https://sm.asisonline.org/Pages/Rise-of-the-IoT-Botnets.aspxGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Rise of the IoT Botnets0

 

 

https://sm.asisonline.org/Pages/Radioactive-Remedies.aspxGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Radioactive Remedies

 

 

https://sm.asisonline.org/Pages/Running-on-Empty.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Running on Empty

 

 

https://sm.asisonline.org/Pages/The-Virtual-Lineup.aspxGP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465The Virtual Lineup

 

 

https://sm.asisonline.org/Pages/ASIS-News-February-2017.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Jack Lichtenstein Leaves ASIS, Offers Insights on Trump

 

 

https://sm.asisonline.org/Pages/Management-Trends.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Management Trends2016-09-01T04:00:00Z
https://sm.asisonline.org/Pages/Guarding-A-Floating-Treasure.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Guarding A Floating Treasure2016-09-01T04:00:00Z
https://sm.asisonline.org/Pages/Running-on-Empty.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Running on Empty2017-02-01T05:00:00Z
https://sm.asisonline.org/Pages/Surveillance-is-Instrumental.aspxGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Surveillance is Instrumental2017-02-01T05:00:00Z
https://sm.asisonline.org/Pages/ASIS-News-February-2017.aspxGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465Jack Lichtenstein Leaves ASIS, Offers Insights on Trump2017-02-01T05:00:00Z

Security Management

 Morning Security Brief

View RSS feed

 SM Weekly

Retrieving Data

 SM Daily

Retrieving Data
Not a Member? Join Now

 

 

https://sm.asisonline.org/Pages/Running-on-Empty.aspxRunning on EmptyGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​In this age of overload, with organizations trying to do more with less, employees buried in information, and devices that call for round-the-clock urgency, burnout is a malady ripe for our times. Burnout can strike even the most productive workers and the most consistent performers, as well as those who seem to have the greatest capacity for hard work, experts say. </p><p>One reason burnout is such a pernicious problem is that it does not have to be total for its effects to be devastating.</p><p>“Burnout tends to plateau rather than peak,” says Paula Davis-Laack, specialist in burnout prevention programs, founder and CEO of the Stress and Resilience Institute, and author of Addicted To Busy: Your Blueprint for Burnout Prevention. “Burnout exists on a continuum. You don’t have to be completely mentally broken down and barely able to get out of bed to feel major effects.”</p><p>In other words, employees suffering mid-level burnout may still be able to power through and complete an adequate amount of work by sheer force of will, but their partially depleted state greatly hinders their performance and productivity, and it keeps them from realizing their full potential. </p><p>“That can go on for months, or even years, depending on the person’s work ethic,” says management expert Brady Wilson, cofounder of Juice Inc. and author of Beyond Engagement and other business performance books. </p><p>In a field like security, workers can be especially vulnerable to burnout, given the continual pressure and stress that go into protecting people and assets, and the high stakes involved if a breach does occur. </p><p>“Constant job pressure, especially when some of the factors are out of your control like they are with security, is definitely one of the causes of burnout in employees,” says Carlos Morales, vice president of global sales, engineering, and operations at Arbor Networks, which specializes in network security. </p><p>The consequences of burnout are varied; in some cases, they involve serious health issues. Davis-Laack, who became a specialist in the field after burning out as a practicing attorney, says she experienced weekly panic attacks and a few stomachaches that were so painful they sent her to the emergency room. Coronary disease, depression, and alcohol abuse are other possible consequences. </p><p>For the employer, burnout can significantly compromise workplace quality, causing more absenteeism, turnover, accident risk, and cynicism, while lowering morale and commitment and reducing willingness among workers to help others.</p><p>Fortunately, in many cases burnout can either be avoided, with deft management and a supportive organization, or significantly alleviated using various strategic methods. But like most maladies, it must be understood before it can be properly addressed. ​</p><h4>Symptoms and Conditions</h4><p>Burnout occurs when the demands people face on the job outstrip the resources they possess to meet them. Psychologists who study burnout as a condition divide it into it three dimensions: exhaustion, depersonalization, and reduced personal accomplishment.</p><p>When the first aspect—exhaustion—hits, the employee may feel emotionally, physically, and cognitively depleted. This often spurs feelings of diminished powers; challenges that were formerly manageable can seem insurmountable. As Davis-Laack describes her own experience of this condition: “Every curveball seems like a crisis.”</p><p>When depersonalization occurs, an employee may start to feel alienated from his or her own job, and more cynical and resentful toward the organization. Work and its mission lose meaning; feelings of going-through-the-motions increase. Detached and numb, the employee tries to plow ahead. </p><p>Exhaustion and depersonalization often combine to produce the third component of reduced personal accomplishment. As Wilson explains, the depleted employee possesses considerably less “executive function,” or the ability to focus, self-regulate, connect the dots between ideas, strategize, analyze, execute smoothly, and follow through—all of which can be thought of as “the power tools of innovation.” </p><p>“Nuanced thinking and value-added thinking are the first to go when employees are exhausted,” he says. “Instead, they rely on duct-tape fixes, reactivity, firefighting. They don’t get to the root causes of problems and issues.” </p><p>The state of mind that burnout can elicit sometimes leads to self-blame, where the employee feels that he or she is professionally inadequate. But that is unfair, says Davis-Laack: “I don’t want individual workers to feel that it’s all their fault.” </p><p>The root causes of burnout, she explains, are usually a product of what employees bring to the table—work ethic, how closely they tie work to self-worth, their level of perfectionism—and how the organization itself functions, which can be an important factor. </p><p>Understanding key organizational conditions, experts say, will help managers maintain a culture that protects employees from burning out. One of these conditions involves what the organization chooses to reward. </p><p>Wilson explains this as follows. For many years, many organizations stressed the importance of keeping employees engaged. But the definition of engagement has shifted, so that many firms now define engaged workers as those with clear dedication and commitment, who come to work early and stay late. “What’s missing from this definition is passion, enthusiasm, verve, and spirit,” he says. </p><p>When engagement is so defined, increased effort, such as working more hours and taking on more projects, is rewarded. But simply increasing hours at the office does not produce high performance, Wilson says. </p><p>“We get our epiphanies in the shower—we don’t get them when we are determined and gritting our teeth around a board room table. It’s not effort that produces brilliance, it’s energy,” he explains. But sometimes, the more-rewards-for-more-work philosophy can function as an unintentional incentive to burn out.</p><p>The organization’s day-to-day working conditions are also a crucial here. Research has found that two factors can be deadly in sapping an employee’s resources, according to Davis-Laack. </p><p>One is role conflict and ambiguity, which can occur when employees are never clear on exactly what is expected of them, and on what part they should be playing in active projects. “That’s very wearing on people,” she says. </p><p>Another is unfairness, which is often related to office politics. This can include favoritism, failure to recognize contributions, being undermined, or dealing with the demands of never-satisfied supervisors.</p><p>Such stressful conditions push some employees into “gas guzzling” energy mode, because they require so much emotional effort just to cope with them, Wilson says. </p><p>“Substances generated by stress, such as cortisol and adrenaline, have a beautiful utilitarian use—to get us out of trouble, to keep us safe,” he explains. “But we are not as productive when we have a brain that is bathed in those things day in and day out.”  ​</p><h4>Detection</h4><p>Although it is vital for managers to strive to maintain a positive office culture, it’s also important to recognize that burnout can happen even in the healthiest of environments. Given this, Morales encourages attempts at early detection.  </p><p>“As a manager or executive, it is important to first note the factors that tend to cause burnout even before employees begin to show signs,” he says. “This gives you the opportunity to address issues proactively with employees.” </p><p>These factors, he explains, include a very travel-heavy schedule (50 percent or more of total work time); consistently logging work weeks of 60-plus hours; unrelenting expectations of working off-hours and on weekends; and constant deadline time pressure. </p><p>But since early detection is not always successful or even possible in some cases, managers should also be looking for common signs of burnout that their employees might be exhibiting. Morales advises security managers to look for combinations of the following characteristics that are different from usual behaviors:</p><ul><li><p> General lack of energy and enthusiasm around job functions and projects.<br></p></li><li><p> Extreme sensitivity and irritability towards coworkers, management, and work situations.<br></p></li><li><p> Constant signs of stress and anxiety.<br></p></li><li><p>Significant changes in social patterns with coworkers.<br></p></li><li><p>Sharp drop in quantity and timeliness of output.​<br></p></li></ul><p>When looking for signs of burnout, it’s important for a manager to have a high degree of familiarity with the employee in question, a familiarity which is a byproduct of a strong manager-staff relationship. </p><p>“You’ve got to know your people,” Davis-Laack says. “When someone seems more checked out and disengaged than usual, if you know your people well enough, you can spot it.” ​</p><h4>Treatment</h4><p>When it becomes clear that an employee is suffering from burnout, managers have several options for treatment and alleviation, experts say. Morales says he believes that managers must first come to an understanding of the underlying factors, so that they can be addressed.   </p><p>“If there is a workload issue, a manager may be able to spread out the workload with other workers to alleviate the issue,” he says. “It’s important to let the employees know that this is being done to gain more scale, and to reinforce that they are doing a good job.”</p><p>Indeed, crushing workloads are now common in many workplaces, experts say, as many companies are actively cost cutting while attempting to raise productivity and output. And for employees who work with data, such as security employees who use analytics, benchmarks, or some form of metrics, the information explosion is requiring more and more staff hours to keep up with the processing and analysis. Managers must be cognizant of this, Davis-Laack says. </p><p>“If you do nothing but pile work on people—well, people are not robots and they are not computers. They are going to wear out,” she explains.</p><p>To combat this, managers should employ a strategic and honest operations analysis, she advises. The department may be generating more output with increasing workloads, but burnout and turnover risk is also increasing, as is the likelihood of costly mistakes. Is it worth the risk? Hiring additional help or outsourcing some tasks may be cheaper in the long run than the costs due to turnover and errors. </p><p>When a department conducts a strategic review of operations, the focus is often on fixing glitches in process, experts say. A focus on reducing workload is less common, but when it is adopted, it often reveals that certain time-consuming tasks are unnecessary.</p><p>If the burnout is caused by a stressful job function, such as a security position in which the worker is protecting assets of great value, the manager can discuss the situation with the employee and ensure that support is available, Morales says. “This may help them feel less alone or helpless in situations,” he says.   </p><p>Another key strategy for managers is to add extra focus and energy to the resources part of the puzzle, Davis-Laack says. “Help them to build up their energy bank account, so they are not always feeling depleted.” </p><p>She offers five ways for managers to do so:  </p><ul><li><p> Maintain and ensure high-quality relationships between managers and staff members, and between team members themselves. This fosters a healthy and safe environment where problems can be discussed and addressed.  <br></p></li><li><p> Whenever possible, give team members some decision authority. This gives them a sense of autonomy and strength when dealing with issues, and helps avoid feelings of powerlessness. <br></p></li><li><p> Follow the FAST system of respectful feedback—give frequent, accurate, specific, and timely feedback. This helps employees make tweaks and adjustments, and lets them know they are on the right course.  <br></p></li><li><p> Demonstrate that you have the employees’ backs, and always be willing to go to bat for them. Don’t point fingers or complain to higher ups when mistakes are made. This is crucial in building trust.  <br></p></li><li><p> Identify and encourage skills that will help your team members build resilience. These will vary depending on the specific job and situation, but include any skill or resource that can be used when challenges arise, as well as those that help manage stress.  ​<br></p></li></ul><p>In working toward the previous point, managers may want to brainstorm with staff to find ways to make everyone more resourceful. For instance, managers could periodically check in with staff members to determine the team’s overall level of resources, so they can replenish them when they’re low.</p><p>Indeed, soliciting solutions from staff is an excellent practice for managers, because it shows they are partnering with employees, not parenting them, Wilson says. The parenting style of management assumes that the manager has knowledge that the worker will never have, and it sets up the employee for helplessness. The partnering style cultivates the employees’ decision-making skills, so they can skillfully meet their own needs. ​</p><h4>Touchy Subject</h4><p>Burnout can be a sensitive subject. Some workers attach great self-worth to their productivity and performance, and do not like to concede that they are struggling. </p><p>“It is very difficult for some high performers to admit that their engagement is lacking. There’s a sense of judgment associated with that,” Wilson says. </p><p>Some of these workers truly are burned out despite their failure to admit it, and they may be in a precarious state. “I have seen cases where the hardest and most productive workers will not admit to burnout,” Morales says. “In these situations, burnout occurs quite suddenly, without many of the behavioral warning signs.”</p><p>Other employees fear that admitting burnout is disclosing a weakness, one that could prevent them from future promotions or ultimately cost them their job. “They like their work and they don’t want to change jobs, or </p><p>they can’t change jobs because they have monetary obligations,” Davis-Laack says. </p><p>Here, management can go a long way by being proactive and soliciting feedback from workers regarding their state of mind. “It’s important to have regular discussions with employees about the impact of the workload on them personally, and give them every opportunity to talk through their situation, and vent if necessary,” Morales says. “It’s important for management to recognize the potential for burnout and approach employees proactively to discuss it. It provides employees a safe environment in which to talk through the situation.”</p><p>In these situations, a manager can approach an employee with a proactive goal—how can workload and workplace environment be shaped so that the employee is energized in the office, and still has energy left at the end of the day and on weekends for a life outside of work, Wilson explains.  </p><p>Using this framework, Wilson adds that it is often easier for the manager to then ask, “What’s getting in the way of that? Is it bureaucratic interference? Is there too much on your plate? Is there bullying going on, or other workplace environment problems?”  ​</p><h4>More Recognition</h4><p>But while burnout is still a sensitive subject among some workers, there is also a growing recognition that it is a serious issue that needs to be dealt with, experts say. This may be partly driven by recent research in fields like healthcare and finance, where findings suggest that burnout and overwork are causing costly mistakes that are detrimental to a company’s bottom line. </p><p>Moreover, more business leaders see that the problem, if left unchecked, will just get worse in the future, due to factors such as globalization and a web of technology that is becoming more and more complex. “The perfect storm is upon us,” Wilson says.</p><p>Davis-Laack says she is heartened by the fact that the burnout issue, which was frequently dismissed as too “soft” to be a subject at business conferences, is appearing on more agendas. </p><p>“It’s finally starting to get attention across different professions and different sectors,” she says. “Managers are taking it more seriously.” ​​</p>
https://sm.asisonline.org/Pages/Surveillance-is-Instrumental.aspxSurveillance is InstrumentalGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>Where can you go to see the iconic black suit worn by Johnny Cash, a guitar strummed by Eric Clapton, and instruments from sub-Saharan Africa, all under one roof? The Musical Instrument Museum (MIM) in Phoenix, Arizona, a 200,000 square-foot facility, is home to these and thousands of other legendary and significant instruments from around the world. ​<br></p><p>The collection is made up of more than 16,000 instruments, 6,000 of which are on display at any given time. Each year, upwards of 220,000 people visit the museum, which also has a 300-seat theater where notable musicians make regular headlines. The museum, which opened in 2010, is an affiliate of the Smithsonian Institution. “We’re constantly updating exhibits, changing things out, telling new stories,” says David Burger, security manager at the facility. ​</p><p>Securing this wealth of cultural items, as well as keeping the museum’s visitors safe, are top priorities for MIM, Burger says. “Very few of the exhibitions are under glass, so that creates a unique security concern between providing our guests with the world-class experience that we strive for, but also maintaining the safety of the instruments and making sure that everything is here for generations to come,” he says. </p><p>The museum employs contract security officers, in addition to police from the local precinct who act as “boots on the ground” security. “The local police are an invaluable asset to our security operations, both for the visibility and deterrence that they bring, but also their wealth of experience and knowledge,” Burger says. <img src="/ASIS%20SM%20Callout%20Images/0217%20Case%20Study%20Stats%20Box.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:495px;" /></p><p>The security operations center is another vital piece of the puzzle at MIM, where contract officers monitor the approximately 200 cameras that cover the premises, as well as manage alarms and access control, and dispatch help in the case of an incident. “Our video is not just for forensics use, we actually do a lot of training and work with our security operators to be more proactive—live-monitoring the video, identifying issues before they become incidents,” Burger notes. </p><p>A couple of years ago, MIM was in the process of upgrading its existing cameras for increased situational awareness and improved analytics across the entire property. “We reached out to several manufacturers, talked to their local representatives, and found out more about their products,” he says.</p><p>After narrowing it down to a few products, MIM chose Hanwha Techwin America, formerly Samsung, and selected a variety of its camera models. “This was a multiphase project of refreshing all our cameras and getting them up to a certain standard,” says Burger. “Hanwha was selected for this portion of it, which covered all of the main public spaces, employee areas, and building perimeters.” </p><p>Approximately 70 Hanwha cameras were installed, including fisheye and pan-tilt-zoom (PTZ) cameras. For sensitive places, such as loading docks and cash-handling areas, higher megapixel cameras were deployed. Burger says MIM was attracted to Hanwha for several reasons. “The integration the Hanwha cameras had with our Genetec VMS was a big deciding factor,” he notes, explaining that the alarms, motion detection, and other features of the existing video management system are easily tied into the Hanwha cameras. There is also “plenty” of storage space on the cameras, he adds, allowing for additional analytics or other processes to be run on the edge.</p><p>The installation began in early 2015 and was completed in March 2016. With the Hanwha cameras, MIM can set video analytics to detect motion and set off alarms if appropriate. With facial detection, the analytics can differentiate a human from other moving objects like debris and small animals that would not necessarily warrant the triggering of an alarm. If the system detects unwanted motion or people, an alarm goes off in the control center to alert operators to pay attention to the monitor showing that camera. “It’s an improved efficiency, being able to automate those features so the operator isn’t constrained with watching hundreds of cameras at once, and having to make all of those decisions himself,” Burger says.  </p><p>When an incident occurs that requires dispatch, control room operators notify the police at the main security desk in the front lobby. Those officers have a few monitors at their station for viewing any relevant video, as well as smartphones to receive images or video in the field. </p><p>Burger notes that, thankfully, no notable security incidents have occurred at the museum since installing the cameras. However, the day-to-day issues are easily resolved thanks to the cameras and ease of reviewing video on the Genetec VMS. “A common scenario is locating lost family members, and we’re able to pretty quickly backtrack and do some forensic searches [with the video],” he says. </p><p>Locating lost bags or spotting unattended packages is another routine event, as well as dealing with visitors’ slips, trips, and falls. “We can identify cases where somebody says things happened a certain way, and we were able to find that it wasn’t exactly the case,” notes Burger. On average, MIM keeps the video for 30 days before overwriting it, unless an incident warrants holding onto the footage longer.</p><p>Eventually Burger says MIM will integrate access control with video as well, so that alerts and alarms for doors can be tied to the appropriate cameras. </p><p>“The cameras have really increased our situational awareness, reducing potential blind spots or areas where there could have been a gap before,” he says.</p><p>--<br></p><p>For more information: Tom Cook, tom.cook@hanwha.com, www.hanwhasecurity.com, 201.325.2623 ​</p>
https://sm.asisonline.org/Pages/ASIS-News-February-2017.aspxJack Lichtenstein Leaves ASIS, Offers Insights on TrumpGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>At this, the end of my 22 years as staff executive for ASIS International’s legislative and public policy work, I have been asked to provide some insights into the political near-future of security.   </p><p>These are unnerving times. Rarely has there been such uncertainty about America’s direction at home and abroad as there is at the end of 2016.  All this is in the face of mounting threats to our security and to that of our friends.</p><p>Eventually, Americans will sort it out; they always have. But there are dangers. The sorting may be long and uncertain.  And uncertainty is not the friend of security. Security requires planning, analysis, and agility, none of which can be done well in an environment filled with unknowns. Security is the antithesis of politics, which tends to be careless and messy in democracies. </p><p>The new American administration will be led by a man without credentials in government, who has pledged to change how Washington works. He was elected not as much to keep America secure but because so many Americans feel alienated from their own political and governmental institutions. They see their standard of living in decline; they sense that they have been overlooked, even disdained. More than anything, that explains the election of Donald Trump.</p><p>Trump seems to espouse two overarching themes, both recurring repeatedly in his pronouncements and appointments. One is to restore the U.S. economy to a position of world leadership. The other is to keep America and Americans secure.</p><p>The president has tools to invigorate the economy. His early aims will include accelerating job creation via infrastructure programs and tax and regulatory relief. Nearly all avenues will be aimed at job creation in the United States, despite many economic factors that are out of his control.</p><p>Security is more manageable by the White House, a result not only of presidential control of the bureaucracy but of strong (some would say excessive) executive actions in the form of Presidential Directives issued by the George W. Bush and Barack Obama administrations.</p><p>It is too early to tell which of Trump’s positions—many of which have been incomplete, infeasible, or conflicting—will find their way into practice. But I offer the following recommendations based on what is possible and likely:</p><p>• Pay attention to what he does, not what he says. Trump is known for impromptu statements, which get attention but are not always useful to understanding.</p><p>• Expect emphasis to be on U.S. domestic issues during the first two years. Trump will enjoy a Republican majority in Congress for that long, which he will need to get his domestic agenda passed. He is most comfortable with economic and infrastructure issues, including job creation. He knows he was elected by Americans who want first to restore their country’s economic vitality.</p><p>• “The Wall” is a metaphor, but border security will be real. U. S. Department of Homeland Security selectee and retired U.S. Marine Corps General John F. Kelly commanded the U.S. Southern Command. He understands border issues and security and will be charged with assessing vulnerabilities and determining the right combinations of physical, technological, and personnel means for dramatically reducing illegal immigration.</p><p>• In other matters of security, America will continue to be a reliable ally if for no other reason than that conflict disrupts growth. Trump will expect U.S. allies to invest heavily in their own security. This means that there will be more spending on prevention and response programs, but also avoidance of political positions, for example immigration policies, that lay bare their vulnerabilities.</p><p>• Finally, in any dealings between the United States and other countries, America must emerge a winner. That does not mean the only winner; there can be many. But the United States will not be a loser. As those familiar with Trump’s pronouncements know so well, he abhors the very thought of being a loser.</p><p>As I move on to new professional challenges, I believe more than ever that government relations is an essential role for security professionals. Its aim must be creation and maintenance of effective public-private partnerships in security. This should be part of the mission not only of ASIS but of every ASIS chapter in every country.</p><p>The people of democracies expect those overseeing government and corporate security to coordinate in the public interest. Failure to do so is unacceptable. It not only weakens security, it leaves private practitioners exposed to needless government oversight and overreaction when politicians respond, as they will, to security failures that are sometimes unforeseeable.</p><p>I thank the membership of ASIS International for the privileges of being their counsel and representing their interests these many years. Few pursuits are more vital, and few professions more important. </p><p>--<br></p><p><em>Jack Lichtenstein, former vice president, ASIS Government Affairs and Public Policy ​</em></p>
https://sm.asisonline.org/Pages/Supply-Chain-Strategies.aspxSupply Chain StrategiesGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​Take almost any product you have purchased in a store or used at home or work in the last week. Chances are, that object moved thousands of miles from where it was originally manufactured to the place where it was ultimately purchased or delivered to you. Organizations have intricate supply chain networks that are constantly moving every day around the world, and having an efficient supply chain security program ensures that movement of goods is not interrupted or compromised. </p><p>Security professionals must take a detailed look at the vendors who supply their assets and understand how those goods will be handled and ultimately implemented into their company’s operations or services. Following is a look at how a children’s hospital in Alabama applied supply chain security best practices to weather an unexpected storm, as well as provide for day-to-day operations. In addition, supply chain experts discuss lessons learned from their own experience of conducting risk assessments, following standards, and vetting suppliers and transporters to better protect company property. ​</p><h4>Alabama Children’s </h4><p>When a snowstorm hit Birmingham, Alabama, on January 28, 2014, the city was caught unawares. The snowfall, which quickly turned to ice, left thousands stranded on highways or in their offices. Children were stuck at school, their parents unable to pick them up. The event became known as “Snowpocalypse,” and news service AL.com called it “the winter storm that brought Birmingham to its knees.” </p><p>Hospitals were affected by the storm as well, including Children’s of Alabama. The pediatric center encountered vulnerabilities in its supply chain during that event it hadn’t previously considered, says Dennis Blass, CPP, PSP, director of safety and security at the hospital. </p><p><strong>Lessons learned. </strong>Every year the hospital conducts a hazards vulnerability assessment for its supply chain to find out where it can improve safety and security. “Once you identify your hazards and your vulnerabilities–the things that are dangerous to you or the things that you’re weak in–then you start peeling those back,” he says. “If we identify hazards that we need to correct, then we probably are going to create a management plan to correct those issues.” </p><p>Many displaced people in the community turned to the hospital for shelter when they had nowhere else to go. “We have a very prominent position in the Birmingham skyline, so if things look bad, the hospital looks like a place to go and get help–as it is,” Blass says. There were also clinic patients who had come to the hospital that morning for a routine checkup, planning to leave; many of them were stuck because of the snowstorm, which began around 10:30 a.m. local time.</p><p>Instead of being filled to the normal capacity of 300 people—the number of beds in the hospital—there were roughly  about 600 people who spent about 48 hours at the facility to ride out the storm.</p><p>The number of people at the hospital exposed one unforeseen vulnerability—obtaining clean linens from its supplier, which is separated from the hospital by a chain of mountains. “The supplier can wash the linens, but they can’t deliver them to us…we ended up making it, but that was a close call,” says Blass.</p><p>“We could handle supplies for patients, but we had a lot of people who just came to the hospital because it was a warm place to be,” according to Blass. “That had impacts on the amount of food that got consumed, and it had impacts on the amount of linens we went through. Just things that people need, supplies like toilet paper, things you don’t think a lot of.” </p><p>For those who weren’t patients, the hospital served smaller meals than normal; “sandwiches and soup, as opposed to meat and potatoes,” Blass says, to stretch resources. </p><p>The main drug supplier for the hospital is located in the same region, so obtaining critical medicine was not a concern during the storm. The hospital also has plenty of diesel fuel tanks, and can go for days without restocking. Only the insufficient linens, which must be sent off to a facility for proper sanitation before being returned to the hospital, turned out to be an issue.</p><p>“We did an after-action report on that experience, so we…put it in our emergency management plans for the future,” he notes.</p><p>The hospital’s emergency plans help ease any supply chain shortages. The institution follows the hospital incident command system (HICS) which assigns temporary duties to leadership during an emergency. For example, during the snowstorm, the chief operating officer of the hospital assumes the role of incident commander; an information officer is assigned to keep the community informed of hospital activities; and the plan also incorporates a medical officer, logistics chief, and planning chief. </p><p>During the incident, this system helped ensure proper patient care and as few gaps in the supply chain as possible. “Food was getting tight,” Blass says, and the food warehouses are not located near the hospital. “Because of the command structure, leadership can say, ‘okay you have a company credit card, we’ll contact the bank and raise your limit from $500 to $5,000 or whatever you need.’”</p><p>The U.S. Joint Commission, which certifies and accredits healthcare bodies, requires that hospitals have a group with representatives from various divisions that evaluates the standard of care they are providing to patients. Alabama Children’s has an environment of care committee that meets once a month to complete this requirement. “Our environment of care committee looks at things like safety, security, and resource management,” says Blass. “We have to meet the Joint Commission’s standard, and it surveys us every three years.” </p><p>Representatives on the team at Alabama Children’s include staff from the pharmacy, medical team, facilities, human resources, dining services, and more. This team ensures that there aren’t any gaps in the supply chain that would interrupt the hospital’s daily operations. As a rule, Blass says that having enough supplies for 96 hours will allow the facility to continue operating smoothly and efficiently. This includes a variety of items that the environment of care team must carefully think through and document. “You’re talking about water, fuel, basic sanitary supplies, and then you start talking about medicine and those things necessary for a hospital to run,” he says. </p><p>And there can be more than one type of each supply, a detail that, if overlooked, could mean life or death. “We have pumps that pump air, we have pumps that pump blood, we have pumps that pump saline, we have pumps that do many different things. You have to have all the things needed to make those supplies work for 96 hours,” he notes. </p><p>Keeping track of inventory is critical to determine whether the hospital has a sufficient supply of each item. Blass says that the hospital is moving toward a perpetual inventory system, where a new item is ordered as soon as one is pulled off the shelf. </p><p>There is a downside to stocking too many items, which is why it’s a delicate balance between having 96 hours’ worth of supplies and more than enough. “Space is expensive. And if you want to have enough water for four days, how much water is that? Where do you put it? How do you keep it fresh?” He adds that the hospital must be thoughtful in its policies and procedures on maintaining its inventory to avoid any issues.  </p><p>Thankfully, Blass notes, t​he 2014 snowstorm only lasted 48 hours. “The size of the surge exceeded our plan, but the length of the surge was shorter than our plans, so it all worked out,” he says. </p><p>And not every element of securing the supply chain is tangible; the information and communication pieces are also critical. “Every day we’re getting blood supplies in, and other kinds of materials that must be treated very carefully,” he says. Special instructions need to be followed in many cases. For example, there may be medicine that must be stored at a precise temperature until 30 minutes before it’s dispensed. That information must be communicated from the pharmacist to the supplier, and sometimes to security, who can give special access to the supplier when it delivers the drugs. </p><p>Blass is a member of the ASIS International Supply Chain and Transportation Security Council. He helped develop an American National Standards Institute (ANSI)/ASIS standard for supply chain security, Supply Chain Risk Management: A Compilation of Best Practices Standard (SCRM), which was released in July 2014. The standard provides supply chain security guidelines for companies, and has illustrations of what exemplary supply chain models look like.</p><p><strong>Best practices.</strong> Marc Siegel, former chair of the ASIS Global Standards Initiative, also participated in the creation of the ANSI/ASIS standard, which provides explanations of how to look at managing risk in the supply chain. “It’s based on the experiences of companies that have very sophisticated supply chain operations,” he tells Security Management. “The companies that put it together were really looking at having a document that they could give to their suppliers, to help them look at themselves and think of things that they should be doing and preparing for.” </p><p>Siegel is now director of security and resilience projects for the homeland security graduate program at San Diego State University. He promotes supply chain mapping, which takes a risk management–based approach to supply chain security. “Traditionally, a lot of security people have looked at supply chain as logistics security,” he says, “whereas companies with major supply chain considerations have been moving more into an enterprise risk management perspective.” These organizations take an across-the-board look at risks that could create a disruption in the supply chain, asking themselves what the specific things are that could interrupt or prevent them from manufacturing or delivering their product. </p><p>Siegel says there is a disproportionate focus on bad actors and intentional acts as threats to the supply chain, when more often it’s a natural disaster or accident that causes the most significant disruptions. “The broader risk management perspective is also looking at, ‘Is there a potential for a storm, is there a potential for political disorder, or instability in a region, that can cause a delay in processing?’” Only then, he says, are companies efficiently mapping out all the factors that could introduce uncertainty.</p><p>Maintaining a broader perspective will keep organizations from fixating on two of the most common hangups in supply chain security. “You have people who fixate on ‘everything is a threat,’ and you have people who fixate on ‘everything is a vulnerability,’ and if you only fixate on those two things you’re going to miss a lot of stuff,” Siegel says.</p><p>Blass agrees. “When we start that annual hazards vulnerability assessment, I’m going to look through the standard and notes I’ve written myself to make sure I’ve got everything covered,” he notes. “You can never rest and say, ‘well, we’re safe and secure and we don’t have to do anything else,’ because the threats keep changing.”   ​</p><p>--</p><h4>Sidebar: assess risk<br></h4><p> </p><div>​For the co​rporation that produces the F-35 fighter jet and other advanced technologies for the U.S. government, supply chain security is of utmost importance. “The threats that we face are universal in nature due to the size and the complexity of our supply chain,” says Vicki Nichols, supply chain security lead for Lockheed Martin’s Aeronautics business. </div><div><br> </div><div>Lockheed Martin Aeronautics assesses the supply chain in a number of categories, but Nichols works most closely with cargo security. “The threats there are cargo disruption, unmanifested cargo, and anti-Western terrorism,” she notes. </div><div><br> </div><div>The division conducts a risk assessment of its international suppliers. “We look at what type of products they provide us and how vulnerable that product is to manipulation or intellectual property theft, and we look at country risk,” she says.  </div><div><br> </div><div>The company sends a questionnaire to its suppliers, and comes up with an overall score for each of them based on 10 criteria, including country risk and transportation mode. In many cases, it also sends field personnel to evaluate the supplier’s facility. “If we know we have eyes and ears going in and out of the facility, and those people are trained to recognize red flags, then we know we have a lower threat because of our presence,” she says. </div><div><br> </div><div>After one such site check at a facility in Italy, Lockheed Martin Aeronautics determined that the use of technology was warranted to further enhance security. “The concern was that the area was known for introduction of unmanifested cargo—weapons, cargo disruption,” she notes. “We began to look at tamper-evident technologies, and track-and-trace devices that would allow us to know if someone had opened or tampered with the freight.”  </div><div><br> </div><div>Lockheed Martin has a corporate supply chain security council that meets at least once a month to provide updates and discuss any issues that arise. Representatives from the company include human resources, personnel security, physical security, and counterintelligence. Stakeholders from major partner organizations are also invited to participate.</div><div><br> </div><div>Lockheed Martin Aeronautics also works closely with law enforcement and federal intelligence sources who disseminate relevant information to the company. “We subscribe to some intelligence data that is cargo-specific, so we issue a spotlight report about three times a week just to keep people engaged and aware of the threats in the supply chain,” she notes. </div><div><br> </div><div>Supplier engagement is also critical, Nichols says, so the company stays in touch with about 120 suppliers internationally. </div><div><br> </div><div>Sometime in 2017, Lockheed Martin Aeronautics plans to purchase a software management tool that will release supplier questionnaires in the native language for countries it does business with. It will tap existing resources such as “Supplier Wire” to offer training to the supply base. “This will be another evolution on how we can engage, rather than just sending them to a website,” Nichols says. “I think it’s important for our supply base to see how seriously we take security, so they will take it seriously as well.”​</div><div><br> </div><h4>sidebar: consult standards<br></h4><p> </p><p>​Laura Hains, CPP, operations manager, supply chain security and consulting at Pinkerton, member of the ASIS International Supply Chain and​ Transportation Security Council, says that companies should research whether their partners and suppliers are following major supply chain security protocols, like those put out by ASIS, and others such as the Transported Asset Protection Association (TAPA) standards for trucking companies. “TAPA is one of the big authorities on trucking, so if a company says they are TAPA certified, that to me says that they follow protocol,” she says. </p><p>Other standards include the National Strategy for Global Supply Chain Security which U.S. President Barack Obama signed in 2012 and was designed to enhance public-private partnerships. Arthur Arway, CPP, author of Supply Chain Security: A Comprehensive Approach, says the framework seeks to combine input from government and industry on protecting the transport of goods to and from the United States. “I think the government is far more willing to seek out subject matter experts and all the different modes and companies that may transport goods into the United States for their help,” he says. Arway adds the document is relatively recent, and that it could take a while before it is widely adopted. </p><p>Though terrorism is an uncommon threat to the supply chain, it must always be a consideration. Hains gives the example of vehicular attacks. In Nice, France, on July 14, 2016, Tunisia native Mohamed Lahouaiej Bouhlel drove a 19-ton cargo truck into a crowd of Bastille Day festival-goers. That attack killed 86 people and injured more than 400. New York police also warned of possible vehicular terrorism against the 2016 Macy’s Thanksgiving Day Parade. “A small company truck—that could be a target,” notes Hains. “So everybody has to think about terrorism because it’s out there.”</p><p>Another standard at the national level seeking to combat terrorism within the supply chain is the U.S. Customs Trade Partnership Against Terrorism (C-TPAT). The program is voluntary for private industry, but Arway says the national standards as a whole are seeing global adoption.​</p><p>“Standards have come a long way in how they’ve been able to incorporate security into the movement of goods,” he notes. “Many countries have accepted these programs into their own supply chain security programs.”​</p>
https://sm.asisonline.org/Pages/Trade-Secrets-2.0.aspxTrade Secrets 2.0GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<p>​The enactment of the Defend Trade Secrets Act (DTSA) of 2016 in the United States creates a new paradigm and is a watershed event in intellectual property law. U.S. President Barack Obama signed the bill into law on May 11, 2016, and the DTSA now applies to any misappropriation that occurred on or after that date.</p><p>A trade secret is any technical or nontechnical information that can be used in the operation of a business or other enterprise and that is sufficiently valuable and secret to afford an actual or potential economic advantage over others.</p><p>The law allows trade secret owners to file a civil action in a U.S. district court for trade secret misappropriation related to a product or service in interstate or foreign commerce. The term “owner” is a defined statutory term. It means “the person or entity in whom or in which rightful legal or equitable title to, or license in, the trade secret is reposed,” according to the DTSA.</p><p>Under the DTSA, in extraordinary circumstances, a trade secret owner can apply for and a court may grant an ex parte seizure order (allowing property to be seized, such as a computer that a stolen trade secret might be saved on) to prevent a stolen trade secret from being disseminated.</p><p>With this development in the law, trade secret assets are no longer stepchild intellectual property rights. Trade secret assets are now on the same playing field as patents, copyrights, and trademarks. The DTSA reinforces that a trade secret asset is a property asset by creating this new federal civil cause of action.</p><p>And there is no preemption. The U.S. district courts have original jurisdiction over a DTSA civil cause of action, which coexists with a private civil cause of action under the Uniform Trade Secrets Act (UTSA). The UTSA—most recently amended in 1985—codified common law standards and remedies for trade secret misappropriation at the state level.</p><p>The DTSA also coexists with criminal prosecutions under the U.S. Economic Espionage Act of 1996 (EEA), which makes it a federal crime to steal or misappropriate commercial trade secrets with the intention to benefit a foreign power.​</p><h4>What the DTSA Means</h4><p>A trade secret asset must be managed like other property assets. However, trade secret asset management differs because it first requires the identification of the alleged trade secret asset. Because millions of bits of information within a company can qualify as proprietary trade secrets, it is critical to classify and rank trade secret assets.</p><p>Most companies focus on the protection phase of trade secret asset management without first identifying and classifying their trade secrets. This approach is doomed to fail without a thorough analysis. Unless the company knows what it’s protecting, there can be no effective protection. And all three phases—identification, classification, and protection—must occur before an accurate valuation of trade secret assets can be determined.</p><p><strong>Proof. </strong>Additionally, information assets must be validated in a court of law as statutory trade secret assets. There is no public registry for trade secret assets. The courts require proof of four things: existence, ownership, notice, and access. </p><p>The first element requires proof of existence of the trade secret asset. The litmus test for proving the existence of a trade secret has six factors: the extent to which the information is known outside the business; the extent to which the information is known inside the business; the extent of measures taken to guard the secrecy of the information; the value of the information to the business and to competitors; the amount of time, effort, and money expended to develop the information; and the ease or difficulty with which the information could be properly acquired or duplicated by others.</p><p>The plaintiff must show that he or she owns the trade secret. A misappropriator cannot be the owner of a trade secret.</p><p>However, a person who independently develops or independently reverse engineers the trade secret can be the owner of the trade secret. By using reverse engineering, an employee who has not been granted intellectual property rights in the trade secret asset may also be the lawful owner—instead of the employer.</p><p>For proof of notice, the plaintiff must show that the defendants had actual, constructive, or implied notice of the alleged trade secret. A former employee may use his or her general knowledge, skills, and experience. However, a former employee may not disclose or use the trade secrets of the former employer. Also, the former employer is prohibited from claiming that “everything we do is a trade secret.”</p><p>The court will take judicial notice that there is both unprotected and protected trade secret information in every company. If the line is unclear, the court will draw the line in favor of the former employee. </p><p>For proof of access, the plaintiff must prove that the defendant had access to the alleged trade secret. If the evidence shows that the defendant never had direct or indirect access to the trade secret, and there is no conspiracy claim, there cannot be misappropriation. This is because misappropriation requires proof of unauthorized acquisition, disclosure, or use of the trade secret by the alleged trade secret thief.</p><p><strong>Protection. </strong>The DTSA also requires that the trade secret owner take reasonable measures to protect the secrecy of trade secret assets. This is a much more challenging task today because trade secret assets are no longer at rest in a locked file cabinet in an engineer’s office. Today, trade secrets are in motion and in use via computer systems and networks with access points all over the world.</p><p>Companies must actively monitor the access and movement of critical trade secret assets throughout the corporate enterprise, or risk the serious consequences of forfeiting trade secret assets by failing to take the reasonable efforts necessary to protect these assets.</p><p>The point is illustrated by U.S. v. Lee (U.S. District Court for the Northern District of Illinois, 2009). A 52-year-old senior scientist, David Yen Lee, suddenly resigned from his job at Valspar on March 19, 2009, and bought a one-way ticket to Shanghai, scheduled to leave on March 27.</p><p>One of Lee’s coworkers discovered irregularities in Lee’s work computer. Upon further investigation, an unauthorized program called “Sync Toy” was uncovered in invisible Windows files. It showed that Lee downloaded 44 gigabytes of paint and coating formulas, product and raw material data, sales and cost data, and product development and test information.</p><p>The FBI was informed and brought in to investigate. The bureau raided Lee’s apartment and recovered the stolen trade secret assets before Lee’s flight left for Shanghai. Valspar’s security readiness was directed to protection against outside intrusions. However, there was little security in place to guard against trade secret theft by insiders and trusted employees. </p><p>To mitigate against future insider theft, Valspar set up an internal identification and classification system for trade secrets called the CPR (classify, protect, report) model. Valspar now tracks the movement of all critical trade secret assets within the various computer environments with triggers that are activated if unauthorized activities are detected.</p><p>The reasonable measures necessary for the protection of trade secret assets continues to grow as the risk of sensitive data loss increases by various means: unauthorized uploading of trade secret assets to an insecure cloud or Web application; unauthorized email communications disclosing trade secret information; unauthorized acquisition of highly classified trade secret assets onto USB drives; and undetected incoming malware, phishing emails, and corrupted Web software all facilitate foreign economic espionage and theft of corporate trade secret assets.</p><p><strong>Seizures. </strong>Companies cannot take advantage of the DTSA’s powerful seizure provisions unless effective trade secret asset management protocols are in place before the actual or threatened misappropriation occurs.</p><p>First, the owner must demonstrate, in a sworn affidavit or a verified complaint, that the ex parte seizure order is necessary and that a temporary restraining order is inadequate. Second, that immediate and irreparable injury will occur if the seizure is not ordered. Third, that the person the seizure would be ordered against has possession of the trade secret and property that is to be seized.</p><p>Once the ex parte seizure order is granted, the court must take custody of and secure the seized property and hold a seizure hearing within seven days. Individuals can also file a motion to have the seized material encrypted.</p><p>A court can issue an ex parte seizure order, according to the DTSA, “in extraordinary circumstances” to “prevent the propagation or dissemination of the trade secret” or to “preserve evidence.”</p><p>These circumstances exist when a trade secret thief is attempting to flee the country, if he or she is planning to disclose the trade secret to a third party, or if it can be shown that he or she will not comply with court orders. </p><p>The Valspar case is an excellent example of the necessity for ex parte seizure orders. However, the FBI will not always be there, and the window of time to protect against the loss of trade secret assets and destruction of the evidence will often be shorter than the eight-day period in the Valspar case. This is why a DTSA civil cause of action and an ex parte seizure order are so important to protect U.S. trade secret assets.</p><p>The protection of trade secret assets in these circumstances requires emergency actions. Once lost, a trade secret is lost forever. The DTSA requires that the trade secret Owner file suit, and provide verified pleadings and affidavits to successfully obtain a DTSA ex parte seizure order before the de­f­en­dants know the suit has been filed. </p><p>Otherwise, without the element of surprise, the defendants—often with several clicks of a computer mouse—can transfer the trade secrets outside the country and destroy the evidence of trade secret theft by running data and file destruction software.</p><p>Therefore, to take advantage of the robust provisions of the DTSA, the trade secret owner must be able to move faster than the trade secret thief. This will require that companies develop internal trade secret asset management policies, practices, and procedures. </p><p>The DTSA creates a new paradigm. If management waits until the trade secret theft occurs to identify what the trade secret is and investigate the evidence of misappropriation, the actual trade secret assets will be long gone before counsel can provide the U.S. district court with the proof necessary to obtain an ex parte seizure order.</p><p>The result: if the losses from the trade secret theft are severe, both the board of directors and senior executives of the company can be charged with malfeasance, including the willful failure to take reasonable measures to protect the corporate trade secret assets from insider theft or foreign economic espionage.​</p><h4>DTSA Application</h4><p>What are the next steps in view of the DTSA? Every organization is different. There are no one-size-fits-all solutions. Each trade secret asset manager must audit existing approaches to protecting trade secret assets, the resource allocations within the organization, and any budgeting issues with protecting trade secrets.</p><p>A fundamental first step should be the creation of An internal trade secret control committee (TSCC). The TSCC should be charged with the responsibility to adopt policies and procedures for the identification, classification, protection, and valuation of the company’s trade secret assets.</p><p>The next step should be the creation of an internal trade secret registry (TSR). This is a trade secret asset management system that can be deployed as a cloud-based solution, on a corporate server, or on a standalone work station. </p><p>The TSR should operate like a library card catalog storing necessary trade secret asset information with hash codes and block chaining (a database that sequences bits of encrypted information—blocks—with a key that applies to the entire database) to ensure the authenticity of the data stored in the TSR and to meet the required evidentiary standards in a trade secret misappropriation lawsuit.</p><p>Another necessary step is trade secret asset classification, the foundation of a successful trade secret asset management program. Asset classification allows trade secret assets to be identified and ranked, so that the level of security matches the level of importance of the trade secret asset. There are now automated trade secret asset management tools available to assist companies with the classification and ranking of trade secret assets.</p><p>Security, without identification and classification, is doomed to fail. In contrast, securing data after identification and classification of the trade secret assets makes it much easier for the internal security ecosystem to enforce trade secret protection policies and to prohibit unauthorized access, disclosure, or use.</p><p>Today, software tools can protect the company from mistakes that lead to the forfeiture of classified trade secret assets. If a user attempts to email a trade secret document to unauthorized recipients, the software program will immediately alert the user so the mistake can be corrected. Further, classified trade secret assets can be monitored. Administrators can track abnormal or risky behavior that otherwise cannot be tracked until the trade secret is compromised.</p><p>Developing a trade secret incident response plan (TSIRP) is another critical requirement. The flow of trade secret assets throughout the corporate enterprise should be tracked with built-in red flags, designed to trigger the TSIRP and notify outside counsel to proceed immediately to the courthouse to seek a DTSA ex parte seizure order before the bad actors can destroy the evidence or transfer the stolen trade secret assets outside the court’s jurisdiction.​</p><h4>Employee Management</h4><p>There are other best practices for trade secret assets now that companies are focusing on the various stages of identification, classification, protection, and valuation.</p><p>Building a trade secret culture from the top down, with required training and compliance with TSCC policies, practices, and procedures, is at the top of the list. Companies must promote a trade secret culture by prompting employees and users to stop, think, and consider the business value of proprietary, internal information they are creating, handling, and reviewing.</p><p>The new employee hiring process should include an investigation and certification by the new employee that no proprietary trade secret information of any previous employer is being brought to the company or is being stored electronically in his or her personal email system or other electronic storage locations.</p><p>The prospective new employee should sign an employment agreement with patent and trade secret assignment provisions. He or she should also receive and review the company’s required trade secret policies and procedures.</p><p>When an employee leaves the company, off-boarding procedures should include a mandatory trade secret exit interview. The interview should be conducted under strict procedures adopted by the TSCC, including execution of a trade secret acknowledgement at the conclusion of the interview certifying that all company devices, documents, and materials, including electronic copies, paper copies, and physical embodiments have been returned. It should also certify that all proprietary and confidential information, stored on any personal computer or mobile device, has been identified and preserved, returned, or deleted under the company’s instructions.</p><p>The enactment of the DTSA will usher in a new era. It requires trade secret owners to identify, classify, and protect trade secret assets as property assets. In time, the DTSA will become a precursor for new accounting systems that will provide valuations for trade secret property assets.  </p><p>--<br></p><p><em><strong>R. Mark Halligan</strong>, partner at FisherBroyles LLP, is recognized as one of the leading lawyers in trade secrets litigation in the United States by Legal 500 and Chambers USA: America’s Leading Lawyers for Business. He is also the lead author of the Defend Trade Secrets Act of 2016 Handbook and coauthor of Trade Secret Asset Management 2016: A Guide to Information Asset Management Including the Defend Trade Secrets Act of 2016.  ​</em></p>
https://sm.asisonline.org/Pages/Industry-News-February-2017.aspxIndustry News February 2017GP0|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a4344465<h4>​CAMPUS SURVEILLANCE</h4><p>Two universities in Utah partnered with Stone Security to upgrade their existing surveillance systems. Utah State University and Salt Lake Community College both had standalone analog systems with few cameras that could be monitored from only one location. Both schools chose to implement open platform, IP-based solutions built with Milestone XProtect VMS and network cameras from Axis Communications. Axis encoders integrate older analog cameras into the system, allowing the schools to continue using them.</p><p>Utah State University has campuses in every county in the state, and nine of those locations are integrated with the Milestone system. Video data is fed to the main campus in Logan, Utah.</p><p>Better video monitoring has improved coordination with campus police, reducing the time for incident response, as well as mitigating theft in the campus bookstores. The video system has also been leveraged to include watching over livestock in an animal science department, so researchers can respond when a birth is imminent, for example. Another innovative way officials are using the video is to prioritize snow removal based on the accumulations seen in the images.​</p><h4>PARTNERSHIPS AND DEALS</h4><p>ADT announced a new affiliation with MetLife Auto & Home for small business customers in New Jersey and California.</p><p>Dell EMC chose BlueTalon to deliver data security and governance for the newly announced Dell EMC Analytic Insights Module. </p><p>G4S will deploy ThruVis from Digital Barriers at major events in the United Kingdom.</p><p>Federal Signal Corporation’s Safety and Security Systems Group formed a strategic partnership with Edesix Ltd. to offer IndiCue products that collect, distribute, and manage video evidence. </p><p>FinalCode, Inc., appointed DNA Connect as its distributor for Australia.</p><p>Genetec and Point Blank announced a direct integration between the IRIS CAM body-worn camera and the Genetec Clearance case management system.</p><p>Hanwha Techwin America formed a partnership with Security-Net Inc., allowing Security-Net’s partners to source the full line of Hanwha Techwin’s surveillance solutions as a gold level dealer.</p><p>ISONAS Inc. selected two new manufacturers’ representatives: Wilens Professional Sales, Inc., in New York and The Tronex Group in Florida.</p><p>Kwikset formed a partnership with Horizon Global to expand its SmartKey security to the automotive accessories industry, including hitches, fifth wheels, ball mounts, bike racks, cargo management products, and more.</p><p>Louroe Electronics signed with Tech Sales & Marketing and expanded its partnership with Thomasson Marketing Group to strengthen its presence across the United States.</p><p>Oceanscan is using iland’s DRaaS with Veeam to reduce incident response time.</p><p>OnSSI integrated its Ocularis 5 Video Management System with Vidsys’s Converged Security and Information Management software. </p><p>OnX Enterprise Solutions and Splunk collaborated on the new OnX Security Intelligence Appliance that implements both the hardware and software needed to combat attackers.</p><p>Open Options partnered with Mercury Security to offer two new bridge technology integrations with Software House iSTAR Pro and Vanderbilt SMS. </p><p>Red Hawk Fire & Security U.S. announced that Affiliated Monitoring will manage central station monitoring for Red Hawk customers. </p><p>SeQent has been accepted into the Schneider Electric/Wonderware Technology Partner program. </p><p>FC TecNrgy will market SFC Energy’s defense and industry portfolio of off-grid power sources to the Indian defense, homeland security, and oil and gas markets. </p><p>ZKAccess retained manufacturers’ rep firm ISM Southeast.​</p><h4>GOVERNMENT CONTRACTS</h4><p>The U.S. Federal Trade Commission selected AMAG Technology and its Symmetry Homeland Access Control System to secure its Office of the Executive Director.</p><p>Convergint Technologies and BriefCam announced that Austin-Bergstrom International Airport in Texas expanded its use of BriefCam Syndex.</p><p>For the Las Vegas presidential debate, the Las Vegas Metropolitan Police Department deployed a drone detection and counter-drone solution from Dedrone. Dedrone also joined forces with Nassau County Police and Hofstra University to protect the first presidential debate in New York.</p><p>The Payne County Sheriff’s Office in Oklahoma selected Digi Security Systems to design and install a new video system for its jail and courthouse.</p><p>Electronic Control Security, Inc., received an award from prime contractor Hudson Valley EC&M Inc. for an entry control system and support services for the Sullivan County and Eastern Correctional Facilities in New York.</p><p>Exiger was chosen by the University of Cincinnati to act as the independent monitor of its police department.</p><p>Port St. Lucie, Florida, worked with SecurPoint to install a wireless, IP-based video surveillance system from FLIR.</p><p>Johnson Controls announced a Cooperative Research and Development Agreement with the U.S. Department of Homeland Security to help secure critical infrastructure.</p><p>Leidos won a prime contract from U.S. Customs and Border Protection to provide systems administration and maintenance services for x-ray and imaging technology.</p><p>MacDonald, Dettwiler and Associates Ltd. will provide space-based synthetic aperture radar capabilities for the Canadian Department of National Defence.</p><p>NAPCO Security Technologies, Inc., announced that the San Diego Unified School District will use NAPCO’s Continental Access control system.</p><p>NC4 announced that the Fulton County Police Department in California chose NC4 Street Smart to help fight crime.</p><p>Palo Alto Networks signed a memorandum of collaboration with the Cyber Security Agency of Singapore to exchange ideas, insights, and expertise on cybersecurity. </p><p>Saab announced that its Airport Surface Surveillance Capability is operational for the U.S. Federal Aviation Administration at San Francisco International Airport.</p><p>Salient CRGT, Inc., won a contract from the U.S. Department of Homeland Security Science and Technology Directorate to provide development, integration, and evaluation in support of BorderRITE.</p><p>SDI Presence LLC is a key subcontractor to Saab Sensis in deploying an advanced event management system for Phoenix Sky Harbor International Airport.</p><p>TASER International received an order for 900 TASER X2 Smart Weapons from the Kentucky State Police.</p><p>Unisys Corporation won a contract from U.S. Customs and Border Protection to modernize the agency’s technology for identifying people and vehicles entering and exiting the country.</p><p>Veridos is providing the Republic of Kosovo with ePassports in addition to a solution to personalize the ePassports. Veridos is responsible for data management, as well as service and maintenance for the software and</p><p>hardware infrastructure.</p><p>Veteran Corps of America will perform contractor logistics support for the Joint United States Forces Korea Portal and Integrated Threat Recognition (JUPITR) system.​</p><h4>AWARDS AND CERTIFICATIONS</h4><p>AMAG Technology announced that its Federal Identity, Credential, and Access Management (FICAM)/FIPS 201–compliant solution was approved by the U.S. General Services Administration.</p><p>Legrand North America achieved Excellence within the Industry Data Exchange Association’s data certification program.</p><p>Middle Atlantic Products secured a patent from the U.S. Patent and Trademark Office for its Essex QAR Series Rack.</p><p>Passport Systems, Inc., received the Security Innovation Award from Massachusetts Port Authority for helping to revitalize the Port of Boston with state-of-the-art detection systems.</p><p>Qognify received Lenel Factory Certification Under Lenel’s OpenAccess Alliance Program.</p><p>Safran Identity & Security announced that its Airpass mobile payment solution, with a cryptographic security component, was certified by Visa and Mastercard.</p><p>SecurityScorecard received the Most Promising Company Award for its sophisticated technology and strategic implementation during PricewaterhouseCoopers’ Inaugural Cyber Security Day.</p><p>Tosibox won the Finnish Security Company of the Year award. The Turvallisuus ja Riskienhallinta magazine annual award was presented at the Finnish Security Awards. ​</p><h4>ANNOUNCEMENTS</h4><p>As part of its product rebranding, 3xLOGIC launched an updated website.</p><p>Aite Group’s report, Biometrics: The Time Has Come, examines biometrics capabilities that are deployed across the globe. </p><p>Allied Universal announced the purchase of FJC Security Services of Floral Park, New York.</p><p>Anixter International Inc. is opening a customized flagship facility in Houston, Texas.</p><p>Illinois Joining Forces, a public-private network of veteran and military service organizations, received a $125,000 grant for veteran outreach from Boeing.</p><p>CGL Electronic Security, Inc., moved its corporate headquarters to Westwood, Massachusetts. The new facility includes a customer training area, demonstration space, warehouse, and testing area.</p><p>CNL Software expanded its U.S. operations with new regional offices and a demonstration area in Ashburn, Virginia.</p><p>College Choice published its 2016 ranking of the safest large colleges in America.</p><p>The Financial Services Information Sharing and Analysis Center established the Financial Systemic Analysis & Resilience Center to mitigate risk to the U.S. financial system.</p><p>Modern Tools To Achieve Excellence In Video Security is a new white paper from Geutebrück.</p><p>Implant Sciences will sell its explosives trace detection assets to L-3 Communications where they will be integrated into L-3’s Security & Detection Systems Division.</p><p>Milestone Systems is making its XProtect Essential 2016 R3 available as a free download to users worldwide.</p><p>The National Electrical Manufacturers Association published NEMA WD 7-2011 (R2016) Occupancy Motion Sensors Standard.</p><p>Safran Identity & Security opened a location in the Silicon Valley that features an innovation center with a specific focus on digital payment, digital identity, and the Internet of Things.</p><p>Nonprofit SecureTheVillage (STV) launched a weekly news podcast, SecureTheVillage’s Cybersecurity News of the Week, available on the STV website, iTunes, SoundCloud, and other podcast sites. </p><p>SightLogix published a new design guide to assist integrators, architects, and engineers in planning, selecting, and installing video-based security systems. Securing Outdoor Assets with Trusted Alerts offers practical advice about using outdoor video.</p><p>The Smart Card Alliance released a mobile payments workshop video for understanding mobile wallets.</p><p>The Tyco Security Products Cyber Protection Team is offering security advisories on its website. The team generates a security notification about which products might be vulnerable, along with mitigation steps. </p><p>The U.S. Office of Management and Budget will create a new privacy office to oversee the development and implementation of new federal privacy policies, strategies, and practices across the federal government. ​</p>

 UPCOMING EVENTS AND EDUCATION

​06 - 07 March 2017
CPP & PSP Review Program​ (Education, Boston MA)

06 - 09 March 2017
ASIS Assets Protection Course (Education, Boston MA)

23 - 25 April 2017
10th Annual CSO Summit ​​(Conference, Arlington, VA)

​08 - 09 May 2017
Active Shooter (Education, Las Vegas, NV)

08 - 09 May 2017
Executive Protection (Education, Las Vegas, NV​

​More Events>>​​​