https://sm.asisonline.org/Pages/Vehicle-Access-at-Stadiums.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Vehicle Access at Stadiums0

 

 

https://sm.asisonline.org/Pages/Seminar-Sneak-Peek---Bringing-Metrics-to-the-C-Suite.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Seminar Sneak Peek: Bringing Metrics to the C-Suite

 

 

https://sm.asisonline.org/Pages/How-to-Practice-Ethics.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465How to Practice Ethics

 

 

https://sm.asisonline.org/Pages/Sounding-the-Alarm-at-Lone-Star.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Sounding the Alarm at Lone Star

 

 

https://sm.asisonline.org/Pages/New-Data-Rules.aspxGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465New Data Rules

 

 

https://sm.asisonline.org/Pages/Vehicle-Access-at-Stadiums.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Vehicle Access at Stadiums2016-08-23T04:00:00Z
https://sm.asisonline.org/Pages/Seminar-Sneak-Peek---Bringing-Metrics-to-the-C-Suite.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Seminar Sneak Peek: Bringing Metrics to the C-Suite2016-08-23T04:00:00Z
https://sm.asisonline.org/Pages/In-the-Public-Interest.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465In the Public Interest2016-05-01T04:00:00Z
https://sm.asisonline.org/Pages/Active-Shooter.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Active Shooter Guidelines2009-01-01T05:00:00Z
https://sm.asisonline.org/Pages/Security-Beyond-Sunday.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Security Beyond Sunday2016-04-01T04:00:00Z

Security Management

 Morning Security Brief

View RSS feed

 SM Weekly

Retrieving Data

 SM Daily

Retrieving Data
Not a Member? Join Now

 

 

https://sm.asisonline.org/Pages/Scholastic-Surveillance.aspxScholastic SurveillanceGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>There’s a growing consensus on the issue of placing security cameras in schools—a recent study found that 72 percent of adults favor the practice. That percentage of support is up 7 percent from a year ago, when 65 percent were in favor of school cameras in a similar survey. </p><p>“This number has risen in recent years, with increased attention on preparedness in handling potential threats,” wrote Dean Drako, president and CEO of Eagle Eye Networks, which commissioned the study. The report compiled surveys from 1,500 respondents from all regions of the United States taken earlier this year. The survey defined schools as preschool/daycare, K-12, and college.  </p><p>Asked to cite why respondents saw security cameras as valuable, the most popular reason (cited by 64 percent of respondents) was to “identify criminals and facts after events.” This reason was followed by “real-time insights during emergencies,” at 59 percent, and “deterring crimes,” at 57 percent.   </p><p>In addition, 78 percent of respondents said they thought it was important for first responders to be able to access school video during an emergency. “This result signals the high value the community places on ensuring immediate situational awareness during a crisis on campus,” Drako wrote.  </p><p>In the report, the top five camera location priorities were at entrances and exits (76 percent), hallways (62 percent), and lunchrooms, playgrounds, and gyms (53 percent). Only a minority of respondents wanted cameras in classrooms (36 percent) and locker rooms and bathrooms (18 percent). </p><p>However, Kenneth Trump, president of National School Safety and Security Services, who has worked and consulted on school safety projects across the country, says he now sees a few complicating factors regarding the use of surveillance cameras in schools, based on the many assessments his consulting firm has done for schools from preschool through 12th grade. </p><p>“We often see that schools put cameras in based on a one-time shot in the arm funding—often due to state grants, or a one-time allocation in a capital improvement program,” Trump says. The launch of these new cameras is often featured in press conferences or public announcements. </p><p>But then, when the cameras need to be fixed or replaced three or four years down the road, the school district has no budget allocation at either the individual building or district level for repair or replacement. The cameras can then sit dormant for months, or even longer, while “parents, students, and staff are under the impression that cameras are functioning when they are not,” he explains.  </p><p>  Trump himself believes that cameras can be a useful tool in overall school security. “Cameras deter those who can be deterred,” he says.  And their footage can serve as evidence in some cases. “They serve a role, but there are limitations,” he adds.   </p><p>  Trump also says that, in his assessments, he has found an overall trend that some schools are putting disproportionately more emphasis on hardware and products, and less “on the people side” of school security. “School leaders are well-intended, but there is a lot of political pressure to do this,” he says. “And certainly there are a lot of opportunistic vendors.” </p><p>“Many school administrators will throw up some cameras to fortify their front entrance,” he continues. “But the reality is, it is what is behind those fortified walls that really makes up the heart of your school security program—which is your people.” </p><p>Of course, investing in “the people side” of school security takes time and money, he says. It often means professional development training not just for teachers and administrators, but for support staff: the bus drivers, who are the first and last ones to see students every day. Secretaries who might take a call from someone making a bomb threat. Custodians and food service staff, who may be the first ones to notice any strangers on campus. “They are on the front lines,” he says. “They should be included in tabletop exercises, along with the first responders.”  </p><p>However, training and development for all staff takes a funding investment, and some districts find it cheaper to buy more hardware instead. In addition, Trump says that he has been seeing another trend—hardware and product vendors in some states lobbying state legislators to put school security and emergency planning into the hands of homeland security officials, and out of hands of the school administrators, which could thwart training and development. </p><p>In the Eagle Eye survey, a majority of the respondents (56 percent) said they believe that visible security cameras would reduce bullying in schools. Again, however, Trump says that while cameras can be an effective component of an antibullying program, “the first and best line of defense is a well-trained and highly alert staff and student body.” Unlike a camera, staff can “see things that are invisible,” such as dynamics between students, which indicate potential or possible bullying. Technology can be a supplement, but not a substitute, for this. </p><p>Strong security programs continue to be sorely needed, as violent fatalities continue to be a problem in schools. Another recent report, which looked at the 2012-13 school year (the latest data available), found that nearly 3 percent of violent deaths among American school age youth took place at school or school-related environments. </p><p>The report, Indicators of School Crime and Safety: 2015, is a joint effort from the National Center for Education Statistics, U.S. Department of Education, and the Bureau of Justice Statistics at the U.S. Department of Justice. It found that, in the period from July 1, 2012, through June 30, 2013, there were a total of 41 school-associated homicides in U.S. elementary and secondary schools, slightly less than 3 percent of the total number of school-age homicides in America.   </p><p>The 3 percent figure has stayed consistent since annual statistics were first compiled for the 1992-93 school year. Authors of the study indicated that the percentage, although low, was still unacceptable. “Our nation’s schools should be safe havens for teaching and learning, free of crime and violence,” the authors wrote. </p>
https://sm.asisonline.org/Pages/To-Arm-or-Not-to-Arm.aspxTo Arm or Not to Arm?GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>Steve Baker, CPP, PCI, PSP, is president of VTI Associates, a security consulting firm that provides use-of-force training and litigation services. He is also a certified instructor for security officer firearms training in the states of Nevada and Arizona. Baker talks with <em>Security Management</em> about the subject of arming guards and how companies can evaluate what options are best for them. </p><p> </p><p><strong>Q. What are some of the considerations businesses should weigh when deciding whether or not to arm guards?  </strong></p><p><strong>A. </strong>Companies should first ask whether there is a business need. What is the business trying to protect? What’s the threat for the facility, the nature of the business, assets that need protecting, hours of operation? Some places at different times of day may have different issues. For example, a gas station located near a busy highway may want an armed guard at night.  </p><p>Then they have to consider, will it be 100 percent arming, or is there going to be a mix of armed and unarmed personnel? And then, to break that down even further, what level of arming are we going to do—are we going to have it restricted to supervisors and managers only, or all officers?  </p><p>We also have to talk about the financial impact of screening, hiring, and retaining the employees; also training and equipping them. There’s the factor of law enforcement response time. All of these issues should play into that initial needs assessment. </p><p><strong>Q. What types of businesses typically arm their guards?  </strong></p><p><strong>A. </strong>The gaming industry historically has a lot of armed people, but it’s not universal. Sometimes you’ll get convenience stores and other properties where there’s a lot of public traffic coming through. Some of the utilities, depending on what they are and what they are protecting, have armed guards. </p><p><strong>Q. How about hospitals?  </strong></p><p><strong>A.</strong> A lot of them don’t want to have firearms. They really don’t want to be in the shooting business, if you will. However, nobody goes to the hospital happy. There’s a lot of anxiety no matter what. So if you’re going there as a patient you have anxiety, if you’re there because a loved one or a friend is ill or injured you have some anxiety, and then you have people with various maladies and mental disorders—all of which can make any property challenging.  </p><p>On top of that, there’s also the availability of drugs. And [thieves] know that the drugs are locked and secured, but they also know if they stick a weapon in somebody’s face, that person is more likely to comply with a request to open that cabinet.  </p><p><strong>Q: Besides firearms, what are the common types of force used by security guards? What are the potential drawbacks? </strong></p><p><strong>A. </strong>One of the things we look at is what options do you have on the continuum of force? Pepper spray is pretty widely used, though there can be some insurance issues because—while the use of it isn’t as severe as a firearm—it’s used more frequently. And it’s messy. It does subject people in the area to cross contamination and overspray, so other people may get a whiff of it, and that can result in some insurance claims. So you have that frequency versus severity calculation that the insurance companies all run, and that can sometimes impact your premiums. </p><p>Batons are actually difficult. They require a higher level of training, and what happens is people tend to go “medieval” with the stick. And the minute something happens, guards can forget all of their training, and it just becomes a club. And that’s problematic—the probability of injury is great with the baton. </p><p><strong>Q. Are handcuffs considered “force”? </strong></p><p><strong>A. </strong>Handcuffs are another option. They are not truly a weapon, and there’s a large training issue with using them. The adage of “slap on the cuffs” is a really bad way to put it. If you don’t place them on properly, and you were to come from a distance and slap them on someone, it’s like taking a steel rod and hitting yourself on the bones of your wrists. Your reaction is going to be to pull away, which we generally call resisting. So just by the method that we’re using to apply the handcuffs, a compliant person can suddenly appear noncompliant.  </p><p>In my classes, I have all the students handcuff each other after lunch. I leave them all handcuffed, and then I have them sit down and I lecture for about half an hour, so that they can understand what happens as they are sitting there handcuffed.  </p><p>And what happens is that, as you move around just a little bit, sometimes the handcuffs’ oval shape and the wrist’s oval shape don’t match up anymore, and it hurts badly. They say, “it’s too tight,” and you just take <span style="line-height:1.5em;">a couple of fingers and readjust the cuffs around the wrist. So cuffs are a little bit more complicated in their minor nuisances, but training makes </span><span style="line-height:1.5em;">a huge difference.  </span></p><p><strong>Q: Tasers seem to also be a popular choice for nonlethal force, though they come with their own set of challenges as well. What are the pros and cons of these devices? </strong></p><p><strong>A. </strong>When Taser first came out it was an alternative to deadly force. If you were in a situation where you were justified in using deadly force, you could use this nondeadly device and hopefully rectify the situation with that.  </p><p>I was actually on Taser’s initial advisory board when the company started branching out more into the security industry. Tasers are a wonderful device, and again you’ve got a higher training level. It’s not the fix-all that many people would like to believe it is. In law enforcement generally you have multiple officers available when deploying the Taser, at least in a perfect world. And usually those other officers have higher levels of force, like a firearm, for backup. So if a Taser doesn’t work and they have to escalate force, they can do so.  </p><p>But what I’ve found is that the use of Tasers [with guards] were tenfold to that of firearms, because there’s the perception that it’s “okay” to tase people. So there has to be a lot of training and judgment in use of force and appropriateness so that we don’t overuse these devices just because they are nonlethal. </p><p><strong>Q. What other topics do you cover in your training?  </strong></p><p><strong>A. </strong>We have to go through the basics of criminal and civil law, as well as criminal procedure. We have to touch on some risk management concepts. Security officers need to understand certain things–they are not the police. For law enforcement, their goal is to make arrests and address crime. Security’s responsibility is to keep their property reasonably safe. If a threat actor has departed the property, unlike law enforcement, guards don’t give chase, they need to turn that over to the police. And a lot of them don’t understand that. They have that mentality of, “well something happened and I have to chase them down and get them.”  </p><p>I always ask, are there any misdemeanor crimes where you’d be justified in shooting somebody? I can spend up to an hour on that question. The answer is no. That’s the reason they are misdemeanors, they are lesser crimes. So a punch in the nose is a misdemeanor. Are you going to shoot someone because they punched you in the nose? You shouldn’t—and if you do, you’re going to have problems. Now if they are beating you to death, that changes the situation. You’re now in justified fear of your life.  </p><p>It’s a split-second decision with a firearm, and if you’re wrong, it can be catastrophic to the officer, whoever the other person is, and to the organization.   </p>
https://sm.asisonline.org/Pages/The-Usual-Suspects.aspxThe Usual SuspectsGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>Whether large or small, from two to 431,000 employees, companies were similarly victimized, according to data patterns revealed in a new study. </p><p>As part of a larger study that focused on the creation of typologies and criminological perspectives related to trade secret theft, the authors of this article analyzed all 102 successful U.S. trade secret theft prosecutions from 1996 to 2014 using FBI and U.S. Department of Justice press releases, indictments, docket information, and other data related to the types of organizations that were victimized. </p><p>Trade secrets discussed in these cases are not public or published like copyrighted and patented materials. Instead, they are protected by the organization through the privilege of nondisclosure. This designation leaves the trade secrets protected in perpetuity—unlike patents and copyrights, which have limitations on the number of years they are safeguarded from use by competitors. </p><p>The theft of this type of protected information is illegal under the Economic Espionage Act (EEA) of 1996. It is considered a form of economic espionage or “larcenous learning,” because secrets are targeted and stolen from the rightful owner by individuals, rival companies, and even foreign countries through economic-espionage related activities.  </p><p>And trade secret theft is not a rare occurrence. American businesses owned an estimated $5 trillion worth of trade secrets in 2014, and approximately $300 billion was stolen per year, according to a statement made by Randall C. Coleman, assistant director of the FBI’s Counterintelligence Division, in a hearing before Congress.  </p><p>The authors’ analysis of these cases provides insight into the most common types of trade secret and economic espionage activities, as well as the prevalent characteristics of offenders. ​</p><h4>Who is Vulnerable? </h4><p>All companies, regardless of size and type, are vulnerable to trade secret theft. The majority of companies that were victimized were large (employing more than 1,000 employees), and many were easily recognized Fortune 500 companies.  </p><p>Organizations in the manufacturing sector were most likely to be victimized (64.6 percent), followed by service industries (19.2 percent), when examining sectors using their Standard Industrial Classification Codes. ​</p><h4>What is Stolen and How? </h4><p>The authors’ review of EEA cases showed that anything of actual or potential value—including current, future, or intrinsic—can be stolen or compromised when it comes to trade secret theft.  </p><p>This includes source code, photographs and images of machinery, proprietary software programs, sales order forecasts, customer and client lists, billing information, subscription lists, research data, and project data, to name a few examples. </p><p>While a common assumption may be that trade secret theft involves some degree of sophistication, the study suggests otherwise.  </p><p>For instance, a bartender who worked in the corporate dining room of MasterCard’s headquarters in Purchase, New York, stole reams of confidential material from the dining room and surrounding areas—including CD-ROMS and binders—that he offered to sell to Visa.  </p><p>Visa, however, reported him to the FBI, which set up a sting operation to negotiate the purchase of the materials. </p><p>In another case, Chinese nationals simply walked into corn production fields owned by Monsanto, DuPont, Pioneer, and LG Seeds, and stole bioengineered seeds after claiming they worked for the University of Iowa. </p><p>Trade secret theft episodes are not always long-term events. In fact, some  <span style="line-height:1.5em;">are short-term, opportunistic, one-</span><span style="line-height:1.5em;">time events.  </span></p><p>One example of this is when two engineers for Wyko Tire Technology—a company that supplied Goodyear parts for its tire assembly machines—were left unescorted in a Goodyear factory. They used the opportunity to take cell phone photos of proprietary machinery at the factory, despite being told not to. A Wyko IT manager later discovered the photos on one of the engineer’s e-mails and forwarded the message to Goodyear. ​</p><h4>Who’s the Thief? </h4><p>There is no one-size-fits-all profile for those who commit trade secret theft, according to the authors’ study. Even though the majority of cases involved insider threats, advanced analysis found no discernable offender profile.  </p><p>Additionally, the authors’ review showed that offenders were not distinguished by citizenship, age, gender, or employment status.  </p><p>However, some generalizations can be made about trade secret thefts and offenders. Any type of trade secret can be stolen, most thefts are simple, males commit trade secret theft more than females, and most thefts are committed by lone offenders. Citizens—not foreigners—commit most trade secret theft. </p><p>Insider threats. The majority of suspects in EEA cases were insider threats (83.3 percent). In most cases, the insider had legitimate access to trade secrets through the course of his or her daily work.  </p><p>These insiders were often in a position of trust, such as network administrators, executive secretaries, computer programmers, engineers, computer specialists, vice presidents, former owners, and IT directors. </p><p>Among these insider threats, most were still employees of the company (71.8 percent) when they were indicted. Next most prevalent were former employees, who committed the theft while still employed but who were detected post-employment (22.4 percent).  </p><p>The least likely insider threat was an invitee of the company (5.9 percent). This group included contract employees or subcontractors who had legitimate access to the company.  </p><p>The study also found that most insider threats are citizens and lone offenders. The majority of offenders were U.S. citizens (64.6 percent) and were U.S. born (53 percent), males (56 percent), and in their 40s. The majority of the internal threats were also lone assailants (67.5 percent). </p><p>This could be because in many trade secret theft cases, the employee leaving the organization used stolen trade secret–related information for professional gain. </p><p>In 2013, Ketankumar Maniar quit his job at a company that made disposable syringes. Prior to his resignation, however, he downloaded trade secret files onto his work laptop.  </p><p>Through an internal investigation, the company discovered that Maniar had downloaded these files. It contacted the authorities, and FBI agents later caught Maniar in a hotel room as he was preparing to leave for India. While FBI agents searched the room, Maniar admitted that he planned to use the trade secrets for future employment opportunities in India. </p><p>In another case, Xiang Dong Yu—an employee of 10 years with Ford Motor Company—quit to take a new position with Beijing Automotive. He was arrested by the FBI when he flew back to the United States and agents found at least 41 Ford design specifications on his Beijing Automotive–issued laptop. </p><p>If not seeking new employment opportunities, however, internal threats often created their own consulting or start-up companies, the study found. Such was the case with Yu Qin, a vice president of engineering and research and development at Controlled Power Company (CPC) who also had his own company for five years, unbeknownst to his employer. </p><p>In this case, Qin and his wife (a former employee of CPC and General Motors) were stealing trade secrets from both CPC and General Motors. Their thefts were discovered when CPC employees found a hard drive, which contained 16,000 confidential files <span style="line-height:1.5em;">that belonged to General Motors. </span></p><p>CPC management then sent the files to General Motors, which determined that Qin’s wife had stolen the electronic documents before her voluntary resignation. CPC then realized that Qin had also used trade secrets from CPC for his own consulting company. </p><p>While trade secret theft can help individuals achieve professional gain, personal financial gain should not be discounted. Trade secret theft is also committed by current or existing employees, who in most cases are motivated by financial gain or revenge.  </p><p>For instance, Yuan Li—who was employed by Sanofi—held a 50 percent partnership in Abby Pharmaceuticals. Sanofi was unaware of this fact.  </p><p>Li accessed an internal Sanofi database and downloaded information about Sanofi chemical compounds onto her Sanofi-issued laptop computer. She then transferred the information to her personal home computer by either e-mailing it to her personal e-mail address or by using a USB thumb drive. Li later made the Sanofi trade secrets available for sale on Abby’s website. </p><p>External threats. While the majority of trade secret theft cases involved internal threats, security professionals should not discount the external threat. External threats, those individuals who have no legitimate access to the company or to secret information, accounted for 16 of the prosecutions analyzed in the study. </p><p>The review of cases showed that these external threats included persons who were classified as true spies (38.9 percent) or employees from a rival company (23.5 percent). Other external threats included friends or relatives of current or former employees (29.4 percent) who exploited their friend or relative’s status as an employee to access and steal trade secrets. </p><p>The majority of these external offenders were also U.S. citizens (52.9 percent), U.S. born (100 percent), and males who were in their 40s. In cases where the number of suspects could be determined, lone assailants were the most common (48.7 percent), followed by pairs of suspects (31.3 percent). However, a few crimes included groups of conspirators. </p><p>For example, former Business Engine Software Corporation (BES) Chief Technology Officer Robert McKimmey from Business Engine Software Corporation conspired with other executives to illegally access competitor Niku’s computer network. McKimmey gained system administrator privileges at Niku and used the passwords from 15 different employees to download more than 1,000 files over a 10-month period ending in 2002. </p><p>The FBI investigated the intrusion, and McKimmey and the other executives later pleaded guilty to conspiracy to misappropriate trade secrets and interstate transportation of stolen property. ​</p><h4>How Were They Caught? </h4><p>The actual means of detection was difficult to determine because a majority of cases did not disclose the specific measures used, the authors’ study found. The information that does exist, however, shows that many incidents were discovered by monitoring the computer use of employees. More interestingly, companies and their employees reported trade secret thefts perpetrated on rivals and competitors. </p><p>For instance, a former Lockheed Martin employee was hired by Boeing. Later, a Boeing employee discovered that the former Lockheed Martin employee had classified Lockheed Martin documents in his workstation and immediately notified his supervisor.  </p><p>This led to an internal investigation, and Lockheed Martin and the U.S. Air Force were notified. A subsequent investigation by the FBI revealed that the employee had stolen 25,000 pages of documents from Boeing. </p><p>In another case, a former DuPont employee was seeking technical assistance from current and retired company employees. Several of these solicited employees contacted DuPont’s management because the information the former employee sought was proprietary. DuPont officials then relayed their concerns to the FBI. </p><p>The authors’ study confirmed that, due to the limited number of trade secret indictments and prosecutions, many thefts go undetected by organizations and law enforcement entities. Based on this finding, organizations should develop proactive means to deter and detect such crimes.  </p><p>Security professionals must be prepared to protect their trade secrets from individuals who have no identifiable profit. They should adopt a comprehensive and strategic approach toward protecting trade secrets because all companies—large and small—are vulnerable to trade secret theft.   </p><p>-- </p><p><em>Brian R. Johnson, Ph.D., is a professor in the School of Criminal Justice at Grand Valley State University in Allendale, Michigan, and specializes in private security and law enforcement. Christopher A. Kierkus, Ph.D., is an associate professor in the School of Criminal Justice at Grand Valley State University and specializes in research methods and criminology. Patrick M. Gerkin, Ph.D., is an associate professor in the School of Criminal Justice at Grand Valley State University and specializes in criminology, ethics, and restorative justice.  </em></p>
https://sm.asisonline.org/Pages/App-Tracking.aspxApp TrackingGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​<span style="line-height:1.5em;">Saint Louis University, founded in 1818, was the first university established west of the Mississippi River. When deciding where to build the institution, the scouting crew was essentially in the Wild West as it surveyed the uninhabited land.</span></p><p>Surveying of a different sort is now used by the university to help staff keep track of the institution’s assets. Security benefits from such surveys as well, says Edward Pfeiffer, assistant director of administration at the university’s Department of Public Safety and Emergency Preparedness.</p><p>The campus is spread over three square miles in downtown St. Louis, with about 85 buildings concentrated in the immediate vicinity. Given this large footprint, Pfeiffer says that it is critical to keep track of security systems throughout the many buildings on campus. “We’re right in the middle of the city—we’re an urban campus,” he says. The Department of Public Safety has a force of about 80 private security officers who patrol the campus around the clock.</p><p>When he first started working at the university more than two and a half years ago, Pfeiffer says that wrapping his head around the access control, fire alarm, and other security systems on campus was overwhelming. “Some doors have card access on them, some have cameras, some don’t,” he notes. “Some are just key locks, and some doors have burglar alarm systems on them.” In addition, the university has nearly 1,000 cameras installed throughout the campus.</p><p>Pfeiffer wanted a way to be able to keep track of the many security assets on campus in a visual way that mapped the location of each. And while there are existing layouts of the university’s floor plans, none of them has an efficient display of information to be accessed quickly in the event of an emergency. “Some of them have too much information, some don’t have enough information,” he says. “But none of our diagrams have all of the stuff I want to show law enforcement or a first responder who would need to get into the building—or for that matter, even our own officers.”</p><p>Sending such information to law enforcement could be critical in an active shooter scenario, for example, so first responders know which doors have what type of access control, and where cameras are located.</p><p>Knowing there was a marketplace for app-based solutions to keep track of security assets, Pfeiffer did a simple search online and came across System Surveyor. The next day he contacted Mike Intag, director of business development at the company, and got the app set up for the university.</p><p>System Surveyor is an app designed for the Apple iPad. The company is working on versions for Microsoft Surface and Android tablets, which will be rolled out in the near future, according to Intag. The app allows users to import drawings and digital documents of floor plans and building layouts. From there, they can customize the diagrams with any assets and information they want. Icons that can be dragged and dropped onto the floor plan are available for doors, cameras, access control system types, and more.</p><p>“You want to bring in a camera, you just put your finger on it, drag and drop it, and it’s there. You can quickly identify what [access control] is on each door,” says Pfeiffer.</p><p>When a user taps on an icon, they get an additional list of features they can assign to that equipment. For example, they can say whether a camera is pan-tilt-zoom or fixed. Pfeiffer notes he can take a picture and add it to the camera’s notes as well, showing the field of view that the camera sees. “Obviously it’s not a live picture but it shows addresses, so I know exactly where that camera is pointed,” he adds.</p><p>System Surveyor is still working on rolling out more features for the app that customers can add to the layouts, such as security systems and fire alarms. For now, users can make custom annotations, which Pfeiffer uses to mark where such systems are for the university.</p><p>The layout can be stored locally on the tablet device or in a cloud portal available from System Surveyor. Saint Louis University uses both local and cloud storage for its saved plans. Pfeiffer says he also likes the ease of printing out and sharing documents electronically as PDFs. He has the option to filter out certain information before sharing the plans, including where security systems are located.</p><p>Although there have not been any incidents requiring Pfeiffer to send the plans to first responders, he notes that an active shooter situation is a scenario he wants to be as prepared for as possible. “It’s a threat more real than I want to dream about,” he says.</p><p>Pfeiffer notes that the app is also use­ful when developing plans for new construction, because he can show vendors what he is looking for by dragging and dropping the appropriate icons.</p><p>Multiple users can be added as administrators to the System Surveyor account, though Pfeiffer has not taken advantage of that option yet, because he only has a two-person security team.</p><p>Reports can e​ven be as detailed as listing all relevant information for each piece of equipment. “If you want, you can get a report that keeps track of the part number, what day it was bought, who installed it, serial numbers, passwords,” he says. “A whole litany of in­for­mation is available on that report if you want to get that involved.”  ​ ​</p>
https://sm.asisonline.org/Pages/A-Strategic-Response.aspxA Strategic ResponseGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>There’s a disconnect when it comes to emergency disaster response, experts say. On one hand, factors such as society’s increasing reliance on technology, the effect of environmental changes like rising sea levels, and the way globalization connects disparate regions of the world have made dealing with 21st century disasters and their widening effects a more complicated task. </p><p>“What this all adds up to is complexity,” says Admiral Thad Allen, a former commandant of the U.S. Coast Guard who directed the federal response to Hurricane Katrina in 2005.    </p><p>On the other hand, the U.S. government’s response to this increasing complexity is mired in an outdated paradigm. The approach implicit in the country’s primary federal disaster response law, the Stafford Disaster Relief and Emergency Assistance Act, is to restore affected sites to preloss condition. But in many cases, such as in coastal areas where advancing water table levels indicate that future floods are likely, this approach is shortsighted. </p><p>“We put it back the way it was, not the way it should be,” says Brad Kieserman, vice president of disaster operations and logistics with the American Red Cross and a former official with the Federal Emergency Management Agency (FEMA). </p><p>The government’s approach to the funding component of recovery is also problematic, Kieserman adds. In general, funding is not capped, and this leads to a kind of feeding frenzy when disaster hits. Kieserman recalls his days at FEMA when fiscally conservative members of Congress, who were often critical of how much money was being spent through the Stafford Act, would do an ideological about-face when their area was hit with a disaster. “They were absolutely appalled we weren’t spending more money in their state,” he says. “It is sporadic self-interest.”  </p><p>What might resolve this disconnect in the future, and make disaster response more suited to the complexity of disasters and their effects? That was the subject of a recent seminar, Expert Voices III: Improving Disaster Recovery Services, held at the National Press Club in Washington, D.C. Participants like Allen, Kieserman, and other experts offered best practices for improving emergency management and disaster response.    </p><p>Taking the broad view, Kieserman said that government needs to shift away from its current process of managing disaster response in a “highly prescriptive, high-risk-averse, high-transaction-cost” fashion. “We need to change the law, and the funding stream, to recognize that recovery is the future, not the past,” he said.  </p><p>That will require rethinking emergency funding so that it becomes less a method for restoring preloss condition, and more a way to strategically protect assets from future emergencies, he added. “Fundamentally, I think we need to look at federal disaster dollars in particular as investments as opposed to the way we look at it right now—as this revolving door funding stream,” Kieserman explained.   </p><p>And funding is the not the only thing that needs to be changed, Allen said. Emergency response in general needs to be more strategic, so that complicated disaster events can be better managed. “We’re going to have to learn how to confront complexity as a risk aggregator. Start breaking it down into component parts, and learning how to deal with it in an operational and tactical sense. That’s going to require us to think differently,” he said.  </p><p>A more strategic approach will also require more thoughtful preparation before events happen, according to Mike Isman, vice president of strategic consulting and analytics for Booz Allen Hamilton. Too often, emergency response drills become exercises in which complacent participants go through the motions and carry out rote procedures, he said. </p><p>“There’s this attitude of, ‘We ran a successful exercise, because nothing went wrong.’ But that’s not a successful exercise. A successful exercise is, ‘We hit a snag, and we’ve now figured something out from that snag on how to do something different,’” Isman says. “…You need to fail in benevolent environments, where you’re doing your exercise, so you can actually learn from it. So when the real things happen, you’re actually much smoother in what you’re doing.” </p><p>Once an exercise does identify snags, follow-through is crucial, said Mark Misczak, recovery director with Hagerty Consulting. For example, a year before Hurricane Katrina hit, officials conducted a weeklong hurricane response simulation for a fictional “Hurricane Pam.” The exercise gave officials an idea of the scale of response capability needed in case of a catastrophic storm. “Unfortunately, there was little or no follow-up after the exercise to see if the capabilities existed,” Misczak said.  </p><p>And strategic preparation also includes better damage assessments—a process that should start before events occur, experts say. A jurisdiction’s annual budgeting process can include valuations of assets that may be vulnerable to disasters, so planners have a better idea of the range of potential losses. “We need a prescriptive assessment of damage, and the consequences of damage, not a windshield drive-by after an event occurs,” Kieserman said. This prescriptive method would enforce the link between disaster relief funding and a jurisdiction’s annual budget process, which would make for more efficient relief allocations. “We need a unified budgeting and funding approach to disaster operations,” he said. “And folks, it’s not that hard. It really isn’t.”  </p><p>Finally, better practice of the predictive sciences is a key component of the strategic preparation process—and that is something that the government is actively trying to improve, Allen said. Besides the existing federal hurricane center in Florida, tornado center in Oklahoma, and space weather center in Colorado, the government recently opened a national water center in Alabama. “They will try to become as good at predicting river rises as they are with hurricane landfalls,” Allen said.  </p><p>To illustrate predictive importance, Allen cited the responses to the flooding in South Carolina in 2015 and Missouri earlier this year. Both responses would have been stronger with better flood forecasts, he said. “Those were near misses in our ability to understand what was going on and to be able to react in time,” he explained.  </p><p>Technology can also be used more strategically, in innovative ways, to improve  emergency response. Misczak offered the example of Lidar surveying technology that measures distances by illuminating targets with radar. In damage assessments, that technology can be used in a flyover to measure damage such as sand erosion from beaches, or tree and canopy loss, instead of manually going beach to beach or tree to tree. This saves money and manpower, he said.  </p><p>And damage is not the only thing that needs to be measured—the economic recovery of the community itself needs better measurement after a disaster, Kieserman said. “The speed of the restoration of the tax base is directly proportional to the speed of the recovery. Few people pay attention to that data point, but it is ‘the’ data point,” he explained. But that data point is often hard to measure in an easily understood way, without getting lost in a sea of statistics. “Most of us are visual people, so that big data kind of paralyzes us,” he added.  </p><p>And the economic recovery process itself also takes strategic planning, even in the smaller details. Allen illustrated with a story from the Katrina response he called the “Waffle House Conundrum.” In the wake of the storm, officials were pleased to see that a Waffle House had reopened. But when they visited the restaurant, the owner told them that no one was coming, because everyone was eating at the feeding stations that were set up by the responders for local residents.   </p><p>“So we had to wean the people off the feeding stations–the food was really good there, by the way; I was eating there too—and say ‘OK, now you have to go to the Waffle House,’” Allen said. “And then all of a sudden this starts to regenerate [the economy].” </p>
https://sm.asisonline.org/Pages/Insights-on-Asia.aspxInsights on AsiaGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​<span style="line-height:1.5em;">When a major casino operator in Macau was six weeks out from opening a second phase of its resort development, senior management realized that the in-house security design had not been subject to third-party review or validation. Arup’s Hong Kong–based Resilience, Security, and Risk practice was asked to carry out a sitewide assessment, identify significant vulnerabilities and resulting risk levels, and manage the implementation of the necessary solutions in the short time remaining before opening. </span></p><p>The Macau casino project burgeoned into something bigger than originally intended. Arup’s initial review identified a number of operational practices that had been acquired over time and were obstructing the effective implementation of security. The team was tasked to address these, and to review policies and procedures. The project was then phased, initially focusing on critical measures required to be put in place for the opening. A follow-up phase closed out the second-tier items. The fast-track nature of the assessment posed a major challenge to a small team. Some team members reported to the site for a single area assessment and left 48 hours later, having slept on the property.  </p><p>In the end, opening day was incident-free. This was due, in part to the successful collaboration in operational planning for crowd management and incident response at the opening day events, and the involvement of Arup’s traffic team, which modeled crowd movements. </p><p>Founded in 1946 as a civil and structural engineering firm, Arup came to international prominence with its design of the Sydney Opera House, which opened in 1973. Arup currently has more than 10,000 employees and has added some 25 more disciplines to its repertoire, including all the major engineering specializations, as well as planning, transport, environmental, security, and risk consulting </p><p>Though Arup’s Resilience, Security, and Risk practice for East Asia is headquartered in Hong Kong; team members are also located in London, Singapore, Australia, and the United States. The Hong Kong group comprises 10 staff members who specialize in risk, security planning, and design. The team tackles everything from the initial risk assessment to intelligence, threat vulnerability studies, and natural hazards risk assessments. Through integration with specialists in other disciplines, and in other regions, it is able to conduct detailed analysis and modeling for specific risks such as explosions and earthquakes. </p><p>The team’s geographical range runs from India to Japan, working primarily on complex projects for major corporations. While some projects have more of a traditional security design focus, many require innovation. Some are new builds and some are major refurbishments or retrofits, and jobs range in duration from a few weeks to many years. </p><p>Because Arup is independent—not affiliated with any products or services—its advice is free of vendor bias. This allows the company to more easily spot overarching trends. Following is a discussion of emerging markets and security trends the group has witnessed in Asia.   ​</p><h4>Airports </h4><p>Arup has consulted for more than 100 airports within the last five years—ranging from some of the world’s largest international hubs to smaller regional airports. The company has identified several aviation security trends surrounding compliance, technology, expansion, and customer service. </p><p>Compliance. In the Asia-Pacific region, aviation is a growth market. This growth is driven from a national level as governments see the value of hosting international airports. Along with the airports comes an increasing awareness of the value of international security compliance standards.  </p><p>Work with individual airports is designed to determine how many of the domestic and international standards are going to affect a particular aviation operation. In airports with large hub capacity that are focusing on hosting international flights, becoming fully compliant with international regulations is imperative. </p><p>However, compliance with security regulations can help an airport of any size become a true competitor. For example, in Hong Kong there is no requirement for screening of U.S.-bound cargo because it is coming from a known and trusted airport that meets international screening regulations. However, airports in mainland China do not meet these regulations, meaning that U.S.-bound cargo must be thoroughly screened. This gives Hong Kong an advantage. Were airports in mainland China to gain that advantage by complying with tougher standards, they would be elevated and Hong Kong would no longer have an advantage. </p><p>These regulations apply to both the passenger and cargo sides of the operation. Currently, the European Union and the U.S. Transportation Security Administration issue regulations for passenger screening, and the U.S. Department of Homeland Security issues regulations for screening of cargo. </p><p>Another challenge is to keep an eye on the future of airport security policy. This policy analysis then drives what happens on the ground in terms of recommendations to clients. This is critical to maintain flexibility for the airport’s future security needs. For example, the sheer size of security equipment, both current and future, must be factored in to design specifications. </p><p>Technology. Another development in aviation security is the increasing awareness of technology and how essential it is in meeting requirements and combating threats. In this arena, airports must predict where the industry is moving and the implications of this for their operations. </p><p>For example, security practitioners in Asia are now debating the merits of metal detectors versus full-body scanning. Arup counsels that body scanners are the future, but there is still resistance from aviation security professionals, especially in India, due to cultural concerns around privacy. </p><p>Security influences the structure of the airport itself, and assessments frequently find that changes need to be made to load-bearing capacity and ceiling heights to accommodate the newer screening equipment, which is typically heavier and taller. </p><p>One client that is developing multiple airport facilities—some international and some with ambitions of being international—had questions about capacity. They wanted to know the maximum volume of passengers and cargo that could be pushed through the new spaces. Airport operators had to be refocused on basic security needs, analyzing airport perimeter protection before turning to passengers, baggage, and cargo. These basic security assessments are a necessary precursor to design solutions, because the most technologically advanced terminals in the world are vulnerable without adequate perimeter security. </p><p>Expansion. In addition to building new airports, there is a strong trend in the Asia-Pacific region to expand, upgrade, and enhance existing facilities. The challenge for airport owners and operators is to balance space de­mands among security requirements and other uses that are seen as commercial income generators. </p><p>With expansions, most of the work is done at the design level because the physical space is already established. In these cases, research on future trends is conducted from an operational perspective, applying benchmarking and best practices. </p><p>An example of this is check-in baggage screening. A standard system can always be designed to meet current needs, but security requirements are constantly changing with a lead time of up to nine years. With this knowledge of where the industry is going, designs can reserve space for specific types of technology. </p><p>Customer service. As airlines and airports in Asia introduce changes to enhance the passenger experience, the challenge for security is to ensure effective screening while keeping intrusion and disruption to a minimum. </p><p>To do this, operators are urged to promote security as a selling point. While airports such as Amsterdam and London Gatwick have embraced this philosophy, selling that message in a positive way in the Asian market has been a challenge. The airports that have employed this approach have totally revamped the passenger security experience, making it more pleasant and less stressful. </p><p>Some airports in Asia also try to benchmark their security against insurance. If airports have a quality security plan, they can negotiate an insurance discount. This is still quite a new concept for some airports, so more education is needed to demonstrate to airports that their up-front investment in security can yield rewards through lower insurance premiums. ​</p><h4>Casinos </h4><p>Casinos in Asia are technologically advanced but challenging environments that require large surveillance operations. Examples of this can be found on the island city of Macau—a gambling attraction known as the “Las Vegas of Asia.”  </p><p>For casinos, a detailed security plan is critical. For example, one casino client provided little input, asking for a standard layout. Once the casino opened, it was obvious that the cameras were in the wrong places, and significant changes to the camera configurations were needed. Like any other complex operation, casinos are urged to make decisions early and test them thoroughly.  </p><p>This is the approach for a new building project, Wynn Palace Macau. One of the most revolutionary facilities in Asia, Wynn has more than 7,000 cameras and thousands of access-controlled doors. The casino has exacting requirements for camera coverage of gaming tables—sometimes requiring multiple angles on the same location—and this can compound the security challenge. Each gaming table requires a different configuration to accommodate the rules of the game, and Wynn has hundreds of tables. </p><p>In addition, the level of detailed design required can also be extremely challenging. Wynn has exacting design standards for architectural finishes, which must be considered in the camera layouts. These also extend to the landscaping, where integration of the cameras into the luminaires was initially considered before a bespoke camera-mounting structure was eventually devised. </p><p>Casino operations go beyond gaming, and casino security goes beyond surveillance. Such operations face the usual challenges of access control associated with the hospitality environment—some casino properties integrate up to five independent five-star hotels within the development. In addition, the security plan must account for the movement of thousands of employees with different jobs, all with different access rights. With staff drawn from all over the region and comprising dozens of nationalities, there are challenges for communication, training, and the creation of a security culture. ​</p><h4>Master Planning Districts </h4><p>With burgeoning growth in recent years, city master planning has come to the fore as a design discipline. In Malaysia, Kuala Lumpur’s International Financial District (KLIFD) is intended to create a new financial services hub, clustering private sector tenants, key regulators, and high-end residential, as well as hospitality and commercial elements. The district is built around a landscaped area that uses crime prevention through environmental design (CPTED) principles. </p><p>The focus is on framing a security master plan to be adopted by successive project teams because KLIFD is being developed over an extended period of time. Instead of a single concept design for translation into construction, the project is focused on a philosophy of security, which, with some fixed elements, could be applied and interpreted by successive design teams, possibly from different commercial entities. The layout of major spaces such as standoff from public roads, the design of the shared utility tunnels, and security command, control, and communications infrastructure was set at an early stage. Security design for individual structures has been left to various design teams working under a set of guidelines for each of the different categories of space in the project. </p><p>In China, owners of the tallest tower in Beijing, located in the central business district, wanted an evacuation plan. The building covers an entire city block and holds more than 20,000 people. As part of the plan, the building is now linked to a districtwide management system that will notify building managers of any emergency that takes place in the district, such as a bomb scare in another building. </p><p>Another large planning project is the Macau Zhuhai Bridge. When completed, the bridge will connect the island of Macau to Hong Kong at a border-crossing facility adjacent to the airport. The plan for the project, which is a major Pearl River Delta infrastructure initiative, envisages commercial development in the border-crossing area and requires detailed coordination with the CIQP (customs, immigration, health services, and police) agencies who will service this new land border to China. </p><p>Some of the same issues were also addressed in security planning for Hong Kong’s new high-speed rail connection to Guangzhou, China’s “southern capital” and third-largest city. Another major infrastructure project, this has seen close collaborative work with the same CIQP agencies and the railway operator, detailed risk assessments for individual structures, and a resilience review for the main Hong Kong terminus. </p><h4>Data Centers </h4><p>Hong Kong has positioned itself as a regional data center hub, with government support and heavy investment from financial services and telecom providers. Typical security needs for data centers include threat, vulnerability, and risk assessments; concept and detailed design for physical and electronic security equipment and systems; and construction and installation supervision.  </p><p>Data center operators focus on availability, while end users are typically more concerned with the confidentiality and integrity of data and applications. This—and the fact that operators sometimes include nondata functions, such as employee break areas, in the design—means that security must provide for multiple levels of access, auditable controls for restricted spaces, and both monitoring and confidentiality for other areas. </p><p>Minimum perimeter screening is mandated, but where the screening takes place—at the main site entrance or in the lobby—is at the discretion of the facility owner. While some degree of vehicle screening is common, screening people in commercial buildings is still relatively unusual in many parts of Asia. </p><p>Other data center clients have specific concerns, ranging from blast effects and mitigation to whole-facility risk from fire, flooding, and systems failure, as well as security risk. </p><p>One common feature of all projects is that they all start at the strategic level, and security strives to be involved early in the project. If a company plans a security screening area poorly, for example, it is difficult and expensive to redesign it later. </p><p>Putting a proper operation and maintenance plan is place is also critical. Major international clients have seen sophisticated solutions fall apart because they are not maintained. In Shanghai, for example, two new buildings were erected with state-of-the-art security systems. However, the systems were not maintained and had to be replaced five years later.  </p><p>As economies in Asia continue to grow, security will continue to be a factor in building projects. Risks will also evolve, requiring that security practitioners stay current on the latest trends and how they fit into the various cultures in the region.  </p><p>​-- </p><p><em><strong>Damian Ryan </strong>leads Arup’s security consulting practice in East Asia from the company’s Hong Kong office. A former Hong Kong police officer, Ryan has 30 years’ experience in public and private-</em><span style="line-height:1.5em;"><em>sector security planning in the region. He is a member of ASIS International. Mark Turner, with the Hong Kong office of Arup, also contributed to this article.   ​</em></span></p>

 UPCOMING EVENTS AND EDUCATION