ASIS Europe 2018, April 18–20, in The Hague, The Netherlands, will focus on securing organizations in the era of the Internet of Things (IoT) and highlight how enterprise security risk management (ESRM) approaches can protect an organization’s full range of physical, digital, and human assets.
The revamped event format that was launched in Milan in 2017 will be repeated with its mix of conference, training, technology and solutions exhibition, career center, and exclusive networking.
At the conference, themed “Blurred Boundaries—Clear Risks,” attendees will tackle the impacts of Big Data and artificial intelligence. They’ll also be provided with up-to-date risk outlooks, case studies, and thoughtful analysis across the full range of key security management issues.
“Through the blurring of boundaries, security and risk aspects become more diffuse, more complex, and unpredictable,” says conference chair Eduard Emde, CPP. “This event is designed to help security professionals know how risks can be assessed and acted on effectively—not in disclaimers or legal arrangements but by having the actual risk owner and users make informed decisions.”
The opening keynote session on Thursday, April 19, will set the scene for the conference with expert insight into the organizational impacts of Big Data, automation, and artificial intelligence. This session will look at the perspectives of businesses, consumers, shareholders, and communities and set the parameters within which security professionals—and particularly security leaders—need to operate.
Following the keynote, Martin Gill, director of Perpetuity Research, will chair a panel debate on the topic “Risk and Responsibility.” Panelists will include Suzanne Oyen, head of global corporate security for SWIFT, and Bernard Galea, senior vice president and chief competitive intelligence and security officer for Danone Group.
Three masterclasses will provide deep dives into some of the most complex emerging challenges facing security practitioners today:
• “How Digital Asset Valuation Impacts Risk Assessments,” Carl Erickson, CPP, CISO, Philips Lighting; Gal Messinger, head of global security, Philips Lighting
• “The Incoming EU General Data Protection Regulation and its Impacts on Enterprise Security,” Axel Petri, senior vice president group security governance, Deutsche Telekom; Dr. Christoph Rojahn, director of forensic services, PricewaterhouseCoopers
• “Skill Sets of the Security Team Now and in the Near Future,” Florian Haacke, head of group security, innogy; Stuart Eustace, CPP, PSP, global lead risk, security and crisis management, pladis Group; Ben Suurd, CPP, global corporate security manager, Mead Johnson Nutrition
The first masterclass, “How Digital Asset Valuation Impacts Risk Assessments,” is of particular relevance to ASIS’s focus on ESRM and cyber–physical security approaches.
Organizations of all kinds are rapidly generating and developing abilities to handle, analyze, and make sense of vast amounts of data at levels that would have been unimaginable even a few years ago. Data that did not exist before is now available, and data that was trivial before may suddenly become both valuable and sensitive.
The session will look at a valuing a range of digital assets such as customer data, intellectual property, and process data, plus assessing nonfinancial values such as reputational risk in the event of customer data loss, employee data exposure, and so forth.
Expert speakers will then examine the impact on security professionals in organizations that have, historically, had more of an emphasis on protecting human or physical assets. The objective of the session is to address how the increasing value of data and digital assets is changing risk assessments and, ultimately, the asset protection approach.
Also at ASIS Europe 2018:
• The exhibition and the technology and solutions track will bring solution providers and practitioners together to address complex, emerging challenges.
• Training modules will be geared towards team members and new security professionals seeking to gain focused, practical skills with well-defined learning outcomes.
• The ASIS Europe Career Center will offer the European Salary Survey, career and transition coaching, diversity in security, and much more.
Full information is available at asiseurope.org.
Mass Transit Safety
The ASIS Supply Chain and Transportation Security Council released a white paper, Mass Transit Security, which emphasizes the importance of security awareness programs at transit agencies and the need to incorporate the terror threat cycle into these vital initiatives.
The paper explores the motivations behind terrorism and its effects on transit systems. It also identifies the steps of the threat cycle with clear lists of what to look out for. This concise framework allows for practical education of staff and reinforces their role in overall safety and security.
The author notes that the security awareness training should include indicators of suspicious activity, whom to report such activity to, and how to ensure that proper authorities receive the information. In addition, the paper suggests that transit agency staff be involved in regional fusion centers (in the United States) and other information sharing organizations, so knowledge of trends and threat detection are available.
Heightened awareness can decrease the chance of a terrorist threat or attack. “Having a trained staff can lead to an agency being able to respond to save as many lives as possible, initializing a continuity plan during the recovery phase, then recovering from the threat and establishing the trust of the transit agency patrons and the public,” according to the paper.
Download the free white paper from the ASIS home page, asisonline.org.
International Buyer Program Helps Expand ASIS 2017’s Global Footprint
Attendees and exhibitors at ASIS 2017 will have the chance to expand the scope of their business opportunities to a global level. Thanks to the U.S. Department of Commerce International Buyer Program (IBP), a joint government-industry effort, hundreds of global buyers from multiple delegations will attend ASIS 2017 for business-to-business matchmaking with exhibitors and attendees. The buyers represent security professionals from around the world.
“The International Buyer Program provides an excellent opportunity for security professionals globally to benefit from the collective wisdom of the 22,000 attendees and exhibitors at ASIS 2017,” says Godfried Hendriks, CPP, managing consultant at GOING Consultancy BV and secretary of the ASIS International Board of Directors. “In today’s threat environment, security professionals need a global community of peers they can turn to year-round for support, best practices, and information sharing. ASIS 2017 will help facilitate these relationships.”
Every year, the IBP generates approximately $1 billion in new business for U.S. companies, primarily through increased international attendance at participating U.S. trade shows.
ASIS 2017’s participation in the IBP provides attendees with access to a broad array of security professionals, qualified international buyers, representatives, and distributors. It also increases the chances of finding the right international business partner. Not only will attendees meet more global buyers, representatives, and distributors, but exhibitors’ products and services can be listed in the Export Interest Directory and distributed to all international visitors for additional awareness.
Once a potential partner is identified, attendees have complimentary use of the on-site International Trade Center, where companies can meet privately with prospective international buyers, prospective sales representatives, and other business partners.
To assist in facilitating conversations, international trade specialists will be available on-site in the International Trade Center to provide matching assistance and expert trade counseling to global delegates and U.S. exhibitors.
Don’t miss out on the chance to expand your global footprint. Stop by the International Trade Center on the expo floor to learn more.
Meet the Certification Team
ASIS International certification staff members facilitate everything that goes into developing and administering the ASIS certifications: Certified Protection Professional® (CPP), Professional Certified Investigator® (PCI), and Physical Security Professional® (PSP).
They help members and nonmembers achieve ASIS certification and recertification, in addition to working with volunteer leaders and other subject matter experts to make sure that the exams represent the knowledge and skills needed to be successful security management professionals.
We asked the certification team: “What’s new in certifications?”
Gayle Rosnick, Director, Certification.
"We are working to simplify our application process. We feel that the exams should be rigorous, but filling out the application shouldn’t be."
Janine Oney-Schmitt, Certification Specialist.
"Our Board Certification Handbook has been updated and is an essential resource for all applicants. It is easy to follow and contains all the policies and processes for our certification programs."
Lisa Currie, Certification Specialist.
"New and improved certification FAQs make it easier for applicants to find answers to their questions in one place."
Mark Pino, Certification Specialist.
"We have new leadership, a renewed commitment to best practices, and new guidelines to make us more productive, successful, and better able to serve our customers."
Iris Casco, Certification Specialist.
"We have a fresh new look, including the tools we provide to assist our members with the certification process, like the free self-assessment for CPP, PCI, and PSP exams."
Contact the certification team at firstname.lastname@example.org.
ASIS Middle East 2017 to Address Issues Facing Executives
ASIS Middle East 2017, taking place November 5–7 in Manama, Bahrain, will focus on security as an enabler of economic diversification.
The theme supports strategic initiatives across the Gulf Cooperation Council (GCC) countries and will focus on addressing the key trends and issues facing senior executives in the region whose roles require them to deal with a complex mix of physical security, cybersecurity, and management issues.
Dr. Muhammad M. Al-Saggaf, senior vice president of operations and business services at Saudi Aramco, KSA, will open the conference with a keynote address, “Economic Diversification and the Changing Business Landscape in the GCC.”
The presentation will include an explanation of the role of economic diversification across the GCC, the opportunities diversification brings, and the Saudi 2030 Vision (as an example of similar plans across the GCC). Al-Saggaf will also discuss how traditional industries in the GCC are affected by economic diversification, but they still have a critical role in underpinning and financing the change and need to evolve into market-oriented entities.
Following the keynote, a panel of security leaders from key sectors will outline the new risks and challenges that this future will pose to businesses, including physical and technological risk factors.
On the second day, Ziad Al-Labban, CEO, Sadara Chemical Company, KSA, will provide the opening keynote, “Security and Safety as Enablers of Sustainable Business.”
Additional conference topics will include:
• Critical infrastructure protection
• Soft target protection
• The human factor
• The skill set of the security professional in 2025
• Energy security
• Internet of Things risks
• Maritime security
• Unmanned aerial vehicles: threats and solutions
• Travel risk management
One of the highlights will be a case study of the Brussels Airport attacks of March 2016, to be delivered by Wilfried Covent, senior security expert, Brussels Airport Company, Belgium. This not-to-be-missed session relates Covent’s personal experience at the airport that day and lessons learned from the attacks.
Other conference speakers will include Paul Moxness, vice president, corporate safety and security, Carlson Rezidor Hotel Group, Belgium; Orhan Topcu, senior regional security manager MEA, global security, Microsoft, Turkey; and Lars Wistedt, AMEA regional security head, ABB, Dubai.
“At GPIC, we fully appreciate how complex the interdependency is when it comes to the relationships between a company’s risk portfolio and the way it does business,” says Dr. Abdulrahman Jawahery, president, Gulf Petrochemical Industries Co. “The leadership of ASIS International is key to all of us in aligning security with business, so that doing business and security are one and the same process.”
The full program and registration information are available at asismiddleeast.org.
First-Class Education Programs in New Orleans
ASIS will close out the year by bringing five educational programs to New Orleans next month. The programs address key areas of security management, including internal investigations, soft target hardening, force management, executive protection, and risk, threat, and vulnerability assessments.
Through solid instruction, engaging learning formats, and peer-to-peer collaboration, attendees will gain insight into current best practices and trends.
Security Force Management
This year’s Security Force Management workshop offers a range of vital topics geared towards those responsible for managing, staffing, and operating in-house or outsourced security programs.
New topics include an overview of various forms of technology that can enhance a security program such as robotics, remote monitoring, scheduling and hiring software, and patrol touring systems, as well as cybersecurity threats, prevention, and mitigation strategies.
Participants will take an in-depth tour of the New Orleans Superdome and related security features. Following the tour, a roundtable discussion will share insights on protecting buildings and assets.
“Many courses instruct on theory or general practices,” says faculty member Gary H. Kuty, president and CEO of Kuty & Associates, LLC. “This workshop offers a hands-on, collaborative environment that is unlike most presentations.”
Conducting Advanced Internal Investigations
This dynamic training program is tailored for individuals who already possess substantial investigative experience and knowledge and who want to take their investigations to the next level.
Attendees will learn how to traverse the legal minefields and traps that often make the difference between a successful investigation and a catastrophic one. They will also find out how to keep themselves and their organizations out of court.
“Internal investigations can be complex undertakings, fraught with enormous potential for legal liability. They also involve a considerable investment of time, money, and patience, and the convergence of many disciplines,” says faculty member Gene Ferraro, CPP, PCI, chief executive, ForensicPathways. “Few activities invoke so much risk but, at the same time, yield so much opportunity.”
Attendees will learn how to use the ANSI/ASIS Investigations Standard to maximize investigative performance to yield the best results and obtain the highest return on their investment of time and resources.
Risk, Threat, and Vulnerability Assessments
With the many different approaches to conducting risk assessments that have evolved over the past decades, it is vital for security professionals to have a comprehensive understanding of the methodologies and approaches to properly conduct risk, threat, and vulnerability assessments (RTVAs).
This three-day program provides case studies, practical exercises, and a visit to a relevant site to conduct an RTVA survey to accomplish this goal.
Using the ANSI/ASIS/RIMS Risk Assessment Standard and industry best practices as a basis of understanding, attendees will learn how to use them in practical exercises and applications for the development of functional and effective risk management programs.
“Students will gain insight and understanding of the necessary process of risk analysis and assessment, thus establishing the basis for proactive, predictive, and responsive advice critical in building an organization’s resilience
to operational risk,” says program advisor J. Kelly Stewart, managing director and CEO of Newcastle Consulting, LLC.
Critically important to the learning objectives is the development of a business case for C-suite management that clearly defines the cost, benefits, and impact on the organization’s continuity of operations plans.
The instructional staff has collectively conducted hundreds of RTVAs. They will not only share some of these cases with attendees, but will also discuss specific examples attendees would like to learn more about.
Soft Target Hardening
Active shooter and workplace violence incidents have steadily increased and become more violent and deadly over the past few years, with casualties growing at an alarming rate. Not surprisingly, soft targets are most frequently attacked.
Designed for small business owners and community and cultural institutions, the program covers the special needs for soft target planning, as well as the response and recovery phases of an active shooter, threat incident, or other emergency security situation. Through a mix of lectures, realistic scenarios, tabletop exercises, and other interactive educational methods, attendees will learn how to protect their organizations without creating a restrictive environment.
“This program will identify low-cost, highly effective physical and cyber measures to deal with active threats and emergency situations,” says instructor Kevin T. Doss, CPP, PSP, president and CEO, Level 4 Security, LLC. “Attendees will take away a personalized threat management plan, with accompanying policies and procedures, that all organizations can afford to implement—and cannot afford to be without.”
This two-day program provides a detailed introduction to the executive protection profession. It emphasizes the importance of risk assessments, the foundation of executive protection, and includes a critique of real-world events and lessons learned. Attacks on principals and an understanding of the methodology of the lone gunman will also
“While EP professionals recognize the value of a risk-based approach for operating an EP program, a common misconception is that all risks can be mitigated. In virtually all scenarios, it is impractical to pursue such unrealistic goals,” says Robert L. Oatman, CPP. “Dissecting the threat continuum provides insights into key investments that yield the highest value and deliver the desired level of asset protection.”
Congratulations to the following members who were recently named Lifetime Certificants.
• Christopher A. Manos, CPP
• George M. Flanagan, CPP
• Robert H. Stagg, CPP
MEMBER BOOK REVIEW
Building a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency. By John Sullivant, CPP. Butterworth-Heinemann; Elsevier.com; 298 pages; $49.95.
Times are changing and so too is business culture. In many cases, business leaders do not fully comprehend what their security culture is today, let alone understand how to measure or change it. Identifying the existing security culture and determining what changes need to be made are difficult and time consuming. This book is an excellent tool to make those tasks easier.
Building a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency is impeccably organized. Chapter titles read like newspaper headlines, conveying important points that the author will defend in the following pages. Each chapter begins with a foundational quote that sets the tone for the chapter, along with “top takeaways” to keep the reader focused through the dense material. Chapter conclusions summarize the author’s intentions for that section.
Author John Sullivant, CPP, boldly delineates the problems in organizations that may cause security programs to fail, while unabashedly pointing to poor C-suite leadership and management complacency as the root of many difficulties. He introduces strategies to overcome those problems and elaborates upon the strategies to create a useful roadmap.
Sullivant’s writing style is quickly and easily read. Much of the information appears in bulleted lists, while charts and examples throughout the book are appropriate and illustrative of important points.
The comprehensive compilation of information offers both elementary and advanced detail, so even security beginners will understand it. There are many step-by-step examples that can be followed by anyone from the newly minted security professional to the CEO.
One exceptional portion of the book is “How to Communicate with Executives and Governing Bodies.” Sullivant’s six-point plan for speaking to C-suite executives and staff is worth the price of the book. He also does a fine job covering the cyberthreat landscape and the insider threat. Statistics cited regarding CEO perceptions are sobering. The painstaking research the author did here, and to support the entire book, is impressive.
Seasoned security managers, as well as C-suite executives seeking to effect positive change, can use this book to further professional development, and professors will find it to be an excellent teaching tool. At the outset of a career, knowing and applying the strategies discussed within can save a security manager a lot of time and headaches in working with organizations. There is little doubt that this book will become a valuable resource for security professionals now and in the future.
Reviewers: Lydia R. Wilson, CPP, is an attorney-at-law and a member of the ASIS Information Asset Protection and Pre-Employment Screening Council. She has served as a professor in security management graduate programs at the University of Maryland University College and the University of Phoenix. John M. White, CPP, is president and CEO of Protection Management, LLC. An honorably retired law enforcement officer with more than 40 years of experience, he is a published author and serves on the ASIS Healthcare Security Council