https://sm.asisonline.org/Pages/Global-Security-Threats-and-Solutions.aspxGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Global Security Threats and Solutions0

 

 

https://sm.asisonline.org/Pages/Silencing-False-Alarms.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Silencing False Alarms

 

 

https://sm.asisonline.org/Pages/Cross-Border-Disorder.aspxGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Cross-Border Disorder

 

 

https://sm.asisonline.org/Pages/The-90-Character-Alert.aspxGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465The 90-Character Alert

 

 

https://sm.asisonline.org/Pages/Superior-Supervision.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Superior Supervision

 

 

https://sm.asisonline.org/Pages/Supply-Chain-Resources.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Supply Chain Resources2014-06-01T04:00:00Z
https://sm.asisonline.org/Pages/assessing-cargo-supply-risk.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Assessing Cargo Supply Risk2006-11-01T05:00:00Z
https://sm.asisonline.org/Pages/The-Hunt-for-Talent.aspxGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465The Hunt for Talent2016-12-01T05:00:00Z
https://sm.asisonline.org/Pages/Superior-Supervision.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Superior Supervision2016-12-01T05:00:00Z
https://sm.asisonline.org/Pages/The-Top-Ten-Challenges-for-ED-Security.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465The Top Ten Challenges for ED Security in 2016 and Beyond2016-12-01T05:00:00Z

Security Management

 Morning Security Brief

View RSS feed

 SM Weekly

Retrieving Data

 SM Daily

Retrieving Data
Not a Member? Join Now

 

 

https://sm.asisonline.org/Pages/The-Hunt-for-Talent.aspxThe Hunt for TalentGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​​FBI Director James Comey was talking to his daughter recently about the Bureau’s struggle to recruit talented cybersecurity professionals amidst a talent shortage when she summed up his problem: He’s the Man. </p><p>“Which I thought was a compliment,” Comey said in an appearance at ASIS 2016 in Orlando, Florida. But then his daughter added, “You’re the Man; who would want to work for the Man? The Man is boring. The Man is crusty. The Man is white and male. Who’d want to work for the Man?”</p><p>To be an FBI cyber agent, candidates have to have integrity, be physically fit, and have a cyber specialty. They also have to want to work for the government, which can make the candidate pool extremely small to choose from because some candidates might not find that attractive.</p><p>Comey’s daughter might be on to something, not only when it comes to the FBI but when it comes to corporate cybersecurity recruitment as a whole. What if there are individuals who are out there with the skills organizations need, but they don’t know how to attract them? Or they are not candidates that fit the typical corporate mold?</p><p>Take Bugcrowd, a crowdsourced security testing company with a community of researchers that finds and reports vulnerabilities for rewards—commonly known as a bug bounty program. CEO and cofounder Casey Ellis launched the community via his Twitter account in 2012. Four years later, more than 45,000 researchers have signed up to be part of the community.</p><p>Seventy-five percent of researchers who responded to a Bugcrowd survey said they were between 18 and 29, and 19 percent of researchers were ages 30 to 44. Most striking, however, was the finding that 88 percent had completed at least one year of college, 55 percent of them had graduated with a bachelor’s or postgraduate degree, and all respondents had at least a high school diploma. </p><p>Furthermore, just 15 percent of these respondents said they participated in bug bounty programs full-time; meaning 85 percent of researchers participate in bug bounty programs as a hobby or as a part-time job.</p><p>“What we’ve seen is a lot of the best, most prolific folk, and best-paid folk that we have on the platform don’t come from a security career background,” Ellis says. Instead, they are often from an engineering, development, or systems administrator background.</p><p>“These are folks that don’t work in security, but, lo and behold, they’ve been sitting up until 3 a.m. every night, chatting with their hacker buddies,” he adds. “The cool thing about especially the bug bounty model is that there’s zero barrier to entry. It’s truly meritocratic. If you can come in and prove the fact that you can do this, as evidenced by the fact that you’ve found something that’s valuable, great.”</p><p>And for some researchers, this process has led to being hired for positions off of the bug bounty platform. “They work their way up the ranks, they’ll get spotted as unique talent, and actually get a job out of it,” Ellis explains. </p><p>“You can teach someone to hack. You can teach someone how to think with that kind of criminal entrepreneurship type of bent, but I think the more efficient path for the industry at large is to identify the people that are already there,” he adds.</p><p>Bugcrowd has done this through word of mouth and actively promoting researchers' work on social media. But how can hiring managers at other companies recruit nontraditional talent? </p><p>First, they might have to take a hard look in the mirror and ask themselves if they are blind to talent that already exists. Winn Schwartau, president and founder of The Security Awareness Company, has written extensively on this topic in his series Hiring the Unhireable: A Rationale Imperative for Protecting Networks & Nations.</p><p>“We don’t have a lack of talent. What we have is a provincial mindset, entrenched over decades, in a flawed Cold War binary philosophy,” Schwartau writes. “Many of the current hiring systems all too often enforce an arbitrary, capricious, and discriminatory set of criteria, which is fundamentally designed to eliminate true, valuable human talent—consciously choosing instead to often default to the center of the Bellcurve; that 68 percent we refer to as ‘normal.’”</p><p>Hiring managers from the United States, the United Kingdom, the European Union, and elsewhere often bemoan that they need tens of thousands of security employees, but can’t find them, he adds.</p><p>But “what they can’t find are good security people who fit into their hard-crusted mold of what corporate and government structures have become,” Schwartau explains. “There is actually a lot of truly great talent out there. But we may not see it in the traditional ways.”</p><p>To better identify this nontraditional talent, hiring managers need to adjust their mindset and expectations about hiring, says Timothy O’Brien, senior manager of security operations at Gigamon, a network visibility and traffic monitoring technology vendor.</p><p>“We are creating this category as hiring managers of talent that we will never hire, yet we’re talking about there’s nobody to hire. In some ways, we’re creating our own problem,” O’Brien explained in his session “Hackers Hiring Hackers” at the 2016 (ISC)² Security Congress, copresented with Magen Wu, senior consultant at software company Rapid7.</p><p>Hiring managers often get in their own way when they list a position with a job description that’s all over the place, such as an entry level position that asks for a Certified Information Systems Security Professional (CISSP) certification and five years of experience.</p><p>“Folks have talked to me and said they are trying to break into information security and they basically apply for everything because they can’t figure out what we, as hiring managers, even want or need,” O’Brien adds.</p><p>This means that it is especially critical for hiring managers to break down what they want versus what they need, and to take a hard look at what skills an individual will need to possess to be successful in that role in the organization.</p><p>“Be clear about what that job will entail, as much as you know, because security changes,” he explains. </p><p>O’Brien also recommends that hiring managers consider whether certifications and college degrees are important, or if they are an HR requirement that’s potentially limiting the pool of candidates managers could draw from.</p><p>“There’s plenty of folks that I’ve met that have been great hackers, great security professionals, but don’t have a degree because they got so bored out of their mind they could not sit through the degree programs, or they didn’t have the financial capabilities to go get a degree,” he says. “So let’s find those folks with that talent, help nurture them, and help them get that degree.”</p><p>If, however, having certifications or degrees is important for filling the position, O’Brien says hiring managers should make sure to vet candidates to make sure they did not just memorize information to pass a test—that they learned and retained the information the certification implies they knew at one time.</p><p>One way of doing this, O’Brien says, is by asking a candidate during phone interviews about how their personal home computer network is set up and what they would like to improve upon in the next six months.</p><p>“I’ve gotten everything from, ‘Well I just have my Cox cable modem and it goes into my computer,’” which is usually the end of the interview, O’Brien says, “to ‘I’ve got this VPN (virtual private network) and a couple of computers…’ and that leads into a series of questions that I have, like ‘On that network, when you open a browser and type in www.google.com, and like magic Google comes up, how does that work?’”</p><p>The key is to use explanatory questions in interviews to get a feel for whether a candidate can articulate to someone who’s technical, but also to someone who’s from a business background, about information security and how systems work.</p><p>O’Brien also recommends getting involved with the recruiting team and human resources to make sure they understand what you as a hiring manager are looking for. And this doesn’t always mean meeting with these individuals in a conference room.</p><p>For instance, O’Brien says he’s worked with organizations to create computer emergency readiness teams (CERTs) and specifically places a recruiter or a technical person from human resources on the team “so they get more involved and they know what we need, and what roles we’re trying to fill.” </p><p>And when it comes to finding nontraditional talent, Wu says that hiring managers should look to conferences, local meet-ups, and online portals. This is because Wu, like others in the industry, encourages job seekers to use these venues to attract the notice of recruiters.</p><p>“Get involved with the community—we have such a large community with what we do,” she adds. “Start going to conferences, local meet-ups, giving presentations, writing blog posts, and that’ll get your name out there more. That’ll make you look more interesting to hiring managers.”</p><p>While the debate continues to rage as to whether the talent shortage is real and, if so, how bad it is, hiring managers need to reassess their recruiting process to ensure that they are not overlooking qualified candidates who fail to meet their traditional criteria.</p><p>“I strongly feel that there’s a lot of talent out there, and we’re actually not accessing that talent pool right now,” Ellis says. “The challenge is to find something, put something together that actually draws them out. And takes them from where they are right now into something that’s more valuable to them and the industry itself.”</p><p>And the FBI is taking note, Comey said, assessing the way it recruits talent and how it uses cyber agents to better mitigate and investigate cyber threats.</p><p>“We’re not at bean bags and cut-off shorts yet; we do not let people smoke weed,” he explained. “But we’re trying really, really hard to be cooler than we ever were to not only attract great talent, but so when they come to us, they find it an exciting, iterative, agile place to work.”  </p>
https://sm.asisonline.org/Pages/Superior-Supervision.aspxSuperior SupervisionGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​If you find the above conversation hard to believe, ask the next uniformed security supervisor that you encounter about his or her developmental supervisory training experiences. You may get a blank stare in return. </p><p>Despite the absolutely critical role that site supervisors play on both contract and proprietary security teams, they frequently rise through the ranks as dependable employees. Rarely are they selected, groomed in advance, and developed through structured training. </p><p>After 25 years of managing a family-owned regional security firm, I knew that supervisory training was still in short supply. To break out of this mold, we developed a biannual training program to ensure that our site supervisors knew what was expected of them and what they should expect from the job.</p><p>Developing and implementing this program, however, was not always easy. Following is a case study on the training program, and the various challenges faced along the way. Also included is a breakdown of training session logistics, a summary of course content, and final takeaways. ​</p><h4>Foundation</h4><p>While working in a business develop­ment role several years ago, I completed yet another week of meetings in which frustrated prospects conveyed their dissatisfaction with how their site supervisor—a cherished and vital employee—was “not being supported.”  The situation they described was one I had heard many times before—disappointment with their current security vendor because of a lack of support and development for the site supervisor.   </p><p>For the client, the solution was simple enough: find a company that supports its supervisory team. In the next managerial meeting, I asked the company’s president, general manager, assistant general manager, training director, and HR manager the following question: “How can we best support our site supervisors?”  </p><p>The white board at the end of that first meeting on the topic was filled with honest questions about our site supervisory team, such as “Why do we assume they know how to properly schedule people?” “What leadership skills should they possess, and what if they don’t have them?” “Do they truly know HR’s expectations for disciplinary actions?” and “What is the best method for communicating with management when the support system has failed?”</p><p>We strove to be as honest as possible, and so the answers were often damning and full of assumptions about what we hoped had been communicated. Some attendees responded with defensive statements, such as “Isn’t the account manager doing a briefing on these issues?” and “They do have the employment handbook as a guide.” </p><p>In the end, the group was forced to admit that because too many of the supervisor’s duties involved “winging it,” being the best and the brightest was insufficient.  </p><p>The team began to piece together a framework for a new group training session, to be held biannually. The framework included basic tenets about proper scheduling procedures, baseline knowledge about labor law, and information on recognizing and reporting harassment. The program was dubbed L-3 Training, because L-3 is our company’s designation for a security officer who leads, trains, schedules, verbally disciplines, and has veto power over staff assigned to their site.​</p><h4>Challenges</h4><p>We faced various challenges when we started planning the first training event. First, we had to decide which location would work best for the largest number of supervisors.  </p><p>Second, we had to determine what training time would make the most sense. Holding it after hours raised the possibility that trainees would be tired from having already worked an entire shift. But we thought holding it during regular shift hours might turn into an operational nightmare; account managers would have to find alternative supervisory coverage for every site with a supervisor.</p><p>Third, there were financial factors involved. We would have to absorb the cost of pulling many well-compensated supervisors into a single room for nonbillable time. Once they were all together, it seemed likely that some supervisors would discuss their individual worksites, and even compensation, with each other. This, we thought, could lead to a supervisor’s demoralizing discovery that he or she is not earning as much as the client across town is willing to pay, for a job with the same responsibilities.</p><p>However, we also realized that these types of challenges can lead organizations to give up on a training program before it begins–a key reason why such training turns out to be fairly rare. So we came up with solutions to these challenges that were simple, but seemed to work well for the entire team. </p><p>For the location, we secured a space near the administrative office, since that office was considered the central hub of employment with the firm.</p><p>We decided that it was best for the training to be held during the middle of the day, not after shifts were over. This meant that the supervisors would keep their 40-hour workweeks and still be paid for a full 40 hours (with training accounting for a portion of that time), and not stay later for training. We hoped that this communicated respect for the supervisors. Overall, these positives outweighed the logistical inconveniences that midday training would entail. </p><p>As far as the cost, we adopted the premise that it is always less expensive to spend a few dollars and keep a client then save a few dollars and lose one. Thus, it would be ultimately worth it to the organization to absorb the cost of the program.​</p><h4>Program Specifics</h4><p>We quickly realized that thoughtful planning did not make our program error-proof, and we had to grapple with our share of logistical hazards. The hotel conference room booked for the training turned out to be too small. The parking garage was overfilled. The meal break was marred by cold pizza, delivered 45 minutes late.</p><p>During the training sessions themselves, we occasionally came close to death by PowerPoint, as a few speakers droned on and on about mundane subjects. Once, we failed to schedule a training session because the firm had so much new business to attend to. </p><p>These problems led to several lessons learned. Instead of simply looking up the dimensions of the proposed room, it is important to visit it beforehand and envision it in the configuration you plan to use, to make sure it is the right fit. Sampling the proposed food to be served and checking reviews of the restaurant provider may minimize food and drink challenges.</p><p>We also learned one overriding lesson—the nuts-and-bolts aspects of the event, even some of the smaller details, are in many ways just as important as the subject matter. And so, assigning detail-oriented staffers to manage the training, delegating specific tasks, and meeting several times in advance to “walk though” the event can streamline everything, and smooth out rough edges.</p><p>Despite the challenges, we persisted, and our commitment to site supervisor training has been rewarded. The feedback from site supervisors has been positive, and our clients truly appreciate that the people they work with every day are recognized and supported.​</p><h4>Training Session Subjects</h4><p>The training session, including breaks, lunch, and all presentations and discussion, lasts three hours. The session starts with an introduction and thanks given by the highest-level company official available to participate. Next is a 10-minute overview of the company’s mission, vision, values, ethical expectations, accomplishments, and how it differentiates itself in the marketplace. We have found there is engagement value when an executive not only welcomes everyone, but also advocates for the work of the organization.</p><p>The executive then invites the attending site supervisors to introduce themselves, to include name, rank, what site or sites they supervise, length of time in the position, any unusual duties or responsibilities at the site, and what they did prior to their current role.</p><p>After these remarks, coverage of the main subject areas begins. In our training session this includes leadership, customer service, communication, emergency preparedness, human resources, and supervisory duties.</p><p><strong>Leadership.</strong> In the last few decades, various studies out of Harvard Business School on the subject of employment and engagement have issued different variations of the following finding: what matters most to employees is how they feel about their immediate supervisor. Love them or hate them, this view is crucial in defining performance. </p><p>This finding can be used as a valuable teaching tool—an opportunity to illustrate the crucial role each site supervisor plays in the stability and performance of the workforce. It also can be used to emphasize that supervision and management are not about privileges, but about professional responsibility.   </p><p><strong>Customer service. </strong>Reiterating the components of strong customer service is always valuable, even for the most accomplished supervisors, because it further reinforces their professionalism. Reminders about the importance of first impressions, listening, and seeing issues from the client’s perspective reinforce this important aspect of their roles. Additionally, speakers in this section should remind the supervisors to impress these standards on their security officer team.</p><p><strong>Communication. </strong>Subject matter in this area includes the importance of maintaining the continuous flow of information between the site supervisor and account manager; how to determine the method to be used for this communi­cation, and how to automate it; and en­sur­ing that supervisors regularly communicate to their team members in an effective manner. All these components are key to good site relations.</p><p>Finally, it is important to make clear exactly what a supervisor is supposed to do when something goes unaddressed by their employer. Examples include an unanswered payroll questions or an unaddressed uniform need. This module contains procedures and contact information.</p><p><strong>Emergency preparedness.</strong> The term emergency preparedness may conjure up images of hurricanes, tornados, and flash floods. But in private security, emergencies often occur at a much more individual level. For example, each of these events, and many others, were handled by security professionals on our staff since the last L-3 Training: </p><ul><li><p>An officer observed a fleeing burglary suspect and advised the pursuing police. <br></p></li><li><p>An officer located potentially catastrophic leaks during a rainstorm, and made a 4:17 a.m. phone call to the facilities department. <br></p></li><li><p>An officer talked suicidal individuals off a garage ledge.<br></p></li><li><p>An officer identified an electrical short in a fountain strong enough to severely injure or kill someone. <br></p></li><li><p>An officer recognized a client’s employee from a crime alert. <br></p></li><li><p>An officer responded to a person in cardiac arrest and provided them CPR. <br></p></li></ul><p>Reminding site supervisors about what can go wrong puts them in a proactive position to prepare their staff members for such events. Site supervisors are instructed to examine the most likely emergencies and hazards at their site and collaborate with the client on developing plans should one not already exist. A methodology for creating an Emergency Action Plan is provided.  </p><p><strong>Human resources. </strong>This essential topic is easily overdone. Suggestions for increasing information retention include observing strict time limits, choosing a dynamic presenter, and ensuring that the presenter is prepared.</p><p> The employee handbook should reinforce everything the presenter is saying and any on-duty supervisor who needs clarification should contact HR immediately. In fact, that should be the critical takeaway from this section—call HR early and often. Site supervisors should be made comfortable seeking out advice from HR. Not doing so is where a snowballing problem first starts. </p><p><strong>Supervisory duties.</strong> Despite scheduling’s crucial role in successfully performing supervisory duties, it is often assumed that anyone can figure out and do these tasks. This is a mistaken assumption. Clearly defining responsibilities in training can prevent misunderstandings that can lead to disgruntled supervisors and officers. </p><p>Questions that should be addressed here include: Who will be preparing the weekly schedule? How will changes be conveyed to payroll and for the invoice?  When is overtime a company issue and when might it be a client issue? Who takes calls from absent officers and how do they denote the time spent doing so on their timesheet, if it is their responsibility?  </p><p>Site supervisors need to know who can answer questions such as: “How much vacation time do I have on the books?” or “What if my New Year’s Eve shift starts at 11:45 p.m. but I work 7 hours and 45 minutes on the actual holiday—do I get holiday pay?” When officers have a payroll question, who should the supervisor contact, how should they contact them, and when should they expect an answer? Also important, what should supervisors do if they get no response or cannot reach anyone? Have goals about what you want to convey and stick to them.​</p><h4>Takeaways</h4><p>Below are a few final takeaways, based on numerous site supervisor training sessions.</p><p>Personalizing the event enhances the chances for success. For example, our winter session includes presenting supervisors with their company holiday presents, as well as gifts for the officers they supervise, which they are entrusted to present back at their sites.   </p><p>Whenever possible, invite experienced site supervisors (and former participants of the training program) to teach as many of the sessions as possible. In our last program, all subjects other than human resources and scheduling, payroll, and invoicing were taught by site supervisors.</p><p>Conduct anonymous polling at the end of the event. The absolute honesty of anonymity allows for continuous improvement. Occasionally, some commenters will identify themselves; my favorite evaluation survey response had the following scribbled on the bottom of the form: “I, Lt. Lawson, would like to be a guest speaker during the next training session...”  </p><p>--</p><p><em><strong>Chris Stuart </strong>is the vice president of business development for Top Guard Security. He serves on the ASIS International Leadership and Management Practices Council and the Security Services Council. He is the Past President of the Virginia Security Association and has been employed in the uniformed private security industry since 1988.</em></p>
https://sm.asisonline.org/Pages/Yale-Opens-Doors.aspxYale Opens DoorsGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​When an anonymous person phoned in an active shooter threat to Yale University in November 2013, the central campus in New Haven, Connecticut, went into lockdown mode, and everyone was ordered to shelter in place. </p><p>The FBI and several other law enforcement agencies responded to the situation. No gunman was ever located, but Ronnell Higgins, the university’s chief of police and director of public safety, says the incident provided an opportunity for the campus to evaluate its overall safety and security posture. </p><p>“We looked at what happened versus what we want to happen in the future and, by injecting different technology and processes in, how we will improve the narrative if something similar occurs again,” Higgins says. </p><p>Active shooters are a rare occurrence at any university, including Yale, but there are a number of daily challenges the educational institution faces because it’s home to 11,000 students and a 3,200-member faculty.</p><p>“The Yale University campus is truly woven into the tapestry of the city of New Haven,” he notes, adding that there is a balance between creating a welcoming, open environment and providing security. “We don’t want to turn the place into a fortress, but we have to be ever so cognizant of the environment and our obligation to provide safety.” </p><p>While the public safety department had significantly reduced one of its biggest problems—larceny—over the last five years, Higgins says that campus law enforcement wanted to do more to not only reduce crime, but improve overall efficiencies when it came to access control. </p><p>After the active shooter threat, the vendor for Yale’s access control system began phasing out its technology. So, working with its dedicated in-house IT team, the public safety department decided on three major goals to address in updating the access control system. </p><p>They were: have a single point from which to manage access control; increase security around the movement of students, employees, and visitors; and increase overall efficiencies, including mobilizing credentials and streamlining lockdown procedures.</p><p>To determine which access control technology was most appropriate for Yale, the university hired an outside consultant to evaluate proposals, says Dave Boyd, director of information technology for the public safety department. </p><p>The university interviewed the top vendors and, in the end, chose AMAG’s Symmetry SR Solution. Implementation began in July 2014 and is expected to be completed by the end of 2017; currently, more than two-thirds of the university’s buildings have been upgraded.  </p><p>The AMAG solution appealed to Yale for several reasons, including the fact that installers would not have to rip out and replace existing hardware. Instead, Symmetry uses the university’s existing wiring infrastructure, allowing it to keep the door card readers installed around its 450 buildings. </p><p>“That was one of the big selling points, because we have some buildings here that are over 200 years old with three-foot stone walls,” Boyd says. “So not having to do a rip and replace saved us millions of dollars.”</p><p>AMAG Symmetry also allows the university to manage access control for all buildings from a single interface. Eventually, Boyd says, Yale can tie in video and alarms to the system, as well as assign threat levels that will lock down certain parts of campus in the event of an incident. </p><p>AMAG Technology’s professional services team wrote an interface to Yale’s internal database to pull data into Symmetry from the university’s access control database. While Yale had to replace a computer board component within all of its existing door readers, students and faculty kept the same cards–microchips inside them were updated electronically. The credentials the faculty and students use to open the door are the same cards they use for identification, dining, and vending. </p><p>“We didn’t have to change the cards—the end users don’t even know this project is happening, just the building managers,” Boyd says.</p><p>Boyd adds that throughout the installation process, card holders would occasionally find that they did not have proper access levels after the switchover. To remedy this, the IT team went building by building to make sure the right people had access to the right places by comparing its old access control database spreadsheets to the new system. </p><p>AMAG also sent a dedicated engineer to remain on site during the first two years of the installation process. “So even issues that looked like they could have been bigger were resolved very quickly because he was on site,” Boyd adds.</p><p>Having its own public safety IT team allows Yale to tailor its technological solutions to the security needs of the campus, Higgins says. </p><p>“When Dave [Boyd] and his team are a part of our meetings, even if it doesn’t have anything to do with IT at the time, they’re thinking about how they can support us through technology, through the software, through systems like AMAG,” Higgins explains. </p><p>Boyd echoes the partnership’s effectiveness. “Most of the time we’ll sit back and just listen and try to find their pain points. Then we try to come up with technology solutions to take care of those pain points.” </p><p>He adds that the Symmetry Threat Level Manager will be activated at the end of the installation, providing even more security on campus. This feature can remotely lock down certain buildings based on the given emergency. With this feature, “it’s the push of a button” to lock down the campus, Boyd says.  </p><p>Higgins emphasizes that access control is a cornerstone for responding to any emergency. “Responding agencies may not be familiar with our architecture or the layout,” he says. “So when we think about access control…it’s incumbent on us to think about access control in emergency situations for people who aren’t familiar with our campus.”</p>
https://sm.asisonline.org/Pages/Metrics-and-the-Maturity-Mindset.aspxMetrics and the Maturity MindsetGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​Close your eyes and imagine yourself throwing darts at a dartboard. Any wagers on accuracy? </p><p>In the physical security space—that place where guards, gates, and badges once ruled—using metrics alone to measure risk and present value to the enterprise is similar to throwing darts blindfolded. While cybersecurity is critical, the physical security of people and property remains essential to strategic and tactical risk management for most organizations. What security teams often fail to recognize is that it’s essential to understand how mature you want to be in a variety of physical security domains and build an enterprise security risk management strategy around those maturity levels. Measuring metrics alone is simply cataloguing the completion of activity without a view to security risk management maturity or a clearly articulated strategy. That trio—a maturity mindset, a clearly defined strategy, and metrics measurement—is fundamental to effectiveness.</p><p>The Enterprise Security Risk Management team at Caterpillar Inc., headquartered in Peoria, Illinois, has joined forces with security experts at Ernst & Young LLP (EY) to demonstrate the value of having a maturity mindset. (See “Maturity Model 101” on page 38 for more on the process.) Not only does it help protect the people, products, property, information, and brand at Caterpillar, it also is central to making sure the security team and strategy are predictive and poised for future challenges and opportunities.​</p><h4>What’s Wrong with Metrics?</h4><p>Collecting data is valuable, of course, but the emphasis on metrics in the security discipline is sometimes misguided. Security teams can end up doing a good job of executing on a bad process. Metrics may look great, but if they measure an immature or broken process, they really don’t answer the questions that should be asked. For example, IT security might be proud to have cleaned 17,000 viruses out of the system in its efforts to be compliant, when it actually missed 5,000 viruses due to inadequate process or scope. The numbers don’t show the lack of effectiveness because the process is broken. Knowing how mature you want to be is what makes the difference because maturity targets translate into specific activities, programs, and projects to achieve the desired state, and metrics help measure against maturity.</p><p>For example, when Caterpillar Enterprise Security first began using EY’s cybersecurity maturity model, a decision was made not to be extremely mature in terms of evolving prevention technologies. Instead, the team wanted to become best-in-class in detect-and-respond maturity, assuring the ability to quickly recognize any serious network attacks and mitigate risk effectively. The objective was to give management reasonable assurance that the cybersecurity program would not become a money pit, spending wildly to prevent attacks that, frankly, are unavoidable in today’s climate. That picture for executives was literally worth a thousand words—the board and senior executives value the model as an excellent snapshot of where the security function is in time and where it is trying to be, as well as how it compares to peers in other industries such as financial services or transportation. Success in using the cybersecurity maturity model to communicate effectively with the C-suite—something with which physical security professionals often struggle—indicated it was time to apply the same effort and analysis to protecting people and property. ​</p><h4>Why Is a Maturity Model Better?</h4><p>In April 2013, Caterpillar and EY engaged eight CSOs from globally recognized companies and other industry experts in face-to-face and virtual meetings over nearly nine months to agree on domains, subdomains and definitions most relevant to physical security. The varied viewpoints and needs among the group led to interesting discussions—some more complex than others. For example, those with a more global footprint noted that the term “investigations” carries different meaning in some parts of the world and should be changed to “inquiry and investigations.” Some of the subdomains emerged from these discussions, assuring the ability to weight each area with more granularity and better reflect how various security organizations operate in different industries or parts of the world. Ultimately, the group agreed on nine domains, some with subdomains.</p><p>EY then developed a comprehensive questionnaire and interview guide with hundreds of questions related to each area. An independent assessment team executed the model among key stakeholders at Caterpillar for each of the nine domains to plot the first set of physical security maturity results. For example, consider the Crisis Management domain. The interviewer asks a variety of questions, including “Is a Crisis Management Plan in place?”; “Is there an assembled crisis management team?”; and “Does management have sufficient program oversight?” The assessment then follows with the 1–5 ratings. (See “Maturity Levels” 101 on page 38.)</p><p>Leadership visibility or support of the Crisis Management program would indicate a Defined (3) rating, yet only formal engagement from executives will garner an Optimized (5) rating. Having metrics and reporting requirements that are defined and integrated into annual evaluations is an indicator that the program is Managed (4), but not until these are reported to executive leadership on a regular basis is it possible to achieve a rating of Optimized (5).</p><p>With regard to the Crisis Management Team, ratings may vary based on roles and responsibilities, certifications and training, whether or not cross-functional members are included, and who has ultimate decision-making authority. When it comes to integration into the company’s disaster recovery plan, having no processes for integration merits an Initial/Ad Hoc (1) rating; a maturity target of Defined (3) might be sufficient for the security function if these crisis planning areas are handled effectively elsewhere in the enterprise. </p><p>Over the next couple of years, the assessment team refined the questionnaire to clearly delineate the future targets for each subdomain and to make it more Caterpillar-specific where needed to provide a more detailed picture that was still easy to comprehend. Caterpillar continues to raise the bar for various levels of maturity, and this tool also helps adapt to changes in the threat landscape—adjusting capabilities and technology resources as suggested by the desired future state and the output of the tool.</p><p>Caterpillar’s Physical Security Maturity Model has focused attention around two aspects of its physical security programs: First, is the maturity level of each area correct, or do some need additional attention? Secondly, do some areas need additional funding, and, if so, how can it be applied to advance the maturity? In the Crisis Management example, Caterpillar moved from a Managed (4) to Optimized (5) maturity rating by reporting metrics in this area to the executive office on a regular basis. To improve its maturity rating in the General Training and Awareness subdomain of Awareness, Caterpillar Enterprise Security budgeted for an annual Security Awareness Week that promotes awareness of both physical and cybersecurity among employees globally to move the maturity needle.</p><p>The maturity model has created a template for discussion with executive management that is simple to use and visual—it clarifies communication. The tool also is used for discussion with executives and the board to reflect progress and also to highlight areas needing additional investment. The visual representation (see “Maturity Model in Action,” page 38) tells a story quickly, capturing executive attention, and it provides a level of context that management can grasp more immediately. Once the executive office has this picture of where Enterprise Security stands, a detailed discussion follows as a corollary to this picture and facilitates more effective decision making. The tool has reinforced the security team’s emphasis on a risk-based approach to providing security of people and property across the enterprise.​</p><h4>Are There Collateral Benefits?</h4><p>Interestingly, the Enterprise Security team is finding that the maturity model also provides a platform for telling its story—helping executives better understand what the Enterprise Security organization does. Each time the maturity model is presented, it creates an opportunity to talk about the team’s services and the value the team adds to the enterprise. For some CSOs, the maturity model could help to provide a justification for expanding or increasing the portfolio of services or areas of responsibility.</p><p>A physical security maturity model also is an excellent tool for building security risk management collaboration across the enterprise. It helps security teams better understand where there are overlaps and recognize that not everything in the model is owned by the security organization. It presents a picture of security capabilities and needs, regardless of who owns them—from facilities to employee health and safety to human resources to legal. To drive change, stakeholders have to agree to engage annually on what’s needed to move toward the future state and achieve maturity levels.​</p><h4>What’s Next?</h4><p>Caterpillar and EY are still accumulating information and evolving the Caterpillar Physical Security Maturity Model questionnaire and implementation process, expecting it to follow the same path as the cybersecurity maturity model in becoming a slide rule for risk acceptance, risk mitigation, and security investments. It is quickly becoming an effective tool for gaining faster agreement among business leaders about how much risk they are willing to accept for their operations, whether in Illinois, Ireland, or India. Using this tool to present a clear picture of where Enterprise Security was, where it is, and where the function wants to go demonstrates to executives where their investments will have the greatest impact.</p><p>Moving forward, Enterprise Security at Caterpillar will integrate maturity of both physical and information security into these discussions. This will give management a perspective on decisions being made in each area and unified Enterprise Security strategies. In the longer term, the plan is to converge the two models into one to present a unified Enterprise Security Risk Management roadmap. And, as EY collects data over time from other companies using the tool, it will show how Caterpillar security compares against its peers, and eventually provide a broader view across the entire industry.  </p><p>--</p><p><em><strong>Tim Williams, CPP</strong>, is CSO of Caterpillar Inc. He is a current member of ASIS International and a past president. <strong>Tom Schultz </strong>is an executive director at Ernst & Young LLP. ​</em></p>
https://sm.asisonline.org/Pages/December-2016-Industry-White-Papers.aspxDecember 2016 Industry White PapersGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p><em>​Sponsored Content.</em></p><p>SIS international is committed to serving the information needs of the global community of security </p><p>practitioners. One means of delivering subject matter expertise is to partner with the manufacturer and supplier community to elicit a breadth and depth of insight and practical information that all too often goes untapped. The papers in the following pages reflect one aspect of that ongoing project. </p><p>According to a recent Security Management survey, fully 90 percent of ASIS members describe vendors as reliable contributors to the ongoing conversation in the industry, and many say they have gleaned valuable insights and information from vendor materials that they are not getting from other media sources.</p><p>The challenge, say security practitioners, is the low signal-to-noise ratio in vendor communications. Some say that vendors communicate only information that contributes to their sales. Others suggest that vendor communications historically have been narrowly tailored to their specific products and services. </p><p>To leverage this industry source for members while simultaneously addressing the concerns they describe, Security Management is partnering with security vendors to develop original content. For the past six years, this partnership has produced white papers, case studies, and an online presentation series that showcases subject matter expertise with impartiality and context. </p><p>We hope you will find that this collection of 2016 papers instructive and educational. The experts representing distinct solutions often use their own products and services to illustrate points about technologies used or practices chosen, but the information is designed to be a useful addition to your broader efforts to keep abreast of the advancing security industry.​</p><h4>No Train. No Gain</h4><p><strong>By G4S</strong></p><p>A cross sectors and industries, employee training becomes a vulnerable budget item in challenging </p><p>economic environments, and the security industry is no different. As organizations seek to boost competitiveness and profitability through cost reduction, business processes are identified for reduction or elimination. All too often training is seen as expendable, rather than a strategic necessity. </p><p>Research shows that effective training affects profitability, competitiveness, employee engagement, and customer satisfaction. A recent webinar sponsored by G4S and hosted by Security Management magazine emphasizes the importance of maintaining an adequate employee training program. This paper and the companion webinar, which is available at no cost, explore the impact that such programs have on an organization’s culture, reputation, and bottom line.</p><p><strong>Successful Companies Have Strong Employees.</strong></p><p>For every company, organizational strength is directly linked to the performance of its employees. According to a recent IBM survey of C-suite managers, 71 percent of CEOs rank human capital above products, customer relationships, and brands as the leading source of sustained economic value. </p><p>For the security industry, which is primarily service-based, employees constitute the product itself. Training security officers, therefore, not only improves the individual employee but also advances the interests of the organization. The same IBM survey found a correlation between training and organizational success, noting that 84 percent of employees in the best performing organizations receive the training they need compared with 16 percent in the worst performing companies. </p><p>Employees who are given the skills to do their jobs well and the support to grow their abilities and take on greater responsibility become more effective in their roles. Personal development of each individual employee helps produce long-lasting competencies and increases an employee’s motivation. </p><p>Most managers recognize that training is critical to project success. A majority of global leaders surveyed by IBM (65 percent) cited talent and leadership shortages as their top business challenge. At the same time, leaders at most of the organizations surveyed believe employees are currently receiving the training they need. Seven out of 10 human resources professionals said employees were being adequately trained, a number that rises to eight out of 10 among senior management. In many organizations, there is a disconnect between what decision-makers think about the level of training provided and what recipients feel that they need.</p><p>The Association for Talent Development reports that training and development supports business growth more than 75 percent of the time. They also note that large organizations have an advantage when designing, implementing, and budgeting for training programs compared to employees at midsize companies. While larger employers often have generous learning expenditure budgets, they typically spend less per employee than midsize organizations. This is because the cost to develop and maintain the training and development program is spread among more employees. </p><p>As a result, employees at large organizations typically receive more training hours than their counterparts at midsize organizations. On average, large organizations report that their employees received 36 hours of training, or approximately 4.5 days, compared to midsize organizations, which report that their employees received 27 hours of training, or nearly 3.5 days. At the same direct learning expenditure per employee, large organizations were able to provide an extra day of training to their employees. </p><p><strong>Safety and Risk Mitigation.</strong></p><p>Employee training and staff development helps organizations mitigate risk and has a considerable impact on safety for the organization, stakeholders, and the public. A 2008 Michigan State study found that U.S. security services is a $7 billion industry, employing 1.1 million unarmed security officers compared to 833,000 police officers. This study demonstrates that security officers play an increasing role in public safety.</p><p>Safety and risk mitigation are issues that security professionals help clients address on a daily basis. Employee training is a risk mitigation strategy that is measurable and can affect the bottom line. Training prevents unsafe environments that arise when workers lack the knowledge and skills required to use equipment and supplies safely, which could result in injury or death. A company that fails to train staff adequately should expect an increase in expenses related to medical care, damaged equipment, compensating customers for defective products, and lawsuits. </p><p>For example, as a result of an inspection by the Occupational Safety and Health Administration, one security company was cited with 15 alleged safety violations and faced penalties totaling $149,250. The majority of the proposed fine ($140,000) was for four willful citations for failing to train workers on recognizing hazardous situations and slip, trip, and fall prevention. </p><p>According to the U.S. Department of Labor, slips, trips, and falls cause 15 percent of all accidental deaths, second to motor vehicles, and are the number one cause of injury and lost working time in the world. In 2014, G4S implemented a Slip, Trip & Fall Safety Campaign to reduce preventable incidents and emphasize the importance of safety at their work sites. In the first year of the campaign, the company saw a 5 percent reduction in incidents, a 25 percent reduction in slip, trip, and fall costs, and a 27 percent reduction in average cost per incident. </p><p>Campaigns like the one implemented by G4S also provide opportunities to document processes or routines, a best practice that is a positive byproduct of training. Documenting processes mitigates risk and compensates for the absence of skill of individual employees.  </p><p><strong>Create a Learning Culture.</strong></p><p>Organizations that prioritize training and development minimize turnover, create an environment of continuous performance improvement, and improve customer satisfaction. An investment in training is an investment in employees. It increases motivation, making employees more positive, productive, and valuable to the organization over the long term. </p><p>Employee turnover costs organizations time, human capital, and money. Turnover of new hires is particularly costly. Since recruiting new staff is more expensive than retaining existing staff, appropriate training is imperative. Research shows that employees who do not feel they can achieve their career goals at their current organization are 12 times more likely to consider leaving than employees who do feel they can achieve their goals. New employees are 30 times more likely to consider leaving. </p><p>Staff development and education dramatically improve employee retention. The larger the gap between the skills required to perform a task and the actual skills of employees, the greater their dissatisfaction and the higher the turnover. According to IBM, new employees are 42 percent more likely to stay in their current position when they receive the training they need to perform the job properly. Conversely, employees who do not feel they can achieve their career goals at their current organization are 12 times more likely to consider leaving than employees who do feel they can achieve their career goals. </p><p>Training contributes to a learning culture in other ways as well. It strengthens the leadership skills of those implementing the training and creates opportunities for feedback, from manager to employee but also from employee to manager. It promotes the open communication necessary for a positive work environment. Finally, without proper training, it is difficult to promote or hire internally for positions higher up in the corporate hierarchy. </p><p><strong>Providing Value for Stakeholders.</strong></p><p>The benefits of a skilled workforce affect all areas of the organization from sales and marketing to customer service and support, and these efficiencies add value for stakeholders. </p><p>Research shows that adequate training improves communication and helps employees establish a greater number of positive working relationships, improving the employee’s experience as well as performance and customer service. Improved team skills ensured that objectives were met 90 percent more often. Strengthening team skills by only 1/3 increased the likelihood that stakeholders would meet their objectives from 10 to 100 percent, according to the IBM survey. </p><p>The International Data Corporation reported a $70,000 annual savings and 10 percent increase in productivity when teams were well trained, and an IBM case study pointed to 22 percent faster rollouts of products and processes. </p><p><strong>Training Methods.</strong></p><p>Many organizations are already training employees in customer service, legal authority, access control, and fire and life safety, as well as first aid, CPR and AED. Companies might consider expanding training further to include topics like ethics, conflict resolution, de-escalation, or how to interact with local and state officials who respond in emergencies. </p><p>Training and education are most productive when they are ongoing and continuous, but every training opportunity need not be a huge commitment of resources. Training formats vary and require different levels of resource commitment. Organizations may invest in big campaigns like the G4S Slip, Trip & Fall initiative, but a monthly meeting that addresses new industry trends or regulations is a small but worthwhile training effort as well. When preparing for a project, teams receiving 40 hours of training per member met their significant project objectives three times as often as teams that received 30 hours of training or less.</p><p>Some training methods include: </p><p> • Lectures – Usually take place in a classroom format and are led by a trainer or instructor covering specific topics.</p><p> • On-the-job training – Relies on employees to recognize the skills and knowledge they will need as they perform their work and then develop those skills on their own.</p><p> • Coaching and mentoring – Gives employees a chance to receive training one-on-one from an experienced professional and gives trainees the chance to ask questions and receive thorough, honest answers. </p><p> • Role playing – Allows employees to act out issues that could occur in the workplace. Key skills often touched upon are negotiating and teamwork. </p><p> • Technology-based learning – Includes basic PC-based programs; interactive media, using a PC-based CD-ROM; interactive video, using a computer and a VCR; web-based training programs. </p><p> • Technical training – Focuses on a specific need of specific employees.</p><p> • Outdoor training – Employs physical and mental activities that encourage teamwork and help develop collaborative skills. </p><p> • Case Studies – Provide trainees with a chance to analyze and discuss real workplace issues. They develop analytical and problem-solving skills and provide practical illustrations of principle or theory.  </p><p><strong>Lessons Learned.</strong></p><p>Leaders of top performing organizations understand the importance of training, education, and staff development at every level. Fostering an environment of continuous learning reaps benefits for the employee, the organization, and stakeholders. Training should be ongoing and processes should be documented as a strategy for mitigating the absence of skill of individual employees. As competition among businesses in the security industry increases, having an effective employee training program can be the difference between failure and success.</p><p>​<br></p><h4>Leveraging Business Intelligence in Your Security Strategy</h4><p><strong>By iView Systems</strong></p><p>Today, nothing is more critical to security and loss prevention operations than meaningful data. Every department within the operation bears the responsibility to not only provide useful data, but to continually improve the value of that data. Business Intelligence is used to help companies gain insight into their operations; segment and target customers to improve customer security, safety and experience while finding anomalies in the heaps of data to run more efficiently and effectively </p><p>This white paper explores how to change the game for your company. Learn how to collect and, leverage data to achieve effective loss prevention, risk mitigation, efficient fraud detection, incident analysis and monitoring. </p><p><strong>Harness Big Data.</strong></p><p>Today, the sources and volume of data collected have exploded. Security operations collect every event and incident from every transaction from various sources including alarms, environmental sensors, intrusion-detection systems and video surveillance.</p><p>The goal of a modern security department includes a set of processes and supporting technologies for data management to allow security practionitioners greater flexibility in cobbling together disparate systems into a unified security control system that enables Security Directors to know exactly what’s going on, in  real-time while providing analysis to generate actionable items that can give security operations the agility it needs in times of crises.</p><p>We define “big data” as a capability that allows companies to extract value from large volumes of data. Like any capability, it requires investments in technologies, processes and governance.</p><p>There is no doubt that business intelligence software provides the ability to analyze a multitude of transactions and information on one centralized platform, empowering users to capture, analyze and glean actionable insight, hidden in the layers of data within the enterprise. Data-driven risk management requires situational awareness that can only come from a systemic and holistic approach. True value comes from correlating large amounts of incident and security data and presenting it in an visually appealing format, whereby users are able to quickly draw conclusions act on it in in a timely manner.</p><p>Nowhere is this more true than in the security function, where protection can be only as complete as situational awareness. By giving safety, security, risk management and loss prevention managers the ability to track, organize and analyze their data via configurable dashboard visualizations, BI software can provide context and comparison of security related information. This context moves the risk capabilities of an organization toward prevention from a traditional reporting and documentation function, providing the ability to show causality and structure, while giving insight into security and safety related issues.</p><p>More than 86 percent of respondents to a June 2016 survey by CIO Insight now say that BI is important to their company and intrinsic to their role. Global revenue in the business intelligence and analytics market will grow more than 5 percent in 2016, reaching $16.9 billion this year according to a recent Gartner forecast. But it is only now that BI and analytics have matured enough that the market is offering easy-to-use, agile products designed for specific business functions. Off-the-shelf software products provide data in a way that can be incorporated into larger enterprise BI. They are grounded in specific functions in a way that fills the gap between the promise of BI and the reality of its application in the business unit and in small- to medium-sized businesses. For the purposes of this paper, we will consider the iTrak® Business Intelligence package available from iView Systems. While there are many competitors in the BI field—many of which are already in use in organizations that have not adopted BI for security—iView software is built specifically for the needs of security, surveillance and loss prevention. Unlike SAP, Microsoft BI, IBM Cognos, and other enterprise-level BI solutions, iTrak® is not a software that needs to be bent to the task of security and loss prevention through extensive customization and programming, but one that can be immediately deployed to produce results. </p><p><strong>Business Intelligence with Roots in Security and Loss Prevention.</strong></p><p>BI is not shaping just the practice of security and loss prevention, but also their overall role in the enterprise. “In the security and related risk fields, data comes in an unending stream from every device and direction,” says Martin Drew, president of iView Systems. Harnessing that data provides operational insights that create greater organizational efficiencies.  The investment in security is no longer just about protecting assets—but about leveraging those capabilities to create a financial return that is directly attributable to that investment. </p><p>Security practitioners have long competed at a disadvantage with other departments that made demonstrable connections to the financial bottom line. As the IT function became more integrated with security operations, the requirement to “make a business case” became the challenge for every upgrade or new investment.  But as Avi Perez, the chief technical officer for Pyramid Analytics writes, the best practices of business intelligence are not about making business cases, but about solving problems. </p><p>The iTrak® BI application was built explicitly for the security function and is rooted in just that—detecting anomalies in your data to to solve problems. The first and most obvious return on investment BI makes is in the reduction of manual security processes. Fully 76 percent of midsize or larger companies (more than 500 employees) relied on a manual processes for exception alert reporting from physical security systems as recently as two years ago according ASIS International research. Fewer than 30 percent of these same organizations had invested in business intelligence at that time. Considering that fully 71 percent of companies were using BI in some aspect of their operations as early as 2012, this represented a comparatively slow adoption rate by security practitioners. iView Systems committed to change these statistics with its iTrak® BI and found one of the most ready sectors to be the gaming industry. </p><p>“Casinos would spend as much as five days of every month just doing required manual reports,” says Giselle Chen, senior business intelligence analyst at iView Systems.  Automating that process can virtually eliminate that time requirement, improve the accuracy of reports, while speeding  the dissemination of the information to all identified stakeholders by simply scheduling the reports to run at whatever required interval.</p><p>“Several dashboards can eliminate virtually hundreds of reports and provide the ability to quickly drill down from the highest summary to as many established groups and sub-groups as required—even down to individual incidents,” says Chen. The investigation is not conducted through reams of paper, but by highly intuitive paths navigated by the simple click of a mouse. An international organization such as a hotel would be able to identify gaps in efficiency as the aggregate effect impacts the overall organization. Users can also expect a substantial decline in errors. While errors will always occur, through BI they can be addressed at a systems-wide process level and fixed once. With manual reporting, a certain persistent level of error exists mostly as occurrences at the incident report level. Training and active monitoring can help to reduce these, but human error is simply the cost of doing business with manual processes.</p><p><strong>Data Visualization: A New View.</strong></p><p>From this larger awareness, gaps can be explored and analyzed by specific regions, types of properties, or seasons of the year. This is the nature of how BI and analytics provide established reports and dashboards to raise situational awareness while providing ad hoc reporting to investigate the source of problems. Throughout the process, data visualizations depict the rows and columns of raw data in an intuitive format. Incident reports presented as bar charts immediately draw the eye to anomalies. Pie charts, heat maps and bubble graphs all create pictures that more directly engage the problem-solving capacity of the human brain. </p><p>By filtering out all the steps it takes to get from raw data to the dashboard display, BI software makes it easier and faster for end users to understand the information and how it relates to their department and operations using customizable data visualizations and dashboards.</p><p><strong>Showing the Big Picture as Well as Supporting Details.</strong></p><p>Another early win that has application in every security environment is reducing the impact of false alarms. “As much as 80 percent of any front-line security officer’s day can consist of responding to false alarms,” says Chen. The high rate of false alarms inflates the number of personnel required to guard a facility and can reduce the response time to actual incidents—increasing costs, while lowering efficiency. </p><p>With BI, supervisors have a real-time awareness of how their resources are allocated—where officers are dispatched, which officers are on break while distinguishing proprietary from contract staff and armed from unarmed officers. </p><p><strong>Self-Service business intelligence (SSBI)</strong></p><p>Self-Service BI enables business end users to rapidly design, deploy and analyze reliable data, at a relatively low cost to a business unit, with less dependence on IT.</p><p>“Reports are highly customizable and the training to use the BI toolset can take as little as 10 minutes,” says Chen. “Once a system is implemented, much of the data is already customized according to the requirements of the facility and the organization. The data, entered once, can serve many purposes without the burden of multiple entry in different systems. </p><p>From there end users can create and customize dashboards and reports with a simple drag-and-drop. This ad hoc capability to create new scenarios, combine disparate data sources and explore a variety of permutations and parameters of data are all part of a mature BI system that no longer requires extensive programming competencies. </p><p>The key to the success of iTrak® Bi is the fact that users don’t need IT experts by their side to work with the data presented in the dashboard. Users can access the dashboards, manipulate and analyze data and bring in other members of a team to work together on certain data analysis projects.</p><p><strong>Moving from Reaction to Prevention and Prediction</strong></p><p>The value proposition for BI in the security sector is not limited to creating efficiencies. Oft-cited in the industry literature is the capability for retail facilities to mine surveillance systems to better understand traffic patterns and position products with a data-driven understanding of their environment. Surveillance systems can also be used to monitor and enforce safety practices in warehouses and other environments where injuries are common. Access control systems and computer log-ins can provide international businesses with better awareness of how remote facilities are being used and create savings through fine-tuning HVAC systems and even reducing and increasing office footprints according to actual needs. </p><p><strong>A Look Ahead at BI.</strong></p><p>Data is the water we swim in today. We are creators and consumers of data and wielders of the intelligence it provides. The most substantial impact in 2017 will be the continued deployment of specialized BI platforms from analytic packages which come with an integrated set of tools, data schemas, business views, and predefined reports and dashboards that significantly accelerate the time it takes to get a BI solution up and running. </p><p>Packaged applications like iTrak®BI allow organizations to deploy BI on a small scale for a single department and then expand seamlessly to support other departments using the same model and platform, delivering a consistent view of enterprise information.  </p><p>BI will move increasingly to cloud deployments and mobile platforms with data security as the prime governor in the transition and the total cost of ownership will continue to drop and the realized return on investment will continue to grow quickly </p><p>Within a decade, the way we did business 10 years ago will be unrecognizable. The fundamentals of security and loss prevention will remain familiar, but how their function partners with other departments and contributes to the mission of the organization as a whole will be limited only by the imagination of the practitioner.</p><p>​<br></p><h4>Emergency Towers: The Case for Safety in K–12</h4><p><strong>By Talkaphone</strong></p><p>The perception and practice of security in primary schools around the United States changed one December day in 2012.  The tragedy that occurred at Sandy Hook Elementary School in Newton, Connecticut was a tipping point. Those charged with the security of K-12 school facilities across the country looked to their own charges with a collective sense of urgency. </p><p>“With everything in the media and some of the major events occurring, not only in our country, but also abroad, we’re coming to a better realization that some of these incidents could occur anywhere,” said Chief of Police Alan Bragg of Cypress-Fairbanks Independent School District in Texas.  </p><p>Cypress-Fairbanks is the third largest school district in Texas, providing education to more than 115,000 students in an area spanning more than 186 square miles. Eleven high schools, eighteen middle schools, and fifty-six elementary schools comprise Chief Bragg’s charge. </p><p><strong>Working with the District</strong></p><p>In 2014 the district passed a $1.2 billion bond, setting the stage for massive security, transportation, and infrastructure upgrades aimed at preparing the district for large-scale growth. With two to three thousand students added each year, just keeping up with growth is a primary challenge.</p><p>But Bragg, who came to Cypress-Fairbanks four years ago to start the police department, is ready for the challenge. He credits the school bond with empowering his team to create an environment that provides the best solutions to protect students, staff, and community members.</p><p>Key to those upgrades are 67 Talkaphone blue light emergency towers with call stations to be installed throughout the district. The blue light systems will be placed in strategic locations where the community tends to gather.</p><p>Bragg is not new to the advantages of Talkaphone. When he was leading police efforts at Spring Hill Independent School District, another large school district in Texas, Bragg credits a blue light system for saving a life when there was a medical emergency at a school athletic event. Because the blue light tower was integrated with the access control system, dispatchers were able to remotely open a door and give access to a life-saving automated external defibrillator (AED) system. Without that AED when and where it was needed, the outcome would likely have been different.</p><p>“When things go bad and an emergency occurs, sometimes cell phones aren’t available,” Bragg said. “Having that extra device out there could also be a lifesaver for us.” When response time is critical, the towers also offer the advantage of known location</p><p><strong>Installation Considerations.</strong></p><p>At Cypress-Fairbanks, the Talkaphone towers will be installed in centrally located areas where a lot of traffic is likely. Many of the schools are on what Bragg calls a “triplex”—a campus that includes a high school, middle school, and elementary school.</p><p>Each triplex will include a tower with a camera that will be placed in front of the high school, near a large parking area. Two additional camera-enabled towers will be placed near the athletics complex and in another central location.</p><p>Bragg’s goal is to place the towers where they can be accessible by almost everybody. Strategic sites have been identified across each of the Cypress-Fairbanks campuses and installation began in the summer of 2016.</p><p>While the shootings at Sandy Hook precipitated a far-reaching investment in security in schools around the country, the fact is, violence on K-12 campuses is a common experience. According to a report by the United States Bureau of Justice Statistics, Indicators of School Crime and Safety: 2015, there were 53 school-associated violent deaths from July 1, 2012 through June 30, 2013. In 2014 there were about 850,100 nonfatal victimizations at school, resulting in 363,700 thefts; and 486,400 violent victimizations, which include everything from simple assault to serious violence.</p><p>For Bragg, preventing these far more common threats is his day-to-day charge. That’s why his department functions just like any other police department, with round-the-clock monitoring and trained professionals on duty. </p><p>“It’s a 24-hour operation for our police department,” he said. “We monitor all our district burglar alarms and access control. Everything is handled by our police department.” </p><p>Soon Bragg will add those 67 Talkaphone towers to the list of tools his police department uses to secure the district’s campuses. He said he’s looking forward to the ability to turn on a camera at the device location and help diagnose a threat before arriving. Each of his blue light systems will allow the user to autodial directly into the Cypress-Fairbanks dispatch center.</p><p><strong>The K-12 Environment.</strong></p><p>Blue Light towers have been a staple on college campuses for decades, but have only recently begun to be deployed at primary and secondary school locations like those in Cypress-Fairbanks. The reasons are numerous, but Bragg and other industry experts think media coverage and heightened public awareness contribute to the pressure the public has begun to exert on its local schools.</p><p>Bragg said that it is not uncommon for him to receive a call from parents considering a move into the district. “Some of their questions revolve around crime statistics and if we’re safe,” he said. “Parents ask those questions now. It’s important to them.”</p><p>Today’s society is hyper-aware about security issues. Parents actively inquire about physical safety measures alongside the more traditional considerations such as class size and educational testing results. Those distinguishing factors ripple outward as successful schools create desirable neighborhoods which in turn drive local economies. To that end, the highly visible Blue Light towers are powerful symbols of security infrastructure. </p><p>While parental demands for greater protections are common, it is still unusual for school districts to have formally trained life safety professionals on staff such as Bragg at Cypress-Fairbanks. Life-long educators are not police and before investing in significant upgrades, it behooves schools to reach out to professionals that can conduct a thorough risk assessment and make thoughtful recommendations that will likely include both obvious and less-obvious security precautions. </p><p>Sometimes in budget discussions and even the occasional story in the media there will be a question as to how much security is actually needed. The plain fact is that the media does gravitate to school violence in ways that may raise fears out of proportion with actual risk. On the whole, K-12 schools are very safe places compared to the world that often surrounds them. </p><p>But school systems are legally accountable for a duty to protect students. This duty requires school officials anticipate potential and foreseeable dangers and take reasonable measures to safeguard children. </p><p>While secondary schools are the subject of a higher frequency of published negligence litigation, primary schools have a far higher proportion of judgements decided against them. Younger students are considered more vulnerable which places a higher duty of care on the school.  Ultimately, the decision will fall to a jury comprised of people who read the same media coverage of school violence. </p><p>Funding is the other obvious challenge. The simple fact is that most school districts are forced into making hard decisions with the budgets they are allocated. In such environments, it can be difficult to know where to start. </p><p><strong>Making Budgets Work.</strong></p><p>Bragg is quick to acknowledge these concerns, but believes parents and elected school officials will advocate for needed changes when they see the value in a blue light system. </p><p>“You can start with a basic device and you can get basic features that will enhance some of the security levels on your campus and then add other features as funds become available,” he said. “Sometimes picking a basic system to enhance security is a good first step. That’s important.”</p><p>Bragg adds that, in his years working with school districts, he’s witnessed parents mobilizing when the issue is important enough. “You’d be surprised how many times parents get together and say, ‘you know, that’s really great, I wish we had another one back behind the athletics fields’. Then they’ll do a fundraiser and car wash to help find the funds to make that school even safer,” he said.</p><p>Installing a Blue Light system, similar to those favored by Cypress-Fairbanks, doesn’t have to be a budget breaker and the return on investment is immediately felt in the deterrent factor created by the high visibility of the product. The towers, which stand more than 9-feet tall, can be modified to meet various needs and price points. Cameras, two-way broadcast systems, and even an AED can be stationed inside the tower. </p><p>The Talkaphone systems are built on an open platform that can be integrated with current standard communication systems and third-party vendors. This approach means that Talkaphone can easily be retrofitted into an existing environment without the need for numerous and costly upgrades—a major appeal for large and established districts like Cypress-Fairbanks. </p><p>The Talkaphone system operates on the standard Session Initiation Protocol (SIP), which means it will work with most major or modern Voice over IP (VOIP) phone systems on the market. Talkaphone devices can also send a digital output that can communicate with other central server systems, such as access control. This means that secondary or tertiary events, such as a lockdown or camera call-ups, can be triggered from the Talkaphone device. </p><p>Finally, mass notification capability is differentiator of the product, triggering notifications over the company’s Wide-Area Emergency Broadcast System (WEBSTM) to provide mass broadcasts and notifications that keep classrooms, offices, buildings, outdoor areas, and entire districts connected.</p><p><strong>Strategic Visibility.</strong></p><p>For Cypress-Fairbanks, the Blue Light towers are the most visible, public-facing, security upgrade to the campuses. Several other changes have been made behind the scenes to make the district a leader in securing its students. </p><p>VOIP phone systems are being installed this summer as are several new CCTV cameras—40 new cameras in each high school, 20 in each middle school, and 10 in each elementary. All of these upgrades work together to create a cohesive security program that provides the police department with the information and tools they need to do their jobs. </p><p>Equally important, however, is the fact that with the Blue Light system, each visitor to campus is empowered to keep themselves and their fellow community members safe. Even at night, Bragg knows that the towers will remain lit and visible and the only thing a user needs to do to find help quickly is push a button.</p><p>It is no accident that the Cypress-Fairbanks towers are placed in highly trafficked areas. “Our district is a very busy and active district with a lot of community involvement in the evenings,” said Bragg. For example, during the busy high school football season, the two football stadiums are in use from Thursday through Saturday during the week between late August and early December.</p><p>Bragg said that with a district as diverse as his, cellphones are not a given. Additionally, in events where quick intervention is required and first responders need to be called, the towers eliminate the hesitation that may come from not knowing what number to call.</p><p>At the end of the day, Bragg’s operational focus is strategic. “We’re being proactive and preventive,” he said. “Not a day goes by that we don’t talk about the safety and security of our staff, students, and facilities. It’s a priority for me and our district.​</p><h4>Cloud-Based Security Integration</h4><p><strong>By Team Software</strong></p><p>Without WinTeam, Jayson Yao believes he would have never landed one of his biggest customers. His company, 50 State Security Service, Inc., was seeking a government contract, and the client required customized billing. “The way that they needed their billing was the most complicated billing we had ever encountered. And because we were on WinTeam, we were able to furnish the detailed billing they needed,” Yao said. “It also had to match up to the biometric reports that WinTeam receives. If we weren’t on WinTeam, we couldn’t have complied with the invoicing.”</p><p>Yao, chief financial officer and vice president of 50 State, said his company was able to further cement the contract through an integrated customer self-service portal, which allowed the client to access 50 State’s officers’ schedules. “With the customer self-service portal, it was very easy for us to give them access to scheduling,” Yao said. “Without WinTeam, this would have been next to impossible to provide.” </p><p>WinTeam is an integrated, cloud-based software system developed by and for contractors in the building service and security industries. Developed by TEAM Software, it delivers financial, operations, and workforce management components to help streamline business processes and deliver a complete picture of profitability. Companies can leverage shared data from throughout their organization, and because it’s a cloud-based solution, data can be accessed from the office, home, or on the road. TEAM Software currently has nearly 400 clients in the United States, Canada, and the Caribbean, with hundreds of thousands of end users. TEAM Software is employee owned and focused on customer service. </p><p>Many companies choose TEAM Software because of the integration of the various components of its software. This integration helps reduce time and resources required to maintain various independent solutions, makes it easier to extract coherent information and reports from the overall system, and helps ensure compliance more efficiently. “We have everything from not only the operation side of the business and workforce management, but we also incorporate payroll and human resources and then tie it all to the backend, which is the general ledger for financial reporting,” said Jill Davie, TEAM Software senior vice president of client experience. “So having all of that information in one database and one system, where information flows seamlessly from one area to the next, is definitely the advantage of using TEAM Software.”</p><p>If companies are not using an integrated package like WinTeam, they may be using paper systems, spreadsheets, or unrelated software applications. Those systems may offer individual pieces like scheduling or payroll, but they will not be integrated with the backend general ledger. So then companies must purchase an additional accounting package and figure out how to make the various systems talk to each other. Companies may be working with multiple vendors, facing implementation issues, and struggling with ongoing costs and maintenance. </p><p>“WinTeam is focused on security companies, so their scheduling is really strong for that type of business,” said Betty Ritts, vice president of information technology at AlliedBarton Security Services. “It integrates compliance with it, so many of our officers’ licenses for various state requirements as well as armed licensing is integrated. Also, the scheduling is integrated with payroll and billing, so it keeps it all together. That makes it much easier if you have to go back and audit for a client. And there’s a lot of good bells and whistles to help us to manage the business.”</p><p>“We switched to TEAM Software because of the added versatility and added capability,” said Denis Kelly, executive vice president of Sunstates Security. He said his company made the switch in 2008 because of the integrated accounting, payroll, and scheduling functions that were offered, enabling users to run reports and analyze data. </p><p>In the end, businesses see a financial gain because they can get a complete picture of their profitability and make better business decisions, especially as they face shrinking margins and increasing competition. “It’s saving them time, making them more efficient, and getting them better insights into their business,” said Scott Gauger, TEAM Software director of sales. “There are a lot of different individual software solutions, but putting them all in a consolidated, integrated package—there aren’t that many out there.”​</p><p><strong>Integrated Features.</strong></p><p>WinTeam offers comprehensive financial and accounting management capabilities and allows companies to manage their workforce effectively with powerful scheduling tools. Companies can save time by creating weekly work schedules from permanent master schedules, then manage exceptions at a glance, like overlapping shifts, overtime, or compliance issues. The compliance tracker tool helps ensure that employees meet job requirements, like special licensing or training. Scheduling information is seamlessly integrated with accounts receivable and payroll, so companies can bill customers with accurate and timely information. The software also allows companies to track inventory and equipment issued to employees or jobs and monitor supply levels and costs. </p><p>WinTeam includes human resources tools to help companies administer insurance benefits in compliance with Affordable Care Act (ACA) employer regulations. Because timekeeping and human resources data is contained in one system, companies can easily determine employee benefits eligibility based on hours worked. In addition, all benefits and eligibility data is captured and available for ACA reporting and compliance. </p><p>Customers appreciate the many different features of WinTeam. For example, Barry Williamson, chief financial officer of GMI Integrated Facility Solutions, said his company finds the integrated system makes job cost reporting easier. “You can run an onscreen job cost on your computer, and there are drill downs to the source of every single number. So if accounts payable is involved, you drill down and see the accounts payable invoice that makes up the entry. If it’s revenue, then you can drill down to the customer invoice that makes up the revenue. You can drill right down to the daily time sheet through payroll to see where those numbers are coming from. It’s the same with inventory,” Williamson said. “Without even getting out of your chair, you can see every component that makes up the revenues and costs to see where you’re missing the budget or where you’re performing well against budget.”</p><p>WinTeam’s features work especially well in the security industry, where scheduling and licensing play such an important role. Companies can use the system to make sure officers are where they need to be at the right time and that they’re qualified for the job. Plus, the integrated mobile features mean information from WinTeam can be used by supervisors and officers in the field, in real time.</p><p>The personnel scheduling feature allows companies to track where they need to place officers based on their clients’ needs. In addition, workforce tools help managers ensure officers report to the site. With integrated time and attendance features, employees can clock in via telephone, biometric time clock or on their mobile device, and that timekeeping information is updated back in WinTeam from the field. Plus, the system will post alerts when officers do not report to duty. “They get a bird’s eye view of the entire operation, including all shifts that are currently active or will be active in the next hour,” said Mike Straub, TEAM Software senior vice president of software development. “They’re able to see all of the activity and all of the exceptions as they happen.”</p><p>Compliance has been a core component of WinTeam for more than 15 years. Companies can enter requirements at the job level, and then monitor whether employees have the proper licensing and training. When companies schedule employees for a shift, they can check to see if their licensing has expired. “The system will either warn or even not allow people to be scheduled based on that compliance,” Straub said. In addition, a compliance alert engine will allow companies to notify officers when licenses are coming due, so that companies can be proactive in making sure their officers have all that they need to be put in place. </p><p>Kelly, from SunStates Security, said TEAM Software has helped his company track compliance and training for its employees. “We have several hundred courses available for our people, from initial training to ongoing learning to customized courses,” Kelly said. “When someone takes a course, the challenge is tracking their results and ultimately seeing how they’re progressing as an employee. All of that information flows into WinTeam, so we can see everything from their initial background checks to when they’ve been hired and all the training they’ve completed.”</p><p>The mobile features offered by TEAM also work well in the security industry, allowing supervisors to access the information in the field so they can make good decisions about scheduling employees or finding the appropriate kind of employees to work. TEAM Software’s employee and customer self-service solution can be used on Android and Apple devices, with a downloadable app. Everyone in the company, from supervisors to employees, can use the app to see their schedules or retrieve their paystubs. And because most people are accustomed to using an app, it’s user friendly. </p><p> “With our mobile and web offering, we’re really trying to penetrate the entire organization of our customers. We want to bring our solutions all the way to the security officers, so the officers can benefit from receiving their paychecks through a mobile device,” Straub said. “We can even bring the technology to our clients’ own customers. They have customers who need to be able to access invoice information or other various operational types of information, so we’re continuing to improve our customer self-service capabilities so our customers can provide more information to their customers.” </p><p>Kelly said his company relies heavily on the mobile application, which allows managers to do quality assurance checks, compliance reports, and inspections in the field. Because officers have access to their schedules and paystubs on their mobile phones, those mobile features save time, which can be put back into improving customer service and growing the business.</p><p><strong>Roots in the Security Industry.</strong></p><p>TEAM Software was formed in the 1980s in Omaha, Nebraska. It all started when a building service and security contracting company was hunting for an integrated, industry-specific management system to help organize operations, streamline accounting processes, and provide insight into profitability. The company couldn’t find any existing solution that could do exactly what it wanted, so it put together a small team to build one of its own. Six years later, the team had developed the prototype for what is now known as WinTeam. Frank Labedz, the CFO and software project lead, realized that this unique solution could make a significant difference for other businesses, so he started a new company to offer the solution to other contractors.</p><p>Some 25 years later, TEAM Software still remembers its roots in the security industry. “We tailored the software around the security business, where what drives everything is your labor, your hourly workers. That drives your billing and your payroll, your margins and profitability,” said TEAM Software’s Davie. “So focusing our system around that piece of the software gave us an advantage in speaking the language of these companies—understanding that if you manage your labor and your workforce, that will drive your profitability and your success.”</p><p>Davie said TEAM Software actively promotes its product in the security industry, attending trade shows regularly and connecting with its customers face to face. TEAM Software also hosts its own annual conference for clients.</p><p>GMI’s Williamson said his company has taken advantage of the networking opportunities offered by TEAM Software. “TEAM’s yearly conference has evolved from a meeting that was basically sitting around in a hotel room to a large hotel gathering with hundreds of people. It’s come a long way,” Williamson said. “That environment is great to meet with people who are doing what you are doing and who have the same challenges as you do. It’s a good opportunity to talk with your peers.”</p><p>TEAM Software stresses not only its background in the security industry, but also its focus on customer service. The company became employee owned in 2007, with each employee owning stock in the company. The company was looking to reward its employees for all their hard work and wanted its employees to have a stake in the success of the company. And because they have a vested interest in TEAM Software’s success, they understand that they are only successful if their customers are satisfied. </p><p> “One of the key things we hang our hat on is great customer service, providing our clients with appropriate answers to their questions in a timely manner and following up on their needs,” TEAM’s Gauger said. TEAM Software offers a dedicated support department that answers customers’ calls, an implementation and education department that helps new clients, and ongoing training of existing clients for new products as they are brought out. </p><p>Ritts from AlliedBarton said TEAM Software listens to its clients. “Staff are very good about taking feedback and suggestions from their clients, especially when they’re going to change things or add new functionally. They’re very good about reaching out to clients for their input and brainstorming through things,” Ritts said. “They also stay on top of new things as they relate to payroll regulations, such as the ACA. And they let their customers know, so they’re a good source of information for their clients.” </p><p>The fact that TEAM Software is employee owned results in other benefits to its customers as well. “Our customers in the security industry know turnover and costs related to turnover. So being employee-owned reduces our turnover, which increases quality and efficiency and our ability to deliver,” said Straub. “We’re able to retain an amount of knowledge. Because that knowledge is not walking out the door every two or three years, we’re able to be a lot more efficient.”</p><p>By promoting a culture of strong customer service in the security industry, TEAM Software employees build strong relationships with their clients. “They’re more than a vendor, they’re a consultant,” Yao said. “They’re a resource that I use,  so it’s not only about how their software can help us. They have their finger on the pulse of the industry, so I can get feedback from them on the trends in the security industry.”</p><p><strong>Future Plans.</strong></p><p>Providing good customer service also means keeping abreast of changes in technology. TEAM Software made an early move to the cloud in 2001. While customers used to receive software and install it on their own computers, now most new businesses use the cloud, and more and more customers are coming to expect that type of service. The cloud makes it easier for companies to get on board, since they no longer have to purchase equipment like servers, install a network, and get everything up and running. </p><p>TEAM Software will continue to expand the technological capabilities of its software. “We’re on the cusp of bringing all that technology to a more central unified technology, meaning bringing our Windows application forward to be more of a Web-based solution,” Straub said. “That’s where our future belongs: trying to bring our entire set of platforms together as one suite of offerings so that it’s a more of a seamless and unified solution to all our customers.” </p><p>The company will also respond to the changing landscape, as the security industry sees more consolidation. “There are a lot of mergers and acquisitions happening,” Davie said. “Mid-size companies feel that they can market themselves to an acquiring company because they use our products.  Because we do have three of the top five largest security companies in the industry, some companies have felt that using WinTeam gives them an advantage in selling their business because they can integrate more seamlessly into the buying company if they use WinTeam as well.”</p><p>Davie said TEAM Software will continue to seek opportunities in the security industry and feels that there is room for growth. “It’s important for people to know we’re committed to the industry,” Davie said. “While we may consider branching out and offering our software outside of our niche markets down the road, we do not plan to turn our back on the security industry or leave that market in any way.”​</p><h4>Leveraging the Command Center Investment Enterprise-wide</h4><p><strong>By Christie</strong></p><p>Traditionally, command centers are considered part of the security operations domain. Cameras, intrusion detection systems, video and audio recordings, and alarms are just some of the security-related systems effectively monitored and managed in traditional command centers. </p><p>However, threats to an organization are not limited to physical security, and command centers can process data from a wide range of sources, offering risk mitigation throughout the enterprise. The ubiquity of IP-enabled technology, the increasing access to raw data, and the desire to minimize information silos expand the role of command centers. In this white paper, you will learn how investing in a command center can benefit the entire organization. </p><p><strong>Role Within an Organization</strong></p><p>For decades, certain industries have harnessed the power of a command center to support business operations beyond security. For example, telephone and data providers monitor outages, traffic, and data flow by region. Command centers are ideal for managing operations on waterways, highways, and public transportation networks. </p><p>In general, command centers enhance situational awareness, so events can be managed quickly and effectively. In the security world, that often means responding to physical threats. When a locked door is suddenly opened, an alarm sounds, and a streamlined response begins. </p><p>“In the old days a security guard would consult a notebook, saying, ‘What do we do when door number 32 is opened? Do we send a guard? Point a camera at the door?’” says Richard Derbyshire, CTS-D, consultant relations manager at CHRISTIE Digital Systems. Modern command centers offer an entirely automated environment. </p><p>“The response in the software is to trigger some form of alarm that then alters some aspect on the visual display,” Derbyshire says. “You have an intrusion detection, a connection outage in your security system, or some other abnormality. You also have an automated sequence to point a camera at the door, call up a series of response procedures, or display the scene of intrusion. </p><p>Command centers often feature a large-format, video display. For example, the screen might show a geographical map of a campus or a series of different images that change from green to red when an alarm status is triggered. The anomalous event is clearly registered by everyone in the room and—if required—elsewhere in the organization. What’s more, command centers provide flexible monitoring. Visual displays are networked; they can be monitored remotely, from a laptop, smartphone, or a backup command center. “The shared display within a shared space enhances understanding of what’s going on in the area you are covering,” Derbyshire says.</p><p><strong>Beyond the Security Budget.</strong></p><p>“Command centers are best applied when monitoring systems,” Derbyshire says. “Think of all the different entities in the world that can be construed as systems.”</p><p>Command centers are valuable tools for securing physical assets, but they also provide situational awareness that extends beyond security, mitigating risks, and safeguarding business processes. “Command and control environments are used for multiple aspects of the business, on both the commercial side and the government side,” says Ronald Willis, a senior associate at Shen Milsom & Wilke, LLC, an international technology and acoustical consulting firm.</p><p>For example, a command center can monitor the IT network across the corporation. “It has some aspect of security,” Willis says, “but the cyber guys are doing security. This is network or content monitoring,” he adds. “You might be a software development firm working on a video wall so that everyone can see it and track progress.” </p><p>Integrator Dan Gundry, a senior control room specialist at Vistacom Inc., agrees.  According to Gundry, one of easiest ways to leverage a command center is to integrate IT and physical security. “It provides the ability to leverage the same content to achieve the same goal—protecting the organization’s business interest and its people,” Gundry says. “We’re seeing the integration of both IT and physical security to leverage that investment, leverage the space, and bring operations into alignment.”</p><p>Providing everyone with a common operating picture improves responsiveness and decision-making by assimilating all the right data, Gundry adds. “When you take that concept and you move it beyond, you’re still talking about having the right info at people’s fingertips in a highly functional way.”</p><p>Derbyshire points to universities, which often integrate security functions within their data communications network command centers, either locating them in the same space or in adjoining spaces. “The security command center function is incorporated into the data network design because so much of the security system is an IP system,” he says. “If you lose a part of your IP system, you lose a part of your security system.”</p><p><strong>Supporting the Global Workplace.</strong></p><p>The command center environment also supports global business and information sharing. “If you’re working on a project in Abu Dhabi and you have to talk to an engineer in Chicago, you can do a Skype call and talk to them while sharing content over the network,” Willis says. “That information can be deployed and displayed on a virtual surface, or video wall surface. Whether you have a three-foot-square array or a 10-by-12 foot video wall, it’s still a virtual surface. You can do anything you want on that surface.”</p><p>Willis prefers the term “multi-array deployment” to command center, because the purpose of the technology and the way it is implemented can vary so widely. “I have a customer that has three different conference rooms, and they all have video walls in them,” he says. “They have different size arrays but the main purpose is to be a conference room or multipurpose room.”</p><p><strong>Growing Trend.</strong></p><p>Experts say that command center technology is being used in more building-wide applications, particularly in emergency management, emergency operations, and other specialty buildings where it’s important to have flexible content. While these organizations may have a command center or control room, information must also be sent to breakout rooms, conference rooms, war rooms, and managers’ offices. “Using CHRISTIE’s Phoenix platform as the backbone for video sharing across the enterprise, and within a building, is becoming more commonplace,” Gundry says.  </p><p>Command centers have a greater breadth of scope in an IP-enabled world, because a broad range of devices can be monitored. “Walk into a big building and, in your mind, peel away the finishes,” Derbyshire says. “Look behind and ask, ‘Why does that elevator go to the right floor every time? Why does the escalator stop and start when it’s supposed to, and how are the temperature and humidity controlled?’ They are all systems, and they can all be monitored and controlled by a central network.” </p><p><strong>A Case Study.</strong></p><p>When Ohio’s Hamilton County Emergency Management and Homeland Security Agency (EMA) upgraded its facility nearly three years ago, it was looking for a system that was flexible and reliable. “Unlike a lot of security centers, we’re not stagnant,” says Steve Siereveld, the organization’s operations manager and emergency operations center manager. “Most of the time when we looked at security centers, they had the same 20 or 30 displays up all the time,” Siereveld adds. “We switch wall layouts as the incident dictates.”</p><p>The EMA coordinates emergency response to all natural and manmade hazards in Cincinnati, Hamilton County, and 12 counties in three states (Ohio, Kentucky, and Indiana). However, its emergency operations center is a 24/7 “warm” facility, which means it is not always occupied. “It’s nothing for weeks and weeks,” Siereveld says. “But when something happens it’s a million miles an hour right out of the gate. We need something that’s quick and responsive.”</p><p>In 2014, the EMA purchased the CHRISTIE Phoenix—a network distributed open content management system for simultaneous encode, decode, and display of AV data—to use with its street and river camera system. Phoenix captures the camera feeds and brings them into a full HD video wall of 32 CHRISTIE Entero high-brightness 67-inch LED cubes. </p><p>“We’re constantly changing and redrawing the screen, and the screen redraws are quick,” he says. “We didn’t need something that took a minute to change screen layouts; we needed it to take a couple of seconds.”</p><p>While the center is equipped to help operators react to large-scale emergency incidents—caused by weather or terrorism, for example—Siereveld says the EMA has not experienced such an event for a few years. Instead, the center is used on a regular basis for planned events throughout the year, like firework displays over the Ohio River; Taste of Cincinnati, one of the nation’s largest street festivals, and the 2015 MLB All-Star Game. </p><p>The organization also uses the operations center for meetings, simulations, exercises, drills, and national homeland security classes. Human resources even uses the facility for employee testing. “There aren’t many places where you can find 54 computers in a room,” Siereveld notes. “They might put a PowerPoint up or just put a timer up on the video wall.”</p><p>Regardless of its use, the command center is a steadfast tool for the EMA. “From a user comfort and the reliability level, CHRISTIE’s technology has been very advantageous for us,” Siereveld says. “With our old system, it was older technology and sometimes it would work and sometimes it wouldn’t. With our current system, I don’t feel the need to fire things up two or three hours ahead of a meeting. I’m comfortable turning it on five minutes beforehand, knowing it will work.”</p><p>From an investment perspective, Siereveld says, “You can’t put a dollar tag on a life.” But he acknowledges that the CHRISTIE system saves the EMA money. With the old system, if a part broke, it had to be ordered from Japan and might take as long as three months to replace. Replacing bulbs cost approximately $50,000. “With the all LED, there’s one moving part, and we have no real maintenance,” Siereveld says. “Also, we have one set of spare components, and we can field swap them. If we do lose a display we can pull a module out and replace it. We’ve never had to do it, but we can if we need to.”</p><p><strong>Conclusion.</strong></p><p>With today’s networked systems and IP-enabled world, command centers can do more than alarm and video monitoring. In the security world, command centers focus primarily on situational awareness of the physical environment. They improve responsiveness by providing all operators with the same picture and positively impact decision-making. The security investment of a command center can now be leveraged throughout the enterprise—to enhance communication, secure supply chains, protect business interests, and contribute to the bottom line.</p>
https://sm.asisonline.org/Pages/Crime-of-Opportunity.aspxCrime of OpportunityGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​Over the past decade, retail and grocery stores have been turning to self-service checkout lanes to create a better shopping experience: making purchases will be easier and quicker, while store staff can be mobilized away from checkouts and into more customer-focused roles. However, self-checkouts and mobile shop-and-pay programs generate significantly higher rates of loss, a new report finds. </p><p>Developments in Retail Mobile Scanning Technologies: Understanding the Potential Impact on Shrinkage & Loss Prevention, a report by professors Adrian Beck and Dr. Matt Hopkins of the University of Leicester, analyzed data from nearly 12 million shopping trips from four major British retailers between 2013 and 2015. The researchers found that using self-checkouts in stores increased the rate of loss by 122 percent to an average of 3.9 percent of turnover.​​</p><p><img src="/ASIS%20SM%20Article%20Images/1216-asis-security-management-retail.jpg" alt="" style="margin:5px;" /><br></p>

 UPCOMING EVENTS AND EDUCATION

01 December 2016
7 Best Practices for Active Shooter Preparedness​​​ ​(Webinar)

05 - 08 December 2016
Program Planning and Crisis Plan Development​​​​ ​(Education)

07 December 2016
Psychological and Threat Assessment Perspective​​ ​​(Webinar​)

07 December 2016
Risk Management Basics for Off-site Events​​ ​(Webinar)

14 December 2016
Social Media and the Modern Student ​
(​Webinar)

23 - 25 April 2017
10th Annual CSO Summit ​​(Conference, Arlington, VA)


​More Events>>​​​