| https://sm.asisonline.org/Pages/Preventing-Port-Problems.aspx | Preventing Port Problems | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>More than 90 percent of global trade is carried by sea, according to the International Maritime Organization, presenting a cost-effective method for goods to be shipped around the world. </p><p>One port that brings goods closer to customers, resulting in savings, is London Gateway, a deep-sea shipping port owned by DP (Dubai Ports) World. With 78 terminals in 53 countries globally, DP World is the third largest port operator in the world. </p><p>“One of our customers will save more than £1 million a month, just in transport costs, and take more than 2,500 trucks off the road,” says Colin Hitchcock, harbor master and head of International Ship and Port Facility Security (ISPS) at London Gateway, which is located on the north bank of the River Thames.</p><p>But this high transaction rate also presents an opportunity for thieves, making effective security a must to protect the goods being shipped and received. “We’ve been operating about four years now, and the first drug heist was a big deal,” says Hitchcock. “Now it’s sort of two or three times a week, to be honest.”</p><p>Drugs are just one of the many security concerns keeping DP World on the lookout. “I have threats of illegal immigrants coming in on ships, I’ve got people trying to break into the port itself to get cargo out of the containers, and then obviously we have cargos of interest that we have to monitor,” Hitchcock says. </p><p>“There’s a big problem with cars stolen-to-order, because we’re only a few miles from London. Basically, you can steal a car, put it in a box, and get it out of the country,” Hitchcock explains, adding that most of the stolen vehicles are headed for West Africa. “You can put two Range Rovers and an E-Class Mercedes dangling in a 40-foot container—so that’s quite big business going out.” </p><p>While London Gateway works closely with law enforcement and global crime agencies to counter these threats, it wanted to invest in a holistic physical security information management (PSIM) system to manage the various assets and operations around the port, which covers seven square miles. </p><p>When Hitchcock was told by the head office in Dubai that he could choose the security systems he needed, he says he was looking for a company that could customize its platform to meet London Gateway’s needs. “Anything we purchased had to be future-proofed and able to grow,” he notes.</p><p>In 2016, the port turned to the Converged Security and Information Management (CSIM) software from Vidsys, which brings together multiple sources of data and security information into one platform for situational awareness. </p><p>With CSIM, all of the port’s security and information management systems feed into one platform that provides situational awareness for all security and operations onsite, which include cameras, alarms, sensors, access control systems, and more.</p><p>Tying access control into CSIM has allowed the port to manage the various systems that grant or deny access to users throughout the port. “We have three main buildings, and each has its own access control,” Hitchcock says. “We’ve looked at each of the jobs that people do and asked, ‘Where does that person need to go, where does that person not need to go?’” </p><p>He adds that there are 55 different levels of access at the port, and that the server rooms have the most restricted access. “If anyone opens the server rooms an alarm goes off in the control room. We have cameras in there, and that’s automatically monitored from inside,” he says. </p><p>With a multitude of cameras installed on port property, having them all feed into one platform gives operators a comprehensive picture of operations, and allows them to quickly be alerted to possible trespassers. </p><p>The security cameras are set up to overlap coverage by 30 percent so that nothing is missed. “We also do a lighting diagram so there are no shadowy areas,” Hitchcock notes.</p><p>Another selling point for London Gateway was the fact that CSIM easily adapts to new systems the port incorporates. “That was one of the other main points with Vidsys—if we introduce new cameras or we introduce a new turnstile system or a new employee management system, the system is able to cope with it,” he notes. </p><p>London Gateway has several security alarms feeding into CSIM, as well as a PID (perimeter intrusion detection) system that runs for 600 meters around the port. When a sensor goes off, it is automatically pulled up in an alerts center. A list of standard operation procedures (SOPs) can be tailored to appear on screen, giving the operator a clear, step-by-step view of how to respond. </p><p>“We have about 30 SOPs that we’ve incorporated,” he says, adding that the procedures are reinforced during drills with police, fire, and emergency services. </p><p>In response to security incidents, Hitchcock says the port has developed an “onion skin” approach, with several layers to detect and mitigate any threats. “We have a perimeter fence, and an outer perimeter fence as well. So if anyone wanted to break in the port they’d have to get through both of those,” he says. </p><p>The next layer, the PID system, is covered by movement sensors and thermal imaging cameras. Should a trespasser trip any of those sensors, flashing blue lights are activated. There are also two drones that fly up and down the fence line and—if the unmanned vehicles spot someone—they begin flashing a blue light located on top. An audio alert plays over a loudspeaker that the party is trespassing. Finally, if these are ignored, a large spotlight targets the threat. </p><p>Recently, CSIM and the port’s multilayered response played a vital role in multiple arrests at London Gateway. A group of trespassers entered the property under the cover of night. “The thermal imaging cameras picked them up, there were two or three people,” Hitchcock says. The blue light and spotlight were both triggered, and the men tried to hide in some bushes. </p><p>Security immediately alerted port guards on site, as well as local law enforcement, who quickly responded. </p><p>With the Vidsys platform, video feeds can be simultaneously watched by law enforcement and the head office in Dubai when there is a security incident. “These poor chaps thought they were attempting to break in, thinking they were very covert, but actually the whole world—Dubai, Essex Police, U.K. military, and our own security—were all watching them,” Hitchock says. “The system worked very well indeed.”</p><p>With plans to expand and handle even more incoming and outgoing cargo, Hitchcock says he knows Vidsys will continue to accommodate London Gateway’s needs. “The big thing we found with Vidsys was its ability to listen, adapt, and incorporate what we wanted, as well as come up with new ideas,” he says. “And that was taken onboard.”</p><p>For More Information: Jasmeet Kapoor, kapoorj@vidsys.com, www.vidsys.com, 703.883.3730.</p> | | |
| https://sm.asisonline.org/Pages/Shaping-Sanctuary.aspx | Shaping Sanctuary | GP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>As the holding and deportation of illegal immigrants from the United States took center stage over the summer, cities and states felt increasing pressure to pick a side. Should they enact so-called sanctuary city policies, limiting federal involvement in their law enforcement activities, and foster relationships with immigrant communities? Or should they work with federal officials to assist in detaining and deporting illegal immigrants, sometimes for profit?</p><p>The Trump administration's sweeping crackdown on undocumented citizens has affected a swath of people, from families crossing into the United States illegally to immigrants who have lived in the country for years. Most of U.S. President Donald Trump's message surrounding immigration enforcement has revolved around arresting and deporting criminals, making jails and prisons a target for federal authorities. And as some communities have begun making decisions about their level of support for U.S. Immigration and Customs Enforcement (ICE) within local judicial systems, it became clear just how complex the issue is.</p><p>Travis County, Texas—home to the state's capital, Austin—enacted a policy that prevents detention of individuals based solely on their immigration status in November 2016. While Austin's police department has not taken a public stance on cooperation with ICE, leaders have stated they will not focus on a person's immigration status but will still partner with federal agencies in immigration matters if the case involves criminal activity. </p><p>Travis County's proclamation sparked state legislators to pass an anti-sanctuary bill that, among other things, allows all law enforcement officials to ask detained individuals about their immigration status and requires them to honor immigration detainment requests from ICE. And while Austin has fought back against the bill, several state, county, and city law enforcement agencies operate within the city—including the police department, four county sheriff's departments, and the Texas Highway Patrol—making it more difficult to enact an across-the-board sanctuary policy.</p><p>Similar complications are playing out further east. Charlotte, North Carolina, attempted to put immigration protections in place in 2015, passing a resolution that prohibited the city's police department from inquiring about the immigration status of the people it came across, but—much like in Texas—state legislators prohibited policies that curbed the collection of immigration status information. In this case, though, the Mecklenburg County Sheriff's Office has maintained an agreement with ICE that allows them to identify and detain illegal immigrants. </p><p>And taking precedence over the policy complexities within states, counties, and cities is Trump's 2017 executive order to withhold funds and otherwise punish some 300 cities and officials that do not cooperate with ICE. The sanctuary city ban entered a legal back-and-forth, with one court blocking the order nationwide, and an appellate court later determining that Trump could not withhold funds from cities, but that the nationwide block of the order was too broad. The case will be sent back to a lower court to determine whether a wider ban is needed.</p><p>While local police departments may implement policies to build relationships with the city's immigrant community, county sheriff departments—which largely own local jails—may have more impact on a community's sanctuary policies, says Bipartisan Policy Center (BPC) political analyst Cristobal Ramon.</p><p>"I think that as this issue has really been spreading across the country and become a core part of the debate, that's where the pressure is coming from," Ramon tells Security Management. </p><p>"Independent of what states are doing with the laws and on the ground, a county sheriff's office may promote cooperation or not promote cooperation with ICE for a range of different reasons."</p><p>Ramon coauthored a February 2018 BPC report on the nexus between immigrants, the immigration enforcement system, and local law enforcement. The report focuses on immigrants who are detained in local jails, either awaiting trial or serving out terms of less than one year. There are many aspects that go into what makes a sanctuary city, but Ramon says one of the cornerstone aspects is what goes on inside city jails.</p><p>"These agencies can have a variety of policies that promote or limit the capacity of ICE to access noncitizens in their facilities…and these policies can be independent of the local police departments who do the majority of arrests and bookings," the BPC report states. </p><p>Sheriff's offices are already deeply intertwined with ICE operations—about half of ICE's total detention population is housed in state and local jails and facilities, including one of Mecklenburg County's jails. The BPC report outlines the varying levels of involvement sheriff's departments can play in federal immigration enforcement, from identifying illegal immigrants and reporting them to ICE to complying with immigration detainers—where a jail will hold an individual for up to 48 hours beyond their scheduled release date so that ICE can take them into custody. "County governments that operate jails are not required to honor detainer requests under federal regulations," the BPC report notes.</p><p>Other formal agreements include 287(g) agreements, which delegate many of ICE's powers to local law enforcement. Under the agreement, local jurisdictions receive money to pay for the training of officials that will allow them to legally inquire into a person's immigration status, detain individuals beyond the time they would be held in local custody, and issue Notice to Appear documents to begin deportation proceedings. More than 75 jurisdictions have entered into 287(g) agreements, and almost half of those joined under President Trump's revised program. In 2017, 287(g) agreements led to the deportation of some 6,000 illegal immigrants.</p><p>BPC studied five metropolitan areas—Atlanta, Austin, Charlotte, Denver, and Los Angeles—and only Charlotte's county sheriff has a 287(g) agreement. Ramon points out that the Fulton County Sheriff's Office, which oversees jails in Atlanta, had previously participated in the program but did not join Trump's revised agreement because they could not justify participation in the program. </p><p>"They did not interact with enough undocumented immigrants, and said that it was impractical," Ramon notes. However, six other counties in Georgia recently joined the 287(g) program. </p><p>At the beginning of this year, ICE announced a new program, known as a Basic Ordering Agreement (BOA), which gives sheriff's departments $50 and an arrest warrant to detain an immigrant for 48 hours after he or she should have been released. BOAs allow participants to circumvent legal issues and liabilities that have cropped up with counties involved with 287(g). The act of holding individuals past when they should be released violates the Constitution, immigrant advocates argue, so local jails that hold immigrants past a normal amount of time can be subject to litigation—which is often successful. Since a BOA is an agreement rather than a contract, it allows participating counties to detain immigrants without fear of liability. So far, 17 sheriff's offices in Florida participate in the program, and that number is expected to increase.</p><p>Ramon points out that finances can play a part in whether cities are immigrant-friendly. Incentives such as the $50 BOA fee and 287(g) grants and reimbursements for housing immigrants may entice local law enforcement, he says. And, in a broader scope, allowing privately run ICE facilities to operate in an area can bring significant financial benefits. </p><p>"As the debate about family detention and separation is ongoing and cities and counties are thinking about whether they want these facilities in their area, one of the arguments is that these facilities also bring in jobs," Ramon notes. "There is that component of additional financial revenue or jobs being created through private facilities. It's just something else people are considering at the moment."</p><p>County sheriff departments' actions go a long way in defining a city's status as immigrant-friendly. Mecklenburg County Sheriff's Office, for example, has solidified Charlotte's standing as hard on illegal immigration, despite the city's attempt to pass sanctuary city policies a few years ago. </p><p>And in Austin, the Travis County Sheriff's Office has set an example by completely cutting ties with ICE and permitting its officers to reject requests to detain individuals based on their immigration status. </p><p>Other sheriff's offices around the country fall in the middle, where some such as Denver will honor detainer requests but won't hold immigrants past their release periods. Other jurisdictions like Los Angeles allow ICE into jails despite a citywide push to end cooperation with the agency.</p><p>"The very term 'sanctuary cities' belies the fact that there are many law enforcement agencies that may operate within cities, and that the police can also operate at county or state levels," the BPC report states. "Policy makers should carefully analyze the practices of different levels of law enforcement across each state to develop policies based on a better understanding of cooperation between ICE and local law enforcement agencies."</p> | | |
| https://sm.asisonline.org/Pages/An-Investment-in-Employees.aspx | An Investment in Employees | GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>Investing in personnel remains one of the most cost-effective business decisions in an organization's strategic planning, as well as in its formulation of short- and long-term budgetary projections.</p><p>Such investment is paramount to security programs where life safety and business risk are the focal point of operations. These programs' services are often the front lines of defense for mitigating risk and promoting safety. </p><p>Despite the business need for organizations to implement professional development programs (PDPs) in support of maintaining training standards, succession planning, and enhancing motivation within the workplace, some organizations may fall short in establishing dynamically structured programs. They can be used to nurture and develop employee talent, while generating a return on investment to further continued success within the public or private sector.</p><h4>PDP Basics</h4><p>The framework for PDPs can be implemented with little to no cost—especially with collaboration from business partners or professional associations. Depending on the organization's budget allocations, developmental opportunities that consist of classes, seminars, mentoring, and coaching may be available to provide avenues for co-op partnerships.</p><p>Many successful PDPs rely upon pillars that focus on training courses that bolster specialized skill sets to include leadership, management, critical thinking, and soft skills. They capitalize upon mentoring and leadership coaching programs that provide training while emphasizing problem solving and the dynamics of situational and strategic leadership. </p><p>Most PDPs also include rotational assignments that provide opportunities to experience other organizational cultures. This allows employees to build an understanding of how different organizations operate and interact with stakeholders in pursuit of strategic goals. </p><p>A PDP's development, and subsequent implementation, must have the buy-in and support from senior level management to be effective. This means management must see the program as a necessity for continued organizational efficiency, productivity, and growth to support the organization's mission, vision, and strategic goals.</p><p>A PDP must be aligned with the organization's vision statement. This vision statement, which is inherently adaptable in light of the organizational culture, environment, and business needs, should be a long-term strategically defined statement of what the organization aims to achieve as it continues to operate in the future.</p><p>The vision statement is the crux of any successful PDP that will empower employees to create a personalized career plan that enables them to align their goals with the company's vision statement.</p><p>The vision statement is fundamentally different from a mission statement. A mission statement outlines the essential purpose of the organization—how it carries out its processes while showcasing the values it holds true in support of upholding its vision. </p><p>For instance, the U.S. Department of Agriculture (USDA) Office of Inspector General's mission statement is "to promote economy, efficiency, and integrity in [USDA] programs and operations through the successful execution of audits, investigations, and reviews." The agency's vision statement is "Our work advances the value, safety, and integrity of USDA programs and operations."</p><p>Many successful employee development programs have constructed leadership tenets for their respective organizations. These tenets are directly aligned with an organization's vision and mission statements, and provide a guideline for increased team and employee performance.</p><p>One successful model of leadership tenets is the U.S. State Department's Bureau of Diplomatic Security (DS) Leadership Tenets. The foreword of these tenets concisely dovetails into DS's vision and mission statements in pursuit of codifying its leadership tenets for all employees.</p><p>"Strong, capable leadership is critical to the success of the Diplomatic Security mission of providing a safe and secure environment for the conduct of U.S. foreign policy through our protection, criminal, and overseas programs," the foreword reads. "As a law enforcement and security organization, we manage programs to protect personnel, facilities, and information, but we must lead our people. The Diplomatic Security Leadership Tenets establish our expectations for all DS employees, regardless of grade or position, in our pursuit of service to the Department and the Nation."</p><p>The DS Leadership Tenets embrace several key themes that are important to any organization, including moral courage, leadership by example, delegation, continuous learning, collaboration, and effective communication.</p><p>International organizations have taken their leadership tenets a step further by having them translated for their foreign-based offices. They have also delved deeper into the constructs of their tenets by creating talking points that address the importance and application of the tenets to provoke critical thinking within the organization. </p><p>An example of a talking point regarding the tenet of "learn constantly" focuses on the phrase that learning is a life-long endeavor. </p><p>If we do not learn constantly, our performance will not be sustainable in light of organizational change. All personnel should actively seek opportunities to learn in furtherance of developing and enhancing their skill sets and identify learning opportunities available within the organization. </p><p>Employees should also explore their options. What internal and external training opportunities exist? Has the employee been taking advantage of these opportunities? If not, what barriers exist and how can they be remedied for them to take advantage of these training opportunities? </p><p>This example provides an avenue to pursue constructive dialogue in a group setting. It promotes effective communication that employs a candid assessment to collaborate on a remedy—one that can be supported by the organization and its employees to cultivate new training opportunities.</p><p>Such an application is particularly important to further promote a sense of global citizenship within organizations where there are differences in cultural norms where they operate.</p><h4>Individual Planning</h4><p>Another key component to an organization's PDP is the institution of individual development plans (IDPs) for employees. This tool provides an employee with a roadmap that identifies professional short- and long-term goals that are aligned with an organization's vision and mission statements.</p><p>IDPs can address countless objectives to concentrate on the development of specialized knowledge concerning a new process, crafting innovations that focus on enabling greater efficiency, or forging new relationships that empower the employee, as well as the organization.</p><p>IDPs also provide an avenue for management to work with the employee in solidifying career endeavors and to assist managers in better understanding an employee's ambitions. </p><p>The U.S. Office of Personnel Management (OPM) published a public resource that provides a blueprint for managers and employees to implement IDPs within the public and private sectors. OPM deliverables on this topic elaborate on IDP's phases of development that include the importance of preplanning, meetings to discuss plan formulation, drafting, implementing, and evaluating the IDP.</p><p>Managers should shepherd the employee's IDP development by ensuring that his or her career goals complement the organization's vision, mission, and strategic goals. Additionally, the selected goals should be constructed using the SMART methodology—where goals are specific, measurable, attainable, relevant, and timely.</p><p>Each goal needs to have specific characteristics embedded that directly address how the goal is important. Is the goal measurable—can an employee's progress be measured and tracked toward completion? Is the goal attainable—is it reasonable that an employee can accomplish this goal, including completing the requisite milestones needed to achieve it? Furthermore, is the goal relevant—does it support the employee's personal vision statement? And is it timely—is the employee able to complete the goal within the timeframe identified for completion?</p><p>For example, "During the rating period, I will serve as a volunteer leader within a professional organization, council, or working group that enables the agency's mission and strategic goals to be broadcast to a greater audience while simultaneously developing partnerships that foster collaboration in support of shared organizational interests." This statement is an exemplar of a SMART goal that concisely addresses the aforementioned characteristics.</p><p>Since this is a personalized deliverable that is self-driven, the onus of responsibility for completing the IDP ultimately rests upon the employee. For instance, if a goal was to build upon one's interpersonal skills by broadcasting the company's brand to an outside organization during a meeting, seminar, or conference, the employee would need to conduct research and seek out potential speaking opportunities in support of completing this goal.</p><h4>Executive Connection</h4><p>Many executives have taken their respective IDPs to the next level by strategically linking their goals to OPM's executive core qualifications (ECQs). These are, as defined by OPM, "the competencies needed to build a federal corporate culture that drives for results, serves customers, and builds successful teams and coalitions within and outside the organization."</p><p>These competencies transgress through the public and private sectors and focus on the concepts of Leading Change, Leading People, Results Driven, Business Acumen, and Building Coalitions.</p><p>These ECQs are grounded in OPM's outlined fundamental core competencies of Interpersonal Skills, Oral Communication, Integrity/Honesty, Written Communication, Continual Learning, and Public Service Motivation. The sustained emphasis on these foundational competencies serves as the cornerstone that empowers an employee's aptitude to develop ECQs in support of career advancement. Many government agencies align their managers' and executives' performance plans with these ECQs to further their continued professional development while concurrently advancing organizational endeavors.</p><p>When revisiting the previously provided SMART goal example that focuses on volunteer leadership, this goal is strategically linked to the ECQs of Leading People, Leading Change, and Building Coalitions. It is also inherently linked to the fundamental core competencies in terms of developing Interpersonal Skills. </p><p>Furthermore, this particular illustration is an excellent IDP goal for an employee who currently does not have a managerial position, but wishes to actively seek out leadership opportunities to gain experience and demonstrate aptitude for career advancement. </p><p>It is also important to note the process of how IDP goals were achieved and how they directly addressed an ECQ where such an assessment could be used in a performance evaluation that documents an employee's progression on these fronts. </p><h4>Training</h4><p>Another vital component of an established PDP is the ability to increase substantive knowledge through training courses and seminars. While organizational budgets vary widely in terms of the amount of funding allocated for training, there are several avenues to seek training opportunities with minimal costs—especially for security professionals.</p><p>Frequently, professional associations offer discounted group rates, as well as free webinars to members. </p><p>The U.S. Federal Emergency Management Agency's Emergency Preparedness Institute also offers a myriad of free online classes to the general public. These courses focus on specialized topics, including the Incident Command System, emergency preparedness, continuity of operations, and workplace violence.</p><p>Collaborative partnerships with other organizations can also be cultivated to support a reduction in training costs. In-house trainers can be used to share case studies, lessons learned, and best practices with local businesses and agencies to create a grassroots co-op training initiative. Such avenues provide a platform for dynamic training opportunities at reasonable costs. </p><p>Examples of government partnerships range from the various federal executive boards to fusion centers located throughout the United States. From an international perspective, many American embassies and consulates shepherd Overseas Security Advisory Councils that provide invaluable networking and training briefings that support business growth by addressing crime and safety trends that may affect American businesses and their employees operating abroad.</p><p>One common theme when assessing developmental opportunities for employees is that organizations often provide a training course to staff where there is little to no opportunity to apply the skills they learned from the instruction. </p><p>This lack of application to the workplace environment is a fatal flaw for a PDP where the concepts are not reinforced through application. Without this application, course concepts are not personally tested and reinforced. This negates the added value of the objectives of the course.</p><p>To address this deficiency, IDPs can be drafted to not only pursue training on a particular subject matter, but to build in the application facet of the training material to support a special project based upon business needs. Organizations can facilitate working groups to support deliverables or create shadowing programs where employees nurture additional skill sets that support the organization while employees pursue the opportunity to expound upon the concepts and practices they learned in their training. </p><p>Such an example is a sponsored leadership development program that uses a curriculum that examines leadership principles and traits by assessing case studies. After the classroom portion has been completed, students are assigned an experienced mentor who guides the recently trained employees in applying the lessons learned in the coursework to their current work environment where their sponsoring organization also provides them special projects to complete that enhance the overall learning experience.</p><p>Organizations can also turn to professional associations and nonprofit organizations to empower employees through training programs, leadership symposiums, and national conferences. </p><p>One model training program of a nonprofit organization that ties in the key elements of a vision statement, training, and its successful application in support of goal setting is the Boy Scouts of America (BSA) Wood Badge Course. This six-day course, geared towards adult leaders of scouting groups, touches upon several key leadership principles that have been time tested within the military, civil service, and private business circles.</p><p>The course's five central themes of Living the Values, Bringing the Vision to Life, Models for Success, Tools of the Trade, and Leading to Make a Difference are not only applicable to professional endeavors but to personal development as well. </p><p>The curriculum is grounded from leadership training principles derived from Ken Blanchard, Max De Pree, and Stephen Covey. The same skills covered in this course can be found in many mainstream seminars, which can cost several thousands of dollars. BSA leaders can receive this same level of training at significantly reduced costs because BSA purchased royalties for some of its course material that is used by private vendors.</p><p>The course consists of classroom and practical field training outdoors that supports teamwork. After the course's completion, students have 18 months to complete five special projects, called "tickets." These tickets focus on program improvement at the local and regional levels of the BSA organization, as well as one personalized ticket for self-improvement. </p><p>Examples of such tickets could be planning and implementing targeted recruitment initiatives to generate more interest in scouting in a geographic area. They could also be streamlining social media and website platforms to convey a concise and targeted message to the general public about the benefits of scouting for today's youth. </p><p>Once all of the tickets have been completed and verified, attendees formally graduate the course. Feedback regarding the Wood Badge experience has been noteworthy through the years. </p><p>Serving as a chapter or council officer for one of these organizations can also give employees leadership, managerial, and budgetary experience. These opportunities directly support résumé building, especially if an employee has not had much involvement on these fronts or wants to build upon these attributes to further his or her career.</p><p>Mentoring programs can also prove to be a force multiplier in support of structured employee development programs. Numerous organizations possess formalized mentoring programs for employees that enable them to achieve a better sense of the organization's mission and how their duties and responsibilities impact the organization as a whole.</p><p>Another developmental opportunity that builds upon an employee being able to assess his or her standing in pursuit of his or her career goals is leadership coaching. Various U.S. federal government entities take advantage of their own in-house leadership coaching programs where certified coaches provide sessions to their employees for a duration of time.</p><p>U.S. federal agencies that do not have a leadership coaching program can partake in coaching programs offered by OPM and the U.S. Department of Treasury. Opportunities are also available for selected federal employees to receive free certification training. They then donate their time to provide leadership coaching sessions to other federal employees, as needed, to support a co-op coaching program.</p><p>Similar initiatives are also in place within the private sector where individuals who have completed their coaching coursework need a requisite number of coaching sessions to achieve a certification. </p><p>For instance, individuals who seek an International Coaching Federation (ICF) certification as an Associate Certified Coach must complete an ICF Accredited Coach Training Program, attest to 100 hours of coaching experience with at least eight clients—where 75 hours must be paid—and complete a Coach Knowledge Assessment. </p><p>Certification opportunities such as these empower an organization to capitalize on an invaluable training opportunity for their employees, which in turn is an investment when the newly minted leadership coaches provide services to the company's personnel.</p><h4>Solicit Feedback</h4><p>The final component of any successful PDP is the ability to receive constructive feedback to evaluate the program, as well as employees' progress. </p><p>Supervisors and employees should embrace the 360-degree evaluation process to support obtaining constructive feedback and performance assessments from their subordinates, peers, and supervisors to advance continued improvement of the program and employee target goals.</p><p>A model PDP should remain adaptable in light of the fiscal climate, while continuously striving to be resourceful in support of training and developmental opportunities for the employees. Management, in addition to curriculum and training specialists, should be cognizant of cost-effective deliverables where participation demonstrates a true return on investment. </p><p>A successful PDP will include several multifaceted concepts that rely on the organization to provide the framework of what it envisions for its future. These concepts should demonstrate a business need to develop employees and support career progression for the benefit of the organization.</p><p>This caliber of professional development planning capitalizes on promoting efficiency, while allowing the organization to bear the baseline cost for successfully implementing a model PDP that is innovative, resourceful, and forward leaning in furtherance of developing the next generation of strategic leaders. </p><p><em>The views expressed in this article solely represent those of the author and do not necessarily represent the views of or otherwise constitute an endorsement by the U.S. Department of Agriculture, USDA's Office of Inspector General, or the United States.</em></p><p><em><strong>Robert Baggett, CPP, PCI, PSP, JD, MPA</strong>, is an assistant special agent-in-charge for the U.S. Department of Agriculture Office of Inspector General's Western Region Office in Oakland, California. He serves as the chair of the ASIS International Academic and Training Programs Council and is a member of the ASIS Leadership and Management Practices council and the Investigations Council. During 17 years of public service, Baggett worked on several performance-based initiatives focused on professional development programs, individual development plan assessments, and organizational succession planning. </em></p> | | |
| https://sm.asisonline.org/Pages/Smarter-Structures,-Safer-Spaces.aspx | Smarter Structures, Safer Spaces | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p>Internet giant Google is known to build impressive campuses and office spaces for its workers. No exception is its Wharf 7 office in New South Wales, Australia, where it moved a number of employees when the company experienced a boom in growth in 2012.</p><p>The building was constructed to "encourage the interaction and collaboration that is key to the innovation Google promotes," IDEA Awards, an interior design awards program, states on its website. A gaming room, café, bridges, and walkways all contribute to the collaborative look and feel of the building. </p><p>While the interior design of Google's Wharf 7 is impressive, two security vulnerability researchers discovered that the system controlling much of the building's functionality had not received as much attention. </p><p>Billy Rios and Terry McCorkle, both of security firm Cylance, gained access to the corporation's building management system, a computer-based system that controls electrical and mechanical functions within the facility. They achieved this breach by exploiting unpatched vulnerabilities. In other words, they accessed the network that controls HVAC, lighting, fire and life safety systems, and more, because Google had not run security updates on some of those platforms.</p><p>"Among the data they accessed was a control panel showing blueprints of the floor and roof plans, as well as a clear view of water pipes snaked throughout the building and notations indicating the temperature of water in the pipes and the location of a kitchen leak," according to a May 2013 Wired article. </p><p>Upon learning of their research, Google promptly patched their systems and thanked the white-hat hackers for their warning. The lessons learned have far-reaching effects for facility and security professionals as they navigate their buildings' complex automation and control system environment.</p><h4>Intelligent Building Management Systems</h4><p>Intelligent building management systems (IBMS) are embedded in most contemporary buildings. IBMS continue to grow by anywhere from 15 to 34 percent each year, according to a report from revenue intelligence company MarketsandMarkets. Such growth is due to the demand for reduced operating costs, improved information flow, greater sustainability, and meeting increasing government regulation in building ownership and operations. </p><p>By 2022, it is estimated that the IBMS industry will be worth approximately $104 billion, according to a study by Transparency Market Research. However, this technological enhancement comes with a substantial set of security vulnerabilities that many facility and security professionals have not accounted for. As the Google example shows, if the security of IBMS is not considered, organizations will remain exposed to harm from nefarious actors.</p><p><strong>Vulnerabilities.</strong> The security vulnerabilities associated with IBMS stem from their incorporation across the built environment. IBMS integrate a building's operational management systems, such as HVAC, lighting, and life safety systems. They are also integrated into security systems, such as intruder detection, access control, and surveillance systems. </p><p>A detailed research project, funded by the ASIS International Foundation, the Building Owners and Managers Association (BOMA), and the Security Industry Association (SIA), recently investigated the security of IBMS, including vulnerabilities and mitigation strategies, as well as facility managers' understanding and practice.</p><p>The following is a discussion of the security issues associated with IBMS in the modern built environment. One of the more significant outcomes of the research project is Intelligent Building Management Systems: Guidance for Protecting Organizations. This guidance document was developed to be a consultation tool to aid the decision making of security and facility managers, as well as provide guidance to protect a building against an array of threats and risks.</p><h4>Explaining IBMS</h4><p>The scale of IBMS varies, from a small automated home heating system to a large and complex high-rise intelligent building, which centrally automates all functions including HVAC, lighting, elevators, audio-visual, security, and life safety systems, along with maintenance, administrative, and business functions. </p><p>With the advent of the Internet of Things (IoT), and its connectivity of all things electronic such as smartphones, vehicles, cashless vending, and more, IBMS will continue to expand into more diverse areas of everyday life. In other words, when you drive towards your building, the IoT will facilitate automatically opening the garage door as you arrive and allow your phone to open doors and turn on the building's lighting and heating. </p><p>The connectivity, automation, and control of the built environment with IBMS is achieved through a standardized technical architecture. This architecture is based on three defined component levels—management, automation, and field device. </p><p>The management level is the interface where a manager facilitates the day-to-day management of IBMS. The automation level is the core of IBMS and provides the primary automation and control devices, with controllers connected via a dedicated data network. The automation level implements defined rules set at the management level. The field device level includes the physical input sensors and output activators connected to the plant and equipment to monitor and control the built environment.</p><p><strong>Security risks.</strong> The fact that many IBMS devices are linked through a common communications protocol introduces security risks. These consequences can be divided into categories of loss, denial, and manipulation. All of these potential hazards threaten the organization's ability to maintain occupancy, manage operations, and protect data. Such risks can result in threats to life safety, as well as major financial loss and reputational damage.</p><p>When IBMS are compromised, consequences may range from denial of service attacks to manipulation of building systems. For example, turning HVAC off is denial of control that may be uncomfortable for the building occupants as the temperature changes, but also has the potential to shut down computer network servers when they overheat.</p><p>Vulnerabilities within IBMS vary significantly, ranging from physical access to a field-level device to a highly technical remote cyberattack. Unauthorized access to an automation level controller may allow an attacker to manipulate local control of field devices or launch a cyberattack on the automation network. This attack may allow the actor to map out how the building is used, alter the automation and control programs to unlock doors and isolate alarms, and further access the network covertly.</p><p>Though IBMS attacks are rarely publicly disclosed, there are a number of notable examples. The Target breach of 2013, for instance, compromised more than 41 million payment card users when a hacker stole an internal network access credential from a third-party HVAC maintainer. In Finland, a denial of service attack on a company's network shut down the heating in two buildings. Popular hacker search engines, such as Shodan, publish a list of IBMS vulnerabilities that can be easily accessed. </p><p>Failure to understand and properly respond to IBMS vulnerabilities will result in exposure to security risks. Because of their abstract nature and the fact that they are often presented in a highly technical manner, IBMS vulnerabilities can be difficult for practitioners to understand and mitigate.</p><h4>Project Findings</h4><p>While IBMS include security functionality, most IBMS are managed and operated by facility managers rather than security professionals. However, these facility operators tend to focus more on broad organizational functions and cost management, and less on security, making it pertinent that security professionals pay close attention to these vulnerabilities. </p><p>The project found that the body of IBMS security knowledge is spread across a diverse array of literature. To date, there is no single source document that security professionals can use to understand the significance of this security concern or guide their threat mitigation. </p><p>Furthermore, the project identified several important issues in the security of IBMS: professional responsibility and the siloed effect, awareness and understanding of vulnerabilities, who the IBMS security experts are, the integration of security systems, and the lack of a common language in the security of IBMS.</p><p><strong>Responsibility. </strong>The research found that facility professionals manage and operate IBMS, with 36 percent of participating building owners and operators indicating they have such a responsibility.</p><p>In contrast, security professionals predominately manage and operate the functional elements of the security systems, and information technology professionals manage and operate the technical elements of networked systems, including the broader IBMS architecture. Nevertheless, each profession generally focuses only on their areas of practice, resulting in silos of responsibilities.</p><p><strong>Awareness.</strong> The project also found a significant disconnect between security and facility professionals' understanding of IBMS threats and risks and their technical knowledge of vulnerability significance. Although 75 percent of the security and facility professionals responded that they had an awareness of IBMS architecture—and half of these participants featured IBMS risks in their risk management documentation—the majority displayed a limited understanding of IBMS technology and vulnerabilities.</p><p>Both security and facility professionals rated the criticality of IBMS vulnerabilities as relatively equal in criticality. Such findings support the assumption that many professionals lack technical understanding of IBMS vulnerabilities.</p><p><strong>Expertise.</strong> Within the project, an expert IBMS technical security group emerged. Integrators—vendors, installers, or maintainers—and cybersecurity professionals displayed a more accurate understanding of IBMS vulnerabilities and their organizational significance. This group rated attacks against the automation level equipment and its network at a higher criticality. Such attacks include manual override of the controller, automation network traffic monitoring, and unauthorized access to a workstation.</p><p>Unlike the security and facility professionals, who rated vulnerabilities at about the same level, the expert group identified a significant difference between the most and least critical vulnerabilities. This demonstrates that they hold a higher level of technical comprehension that can be leveraged by organizations to achieve more robust IBMS security.</p><p>However, many integrators provide service and maintenance, rather than best-practice operational and security advice. Participants noted that advice given by integrators may be viewed as an attempt to sell their products and services, and they may not be recognized as a strategic partner providing high-level IBMS security advice.</p><p>Effective management of the security of IBMS requires that integrators or cybersecurity professionals work with the facilities and security departments. These professionals could be in-house information technology or cybersecurity professionals, or third-party contractors such as integrators.</p><p>Half of the project's participants reported that IBMS integrated into their security systems, which can put these systems at increased risk. The type of security systems used varied widely among respondents. The study also showed a discrepancy between security and facility professionals' understanding of security risks and jurisdictional responsibilities. </p><p><strong>Language.</strong> The project found that the IBMS term "integration" is not widely understood and remains broad and undefined, with various interpretations of meaning depending on a person's occupational role. </p><p>Consequently, there is a lack of understanding and clarity of language with IBMS terms and practices. Differences in the security and facility professionals' idea of what integration means shows a cultural difference between the perspectives of IBMS. This discrepancy of language can result in a failure to address vulnerabilities to system integrity.</p><h4>The IBMS Guidance</h4><p>To overcome the security obstacles to IBMS, the project developed a guidance document, Intelligent Building Management Systems: Guidance for Protecting Organizations. This document provides a first-generation publication for all relevant professionals to address the many and changing IBMS threats and risks, as well as the organization's ability to maintain occupancy and operations. The guidance will not only aid decision making in IBMS protection, but will help to develop a common language between IBMS stakeholders.</p><p>The guidance directs the reader to identify the organization's criticality, or impact level, if exposed to an IBMS-related event. Criticalities are ranked, using a matrix, across one or many categories such as operations, finance, safety, regulatory, information, or occupancy. </p><p><strong>Security questions. </strong>Following are hierarchical, criticality-based IBMS security questions that are addressed. These security questions are divided into five levels of criticality that align to the criticality matrix, from low to critical. Responding to these questions facilitates either demonstrated compliance or the need to ask relevant professionals further questions.</p><p>The security questions are divided into subsections, comprising management, security risk management, personnel security, physical security, cybersecurity, incident response, continuity planning, and maintenance. A typical low level 1 security question is "Do you have a written and endorsed Security Policy?" In contrast, a critical level 5 security question asks "Do you undertake a IBMS specific threat assessment?" In all, there are 136 security questions, divided into impact levels from low to critical.</p><p><strong>Looking ahead.</strong> Intelligent building management systems are becoming embedded into new buildings for many reasons, including the drive for greater operational efficiency and the need to meet increasing regulation. All building devices and equipment are likely to be converged with IBMS at some level of automation, including security systems.</p><p>For security professionals to have an awareness and be relevant in the modern organization, they must possess a professional level of IBMS understanding. To raise awareness and provide guidance, Intelligent Building Management Systems: Guidance for Protecting Organizations provides both the security and facility professional with the aggregated information they need to address IBMS threats and risks. Familiarizing themselves with the results of the research project will help security practitioners work alongside other personnel to provide effective security to their facilities.</p><h4>SIDEBAR: ASIS INTERNATIONAL FOUNDATION IBMS REPORT RECOMMENDATIONS</h4><p> Across the security and facility professions, the ASIS International Foundation research project identified several key recommendations:</p><p><strong>Gain a better general awareness of your IBMS and its vulnerabilities.</strong> This awareness does not have to be a highly technical cybersecurity understanding; rather, a broad understanding of what your IBMS does, and its function in the business and physical locations. Many of the vulnerabilities are physical or procedural, in which general security strategies will provide a suitable level of protection.</p><p><strong>Form an IBMS security working group from across the organization's stakeholders. </strong>This group will help to break down the siloed approach of IBMS and improve cross-department cooperation with membership from security, cybersecurity, facilities, engineering, and other relevant stakeholders.</p><p><strong>Audit your building's IBMS.</strong> Know where the physical IBMS devices, such as controllers and communication networks, are located and their level of protection.</p><p><strong>Ensure that IBMS is included in your security risk management documentation.</strong> For example, are the IBMS listed as critical components in the documentation? How do they help in incident response, and what happens to your security systems when IBMS fail?</p><p><strong>Build a working partnership with IBMS experts</strong>, especially with information technology and cybersecurity professionals, as well as IBMS integrators. These professionals may be in-house or third-party contractors but should have an understanding of the security issues with IBMS.</p><p><strong>Obtain a copy of<em> Intelligent Building Management Systems: Guidance for Protecting Organizations</em>. </strong>This guidance will provide you with a tool to rate your building and a list of security questions you can use to start addressing your IBMS security. The guide provides a first-generation document for all professions to address the many and changing threats and risks to IBMS and its organization.</p><p><em><strong>Dave Brooks,</strong> PhD, MSc, BSc is the post graduate security science coordinator at Edith Cowan University in Western Australia. He is the ASIS International Western Australia Chapter 226 treasurer and member of the chapter's executive committee. <strong>Michael Coole, </strong>PhD, MSc, BSc is the security science course coordinator at Edith Cowan University in Western Australia. He is a member of the ASIS International Foundation Research Council.</em></p> | | |
| https://sm.asisonline.org/Pages/October-2018-Industry-News.aspx | October 2018 Industry News | GP0|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <h4>World-Class Security</h4><p>Ion Oblemenco Stadium in the Romanian city of Craiova is home to football club CS Universitatea Craiova and has more than 30,000 seats. The futuristic stadium was built to host international and premium league matches, requiring a security solution that meets European football championship standards for safety.</p><p>Craiova officials chose Bosch to implement a complete security solution. Bosch experts installed a fire and safety solution with four fire panels and 1,500 detectors. The sound system includes Electro-Voice Pro Sound speakers for music and commentary, Dynacord Promatrix for evacuation, Bosch loudspeakers for interior sound, and a conference and interpretation system for the pressroom.</p><p>The fully integrated video security system supports 211 cameras, centrally managed via the Bosch Video Management System. Video is monitored by operator personnel and members of Romania’s police during matches and stored on two Bosch DIVAR IP 7000 network video recording units.</p><h4>PARTNERSHIPS AND DEALS</h4><p>Panda Restaurant Group, Inc., deployed 3xLOGIC VIGIL Trends Business Intelligence software to its North American locations. Interface Security Systems is the integrator and project manager.</p><p>Acronis formed a new technology partnership with Arsenal Football Club to protect data and the club’s IT infrastructure.</p><p>Noodigs Realty Services selected Acuant AssureID for identity verification.</p><p>AEON Credit Service and Fujitsu are testing a cardless payment system using Fujitsu’s palm vein biometric authentication technology.</p><p>Altronix added Paxton Access to its portfolio of Trove Access and Power Integration Solutions.</p><p>Certiport and EC-Council will launch the EC-Council Associate Series certification exams, practice tests, and curriculum.</p><p>Chubb partnered with DynaRisk to offer a cyber loss mitigation service to its Cyber Enterprise Risk Management policyholders in the United Kingdom and Ireland.</p><p>Comodo Cybersecurity announced that Western New Mexico University has chosen Comodo Advanced Endpoint Protection to secure IT assets.</p><p>Country Kitchen selected DTT as its preferred vendor for loss prevention services. </p><p>Endace and Ixia signed a technology partnership agreement to focus on complementary and integrated network solutions.</p><p>GS1 announced a partnership with Optiseller to enable retailers to check their Global Trade Item Numbers (GTINs) across all eBay listings.</p><p>GTL and Sentinel Offender Services will collaborate on advancements in offender tracking and monitoring technology.</p><p>Ilitch Holdings, Inc., selected Avigilon Corporation, a Motorola Solutions company, to enhance customer experience and safety at its Detroit properties, including Little Caesars Arena, Comerica Park, offices, and retailers. Identify, Inc., installed the video solution.</p><p>Keepit A/S is collaborating with Veritas Technologies LLC to provide data protection for the Veritas SaaS Backup solution.</p><p>Legrand announced that its On-Q Digital Audio System has been integrated with Alarm.com.</p><p>N8 Identity is now a Microsoft Azure Silver Partner.</p><p>Caesars Entertainment EMEA deployed Pivot3 HCI to protect critical video surveillance data.</p><p>TITUS and Virtru will partner to deliver integrated data security and compliance offerings for enterprises of all sizes.</p><h4>GOVERNMENT CONTRACTS</h4><p>Axon announced that the Honolulu Police Department will deploy 1,200 Axon Body 2 cameras with unlimited storage on Evidence.com.</p><p>Attenti electronic monitoring solutions were selected for an additional term by the Florida Department of Corrections.</p><p>CGI will enhance the cybersecurity posture and risk awareness of federal government agencies participating in a U.S. Department of Homeland Security (DHS) program.</p><p>Dragos, Inc., was selected by the U.S. National Cybersecurity Center of Excellence as a collaborator on the Energy Sector Asset Management Project.</p><p>Edesix recently won the contract to supply body-worn cameras to Staffordshire Fire and Rescue in the United Kingdom.</p><p>Argentina selected HID Global to upgrade its ICAO electronic passport. </p><p>KT Corporation completed a new digital system for national identification in Tanzania.</p><p>Park Assist has a parking guidance system contract for San Francisco International Airport. </p><p>The Mission and Installation Contracting Command at Fort Gordon, Georgia, awarded a contract for cybersecurity training to root9B, LLC.</p><p>Salient CRGT, Inc., was awarded a task order to provide enterprise IT support to the U.S. Defense Technology Security Administration.</p><p>Trust Automation Inc. worked with DHS to obtain license to the Autonomic Intelligent Cyber Sensor technology developed by Idaho National Laboratories.</p><p>Unisys Corporation was selected by the U.S. Navy to develop, operate, and manage software used for secure messaging.</p><p>The Vermont State Department of Motor Vehicles selected Valid USA, Inc., to provide secure driver’s licenses and identification cards. </p><p>The Public Safety Information Sharing and Analysis Organization is adopting the VirnetX Gabriel Collaboration Suite to facilitate secure communications with its member network.</p><p>The Ministry of Home Affairs of the People’s Republic of Bangladesh commissioned Veridos to supply and implement electronic passports and border control systems.</p><h4>AWARDS AND CERTIFICATIONS</h4><p>Avigilon video systems and access control software received SAFETY Act designation as approved technologies from the DHS. </p><p>Coalfire received the Employer Support of the Guard and Reserve Pro Patria Award from the U.S. Department of Defense.</p><p>Dahua Technology USA announced that its 2MP AI Network Box Camera won the 2018 ESX Innovation Award in the video analytics category.</p><p>ECI won the Best Multi-Layer SDN Controller award for its Muse software at NGON 2018.</p><p>Evive Disaster Recovery, Production Network, and User Acceptance Testing applications earned Certified status for information security by HITRUST.</p><p>Illumio Adaptive Security Platform is compliant with the Federal Information Processing Standard (FIPS) 140-2 Level 1 security certification and is in the evaluation stage for Common Criteria certification. </p><p>Italtel announced that its Brazil team won the Technical Readiness Brazil award from Cisco.</p><p>ONVIF announced the winner of its Open Source Spotlight Challenge: CAM X, submitted by Liqiao Ying, offers an object detection system that uses blockchain solutions for storing information obtained from ONVIF cameras. </p><p>Persistent Systems, LLC, announced that its MPU5 mobile ad hoc networking radio received a Level 2 FIPS 140-2 security validation. </p><p>Senstar Symphony received Lenel factory certification and joined the Lenel OpenAccess Alliance Program.</p><h4>ANNOUNCEMENTS</h4><p>ADME, Inc., parent company of Apollo Security Access Control, created ApolloEM, a new division for sales and support for its software OEM and integration partners. </p><p>Arecont Vision was acquired by Costar Technologies, Inc.</p><p>ASSA ABLOY is acquiring Swiss company Planet GDZ and Chicago-based Door Systems.</p><p>Boon Edam Inc. launched interactive troubleshooting guides for service technicians in the Americas.</p><p>The Brand Safety Institute was launched to advance brand protection through research, education, and professional certification. </p><p>CannaGuard Security is offering franchising opportunities for providing compliant security systems to licensed cannabis growers and retailers.</p><p>CyberInt, in cooperation with Check Point Software Technologies, led Brazilian authorities to cybercriminal Douglas Arrial, who created a phishing kit to sell on the Dark Web.</p><p>Edesix opened a U.S. office in New Jersey that will house both U.S. and U.K. staff.</p><p>ExteNet Systems joined the Safer Buildings Coalition to help set standards for in-building public safety wireless communications. </p><p>The Nevada Institute for Autonomous Systems launched the Nevada Drone Center of Excellence for Public Safety to reduce air hazards from drone incursions as drones enter the commercial air traffic system. </p><p>Nice S.p.A. acquired FIBARO.</p><p>RealNetworks, Inc., announced the free and immediate availability of SAFR for K-12, an AI and machine learning based facial recognition solution to help enhance safety in K-12 schools in the United States and Canada. </p><p>Red Hawk Fire & Security, LLC., purchased Security and Data Technologies, Inc., to reach customers in Philadelphia, eastern Pennsylvania, parts of New Jersey, and Delaware.</p><p>Safe-T acquired the intellectual property and marks of CyKick Labs, Ltd.</p><p>Securiosity is a new weekly cybersecurity podcast from Scoop News Group.</p><p>SecurityScorecard investigated the top 15 CISOs and their programs and created a downloadable report.</p><p>Sonitrol of Lexington and Bates Security joined with 3xLOGIC to upgrade security for The Nest Center for Women, Children, and Families in Lexington, Kentucky.</p><p>The Streaming Video Alliance published a document on forensic watermarking for streaming media.</p><p>Structured Innovations merged with Legacy Marketing, a manufacturers’ representative agency in the Great Lakes region.</p><p>Summit Companies purchased the Michigan branch offices of Indianapolis-based Koorsen Fire & Security, Inc.</p><p>Threat Sketch released Malicious IT Employee: A Survival Guide, a white paper addressing internal threats. </p><p>Thycotic released a free Incident Response Policy Template, which outlines proactive steps companies can take to build resilience and be prepared to respond to a cyber incident.</p> | | |
| https://sm.asisonline.org/Pages/Book-Review-First-Responders-Handbook.aspx | Book Review: First Responders Handbook | GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 | <p></p><p><em>First Responders Handbook: An Introduction, Second Edition</em>. By Michael L. Madigan. CRC Press; crcpress.com; 312 pages; $139.95.</p><p>Author Michael L. Madigan writes that this handbook's objective is to provide information to enhance and support the capabilities of first responders in the public and private sectors. It turns out to be an excellent reference guide for first responders and those who are new to this rapidly growing field.</p><p>Most emergency responders are trained to follow set standards and procedures before, during, and after an emergency. Madigan's first chapter delves directly into the National Incident Management System (NIMS) and the Incident Command System (ICS). He explains how a structured system allows emergency responders to plan for and manage a crisis. </p><p>The importance of education, training, planning, and technology reverberates throughout the book. Woven into the text are explanations of common terminology used by first responders, how chain or unity of command is implemented, and the importance of communication.</p><p>Mitigation strategies are made up of three main components: mitigation goals, mitigation actions, and an action plan for implementation. Madigan incorporates these strategies throughout the book to provide the framework required to reduce and mitigate hazards for first responders. </p><p>"Evaluations of security concerns become obsolete as technology progresses and new threats and vulnerabilities arise," Madigan writes. "Continuous security evaluation of organizational products, services, methods, and technology is essential to maintain overall security measures within one's organization." </p><p>A master trainer for the U.S. Army, Madigan uses his deep knowledge of the material to provide useful information. He discusses specific emergency scenes, natural disasters, transportation emergency incidents, industrial and household incidents, terrorist incidents, and hazardous materials incidents. Effective graphs and charts are incorporated into the text, and each of the 14 chapters ends with a summary conclusion. </p><p>The importance of community partnership is emphasized, along with the need for emergency preparedness, training, and certification. Madigan shows the value of technology and solution development, while involving first responders at the local, state, and federal levels.</p><p>First responders, those interested in that career, and students will benefit from this book. It is not a technical work, and Madigan's writing is easy to follow and comprehend. </p><p><em>Reviewer: Kevin Cassidy lectures at John Jay College of Criminal Justice in New York City. He is a member of ASIS.</em></p> | | |