| https://sm.asisonline.org/Pages/Shooing-off-Copper-Crime-Waves.aspx | Shooing off Copper Crime Waves | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>Copper theft can be dangerous—even deadly. The metal is attractive for thieves, who often find the cover of night and the remoteness of a construction or utilities site the perfect scene for their crimes. </p><p>The value of copper is driven by the classic supply-and-demand scenario—the world's copper mining industry can't produce enough to keep up with the demand, says Ross Johnson, CPP, senior manager, security and contingency planning at Capital Power in Alberta, Canada.</p><p>"Since you cannot mine copper fast enough to keep up with the demand, the shortfall is made up from the recycling industry, and that's what drives up the value of copper," he notes. "Generally, when the price per pound on the scrap market goes up, what happens is the theft goes up as well." </p><p>In Canada, where there is little regulation in the recycling industry, thieves can more easily trade stolen materials for cash. "There's always a level of background theft around construction, especially in the electricity sector because there's so much copper that's used," Johnson explains. </p><p>There have been at least 15 deaths in the last five years related to metal theft in Canada, according to data from the Canadian Electricity Association. Thieves are often either unaware or unconcerned about the high-powered voltage running through copper and can be badly burned, or worse. </p><p>"Copper is used to ground electrical equipment," Johnson explains. "When people break into our facilities to steal copper, it renders the equipment unsafe because it isn't grounded anymore, and it could kill the thieves or utility workers that are going in to work on it."</p><p>Even when the bad actors manage to escape unscathed, there is a ripple effect in the surrounding community. For example, in October 2013 in Surrey, British Columbia, thieves cut through a utility pole in the province and waited for the BC Hydro and Power authority to respond by shutting off the power. </p><p>Once the power was cut off, the thieves removed five meters of braided copper wire. A nearby clinic was left without power for two days, affecting its ability to treat more than 200 patients. </p><h4>PEPS Alberta</h4><p>There has been a concerted effort by the sectors most affected by copper and other metal theft to fight back. </p><p>One such coalition is Provincial Electricity Physical Security (PEPS) Alberta, a working group made up of stakeholders from the electricity, metal, and telecommunications industries. </p><p>PEPS was formed about a decade ago to fight industrial crime in rural areas through legislative and educational efforts. The group works alongside the Royal Canadian Mounted Police (RCMP) and other law enforcement entities to reduce and prevent crime. </p><p><strong>Scrap metal theft.</strong> PEPS is working with the recycling industry and the provincial government to find ways to reduce metal theft. These methods include developing training material for the construction industry on safeguarding assets and for law enforcement to help identify stolen material, sharing of information related to incidents to help police resolve crime, and studying potential legislation to make it more difficult to sell stolen material. </p><p>"When thieves steal metal from us, they can take it to a recycler, and then the recycler buys it—that's where the trail goes cold," Johnson notes. "And the police can't investigate it because they need to be able to identify who sold that material to the recycler."</p><p>"We've been working with Alberta Justice, and a senior-level official and her staff," Johnson says. "The Alberta Justice officials we work with are actually members of PEPS, too, so they attend the meetings and communicate regularly with members." </p><p><strong>Calgary bylaw. </strong>There is a precedent for such regulation in the Alberta recycling industry. Calgary, a city within the Province of Alberta, passed a bylaw making it more difficult for thieves to trade in scrap metal without being traced. </p><p>"The Calgary Police Service initiated an investigative strategy named Operation Metallica, and it involved a team of police officers who focused on metal theft using the Calgary bylaw," Johnson notes. </p><p>One recycler he spoke to in the city said that she noticed an improvement in customers when the bylaw was passed; crooks were no longer coming to trade in stolen scrap metal. </p><p>"They were so successful in stomping out metal theft in Calgary that after a two-year period, Operation Metallica was terminated because the officers had accomplished their objectives," Johnson adds. "Calgary was a great example that this could work."</p><h4>Worksites</h4><p>While metal and other valuable materials make substations and other utilities sites attractive to thieves, Johnson says sites are weakest during the construction phase. </p><p>"It's usually because fences aren't permanent—if there are any—and there are often excavations and other things exposing wire and conduit," he adds. </p><p>As the potential for theft goes up, so does the potential for danger, Johnson says, explaining that stealing copper is literally playing with fire. </p><p>"Most people's experience with electricity is the wall outlets in your home in the wall where you get 115 volts," he says. "When you're dealing with electricity at the transmission and distribution levels, it is phenomenally dangerous."</p><p><strong>Safety concerns. </strong>Johnson used to work as security director at EPCOR Utilities Inc., formerly the Edmonton Power Corporation, a distribution and transmission company. "We had a construction arm as well that did a lot of work, and we were constantly getting hit by copper thieves," he says. </p><p>On one occasion, a thief trespassed on one of EPCOR's properties to steal copper. He entered an area of the substation that was fenced off from the rest of the substation and touched a piece of equipment. </p><p>The resulting arc flash flowed around him—not through him—and his clothing from the waist up caught fire. The substation engineers later said that there were about 7,000 amps of electricity in that plasma cloud (one-tenth of an amp can kill a person), and it would have been hotter than the surface of the sun. </p><p>EPCOR officials were greatly concerned after the incident about safety—not just of their workers, but of any potential bad actors who could be killed or injured. An executive of the company asked if an extra layer of fencing around all substations in the city would help, but Johnson said that would merely push the security concerns out further—not eliminate them. </p><p><strong>Construction guideline.</strong> "After a copper theft at a construction site or substation, the workers would tell us that they weren't concerned with the value of the copper stolen—they were only worried that someone would get hurt," Johnson says. </p><p>In one incident, someone used a pair of pruning shears to cut an energized 14.4-kilovolt line at a construction site. </p><p>"The damaged shears were found the next morning, and the worried electrical workers searched the area to see if the would-be thief was dead or injured," Johnson says. Not finding him, they even called local hospitals to see if they had a recent admission with severe burns. </p><p>With more than three years of experience as a safety and security supervisor in Houston's offshore oil industry, Johnson says he understood that metal theft was not primarily a security concern, but a safety issue that would best be addressed through safety management planning.</p><p>Few construction workers have security plans, but they all have safe work plans. The plan was simple: no copper left above ground after they cease work at the end of the day, and nothing—no scrap, no bulk wire, etc.—left in containers or anywhere else on site overnight. It was all removed and returned to the service center each evening. This new approach to combating metal theft paid immediate dividends—metal theft from construction sites almost disappeared.</p><p>The lessons learned at EPCOR eventually became part of a document from PEPS, the Construction Security Practices Guideline, which iterates that taking simple precautions throughout and at the end of the work day can help prevent crime and increase worker safety.</p><p>And one of the best ways to deter thieves mentioned in the guide? Don't use copper at all. </p><p>"One of the most effective crime-reducing measures is to not use attractive metals in the first place," according to the guideline. "Avoid using solid copper grounding straps and components wherever possible: use copper-clad steel (such as Copperweld) instead, because it has no commercial value." </p><p>Copperweld works similarly to copper, though it must be installed differently and doesn't have the same resistance as copper. </p><p>"It's steel or zinc coated with copper and it has no commercial value. You can take it to a recycler and they just don't want it," Johnson explains. "We tell people, 'If you have copper stolen, do not replace it with copper—because then they'll just come back and steal the replacement stuff, and you've become an automated teller machine,'" he says. </p><p><strong>Wind farms. </strong>As a wave of new construction is being planned for wind farms in Alberta, PEPS is aiming to introduce physical security measures to help reduce crime.</p><p>Pick any point in central Alberta, and there is a good chance a thick seam of coal lies deep beneath the ground. Traditionally, a majority of the province's energy was generated by coal plants. But Canada, a member of the Paris Agreement on climate change, is making strides as a nation to be less dependent on nonrenewable energy sources. </p><p>The New Democratic Party, which won the election in 2015, launched a billion dollar initiative last year to have renewable power make up 30 percent of the province's energy demands by 2030. With an aggressive timeline of constructing 5,000 megawatts of wind and solar farms, the government began taking bids from the private sector. </p><p>Johnson's company, Capital Power, had one of the first winning bids. </p><p>"There are all these wind farms being built in southern Alberta—and we do not want to feed crime," he says. </p><p>PEPS Alberta is working on several physical security measures that can be employed at the wind farms that will help deter and detect bad actors who, as previously discussed, tend to be attracted to construction sites. </p><p>Thankfully, Johnson says there are several simple ways that the private companies constructing the wind and solar farms can cut down on crime, as noted in the Construction Safety Guideline. One tool of choice for thieves is a disc grinder, which can cut through metal locks. </p><p>However, Johnson says heavy-duty locks that are immune to the disc grinder are available. Johnson is also working with Capital Power employee Ian Sustrik to create a small Internet of Things sensor that would be able to pick up any vibrations caused by a disc grinder being operated at a wind turbine—a thief has already tried his hand at cutting through one, Johnson says.</p><p>"The sensor sits on the inside of the door, and it's tuned for the vibration that you would get from a disc grinder," he notes. "If the sensor picks up that vibration, it sends a signal out and informs security." </p><p>The solution is low-cost due to the way the sensor communicates back to the security operations center. Rather than using cellular communication, which would require a more intricate network to be built, the sensor passes on the message to the sensor closest to it, then that sensor sends it to its neighbor, and so on—like a game of telephone. </p><p>"The message is passed down until it's got the one that has the cellular system on it, and that's the sensor that sends it to security," Johnson says. </p><p>As Capital Power works to develop similar security solutions, the company will disseminate them with the help of PEPS Alberta so other companies can take advantage. </p><p>"What we're doing here at Capital Power is trying to solve problems, and then sharing the solutions as widely as we can," Johnson says. "Ian will create sensors and then send out the instructions on how to build them, for whoever is interested." </p><h4>Awareness</h4><p>While PEPS Alberta is working with private sector and government officials to reduce crime, it is also focused on one of its primary audiences it says can help prevent theft—the public.</p><p>As part of this effort, Dan Blacklock, a former communications advisor to energy company AltaLink and former public relations lead for PEPS Alberta, says the group has developed several materials targeted at rural communities where crime is highest. </p><p>"These thieves come from rural communities, so it's about inspiring those communities to take action and work with local law enforcement, or to report suspicious activity that they see in their communities at rural substations," Blacklock says. "That's our number one lead to arrests, information that's brought to [Canada] Crime Stoppers and law enforcement from these rural communities of seeing suspicious activity knowing someone who has done something."</p><p><strong>Ad campaign. </strong>PEPS Alberta plans to launch a public awareness campaign soon that includes a series of advertisements with statistics about the number of people affected by metal theft, and case study examples of how the crime impacts the community. </p><p>Each ad contains the tagline, "When equipment theft happens, we all get left in the dark," along with a number to call to report suspicious activity. </p><p>Besides warnings about the danger of trying one's hand at metal theft, the ads also describe the increased physical security measures and law enforcement activity at substations to further deter thieves. </p><p>"Part of this awareness campaign is spreading the message that substations aren't easy targets, and that industries, law enforcement, and the government have come together to prevent it," Blacklock says.</p><p>The RCMP provided PEPS with a map of hotspot communities that have experienced the most substation crime in the past five years, and the ads are running in local newspapers in those communities. Facebook ads were also purchased to target specific communities, and posters will be placed in recreational centers and hockey arenas. </p><p>"Information and education around the impacts of crimes like this, it's really a preemptive crime prevention tool," Blacklock says of the campaign. "So, it shouldn't be overlooked for its impact." </p><p>Construction materials guide. While the ad campaign primarily targets the public, PEPS Alberta has also come up with a guide for law enforcement to help them better identify types of metal and materials stolen from construction sites. </p><p>Johnson recalls at an ASIS Seminar and Exhibits in Houston, members from Texas had produced similar materials for law enforcement. </p><p>"At an ASIS Houston lunch, there was a guy there saying a state trooper didn't know what oil field equipment looked like," he says. "Consequently, when they pulled over a pickup truck that had a bed full of stolen oilfield equipment, they didn't recognize it immediately as stolen—they just thought it was scrap." </p><p>PEPS solicited photographs and descriptions of items most stolen from the different sectors, resulting in the Critical Infrastructure Stolen Materials Recognition Guide, which acts as a look-book for law enforcement should they come across suspicious looking goods.</p><p>"It doesn't cost anything to share," Johnson says. "I can create a PDF document on my computer and I can send it out to the world, and it doesn't cost anything." </p><p><strong>Outlook. </strong>PEPS Alberta is continuing to work with its partners in critical infrastructure, law enforcement, the recycling industry, and the provincial and federal governments to find ways to reduce crime, increase reliability, and keep communities safe. </p><p>In the meantime, PEPS believes that through its Construction Safety Guideline, the advertising campaign targeted at the public, and other awareness materials, crime can be reduced or even eliminated at construction and substation sites throughout the province. </p><p>"Someone can look at those crimes and think, 'It's just an industrial crime and there aren't any victims,'" Blacklock says. "But when you actually take a step back, you can see how serious and impactful those crimes are—people's lives are at risk."</p><p>Johnson reiterates that by stopping crime at a rural substation or a remote construction site, the ripple effects that devastate communities can be eliminated. </p><p>"The aim here is to stop people from stealing our stuff because it brings in thieves. If thieves are successful, they'll come back. If they come back, they're stealing not only our stuff, but they're stealing from the local farmers, the local communities," he says. "And that's bad for everybody." </p><p><br></p><h4>Sidebar: Metal Theft Impacts Communities</h4><p>Copper isn't the only type of metal that thieves are after, says Ross Johnson, CPP, senior manager, security and contingency planning at Capital Power. </p><p>Any type of nonferrous metal—not containing iron—is potentially valuable to crim-inals, including lead, zinc, brass, and aluminum. For example, cell phone tower batteries are often targeted for the lead they contain.</p><p>And the value the criminals get for the stolen material versus the cost to replace and repair the damage is virtually nothing. "You have a $400 battery that is stolen and destroyed for $3 worth of lead," he notes. </p><p>Brass theft has also been a major problem in Alberta and has had a devastating effect on the history of local communities. Not only do thieves steal brass urns from cemeteries—in some cases, brass plaques memorializing war veterans have been destroyed. </p><p>"Thieves are removing the brass plaques and destroying them, and then taking them in for the brass metal value," Johnson says. "The problem with that is that nobody knows what the plaque said, unless you have a photograph of it." </p><p>In 2018, an Edmonton man was arrested for stealing 18 memorial plaques, receiving $525 for the scrap metal, reported Radio Canada International. </p><p>"Literally the history of small towns is disappearing, especially around war memorials," Johnson says. "To me, that's a compelling reason to try to stop this."</p><h4>What is PEPS Alberta?</h4><p>PEPS (Provincial Electricity Physical Security) Alberta is a team of men and women from the electricity, oil and gas, telecommunications, energy pipelines, and water industries; the National Energy Security Professionals (NESP) group; trade associations; recyclers; law enforcement; the metal forging industry; the National Energy Board; and governments at the Canadian federal, provincial, and municipal levels. </p><p>The PEPS coalition promotes public safety, the resilience of critical infrastructure, and crime prevention.</p> | | |
| https://sm.asisonline.org/Pages/Career-in-Security-Pathways.aspx | Career Pathways in Security | GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | A career in security management comes with diverse options for growth and impact, and the many different pathways available are not always clear or intuitive.<p>When students are trying to plan for their future, or more tenured professionals are contemplating a career transition, there are many questions. What traits and competencies do professionals need at different stages in their careers? Should individuals focus on becoming more specialized or growing into broader responsibilities? How can you take your career to the next level?</p><p>ASIS International partnered with the Security Industry Association (SIA) to answer these very questions in the Security Industry Career Pathways Guide. ASIS and SIA commissioned McKinley Advisors, who analyzed more than 2,400 survey results, conducted numerous telephone interviews, and performed other research, to develop the guide.</p><p>One finding is that, unlike some professions that provide a linear career path, security is diverse, comprising many job roles, salary levels, career opportunities, and sectors. At the highest level, security can include a multitude of functions for business organizations related to the provision of security services and technology. Employment opportunities range in terms of salary and position from entry-level security officer positions to investigators specializing in specific areas to directors at major global corporations. </p><p>Security spans a variety of sectors and markets and each specialty has its own set of requirements and issues, such as shoplifting, privacy rights, or data security. Security also has interrelationships with other departments or areas, such as risk management, safety, law, finance, business continuity, network and computer security, risk analysis, facility management, and others. </p><p>The diversity of the profession provides opportunities for horizontal career growth potential, in which roles expand into other business functions or areas in addition to security. In today's technologically advanced and globalized market, jobs are becoming even more complex in terms of focus and growth opportunities. All of this makes security management a challenging and exciting profession to navigate, define, and understand.</p><h4>Three Career Stages</h4><p>Security professionals generally fall into one of three career stages. The accompanying infographic (page 44) describes each of these career stages—examining sample job titles and responsibilities, core traits and competencies that enable someone to master each role—and identifies the skill gaps that can help people at each stage excel and grow. </p><ol><li>Professional Level: These are the doers; people who are generally at the beginning of their security careers.<br></li><li>Management Level: These are the delegators; the people who manage specific security functions and supervise people to carry out security duties.<br></li><li>Executive Level: These are the visionaries; the people who bring strategic and critical acumen to helping an organization protect its assets.<br></li></ol><p>For example, security professionals at the management level may have a job titles such as Director of Global Security or, simply, Security Manager. They will have oversight over one or more security functions, will direct and coordinate resources to accomplish those functions, be able to develop and implement strategies to understand and manage risk, and will likely have some budgeting, strategy, and human resources responsibilities. A successful security manager will have a strong grasp of security fundamentals and risk management and possess a high degree of leadership capability and integrity. To advance in their careers, security managers should work on acquiring general business acumen—understanding how security and other business functions interrelate—and gain a thorough understanding of compliance and regulatory issues.</p><p>The Security Industry Career Pathways Guide provides considerable information on each stage: how it was identified; detail on the knowledge, experience, and traits common to professionals at each stage; and what skills and competencies bridge from one level to the next.</p><h4>Advancing to the Next Career Stage</h4><p>The study also explored what fields, areas of study, or background security management practitioners came from prior to entering the security profession. In terms of educational backgrounds, most professionals working in security have obtained a master's or bachelor's degree. Some of the more common areas of study include criminal justice, business administration, business management, political science, law enforcement and correction, economics, security management, information or systems technology, computer science, terrorism, emergency management, personnel management, or information management. </p><p>After obtaining a degree, professionals may take an entry-level position—a professional-level role—in security management and grow their careers from there, or they may come to security from an entirely different sector. The most common backgrounds include law enforcement, military, or business administration and management from another sector. A managerial or executive-level professional, for example, can come from a long career in the security profession, growing from professional to managerial to executive, or transition into the field from higher levels within military, law, or another sector. </p><p>There are several common ways for security professionals to increase their expertise and credibility in gap areas, including certifications and credentialing opportunities. The most common include the Certified Protection Professional (CPP©) and Physical Security Professional (PSP©) certifications, as well as the Certified Security Project Manager (CSPM) and Project Management Professional (PMP) for those interested in project management credentials. Additionally, volunteering with an association, or serving as a mentor to a less experienced professional can also boost a professional's engagement with the industry. </p><p>Security professionals looking to advance to the next career stage should be developing and working improvement strategies that build on the skills and competencies they already have, so that they continue to excel in their current roles, while also working to acquire knowledge and experience required to excel at the next level.</p><p>ASIS International will be incorporating the career pathways research into its program and content development strategies. The goal is to provide resources that security professionals can use to advance their careers. ASIS will be intentional, both in developing a suite of resources for all three career stages and in describing and promoting those resources so that security professionals can easily identify the ones that will be most beneficial to their career development.</p><p>Likewise, security professionals need to be intentional in how they approach career advancement. Security professionals may find that they fall neatly into one of the types described in the guide. Many will not, however, and that is part of the point. The myriad of security career pathways underscores the diverse nature of the profession. The guide can help professionals understand where they are and how they can use resources from ASIS and other sources to help them get where they want to go. </p> | | |
| https://sm.asisonline.org/Pages/Safer-Shipping.aspx | Safer Shipping | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>For almost two decades, maritime security has largely been framed by the implementation of the International Ship and Port Facility Security (ISPS) Code, which focuses on detecting and preventing security threats against ports and ships. But due to increasing concern for the safe and secure movement of cargo, as well as the maturity of the implementation of the ISPS Code over the last 14 years, maritime security has begun to focus on treating ports and ships as conduits within the supply chain—not just targets. </p><p>This shift from port and vessel security to broader cargo and supply chain security is driven by the evolution of both global trade and threats to the supply chain—issues that the ISPS Code does not adequately address. While the code has well-established security requirements for ports and ships, it views these assets as targets of nefarious activities—specifically terrorism—and not as broader conduits of illicit activity or movement of contraband or theft of cargo. </p><p>As global trade continues to increase at a rapid rate, there is more cargo in the system, as well as an increasing reliance on just-in-time delivery, which makes cargo and supply chain security more sensitive to disruption, with greater potential impacts. The movement of cargo is also increasingly dependent on electronic data streams, which increase the risks of converged cyber, physical, and operational security challenges. Maritime security is no longer just about protecting vessels and ports—it goes hand-in-hand with cargo and supply chain security. Updated codes, regulations, and best practices should reflect this evolution of the industry. This shift should emphasize a broader focus on maritime security as an integrated system of physical assets, cargo, and data that needs to be secure and resilient, rather than simply a collection of ports and ships that need to be protected. </p><h4>An Evolving Industry</h4><p>The amount of cargo shipped by ocean containers has multiplied almost 17 times over the last few decades, from 102 million tons in 1980 to 1.7 billion tons in 2016.</p><p>Trade expansion. Global trade continues to expand at an extremely rapid rate. The United Nations Conference on Trade and Development (UNCTAD), in its Review of Maritime Transport 2017, found that global maritime trade increased 2.6 percent between 2015 and 2016. Trade has nearly doubled since 2000, the UNCTAD review found, and will continue to increase at a rate of 3.2 percent per year through 2022. This expansion of trade will drive increased cargo throughput in ports around the world and result in greater potential disruption of the supply chain. </p><p>With increasing trade comes the need for infrastructure growth, but the land constraints of existing ports within cities in some regions is fairly significant. An increase in the development of new ports in areas where land is more plentiful is taking place globally, as well as the expansion of existing ports through the creation of inland container yards that are not physically adjacent to the port. </p><p>These developments create both security opportunities and challenges. The construction of new ports provides the opportunity for physical, operational, and cybersecurity to be designed into new projects. Properly planned and executed, this approach can create security efficiencies that can contribute to the overall operations of a new port. For existing ports, the increase in moving cargo to off-port, inland storage areas complicates cargo and supply chain security within port regions by adding additional movements between facilities within a port network. This requires additional measures of tracking, information flow, and physical security that previously may not have been necessary. </p><p>System sensitivity. Just-in-time delivery of products continues to drive changes in shipping and supply chain management. Since its inception in the 1950s and 1960s Japanese auto industry, the concept of retaining minimal inventory by retailers or manufacturers has continued to mature and expand to many industries. The result is the reduction of large warehousing operations and an increase in smaller regional warehouses where small inventories are kept for short periods of time. The concept of just-in-time delivery relies on the continued functionality of its associated supply chain to ensure the delivery of goods and parts when necessary. A disruption of any part of the supply chain, whether due to physical risks or a lack of trust in the integrity of the supply chain, can have extremely disruptive effects on industries, markets, and economies. </p><p>While estimates vary, a shutdown of ports on the West Coast of the United States could have a financial impact of anywhere from several hundred million dollars per day to one billion dollars. Further, shipping would be disrupted in other geographic locations because ships would be stuck at anchor off U.S. ports, and other ships would experience delayed departures from Asian and European ports until the dispute was resolved. A study performed by the Interindustry Forecasting at the University of Maryland (Inforum) in 2014 projected that the potential economic impact of a 10-day shutdown of U.S. West Coast ports would result in 169,000 disrupted jobs, a reduction in the gross domestic product of 0.12 percent, and a cost to the American economy of $2.1 billion per day. </p><p>Cybersecurity. The maritime industry is in the throes of adapting to the digital age, and for shipping and ports, cybersecurity has several distinct characteristics. Cybersecurity is important to the operating technologies within ports and shipping companies; it can have a direct effect on the ability of those elements of the industry to perform. This includes systems such as supervisory control and data acquisition (SCADA), industrial control systems (ICS), security scanning and access control systems, and ship navigational and propulsion systems. The compromising of these systems and data could be debilitating to the global supply chain.</p><p>The shipping industry is rich in data that could be valuable to criminals or terrorists, including personal and human resources data; financial data such as contracts, banking details, and money transfers; cargo data, including cargo contents, destinations, shipper and consignee information, and cargo seal numbers; and other logistics and business operations systems. In the infamous Port of Antwerp case, criminals accessed information systems in the port for two years beginning in 2011 and were able to use the information they obtained to target cargo for narcotics trafficking and facilitate cargo theft. </p><p>In the port environment, security management is increasingly split between the port facility security officer (PFSO)—who is responsible for ISPS compliance and company security—and cybersecurity, which is often within the purview of the information technology manager. This management arrangement reflects corporate management structures that were common before the convergence of physical, cyber, and operational security. </p><p>As the lines between security disciplines increasingly blur, the need for a new management structure is evolving. This challenge is exacerbated by the skill sets traditionally required by each position. PFSOs are often former or retired law enforcement or military personnel who may not have deep knowledge in cyber or information security. Conversely, the information technology staff may not have expertise in broader physical security issues and investigative requirements. </p><h4>A Challenge of Governance</h4><p>There are many standards and codes that provide some governance to supply chain security programs, but none of them are mandatory, and there is no industry standard governing cybersecurity. The lack of a globally accepted and mandated standard that addresses present-day maritime security challenges poses a significant challenge to the likely shift towards cargo and supply chain security.</p><p>The ISPS Code—the current maritime industry security model—was introduced after the September 11, 2001, terror attacks and came into worldwide force in 2004. Because of the focus at the time on the protection of critical infrastructure, the code was designed to emphasize the prevention of attacks on ports and ships rather than the use of ports and ships as channels of illegal activity, contraband, or persons. While the code addresses access control and some cargo issues, the focus on cargo security is minimal. </p><p>Additionally, the ISPS Code does not address cybersecurity in a meaningful way and has not been updated since its adoption in 2004. It was implemented before the rapid advancements in information technology, the Internet, and the shipping industry, and does not address those digital security issues that have arisen in recent years. While still relevant and effective in protecting ships and ports from attack, the code is not fully effective in addressing cargo security issues and merging cybersecurity challenges associated with the industry.</p><p>Other common supply chain security programs, codes, and standards include the World Customs Organization's SAFE Framework, the International Standards Organization's ISO 28000 series, and numerous national and regional programs such as the U.S. Customs Trade Partnership Against Terrorism (CTPAT) and the European Union's Authorized Economic Operator (AEO) program. These programs have common features, including a focus on the vetting and reliable behavior of participants. Unlike the ISPS code, which focuses on physical and operational issues, most supply chain security programs require a history of compliant behavior by participants before full acceptance into the programs. Further, participants must have well-established security policies in place, including processes to protect the integrity of data that is shared with governments. </p><p>While the ISPS code is mandatory for ports and ships that trade internationally, supply chain programs are not mandatory and are incentivized by the promise of expedited entry into target markets and minimized inspections by participating customs agencies. In reality, the level of expedited access appears to vary with some programs being perceived as more beneficial to participants than others. </p><p>Additionally, there is no global cybersecurity standard or requirement for ports or shipping. The International Maritime Organization (IMO) intends to require that cybersecurity be included as a component in the Safety Management System of ships starting in January 2021, but there is no similar effort for ports. Further, by including the cybersecurity requirements in the Safety Management System, the focus is likely to be on the potential risks for cyberattacks or compromise to vessel operating systems rather than the protection of sensitive data. </p><p>Therefore, cybersecurity in ports remains largely ungoverned, except for the efforts of some national governments. For example, the U.S. Coast Guard is in the process of developing an approach that will involve including cybersecurity in the development and approval of facility security plans. These national-level efforts, however, do not equate to a globally accepted approach to maritime supply chain and cargo security. </p><h4>The Future of Maritime Security</h4><p>Considering the developments of increased trade, greater sensitivity to disruption, convergence of types of security, and a lack of global governance beyond the ISPS Code, there should be a shift in port and maritime security to a supply chain approach where ports and ships are conveyances and conduits. Security professionals and policymakers must focus on infrastructure, ships, and ports as facilitators, conduits, and conveyances of cargo, goods, and people. This requires a shift in thinking away from the current emphasis on ships and ports as potential targets of possible attack. </p><p>Information in the maritime industry is as important as the infrastructure. This includes the potential for cyberattacks and compromise that may target navigation systems, operating technology, or industrial control systems, but also the equally important potential compromise and manipulation of data to facilitate the trafficking of contraband, cargo theft, or financial crimes.</p><p>To address these converged risks in a comprehensive and industrywide manner, port cybersecurity standards or requirements should be developed and included in supply chain security standards that are globally accepted and enforced. These supply chain security requirements should be developed and promulgated by a respected, international organization with an official status as an intergovernmental organization—preferably within the UN system—and should be implemented along the same lines as the ISPS Code with the commitment of all signatory countries to enforce the new code. If the IMO is not the appropriate organization for port and supply chain security standards, then other potential candidates could include the World Trade Organization or World Customs Organization. </p><p>Additionally, maritime industry port and vessel operators need to organize themselves to reflect the changing requirements of the digital age. The roles of the PFSO and the IT director need to be aligned in some form to ensure a unity of effort across all facets of security within the organization. Further, this effort must have high visibility in top management, and staffing and position descriptions will need to adjust to reflect the need to provide senior leadership expertise in cybersecurity and cargo security. </p><p>Global trade is dynamic and will only increase. More than 80 percent of cargo travels by sea, thereby inexorably linking supply chain and maritime security. And to protect the ever-evolving industry, individual organizations and international standards alike must adopt best practices that address such changes. </p><p><em>Michael Edgerton, CPP, vice president of HudsonTrident, Inc., is a retired military officer with service in both the U.S. Navy and U.S. Coast Guard. He is a member of the ASIS international Global Terrorism, Political Instability, and International crime council and the author of the book, A Practitioner's Guide to Effective Maritime and Port Security.</em></p> | | |
| https://sm.asisonline.org/Pages/Building-a-Hostility-Free-Work-Place.aspx | Building a Hostility-Free Workplace | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>This is the #MeToo era. The great wave of public accusations involving inappropriate conduct such as sexual harassment between managers, employees, and coworkers has washed over U.S. workplaces, unsettling everything in its wake.</p><p>But sexual harassment is not the only conduct that can help turn a working environment hostile. Given this, employers and security managers who take action now to help establish and solidify a welcoming and hostility-free work environment will be better positioned for the future. Such actions can come in many forms, ranging from zero-tolerance anti-harassment policies and violence prevention training to diversity task forces and team-building exercises. </p><p>But while they vary, these actions all benefit from a proactive approach. Opposing views and opinions are inevitable among a diverse workforce, but leaders of organizations should not wait until disruptive incidents break out before focusing on the state of the workplace environment. Instead, they can start immediately. </p><h4>Respect and Dignity</h4><p>Security is a team sport. No one security director or manager, no matter how talented or knowledgeable, can completely shoulder the burden of protecting his or her firm. A cohesive security team, on the other hand, is positioned to tackle anything thrown its way. But when one gear gets out of whack, the whole team is affected and compromised. </p><p>Take, for example, one security director who we'll call Sam. The team was led by a small group of managers who worked well together; they collaborated to achieve goals and boost one another to success. However, a new manager, Chris, was brought on. </p><p>Chris has a markedly different type of attitude and leadership style. Chris is demanding, and sometimes even yells at employees in public. He occasionally disparages another manager's directions to team members and will go so far as to threaten a firing in an attempt to improve performance. </p><p>A few months after this leadership transition, some employees began to leave Sam's team by choice. But those are not the only changes triggered by the new manager. Some of Sam's team members have absorbed the negative qualities Chris exhibits, including degrading public chastisements, gossiping, and expressing increased agitation in the office. Chris' overwhelming negativity threw a wrench into a once strong security team and threatened to break it down into an unproductive group of individuals. Before Chris took over, Sam's team members respected one another and successfully accomplished goals. Chris' harsh leadership eroded the members' respect and kindness, causing productivity to decrease and spirits to drop.</p><p>How can this situation be avoided? When building a team, it is important to establish respect, dignity, and kindness as foundational principles. This will very likely increase productivity and reduce the risk of violent workplace behaviors. When employees feel respected and treated with dignity, they are more likely to treat coworkers and customers the same way. This creates a positive culture within the organization. </p><p>To facilitate this, security managers should go beyond simply asking employees to be civil and respect one another. They should also explain how to do so, and demonstrate what civility means to the organization by providing examples of positive interactions. </p><p>During my time as an assets protection manager, there were key opportunities for me to support the company culture. Security managers can take advantage of the same opportunities, if their organizations are willing to provide them. </p><p>For example, orientation sessions are an opportunity to introduce yourself, your department, and the values of the organization to those who are being onboarded. Time can be devoted to explaining appropriate workplace behavior through the use of scenario-based situations.</p><p>In addition, team meetings—whether daily, weekly, or monthly—offer opportunities for managers to touch on relevant issues and provide training through small group discussion or case study review. Individuals can assess a situation and provide feedback on how it should have been appropriately handled. Using both positive and negative behaviors for examples will help employees understand the difference.</p><p>Open houses are another possible venue for educating discussions. The security company may arrange with company leaders to have a time where employees come in, ask questions, and participate in discussions that help workers understand their role as part of the larger effort to maintain a healthy workplace. </p><p>Finally, it is important to remember that security managers and staff should always be role models of appropriate behavior. If they are behaving badly by being rude, disrespectful, or uncivil, how can they expect to help the organization promote a culture that values everyone? </p><p>In the end, managers cannot assume that people understand what is and is not appropriate. Setting expectations from the start, and clearly demonstrating how to positively act and show respect to coworkers, is an effective way for managers to set the right tone—and a more active and effective approach than simply hoping for the best. This will have a ripple effect throughout the workforce, and it will help prevent future breaches of conduct from triggering a domino effect of disrespect, such as the one caused by Chris' behavior. </p><h4>Violence Prevention</h4><p>Another common violation of positive foundational workplace principles is workplace bullying. The following scenario illustrates some gender issues, which are starting to become more common in workplaces. </p><p>Stephen, a security department employee, was encouraged by ongoing legislation for gender-neutral bathrooms. As a result, Stephen approached a manager to explain that she gender-identified as female and would like to be referred to as Shawna. Shawna was later confronted by a handful of coworkers who said they would never support legislation and would monitor the bathrooms should such laws pass. The confrontation caused Shawna to feel unsafe at work and scared to "come out" as a female to the rest of the office. </p><p>Depending on where Shawna lives, she may be protected. Approximately 20 states and 200 cities have laws that protect transgender individuals from discrimination specifically related to job status and/or promotion. However, just like bullying of a non-transgender person, there are limited laws preventing bullying types of behavior.</p><p>A key component to preventing bullying in the workplace is to start by defining what bullying is. Bullying involves repeated unreasonable actions with the intent to intimidate, degrade, or humiliate another individual or group of individuals. This can occur between any two coworkers or groups of coworkers, regardless of rank or status. </p><p>Hostile environments often stem from bullying, sexual harassment, or discriminatory conduct that interferes with an employee's ability to perform his or her job. In such environments, verbal, physical, or visual behaviors create an intimidating, offensive, threatening, or humiliating workplace. It's important to note that hostile behaviors can be perpetrated by anyone in the work environment, from employees to customers to vendors.</p><p>These situations can adversely affect an employee's psychological wellbeing. Moreover, the psychological injury that results from harmful conduct can be considered a form of workplace violence. Complicating matters is the fact that every employee brings a unique set of values, upbringing, experiences, and education into the workplace. Certain incidents, conversations, or remarks that may be acceptable to one may be harmful and injurious to another. </p><p>Luckily, various preventative measures are available to managers. Engaging in conversations about appropriate workplace behaviors helps to set a line between right and wrong, so HR sessions that allow for this can be helpful. Gaining an understanding of what is and isn't considered harassment, bullying, and incivility allows employees to differentiate between certain behaviors and comprehend the context of any policies and procedures. Given the global diversity of most workforces, it is important to define and discuss what civility and respect mean to your organization to ensure everyone is on the same page.</p><p>Security managers also can implement violence prevention training. Just as it is vital to teach what behaviors are acceptable, it is a good idea to define and train employees on behaviors that are unacceptable through examples, case studies, or role playing. Setting a definitive line between right and wrong helps employees recognize these behaviors in themselves and others, mitigating the risk of conflict. </p><p>In the case of Shawna, the security manager eventually worked with HR to organize violence prevention training sessions for all employees. The sessions instructed employees about how to take steps in certain workplace situations. Furthermore, they allowed employees across the office to learn more about their coworkers and gain a better understanding of everyone's unique backgrounds and values. This strengthened respect for each other. Overall, the sessions were a success. Had they been implemented as a matter of course, they may have prevented the incident from ever occurring. </p><h4>Multi-Generational Teams</h4><p>Multi-generational workforces are here to stay. The members of Generation Z, or those born between the mid-1990s to the mid-2000s, have started to enter the workforce. They join the Generations Y (commonly known as Millennials) and X, and the Baby Boomers. In some workplaces, members of the Silent Generation are still productive in their seventies. </p><p>This age-diverse workforce can make for a rich and vibrant mix of ideas, opinions, and viewpoints. It also can cause problems when conflicts arise, and two employees don't see eye to eye. Given this, more employers are trying to keep up with changing demographics and are taking a closer look at office dynamics and making adjustments to fit their multi-generational teams.</p><p>To help create an environment where a diverse community of workers can collaborate, employers may create a multi-generational task force to survey their current workforce and gain a sense of what is useful and what is outdated. The task force should include at least two individuals from each generation represented in the workplace, with additional gender and cultural considerations applied. It may operate as an Employee Engagement Committee, with task force members serving as the voice of their fellow employees and implementing various staff celebrations. Members may also facilitate professional growth opportunities that appeal to the group of employees they are representing.</p><p>Another way to improve relations between generations is implementing an onboarding buddy system. New employees are paired with someone outside their own generation, allowing for an opportunity to learn while appreciating another's perspective.</p><p>Take, for example, a task force which includes members Kelsey and Carol, two employees who are nearly 30 years apart in age. As a Millennial, Kelsey prefers to receive information electronically through either text or email. She also prefers a manager who takes an educational approach and who takes time to understand her personal and professional goals. Like many Millennials, Kelsey also values meaningful work and desires to contribute to the larger mission. </p><p>Carol, a Baby Boomer, prefers face-to-face communication. She benefits from managers who take a democratic band-of-equals approach to working with a group, and who clearly define the team's mission. Carol is a dedicated worker and at a point in her career where she isn't really interested in moving ahead. She is counting down the days to retirement. She is willing to train her younger coworkers to step up and take on leadership roles. </p><p>Gaining a greater understanding of employees' management needs will help security managers create a more inclusive environment. Once organizations gain a better understanding of who their employees are as individuals, they can strategically partner with people who will work well together. The employer may realize Kelsey's strengths as a Millennial can be enhanced with a little coaching from a seasoned worker like Carol. Many Millennials grew up with a coach or mentor teacher who provided a positive influence, and they desire a similar relationship in their jobs. </p><p>By pairing Kelsey with Carol in a buddy system, both stand to learn from each other. Perhaps Kelsey learns the inside scoop of the job while teaching Carol about the latest technology trends. This pairing helps coworkers relate to one another, create new bonds, and build new skill sets. Additionally, the teamwork between a Millennial and Baby Boomer prepares both employees as the Baby Boomer transitions to retirement. Carol can effectively train Kelsey on her roles in the company so that when she retires, Kelsey is able to seamlessly take on new responsibilities without Carol's guidance. </p><p>One of the best things security managers can do to create connections between employees is to promote team development activities and implement cultural diversity training. Multi-generational workforces can learn about their younger or older peers through non-threatening teambuilding activities. Older employees' fears of feeling outdated may be lessened, and younger employees' frustration about being excluded from certain operations due to inexperience may be reduced. </p><p>These activities foster engagement between coworkers, allowing them to discover commonalities, as well as highlight what makes them valuable to the organization. They also make for a more comfortable workplace, and they foster the guiding principles of respect and inclusion. </p><h4>Improving Workplace Resiliency</h4><p>Resilience has recently become an important concept in many different arenas; cities, communities, and even countries are all striving to achieve it in different ways. It is also critical for a security team to exemplify resiliency. In this case, resiliency describes the capacity of people, organizations, or systems to adapt to changing conditions and rapidly recover from disruption. </p><p>To improve the resiliency of a security team, it is advisable to incorporate overall concepts of resilience into existing training programs. For example, a shared understanding of the roles and responsibilities of team members can greatly reduce the stress on the team and therefore increase resiliency. Moreover, each individual employee has an innate level of resilience that can be further developed through training. </p><p>Just as training employees helps to build confidence, so does recognition of performance. Thus, one of the most direct ways to increase resiliency is to build people up by recognizing them for their work. The act of thanking employees and acknowledging quality work helps create a positive and productive environment—in effect, the opposite of a hostile workplace. When people feel appreciated, they often feel more energetic, and are willing to go the extra mile when the going gets tough.</p><p>I used to work as an operations manager of a retail store. I realized the importance of maintaining resilience and of expressing my appreciation for my staff's hard work. Therefore, I would look for ways to show them my appreciation. After an especially challenging week, I called a team meeting to recognize everyone's hard work and thank them for their dedication. I showed them my gratitude with a catered meal accompanied by praise and motivating remarks for continued success. </p><p>In addition to showing appreciation, managers can also offer rewards for exceptional work. For example, I implemented a "recognition wall" that encouraged employees to fill out a card briefly detailing something another employee did and add it to the wall. The actions written about could be as simple as someone going out of his or her way to help a fellow coworker or customer. In a seemingly small but important way, the system allowed employees to support one another, boost each other's confidence, and ultimately enhance company morale.</p><p>I also required my leadership team to write out three to five cards per shift to keep the wall filled with positivity each day. Within three months, the culture of the workplace improved dramatically; many employees who had been disheartened and unmotivated became much more engaged. The employee attrition rate also dropped from 30 percent to 20 percent. </p><p>A workplace where employees do not feel valued or recognized is not a positive workplace. Often, it is one where employees feel they need to escape; they feel that management is not helping them feel like a part of a mentally and emotionally safe and healthy environment. This in and of itself may not constitute a hostile environment, but it is likely close to one. </p><h4>Using an EAP</h4><p>Security work can be highly stressful, and stressful work situations can lead to anger, withdrawal, and even situations of workplace violence. Stress, anxiety, and depression do not just affect the employee suffering from them. The employer and the company are also affected, by way of factors like lost production time and negative effects on coworkers. </p><p>To help prevent violence between stressed coworkers, HR and managers should take note of signs and symptoms of stress and attempt to address changes in behaviors. Behaviors to look for include decreased productivity, frequently arriving to work late, and sudden shifts in mood. </p><p>According to the U.S. Bureau of Labor Statistics, there were 866 fatal work injuries involving violence in 2016. To keep employees safe, security managers can train all employees to recognize warning signs of workplace violence. Training should include steps to take for violence prevention and verbal intervention. Security managers also should encourage employees to notify them of any threats, so they're able to take action before an incident occurs. </p><p>Additionally, employers can provide an employee assistance program (EAP) in their employee benefits package. An EAP provides quick, reliable guidance on everything from stress management to family care options so staff can come to work with greater peace of mind. A good EAP helps alleviate stress and worry, connects employees with the resources they need to manage their mental health, and helps prevent potential violence before it occurs. </p><p>Take the example of Patrick and Jordan. Patrick is a long-term employee struggling at work due to personal dilemmas stemming from a rough divorce. Jordan, Patrick's manager, noticed a marked decrease in Patrick's productivity and engagement. Jordan took Patrick aside to discuss the productivity problem. When Patrick shared his personal struggle, Jordan was able to provide resources to help Patrick via the company-provided EAP. The EAP offered guidance and a referral to a local counseling professional. With this support, Patrick was able to adjust to the changes taking place in his life and return to work with a greater sense of normalcy. </p><p>Of course, a solution like this one is not always possible in every case. Many employers do not provide an EAP; if they do, employees are unaware it is available or believe it isn't confidential. Inattentive managers or fellow coworkers may not notice the warning signs, and the stressed employee will keep his or her feelings bottled up. When this is the case, the employee can lose control and become verbally or physically violent towards coworkers. With the appropriate training and resources, all members of a security team are able to de-escalate and curtail potentially troubling situations without resorting to physical confrontation.</p><h4>Company Policies</h4><p>The workplace should be an inclusive environment where employees feel safe to effectively share ideas and join forces to create new ones. Going the extra mile to develop a welcoming community for employees will help security teams thrive and improve the likelihood that the work produced there will be exceptional. Moreover, it is the responsibility of managers to create and enforce the policies and procedures that will guide employees towards resilience.</p><p> Establishing specific and explicit policies regarding harassment, bullying, and violence, which also include plans and procedures for responding to incidents, is essential. These response plans should include processes for communicating with employees, families, and the media, working with law enforcement, and a capacity for staff debriefing if any type of violence is committed, threatened, or observed. As part of the onboarding process, new hires should be made aware of the plan, so they are well-versed on the organization's policies. </p><p>With these policies in place, the next step is to consider using some of the training programs mentioned above that will develop employees as team players, improve overall productivity, and mitigate problematic workplace behaviors. Finally, security managers should continuously review how employees interact with one another and update policies and procedures to fit the needs of their advancing workforce. </p><p><em>Raquelle Solon is a business solutions engineer for FEI Behavioral Health in Milwaukee, Wisconsin. She is responsible for, among other things, helping organizations implement crisis management systems and workplace violence prevention strategies. She was named "Woman of the Year" for 2012-2013 by the National Association of Professional Women.</em></p> | | |
| https://sm.asisonline.org/Pages/November-2018-ASIS-News.aspx | November 2018 ASIS News | GP0|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <h4>Celebrating Security's Best</h4><p>At Global Security Exchange (GSX), formerly the ASIS Annual Seminar and Exhibits, the Society recognized the outstanding accomplishments of the security profession in 2018. ASIS was pleased to honor the following members and supporting organizations for their work to advance the Society and profession. </p><p>The Presidential Award of Merit, recognizing the commitment of exceptional volunteers, was presented to Oksana Farber and Joe McDonald, CPP, PSP. With more than 40 years of ASIS membership between them, these individuals demonstrate the very best in unselfish volunteer commitment and mentoring.</p><p>The Don Walker Award for Enterprise Security Executive Leadership celebrates an individual who demonstrates a commitment to promoting security management education, certification, and standards. The 2018 award recognizes the contributions of Mike Howard to advance the professionalism of the security industry.</p><p>The 2018 Professional Certification Board's Organizational Award of Merit honors Saudi Aramco for its extraordinary efforts to enhance the professional development of its security team through board certification.</p><p>The I.B. Hale Chapter of the Year Award is given to chapters that demonstrate financial stability, membership growth, high-quality meetings, educational programs, publications, and efforts that support the advancement of the security profession. This year's winners are the Victoria, Australia; Florida West Coast; and Mexico City chapters.</p><p>The Roy N. Bordes Council Member Award of Excellence recognizes a distinguished council member who selflessly shares expertise, encourages the next generation of leaders, and offers insight to ASIS educational programs and publications. The 2018 winner is Utilities Security Council co-vice chair Allan Wick, CPP, PCI, PSP. </p><p>The E.J. Criscuoli Jr. Volunteer Leadership Award, presented this year to James R. Finnelly, CPP, recognizes members who have made significant volunteer commitment at the chapter and regional levels.</p><p>The Matthew Simeone Award for Public-Private Partnership Excellence, administered by the ASIS Law Enforcement Liaison Council, distinguishes an program promoting cooperation between the public and private sectors. This year the award, nominated by the ASIS Azalea Coast Chapter recognizes the partnership between the Wilmington North Carolina Police Department and Wilmington Housing Authority. </p><p>The ASIS Foundation is proud to invest in individuals and chapters, offering scholarships and grants to support those pursuing security careers in achieving their professional goals. These scholarships would not be possible without the generosity of ASIS members, and the Foundation recognized the following donors at GSX: Outstanding Individual Donor, Frank Argenbright; Outstanding Corporate Partner, TD Bank; Outstanding Regional Donor Award, Region 11, West & Central Africa; and Outstanding Lifetime Supporter, Bernie Greenawalt, CPP.</p><p>ASIS thanks these award winners for their valued contributions to the security profession.</p><p> </p><h4>ASIS Maps Career Pathways</h4><p> In partnership with the Security Industry Association, ASIS has developed the Security Industry Career Pathways Guide—a new career resource that provides an insightful and detailed look into what a career in the security profession looks like in today's market. </p><p>Designed to empower students and security professionals at all levels with insight into professional growth opportunities, it also provides a clear understanding of the necessary skills for success.</p><p>Find it at <a href="http://www.asisonline.org/careerpathwaysguide">www.asisonline.org/careerpathwaysguide</a>.</p><p> </p><h4>New Membership Dues Rates</h4><p>ASIS represents professionals who advance security management in hundreds of countries around the world—across numerous sectors and at every career stage. </p><p>In support of its globalization initiative, the Society is pleased to announce a new emerging markets dues structure that provides individuals living in countries classified as upper-middle, lower-middle, or low income by the World Bank with better accessibility to ASIS membership.</p><p>This change breaks down barriers to membership for a significant population of security professionals by accounting for ability to pay in local income economies. </p><p>ASIS recognizes the important role played by all members regardless of the region in which they live and opens a global line of communication through which information can be shared and valuable insight gained.</p><p>For more information about the new dues structure, <a href="http://www.asisonline.org/dues">www.asisonline.org/dues</a>.</p><p> </p><h4>Crime Prevention Council Spotlight</h4><p>Before ASIS Crime Prevention Council Chair Deyanira Murga assumed her leadership role in 2016, the council had just nine participating members. In the few short years that followed, the council has grown to include a diverse global membership of 32, dedicated to advance the council's mission of globalization and knowledge transfer through an innovative series of initiatives.</p><p>"Our discipline is not just a corporate security department," says Murga. "Crime prevention crosses all sectors of security. It's a piece of healthcare security, and it's a piece of cultural properties security, but it also has a lot to do with communities—with citizens, government, law enforcement, and schools. You have to be proactive and project future events that are going to affect your communities with some sort of violence or other phenomenon."</p><p>The council focuses on the pillars of Intelligence, Technology, and Culture in crime prevention, sharing with the full spectrum of security the ways that predictive analyses and new technologies can be used to stop violence and crime from occurring.</p><p>In 2018, the council produced an Insider Threat webinar series and took a different approach to the traditional webinar. To provide a holistic view of issues surrounding insider threat, the council invited all of its members to participate in the development of insider threat case studies. Over the course of this three-</p><p>webinar series, a dozen council members spoke on different concepts, each helping to provide attendees with a more complete understanding.</p><p>Murga applies this outside-the-box thinking to the development of the council's sponsored education session at Global Security Exchange (GSX). "When I go to the annual conference, I want to see something that's never happened before," she says. "These days, I can attend a lecture virtually as a webinar, or at a local chapter meeting. I want our council to produce education that can only happen at major meetings like these."</p><p>This year, the council arranged a panel discussion surrounding issues of sexual harassment, hostile environments, and victimization in the workplace—featuring thought leaders from the U.S. Department of Homeland Security, CNN, MGM Resorts, U.S. Navy, and Hewlett-Packard. This marked the first time that any of these speakers had participated in the ASIS annual meeting.</p><p>The council also seeks to infuse new talent into the security workforce, in 2018 sponsoring a Security-a-thon—fashioned after Hack-a-thon challenges popular at universities across the United States. Small teams are presented with a problem—in this case, school violence prevention—and tasked with devising a solution. The team with the winning solution received a trip to GSX, sponsored by ASIS members.</p><p>"Our winners haven't yet been initiated into the security world," says Murga. "They brought a fresh perspective to the problem, with backgrounds in robotics engineering, public relations, and graphic design. With the opportunity to attend GSX and tour a casino's command center, they will become more aware of the needs of our profession. These young people can do creative, sustainable things that create a lasting impact on our Society."</p><p>The council is updating the "Small Business Guideline," which was first created back in 2007. The council is working with the Small Business Administration and the Chamber of Commerce to provide practical recommendations to small business owners and small franchise companies who normally do not have the budget to have an in-house security department or hire a security consultant. The goal is to work with the U.S. Department of Commerce and entrepreneurs to globally support this important economic sector.</p><p>The council has also been working with ASIS education staff to introduce a "Critical Thinking & Predictive Analysis: Smart Security" workshop coming in 2019. This innovative content will provide valuable insight for its members and new young professionals in how to develop new skills using future scenarios to analyze and process information and data to collect better intelligence for crime prevention.</p><p>Murga encourages members interested in learning more about the council's efforts to reach out via email, at dmurga@cerberus.consulting. To view available council resources, visit www.asisonline.org and search for Crime Prevention council.</p> | | |
| https://sm.asisonline.org/Pages/SM-Online-November-2018.aspx | SM Online November 2018 | GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <h4></h4><h4>Security Careers</h4><p>ASIS International and the Security Industry Association <a href="https://www.asisonline.org/globalassets/professional-development/careers/documents/careerpathwaysguide.pdf" target="_blank">commissioned research</a> to understand the career pathway of security management and supplier personnel, including their educational and professional backgrounds, job titles and responsibilities, and required knowledge, skills, and abilities.</p><h4>Cyber Resilience</h4><p>Financial services businesses stopped 81 percent of cyberattacks in 2018, compared with 66 percent in 2017, <a href="https://www.accenture.com/us-en/insights/financial-services/2018-state-of-cyber-resilience#banking-and-capital-markets-2018-state-of-cyber-resilience" target="_blank">according to a new report from Accenture</a>. But cybercriminals are attacking with new strategies and breakthrough technology, and financial firms may not be keeping up.</p><h4>Construction Sites </h4><p>To prevent theft at construction sites and help law enforcement identify stolen materials, the Provincial Electricity Physical Security Coalition (PEPS) Alberta offers two free documents, the <a href="/ASIS%20SM%20Documents/Construction%20Security%20Guideline%20Version%201.1.pdf">Construction Security Practices Guideline</a> and the <a href="/ASIS%20SM%20Documents/CI%20Stolen%20Materials%20Recognition%20Guide%202017%2001%20April.pdf">Stolen Equipment and Materials Recognition Guide.</a> </p><h4>Interoperable Communications</h4><p><a href="https://www.gao.gov/products/GAO-18-379" target="_blank">A government watchdog report</a> outlines the challenges first responders face when communicating with each other.</p><h4>Utilities</h4><p>The U.S. Environmental Protection Agency released a <a href="/ASIS%20SM%20Documents/Water%20Sector%20Cybersecurity%20Brief%20for%20States.pdf">Cybersecurity Guide for States</a>, which says that water and wastewater utilities lack resources for IT and security specialists to assist with creating cybersecurity programs. </p><h4>Banking Worries</h4><p>When <a href="https://www.pwc.com/us/en/financial-services/research-institute/assets/pwc-fsi-top-issues-2018.pdf">PwC Financial Services surveyed financial professionals</a> about their biggest concerns, the top responses were excessive regulation, uncertain economic growth, and geopolitical uncertainty. </p><h4>Disaster Response</h4><p><a href="https://www.fema.gov/media-library/assets/documents/167249" target="_blank">Responses to last year's hurricanes</a> and <a href="https://www.epa.gov/office-inspector-general/report-management-weaknesses-delayed-response-flint-water-crisis" target="_blank">other disasters</a> show that an agency's pre-event failures can prove costly.</p><h4>Employee Misconduct</h4><p>The U.S. Government Accountability Office <a href="https://www.gao.gov/assets/700/693133.pdfHarassment" target="_blank">recently examined</a> how federal agencies address employee misconduct and offered strategies for improvement.</p><h4>Harassment</h4><p>Employers—in some circumstances—can be held liable for a nonemployee's behavior if it exceeds expected norms, <a href="http://www.ca5.uscourts.gov/opinions/pub/17/17-60072-CV0.pdf" target="_blank">a U.S. appellate court ruled.</a></p><br> | | |