consumption in the United States
are often moved with relative ease and with little paper trail.
That lack of documentation creates vulnerability, because if an
animal becomes infected, the ability to quickly ascertain its origins
could mean the difference between an isolated case and a deadly
pandemic.
One important step toward implementation of a tracking
system would be an animal identification program. The National
Cattlemen’s Beef Association (NCBA), one of the largest cattle
associations in the world, is currently working with industry
partners to develop a national database that is privately controlled.
The NCBA-initiated system will only contain information related to
animal health, says Kim Essex, vice president of NCBA.
National Animal Identification System (NAIS) should be able to
identify and trace all animals and premises that have had contact
with a foreign or domestic animal disease within 48 hours after
discovery.
The NAIS program will be instituted in three phases. The first
phase involves the registration of any premises on which animals
are handled. This is now voluntary, but once NAIS is mandatory in
2009, proprietors will have to register all premises with state or
tribal officials. The data will then be reported to NAIS.
After their premises have been registered, producers will be
able to obtain an identification tag, which will be tied to a unique
animal identification number (AIN). The AIN, which will be in the
datbase, will remain with the animal until slaughter and will be
used to determine its origin or where it was first tagged.
The type of tags will most likely vary from species to species,
but the data on the tag will be consistent, focusing on dates of
sale and locations to which the animal has been taken. Cost of the
devices will be shared between federal and state governments and
the producers.
SecureROi n December 2005 7
newsflash
found money

DHS Awards More Than $15M

Homeland Security Contracts
awardee amount purpose The number of supplemental
grants given to fire departments
Hebrew University around the country by the
$5.6 million Develop drug against superantigens
of Jerusalem Department of Homeland
Security’s Assistance to
RTI International $1.2 million Early detection of disease breakouts Firefighters Grant Program. The
supplemental funding makes
Rutgers $3.5 million Develop lie detection system nearly $4 million available to
help local fire departments and
University of Mexico $1.49 million For bioterror training/curriculum emergency medical services
programs pay for training
University of programs, safety equipment, and
$5 million Develop homeland security courses
Tennessee response vehicles.

b o r d e r pat r o l

Efforts to Tighten Borders Continue

Spec i ally tr ained border patrol officers have long been
authorized to issue removal orders so that illegal immigrants not
seeking asylum get deported without a hearing. Called “expedited
removal,” the authority previously applied in only three U.S.
Customs and Border Protection Border Patrol Sectors across the
southwest border. It has now been expanded to nine.
Before the removal order is issued, a senior-level supervisory
immigration officer must review the decision. People removed
from the United States under expedited removal are
barred from reentry for a period of five years, but
can apply for a waiver.
It is one of many attempts to reduce the
likelihood that potential terrorists will enter the
United States as illegal immigrants, but the effort
does not do enough, says Michael W. Cutler,
former senior special agent with the
INS and a fellow at the Center for
Immigration Studies. “Until
and unless we come up with a
coordinated system—not a
piecemeal approach—then
we’re not going to be
successful in securing our
borders and defending our
country against terrorism,” he says.
Jack Martin, special projects
director for the Federation for
American Immigration Reform,
says that while expedited removal
is not a panacea, it is a necessary first step toward securing the
country’s borders against terrorists. Reforms to the visa program
have made it more difficult for terrorists to enter the country
illegally, he says, and consequently they will be looking to exploit
other vulnerable areas of the U.S. border.
Mexico and Canada are likely to be the entry point of choice, he
says. Expedited removal will help ensure that these persons will be
deported quickly and before they can commit acts of terrorism.
Cutler and Martin agree, however, that the visa exemption for
friendly countries must be revoked. Visas are integral to the fight
against terrorism, says Cutler, because visa officials are required
to screen applicants, and the application itself can provide INS
officials with investigative leads they would not have had otherwise.
The Government Accounting Office (GAO) has also looked at
progress at the Department of State, the Department of Homeland
Security, and other agencies in strengthening the visa process.
Among the improvements, the GAO says, consular officers at eight
posts, including those of interest to antiterrorism efforts, now
“regard security as their top priority.”
However, the report also cited areas of concern. For example,
the Department of State has not consistently updated the Foreign
Affairs Manual to reflect recent policy changes. Additionally,
clarification is needed as to DHS’s roles and responsibilities
overseas, and State must also work to ensure that trained staff
members with language skills are posted at key consular points
around the world.
The GAO found that critical posts in Saudi Arabia and Egypt
were staffed with first-tour officers with no permanent mid-level
visa chiefs to provide guidance.

8 SecureROi n December 2005

SecureROi n December 2005 9
12.05
techru
s tay i n g c o n n e c t e d
The Perils of Wireless Networking
Compu ters th at follow their
own directives—to the detriment of their
human owners—are a favorite topic of
science fiction. If you use Windows XP
and have a wireless card installed, this kind
of sci-fi scenario may not just be fiction
anymore.
When you turn the computer on, it
automatically looks for and connects to
the strongest wireless network it can find
that is not being protected by encryption
or otherwise hidden from view, without
considering whether you are authorized
to use that network. Once connected, the
computer can even hop to a new network
if it finds a stronger one, without asking
you first.
That could lead to trouble, because
court cases in the United States and abroad
are firming up the position that if you
connect to someone else’s wireless network
without permission, you could be guilty
of unauthorized access to a computer
network.
One case that is still ongoing concerns
Benjamin Smith, who was charged with
that crime in April in Pinellas County,
Florida, when a homeowner noticed
Smith sitting in a vehicle outside his house
10 SecureROi n December 2005
holding a laptop. The homeowner became would be wise to take into consideration
suspicious and called the St. Petersburg preventive measures that will head off any
police, who found Smith connected to possible legal problems.
the Internet through the homeowner’s Windows XP users can do a bit of
unprotected wireless network. Smith was behind-the-scenes tweaking, says Preston
arrested and the case is now in its pretrial Gralla, author of the book Windows XP
phase. Hacks. “You can turn off the Wireless
Only intent separates a criminal from Zero Configuration service that runs in
the average road warrior whose computer the background in XP and automatically
attaches itself to the nearest and strongest connects you to any nearby wireless
network, says Thomas J. Smedinghoff, network,” Gralla explains. “With it turned
an attorney with Baker & McKenzie who off, your computer won’t automatically
specializes in computer security issues. search for and connect you to
“I think the fact that Smith knew he wireless
was connected to someone else’s network,
and apparently knew he did not have
permission to do so, is probably the key
issue here,” he says. Smedinghoff says that
the Florida statute, like most computer-
crime laws, makes it a crime to access any
computer network “willfully, knowingly,
and without authorization.”
While war drivers who look for open
networks and provide the information
to others through online maps may
be the group most affected
by the outcome of the
Smith case,
average users
 les Organizations need to be
sure that they are making
it clear to employees the
kinds of online behavior
that are considered
unacceptable.

Pros:
networks,” so any decisions on what networks will be connected to will be
made explicitly and solely by the user.
Turning off Wireless Zero Configuration is a fairly easy process. Open
the Start menu and choose Run; in the box that opens, type services.msc
It’s extremely easy to use, and
and then click OK. This will bring up a box showing all the services available
doesn’t require updating each time a
on the computer. Scroll down to Wireless Zero Configuration, select it, and
new threat appears.
choose Stop. In the same box, select Startup Type and change its setting

Cons:
to Disabled, so that the service will not automatically resume when the
computer is rebooted.
Other countries are also beginning to prosecute those who piggyback
onto unsecured networks. For example, this summer, British police
Right now it only works with
arrested war driver Gregory Straszkiewicz for illegally accessing a wireless
Internet Explorer and the Outlook
connection. According to reports by the BBC, he received a £500 fine and
mail program, a problem for the
was given a year’s conditional discharge, in addition to having his laptop and
many Web surfers (myself included)
his wireless card confiscated.
who try to avoid these programs
Companies can learn two important lessons from the Smith and
in favor of alternative browsers
Straszkiewicz cases, Smedinghoff says. “One is that obviously they need
Page 10: © Photographer: Joachim Angeltun, Dreamstime.com

and mail clients. Where to get

to secure their own networks, because if somebody is able to get in almost
it. A limited-time demo can be
accidentally, it’s going to be embarrassing, and could be a real problem if
downloaded from GreenBorder’s
something serious happens.”
Web site. Pricing for the enterprise
Second is that organizations need to be sure that they are making it clear
edition runs about $39 per seat
to employees the kinds of online behavior that are considered unacceptable,
annually.
including accessing another person’s wireless network just because it’s
available and open. “You have to resist that temptation and understand there
are legal consequences,” Smedinghoff says. “For somebody who’s computer
savvy there are a lot of places that are easy to go, but if you’re not authorized,
you could be committing a criminal violation.”

SecureROi n December 2005 11

techrules
w o rt h i t
Fencing Out
Malicious Code
When medic al c rises hit, patients who might
have been exposed to a highly contagious disease are put into
quarantine, thus ensuring that they cannot infect the public at
large. When the virus is the digital kind, it’s just as important to
segregate whatever is infected from the rest of the network until
the cause of the infection can be eradicated.
New software from GreenBorder Technologies creates a
quarantine that sits on every computer, allowing users total
freedom to view or download what they like while protecting
the computer itself—and the network it’s on—from harm.
The company’s GreenBorder Desktop DMZ does just
what its name says; it puts a green border around any content
downloaded from the Internet or contained within an e-mail.
For example, the Internet Explorer browser has the border,
and so does anything opened on or downloaded from any Web
site. If you receive an attachment in an e-mail and click on it,
a green-bordered box will open that describes the attachment
and the IP address it’s being downloaded from.
If you choose to open the file, it will open in the appropriate
program, such as Word for a document; but that document will
have a green border around it when it opens, showing that it is
still considered unsafe material. If you save it, it will appear with
a green border around the icon to show its unsafe status.
The program doesn’t prevent you from opening any kind
of file, nor does it prevent problematic applications such as
ActiveX from running. Instead, it allows everything to run
inside a virtualized environment, meaning that there is no
contact with or effect on the host machine. For that reason, no
software or spyware can be surreptitiously installed.
Once you log out, all content is flushed away. This includes
anything illegitimate (such as worms or spyware) or legitimate
(such as a patch). To keep something from being flushed
away, users can designate safe zones whose content is trusted.
This can be done as simply as right-clicking on an icon and
choosing to have the border removed. Otherwise, a document
can be saved so it doesn’t get flushed, but it will remain in its
quarantine each time it is opened.
12 SecureROi n December 2005
step it up
DOT’s Security
Off Track
When the Z otob wor m appe ared only days
after Microsoft released a patch that would have prevented
infection, 700 Department of Transportation (DOT) computers
were infected after a contractor connected a laptop to the DOT’s
network against the department’s policy. This incident, which
is recounted in a report on the department’s IT security by
the DOT’s Inspector General (IG), is just one indication that
some federal IT professionals are having trouble in meeting the
challenges of locking down networks.
Here’s another. The IG notes that “about half of all Federal
Railroad Administration computers are not subject to routine
vulnerability checks because they are being used by employees
who telecommute (or travel around the country) for the majority
of the year.” As is made clear by the Zotob example, these laptops,
“if infected with hostile software, could become conduits for
spreading problems to the rest of the networks.”
The IG writes that the department’s 12 Operating
Administrations (OAs) were given baseline security standards
last year for configuring computers using Windows Server,
Linux, Solaris, Cisco routers, and wireless devices. “However,
there is little assurance that these security standards have been
implemented due to the lack of enforcement.” For example, last
summer the DOT’s Office of the CIO requested the OAs for an
update on efforts to meet these standards. Only four OAs actually
replied, and one of them (the Federal Railroad Administration, or
FRA, again) reported that only 29 percent of Windows servers,
and only 17 percent of its computers running Linux, were in
compliance.
It will come as no surprise, then, to learn that auditors
were able to gain root access at FRA “over a critical file server,
desktop computers, and a network switch,” thus allowing them
to access sensitive data. “Given the interconnectivity among all
DOT networks, this security lapse also puts other Departmental
systems at risk,” the report notes.
 Quick Bytes
Password frustration.
How many passwords do you need to remember? A survey
by RSA Security Inc. of 1,700 enterprise technology end
users found that 71 percent had as many as 12, and almost
one-quarter had more than 15. To keep track of these, the
majority of users said that they keep a record on a PDA or a
document on their PC; 19 percent keep a note attached to
their computer or have another type of paper record in their
office.

RFID planning.
The Department of Defense (DoD) is using radio frequency
ID (RFID) tags throughout its supply-chain operations; by
January 2007, all DoD commodities will have these tags. The
Government Accountability Office (GAO) reports that the
Pentagon has identified many of the challenges it needs to
resolve before this can happen but notes that “it has not
yet developed a comprehensive strategic management
approach” to guide, monitor, and assess implementation.

Zero-day approaches.
The time between the disclosure of a computer vulnerability
that can allow infection by a worm or virus and the release
of an exploit that can attack that vulnerability has dropped
from 6.4 days to 6.0 days. Meanwhile, the average time
between the appearance of a vulnerability and the release of
a patch is 54 days. Those statistics, which come from antivirus
vendor Symantec’s most recent Internet Security Threat
Report, are even more frightening when you consider that
1,862 new vulnerabilities were found in the first half of 2005.

A Site to See
Web-page bookmarks are a great way to keep track of your
own frequently traveled Web sites. But how can you find out
what sites are most popular with other people?
Page 12: Illustrator: Pt Lee, Dreamstime.com | Illustrator: Cristescu Valentin, Dreamstime.com

“Social bookmark” sites allow anyone who stumbles

across an interesting site to immediately bookmark it and
then post it to a central Web site to encourage others to visit
it as well.
One of the most prominent of these sites is del.icio.us,
which posts hundreds of bookmarks each day. Posters can
add comments to their bookmarks and categorize them
under any number of different tags, including security,
software, and hacks, that allow other users to search for new
sites in specific categories.
The del.icio.us site also provides a location for saving
personal bookmarks that can be accessed from any computer
so that if you’re on the road and want to visit a bookmarked
page but don’t have your regular computer, you can find the
links easily nonetheless. Best of all, the site is completely free.
Social bookmarking is a great way to find new sites in any
category of interest to you, and that makes del.icio.us. A Site
to See.

SecureROi n December 2005 13

14 SecureROi n December 2005
 W ri t t e n b y: d av i d s a d d l er

In order to provide signiFIcant value and return on investment

(ROI) for the pre-employment screening program, proper policies and
diligent management must be in place.

Perfect
Practice
F ormer major league baseball player Dwight Evans, when responding
to a question about preparation and practice, once said, “Practice does
not make perfect, perfect practice makes perfect.” The message was and
is clear to those aspiring to new heights: going through the motions simply will
not suffice.
This approach applies perfectly to how Scott Hewitt, CPP approaches the
overall security program at Ferguson Enterprises, Inc., particularly to the
importance placed company’s pre-employment screening program. In order
to provide significant value and return on investment (ROI) for the pre-
employment screening program, proper policies and diligent management must
be in place. >>

i l l us t r at io n b y: C a ro l i n e C l a rke

SecureROi n December 2005 15

 The key is constantly measuring the Former major league baseball
player Dwight Evans, when
program, with the main goal of showing responding to a question about
the corporate value it provides. preparation and practice, once
said, “Practice does not make
The measurable value is important, as well as the overall management
perfect, perfect practice makes
philosophy. A conversation with Hewitt details the management level items
perfect.” The message was and
to consider when creating, or re-examining, a pre-employment screening
is clear to those aspiring to
program:
new heights: going through the
motions simply will not suffice.
• Establish criteria to measure and report the value (detailed below). When This approach applies
considered over time, the tangible measurements are staggering; the perfectly to how Scott Hewitt,
intangibles ones, such as making sure that the company has sound, reliable CPP approaches the overall
and loyal employees also have tremendous business impact. security program at Ferguson
• Ensure the appropriate legal review. In any hiring process the legal Enterprises, Inc., particularly to
team should have input, but especially when using information to deny the importance placed company’s
employment. Also, there are requirements from laws such as the Fair Credit pre-employment screening
Reporting Act of which companies must be aware, including how much program. In order to provide
history can be brought in. significant value and return on
investment (ROI) for the pre-
• One size does not fit all. Companies hire a variety of types of employees,
employment screening program,
some that may need more scrutiny and examination than others. Every
proper policies and diligent
business is different; each employee’s risk factor is varied and must be
management must be in place.
managed that way.
A pre-employment screening
• Perform constant management and diligence. This is merely good business program is one that can either
practice and is expected of most corporate departments. For the program to be totally ignored or potentially
be truly effective, it must be consistently studied and adjusted. provide a false sense of security.
• Employ the proper flexibility. The hiring process is inherently subjective. But for those who conduct
Work with the staff and managers to make appropriate business decisions pre-employment screening, the
on employees to weigh risk and potential. importance placed on constantly
examining the program and
16 SecureROi n December 2005
also quantifying the program is
essential.
“In this day and age, it is
almost impossible for me to
fathom that any organization,
large or small, does not perform
some sort of background check
of the people they are looking to
hire,” said Hewitt. “In this time
of high litigation, workplace
violence and negligence lawsuits,
pre-employment screenings, in
my own opinion, are vital.”
But simply doing it and doing
it correctly are two different
things. Hewitt’s own experience
with Ferguson, a $6 billion, coast-
to-coast service distribution
network with nearly 1,200
locations in 50 states, the District
of Columbia, Puerto Rico and
Mexico, is a perfect indication of
this point.
When he first joined the
company, he discovered that
a number of the items he was
responsible for were backlogged.
Had an effective screening
program been in place, this
situation may have been avoided,
thus proving significant business
Here are the metrics that Hewitt employs:
Annual cost of the program.
This includes the vendor contract
and in house personnel time:
$260,000 (conducting screening on
700 to 800 people per month).
screening issue # rejected
Theft issues 36
Drug issues 48
Violence 58
Total 158
value for the company.
Hewitt points out that the
key is constantly measuring the
program, with the main goal of
showing the corporate value it
provides. “This is what the CEO
needs to see,” Hewitt says. “You
have to speak their language and
show that you are a contributor
to the bottom line.”
Hewitt contends that there
is an art to proper screening.
Relying solely on a Web site
with outdated or inaccurate
information or simply relying
on references, a credit score or
criminal check might increase
risk and, in the end, cost more
money. The key is trained
professionals who understand
what to look for, what questions
to ask and how to recognize red
flags.
Because of this, Hewitt out-
sources the pre-employment
screening process but also has
one in-house person to manage
it daily, mostly because of
the volume and impact of the
program. This is to provide the
vendor with guidance on issues
such as when to continue an
investigation, which obviously
costs more money, or how to
react to red flags. Hewitt’s vendor
contract was recently adjusted to
Costs associated with
employee theft.
According to the Association of
Certified Fraud Examiners, fraud
and abuse costs $9 a day per
employee. Based on one year of
working days only, a conservative
estimate for one employee is $2,250
per year.
associated cost/year total $ saved
$2,250
7,500
25,000
260,000 (inhouse)
increase activity in one area and
decrease it another after diligence
discovered that the information
provided was not all that useful.
Hewitt practices what he
preaches. The quantifiable ROI
is significant to Ferguson, not
just in tangible measurements,
but intangible ones as well.
Tangible measurements include
the ones below for Hewitt, who
classifies pre-employment
reviews in one or more of
three categories: thefts, drugs
and violence. The intangible
measurements include the
increased productivity that
results from finding the right
employees and what they
accomplish due to a thorough
pre-employment screening
program, versus the alternative
from a weak or ineffective
screening program.
As Hewitt points out, these
are significant yet conservative
numbers. In one recent month,
Ferguson did not hire 90 people
out of more than 900 who were
screened. Hewitt said that
generally, he is seeing five out of
every 100 people statistically who
should not be hired.
This is a significant business
issue. “This is the data I use to
show when someone asks why
Costs associated with drug Costs associated with
abuse. workplace violence.
Hewitt uses statistics published in Hewitt refers to data published in
the Bottom Line, which indicated 1992 that indicated that 100,000
that each drug abuser costs close to incidents of workplace violence
$7,500 per year. cost employers $4.2 billion. He uses
the figure of $25,000 per rejected
violent person as a conservative
estimate.
ROI model.
Using data from two years ago,
Hewitt estimated that Ferguson
avoided hiring 158 people (36 from
$81,000
theft issues, 48 from drug issues
360,000 and 58 from violence, saving the
company $1,888,246 (versus costs
1,450,000 then of $245,000)) in one year.
$1,631,000
we should be doing this. That’s
five out of every 100 people that
you would not want near your
building.”
He also uses these
numbers when new
branches open or when
Ferguson completes
an acquisition to
convince these new
managers that his
program is viable for
the company. Hewitt
views it as beneficial for
his department to have to
“sell” the service to new
managers. This proves
that the security function
is as viable as any other
corporate function, also
contributing to the
bottom line of the
business.
18 SecureROi n December 2005
 i l l us t r at io n b y: b ri a n c h a se

A s the Security Director

for Comcast Cable
Communications,
Midwest Division, I attempt to justify
the Security Department’s role in
the company by demonstrating a
quantitative return on investment (ROI)
and by the implementation of “value
added” programs.

Channeling
ROI W ri t t e n b y ro n h n i l i c a

I . T h e f t o f S er v i c e
In the telecommunications industry, theft of service by unauthorized
users is a continuing and expensive problem. Not only do cable
(satellite and telephone) companies lose millions of dollars annually
for actual revenues lost as the result of stealing cable signal, but there
is also the additional millions of dollars lost to damaged or vandalized
equipment and the man hours to repair this damage.
This is an area of Security’s responsibility in which a return-on-
investment (ROI) can be quantitatively demonstrated to executive
leadership. At Comcast, we have a proactive theft of service program
that not only seeks criminal and civil remedies for this theft, but
also includes an active audit program to identify unauthorized cable
users and attempt to convert these persons into paying subscribers.
Our Loss Prevention personnel, working through the Security
Department, are trained in proper audit procedures for end-user
(residential and commercial) theft of service. This training >>

SecureROi n December 2005 19


includes proper documentation which, if necessary, can be used
in civil and criminal court proceedings. In addition, our Loss
Prevention employees are trained by our Sales department on
proper sales techniques so that these unauthorized users can be
offered, through a low key sales approach, the opportunity to
become paying cable subscribers. It is not uncommon to convert
up to 30% of these identified unauthorized users of cable to paying
subscribers.
Another area of theft of service that has bee a huge problem for
years is the purchase of illegal (“black”) cable boxes, either through
magazine advertisements or via the internet. These boxes, often
manufactured overseas and sold to large American distributors at
very low prices, can be connected to an analog cable system and
allow unauthorized viewing of pay-per-view (PPV) and premium
movie channels without compensation to the cable company.
Security departments for many cable companies often cooperate in
investigations to identify and prosecute these major distributors.
In addition to criminal prosecution, civil suits are filed by the cable
companies against these distributors, often involving settlements
of $1 million or more. As part of the civil judgment, the courts
are ordering the release of the customer list for these black boxes.
The cable companies will then pursue individual civil settlements
against the purchasers of the boxes.
Through the Comcast Security departments, it is not unusual
to receive $1 to $2 million annually as the result of theft of service
programs listed above.
I I . R e c o v er y o f Co m c a s t P roper t y
Security and Loss Prevention work with the Comcast warehouse
personnel in the recovery of cable converter boxes and cable
modems. These are huge capital expense items and can cost a cable
company millions of dollars in lost equipment fees. The newest
converter boxes, which are a high definition and digital video
recorder (DVR) combination, will cost the company approximately
$350 per box. Needless to say, if several thousand of these boxes
are lost, stolen, or simply not returned by customers, the monetary
losses can mount rapidly.
Security works with the warehouse in conducting performance
audits to verify that proper procedures are being followed in
20 SecureROi n December 2005
In 2004, Comcast Security and Loss
Prevention recovered in excess of
20,000 cable converters and cable
modems with an approximate value of
$6 million.
the issuance and recovery of these cable boxes and modems.
Comcast works with contract cable companies that must follow
our procedures for reconciliation of cable box (and cable modem)
inventory.
In 2004, Comcast Security and Loss Prevention recovered
in excess of 20,000 cable converters and cable modems with an
approximate value of $6 million. In addition, LP investigators are
trained through our Sales department to attempt to retain existing
customers (that have fallen behind in payments or who may be
thinking of switching to another company for video services). These
sales by LP investigators result in an approximate 20-30 % retention
rate of customers that may have been lost as subscribers.
I I I . W orkp l a c e Vio l e n c e P re v e n t io n
Tr a i n i n g
In a value-added program, Comcast Security (Midwest Division)
has developed a Workplace Violence Prevention (WVP) program
for managers and directors of the various disciplines within the
company. This program, called the Comcast Crisis Response Team
(CCRT), was developed as a two day intensive training to develop
crisis management skills for Comcast management personnel. The
training incorporates Comcast’s existing WVP and harassment
policies, but includes training on dealing with potential WV
situations, warning signs, WV incident management, angry/
distraught employee “talk down” procedures, etc. Over 200 Comcast
managers and directors in the 7-state Midwest Division have
received this training in the past year. Security has implemented
yearly 2 hour refresher training sessions so that these skills learned
in the original CCRT training can be reinforced. An additional
benefit of this training is that it demonstrates a proactive approach
to the prevention of workplace violence which can be an issue
in premise liability, negligence and the “General Duty” clause as
pertaining to OSHA regulations.
I V. Ho m e l a n d S e c uri t y / Terroris m
Awa re n ess Tr a i n i n g
In 2005, in another value-added program, Security implemented
a terrorism awareness training program for Comcast technicians,
sales personnel and any other employees that spend a good deal
The newest converter boxes cost the
company approximately $350 per box.
If several thousand of these boxes are
not returned the monetary losses can
mount rapidly.
of work time “on the street.”
This program is an extension of
“eyes and ears” training that has
been used to increase employee
awareness of street crimes,
especially related to school
age children. The terrorism
awareness training program is
used to train Comcast employees
to be alert and report potential
terrorist activity around critical
infrastructures, shopping
malls, sports stadiums, etc.
This program was developed
with valuable input from the
Michigan State Police, especially
in preparation for the 2005 Major
League Baseball All-Star game
and the upcoming 2006 NFL
SuperBowl, both of which involve
stadiums and events in the city of
Detroit. This program has been
well-received by the field techs
receiving the training because it
increases their involvement in the
possible prevention of a disaster,
manmade or natural.
V. S e c uri t y a n d
Hu m a n R esour c es
Of all of our value-added
programs, the partnership
with Human Resources (HR)
has probably been the most
“valuable” in terms of critical
relationships that involve
everything from labor relations
issues, hostile terminations,
and internal investigations of
employees (that violate Comcast
ethics policies) to issues of
criminal wrongdoing that result
in criminal prosecution.
The relationship between
HR (with many employees) and
security (the smallest department
in terms of employees and
budget) is so strong that these
two groups now have annual
training seminars together so
that old working relationships
can be refined and new ideas for
cooperation can be explored.
For those of us in security,
we know that to be a viable part
of the organization, we must
have support of our executive
leadership. From the point of
view of Comcast Security in the
Midwest Division, I can truly say
that the executive leadership of
HR is our greatest asset and most
influential support group.
SecureROi n December 2005 21
 i l l us t r at io n b y: s c o t t m a xwe l l

Blueprints
of Success W ri t t e n b y d av e s a d d l er

A term often used in law enforcement is force multiplication. It refers

to the ability, mostly through technology, for officers to stretch
resources, be in more places than one and have a positive impact on the
ability to protect and serve. >>

22 SecureROi n December 2005

SecureROi n December 2005 23
 ICUs are financially challenging for health

The Findings care providers. These units account for 25

to 35% percent of operating budgets.
among the clinical findings:

• There was a 25% reduction in hospital mortality The true value for the
rate for the ICU patients. implementation of such a
program would be to study
• There was a 17% decrease in length of stay (LOS). and measure the return on
investment (ROI) and the
• ICU capacity was increased by 20% and thus business value. One great
the ability to provide better care because of the example of this type of business
shortened LOS. study is found in an application
of real-time data and real-time
monitoring that has little to do
among the financial findings: with security or law enforcement,
a hospital critical care facility.
• A 26% reduction in costs for ICU patients, resulting The Sentara study provides
from a 17% decrease in LOS an excellent example of how a
company used technology, well
• 15% decrease in daily costs of ICU care, known to security professionals,
attributable to a 4% decrease in nursing worked to deliver better health care
hours per patient day services to patients and also
to reduce costs and provide
• 18% decrease in ancillary cost significant value.
The numbers demonstrate
• $2,150 per patient financial benefit attributable to that the use of this application
lower cost, after adjuring for revenue loss in “fee provides tremendous ROI and
for service” and “per-diem” patients helps the health care provider
meet its many missions, among
• A $460,000 increase in gross monthly revenue them excellent care provided
due to additional ICU cases. This generated in a timely fashion. The length
$274,000 margin contribution, monthly of stay (LOS) for a patient is
critical in the health care arena,
• A $3,000,000 annualized net financial benefit for as insurance often dictates these
the 2 ICUs after subtracting all program costs. parameters.
According to the study
publicized by VISICU of
Baltimore, Maryland for an
application at Sentara Health
Care of Norfolk, Virginia, the
ROI is tremendous. VISICU is
the application provider, using
The vast majority of law Since security professionals a program called eVantage.
enforcement’s capacity to be understand the intricacies of Enrst and Young provided the
in more places than one is this type of technology, it would analysis. The technology was
real-time, remote video and behoove the security function to utilized in two intensive care
data monitoring. This allows study how to utilize technology units (ICUs) at the Sentara
greater coverage for public safety, such as this for business Norfolk General Hospital, where
without the extra officers or the purposes and to help achieve care is obviously much more
overtime that a municipality multiple business objectives. In sensitive and demanding. The
might not be able to afford. The law enforcement, one objective study covered 600 patients who
technology does not replace the might be to use a number of were discharged in the first
value of the officer, but enhances officers that could not physically half of 2001 and the data was
that value. cover a certain area to provide compared to the 12 months prior
This concept makes for an a zero tolerance objective for a to the implementation of the
excellent blueprint for business. particular event. technology solution.
According the study, ICUs
are particularly challenging
financially for health care
providers. Care in these units
account for 25 to 35% percent
of operating budgets. This is
amplified by the budgetary
pressures from managed care
reimbursements and fixed
Medicare payments. In addition,
50–67% of expenditures are
concentrated in 10 to 15% of the
ICU patients, according to the
case study. With the ability of
doctors and other health care
professionals to deal with these
cases with this remote “expert
monitoring”, costs are reduced
and care increased.
After using the digital video
and patient data platform,
where doctors can actually view
vital patient information while
personally communicating with
the patients remotely through
the video platform, the clinical
benefits and cost savings were
dramatic (see sidebar).
This is a prime example
of the type of technology
solutions, available to security
professionals, that can enhance
the businesses mission of a
company. The technology tools
are the same, it is the application
that is unique in this instance.
While this application is
not for security purposes per
se, the technology, information
gathering and management
is certainly within the realm
of possibilities for a forward
thinking security manager. The
skill comes not in figuring what
something will cost, but in
figuring out, as Sentara did, what
business objectives can be more
readily met. Is there a way that
your security operation can help
provide core business functions
and significant return?

24 SecureROi n December 2005


fire and security integration
SimplexGrinnell
SimplexGrinnell of Westminster, Massachusetts,
has developed a new technology that integrates
two products made by Tyco Fire & Security—the
Simplex 4100U fire alarm platform and the Software
House C·CURE 800/8000 security management
software. The new technology helps streamline the
crisis management process and improves response
to emergency situations by employees and first
responders. It also provides post incident reporting
of video, monitoring, and other life-safety systems
events for analyzing and improving emergency
response. It enables communications from the fire
panel to be transmitted to the software through
a networked or standalone serial data port.
While it provides central logging of events, it is
supplemental to the fire alarm system.
security shredder
Security Engineered Machinery
The new Model 5140C/3 maximum security
shredder has a built-in oiling system that keeps the
cutting blades sharp even under constant use. It
shreds paper to 1-mm x 5-mm particles, meeting
requirements set forth in the NSA/CSS 02-01 for
paper destruction. Made by Security Engineered
Machinery of Westboro, Massachusetts, the unit
cuts in two directions. Photoelectric controls
provide for hands-free start and stop. The cutters
are activated when paper is inserted (up to 12 sheets
at a time) and are automatically shut off when the
material is shredded. The blades will not operate if
the door of the machine is open or the bag inside is
full. The shredder operates at a speed of 40 feet per
minute and has a 11/2-horsepower motor.
pickpocket deterrent
Tecco Corporation
Tecco Corporation of Suffern, New York, has
introduced the Zip-R-Lock, a twist-snap device
that can be attached to any zipper or bag closure to
deter pickpocketing and casual theft. Manufactured
by Comprehensive Identification Products, Inc., of
Burlington, Massachusetts, the device allows the
owner to quickly enter a one-digit code to open
it, but it visually and physically deters a thief. To
open the unit, the user pushes the pointer key in
and rotates it to the correct number; to close, the
pointer key is snapped back in and twisted in any
direction.
bomb protection
Security Intelligence Technologies, Inc.
The BombJammer VIP 300T from Security
Intelligence Technologies, Inc., of New Rochelle,
New York, is a counterterrorism system that
can be covertly mounted inside a trunk or in the
back of an SUV. It protects against the use of
remote-controlled improvised explosive devices
and obstructs enemy and terrorist methods of
communication. Because it is mobile, it can protect
VIPs in transit, military convoys, sensitive venues,
and fixed installations by effectively emitting a
protective shield of electromagnetic radiation.
Other units in the BombJammer product line
include the VIP 200, which is built into a briefcase
and jams radio-frequency-controlled bombs; the
VIP 600, which is built into a military backpack
and designed for tactical use; and the VIP 900,
a stationary system for protecting military and
government installations, arenas, and transit
stations.
privacy filters
Winsted Corporation
The new Two-Bay LCD/3 Console with Rack
Cabinet from Minneapolis-based Winsted
Corporation offers space for binders, CPU, and
rack-mount electronics in a single console. Besides
extra storage, it features two 21-inch (12U) rack
spaces for LCDs as well as a TruForm top panel
for a large LCD or plasma screen. The consoles
are ergonomically designed to reduce fatigue and
improve operator efficiency. The console measures
391/2” high x 921/4” wide x 451/8” deep. The top
panel, work surface, and lower cabinets are available
in a variety of colors.
vertical rack cabinets
Winsted Corporation
Minneapolis-based Winsted Corporation is offering
an array of new accessories for its Pro Series II
vertical rack cabinets, which feature adjustable
tapped front and rear rack rails and gusseted
horizontal supports for additional strength.
Accessories include a vented top panel with a
mounting bracket for a cooling fan, a set of four
locking side panels, and a 10-inch cooling fan. New
7-inch wiring spacers offer a place for cables and
wires to be routed, keeping the back of the racks
free of clutter. Removable front and rear doors
allow easy access to all cabling.
door prop alarm
Dortronics Systems
The 7200-PT Series Door Prop Alarm provides
an audible alarm if a door is not closed within
a specified time period or is forced open. It can
also send an alarm condition to other monitoring
systems and it can be custom-configured for a
wide range of standalone and system-integrated
applications. New from Dortronics Systems, Inc.,
of Sag Harbor, New York, the alarm includes a
dual-voltage power lock that accepts 12 or 24
VDC, reduced wiring requirements that allow
installers to use the same wiring as a nonalarmed
door, a built-in interface for the company’s 7600
annunciator/controller, multiple outputs, automatic
alarm shunt, manual or automatic alarm reset, and
an LED indicator for instant status verification. The
7200-PT requires fewer switches and is available in
single or double gang wall plate designs.
checkpoint screening
Rapiscan Security Products
The Rapiscan 3D20 from Rapiscan Security
Products of Hawthorne, California, enables
operators to view three-dimensional images of
scanned baggage in real time. It uses the AXIS-3D
camera system to deliver high-resolution x-ray
images and offers variable zoom, organic-inorganic
material separation, and Deep Focus image
processing to make threatening objects more
apparent. It allows the user to flip images and toggle
between two-dimensional and three-dimensional
views. The company offers optional Threat Image
Projection, a training tool that can be incorporated
into normal operation. It allows computer-
SecureROi
newmarket
generated threat images to be digitally inserted into
a scanned image for training, practice, performance
monitoring, and management reporting.
biometric identification
Ultra-Scan Corporation
Ultra-Scan Corporation of Amherst, New York,
will combine its patented ultrasonic fingerprint
biometric technology with the Dynamic Hospital
Suite of products from Bio-Optronics, Inc.,
of Rochester, New York. Designed to improve
workflow and patient safety, the solution offers
multiple means of identifying patients and staff as
a crucial step to reducing patient misidentification
and medication errors. A patient’s fingerprint is
required to match the bar code on a wristband,
while hospital staff who administer medications
are fingerprinted to ensure that they are authorized
to do so. Once a patient is enrolled in the system
using a fingerprint reader, the patient’s medical
record is quickly accessed with the touch of a
finger. Personalized wristbands are created through
the MedID application and include a bar-code
identifier, biometric identifiers, a photograph, and
specific medical information.
iris reader
Panasonic Security Systems
The BM-ET330 iris reader from Panasonic Security
Systems of Secaucus, New Jersey, delivers fast and
accurate system enrollment and authentication
using software developed by Iridian Technologies,
Inc., of Moorestown, New Jersey. The system makes
a template or map of each person’s iris pattern.
To verify identity an individual simply looks into
the reader, which compares the iris pattern with
images stored in the system. It allows one-to-
many searches and, compared to fingerprints,
requires much less data storage space. The reader
includes an advanced self-prompting user guidance
system, tamper protection using 3DES encryption,
and an error rate of one per 1.2 million. No
physical contact is required, eliminating wear and
contamination issues. The unit can be used in a
systems configuration or it can stand alone.
secure telephone
Nortel Corporation
Nortel Corporation of Brampton, Ontario, Canada,
has introduced enhancements to its Meridian
telephone series that meet strict U.S. federal
government security requirements for protecting
highly sensitive information from intrusion and
tampering. The new Secure Telephone offers
a wide range of security features that prevent
outside intrusion into government networks
and safeguard against equipment tampering. It
prevents the telephone from being used as a passive
listening device when the handset is in the on-hook
position. It also features positive disconnect, an
off-hook visual indicator, a unique serial number
for quick verification during security sweeps, and
tamper-evident labeling, and has no hands-free
microphone.
n December 2005 25
 newmarket
smart-card readers
OMNIKEY
OMNIKEY of Walluf, Germany, is offering high-
performance desktop smart-card readers bundled
with validation software from CoreStreet, Ltd.,
of Cambridge, Massachusetts. The new package
is designed to minimize deployment time and
reduce the total cost of compliance associated
with Homeland Security Presidential Directive 12,
which requires federal employees and contractors
to use a single credential to access buildings and
networks. Users plug in the reader and the software
is automatically installed. System administrators
can configure the enterprise validation software
centrally. Users can insert their credentials into
the reader when they send a signed e-mail, and
recipients with validation clients can validate the
e-mail when they open it.
evacuation notification
Fire Control Instruments
The new E3 expandable emergency evacuation
system from Fire Control Instruments of
Westwood, Massachusetts, is a peer-to-peer
network operating at 625 Kbaud that can be
arranged as Style 4 or Style 7 using two conductor
unshielded wire or fiber cables. The network
riser includes paging, firefighter telephones, and
input/output capabilities. Expandable and easy
to install, the system incorporates a broad range
of existing and new components, including fire
panels, repeaters, and displays. It can operate as a
standalone, a network, or a broadband voice and
audio solution.
building control
AMAG Technology
An optional building control module for the
Enterprise and Professional Editions of security
systems from AMAG Technology of Torrance,
California, allows control of building systems such
as heating, ventilation, and lighting. By monitoring
activity from access control readers and motion
sensors, the module determines whether an area
is occupied, enabling the security management
software to control devices, such as HVAC devices,
depending on occupancy. Using the module can
save energy and reduce operating costs for heavily
used building systems.
locking system
ABLOY Security, Inc.
The ABLOY EXEC High Security cylinder uses
rotating detainer disks to provide an extensive
number of key combinations for large systems,
including master keying capabilities. Made by
ABLOY Security, Inc., of Irving, Texas, the locking
system offers resistance to surreptitious entry,
resists impressioning, and is virtually pickproof. It
offers a high level of key control with its restricted,
patented key profiles and key security levels. Keys
can be duplicated only with proper authorization.
All parts are corrosion-resistant and resist wear,
dirt, moisture, and freezing.
mass transit video
GVI Security Solutions, Inc.
GVI Security Solutions, Inc., of Carrollton, Texas,
26 SecureROi n December 2005
has introduced the Mass Transit Intelligent Video
System, which uses sophisticated algorithms to
automatically detect, identify, and signal an alarm
when the system detects unauthorized activities
within or near the perimeter of a transit facility.
The system continuously monitors and evaluates
video inputs from multiple cameras in a single
command and control center to alert security of
intrusions, abandoned objects, and illegal parking,
among other events. Once an unauthorized activity
is detected, the system tracks the activity using
cameras with automatic pan-tilt-zoom capability.
The system automatically alerts security or police.
The intelligent displays highlight the types of critical
threats that have struck mass transit facilities,
making it easy for personnel to see the problem.
network video
Integral Technologies
Indianapolis-based Integral Technologies is offering
a new solution to security system integration.
DigitalSENTRY Network Video Solutions (NVR)
offers a pure software solution and is designed to
accompany and complement the new 16-channel
NVR turnkey solution. Providing seamless
integration and open architecture, the solution
enables consumers to manage IP technology
with existing analog cameras and from a single
management system.
mpeg-4 codec
PI Vision
PI Vision of Orlando, Florida, has launched a new
enterprise-level MPEG-4 codec. Benefits include
smaller file sizes to help reduce bandwidth and
hard-disk storage requirements, thus achieving
cost savings compared to MPEG-2 and JPEG
encoding. The new codec also offers greater control
over image resolution, bandwidth, and storage
requirements.
card printer
Fargo Electronics
The Persona C30 Card Printer from Fargo
Electronics of Minneapolis is designed for facilities
that need high-quality plastic ID cards without
high-security features. It features an easy-to-
load, all-in-one ribbon cartridge to save time and
eliminate the mess of complex ribbon installations.
A card-cleaning roller is integrated into the ribbon
cartridge to assure clean card stock and high-
quality prints. Users can choose from a single-sided
printer or one that prints on both sides of the card,
and an optional magnetic stripe encoder is also
available. Each printer carries a two-year warranty.
access control power supplies
Honeywell Power
Honeywell Power Products of Northford,
Connecticut, is offering access control power
supplies with significantly expanded capabilities
in three power output levels with both UL
and ULC ratings for fire, access control, and
intrusion systems. They feature circuit-breaker
battery protection, AC input and DC output
LED diagnostic indicators, AC fail and battery
monitoring contacts to aid in supervision, and a
built-in charger for sealed lead-acid or gel-type
batteries. They offer a filtered and electronically
regulated output, with automatic switchover to
standby battery when AC fails. The core supplies
are HP300ULX, HP-400ULX, and HP600ULX. All
are 12 VDC or 24 VDC field-selectable.
integrated security panel
GE Security
The new ACUVision panel 1.0 from GE Security
of Austin, Texas, offers a single-panel platform
solution for access control, alarm monitoring, and
digital recording. The single IP solution lowers cost
of ownership by facilitation service and support;
one integrator can install both access control and
digital video. A single database manages multiple
recorders and cameras, communicating over a LAN
or Wan using the same database. It can consist of
one or many recorders, connected to hundreds of
cameras, each of which can be set up with different
recording criteria. The modular design reduces
space requirements by providing all power and
terminal connectors in one uniform wall-mount
enclosure.
long range reader
HID Corporation
HID Corporation of Irvine, California, has
expanded its 13.56 MHz contactless smart-
card reader family with the introduction of a
self-contained long-range reader that meets
international regulatory standards. For installations
incorporating parking and long-read-range
applications with access control, the R90 provides
enhanced security via encryption and mutual
authentication. It can read cards up to 18 inches
away. The reader features a tamper switch,
and all electronics are packaged in a rugged,
indoor/outdoor housing. Two units can operate
simultaneously at one meter apart for truck and
car installations. Audio indicators include tone
sequences to signify access granted, access denied,
power up, and diagnostics, while a multicolor
LED flashes from red to green when a valid card is
presented.
network cameras
Canon U.S.A., Inc
Expanded audio features, built-in servers, and zoom
lenses are the highlights of a new line of cameras
from Canon U.S.A., Inc., of Lake Success, New
York. Both the Canon VB-C50FSi Fixed Network
Camera and the Canon VB-C50i/VB-C50iR Pan/
Tilt/Zoom Network Camera feature an advanced
26X optical zoom lens and a 12X digital zoom for
capturing fine detail from far away. They offer 640-
by 480-pixel resolution and recording speeds up to
30 frames per second. Two-way audio features allow
the cameras to capture, play back, and transmit
two-way audio over an IP network, supporting
teleconferencing and security monitoring. The
cameras transmit audio data only when sound is
present, thus reducing network traffic. A built-in
network server can provide viewing for up to 50
clients at once.
SecureROi n December 2005 27
28 SecureROi n December 2005