Cybersecurity

 

 

https://sm.asisonline.org/Pages/Hacked-Again.aspxBook Review: Hacked AgainGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-02-01T05:00:00ZScott N. Schober; Reviewed by Kevin Cassidy<p>​ScottSchober.com Publishing; ScottSchober.com, 202 pages; $34.95</p><p>If you are seeking useful security advice on how to mitigate or prevent cybersecurity breaches, <em>Hacked Again</em> is a good resource to have in your library. </p><p>Author Scott Schober, a business owner and wireless technology expert, discusses pitfalls that all businesses face and the strategies used to mitigate cyberattacks. He discusses malware, email scams, identity theft, social engineering, passwords, and the Dark Web. </p><p> Another important concept is having systems in place to enable information access both as the data breach is occurring and afterwards. Most companies’ IT departments will have an incident response team; however, the individual user needs to know what to do when breached. Schober offers advice for that. </p><p> The abundance of personal information on social media is another concern of the author’s. He states that we are twice as likely to be victims of identity theft from these sites. He also reminds us that no matter how we try to eliminate risk, we’re never completely protected from a cyberattack. </p><p> Many cybersecurity books are more advanced, but Schober’s style is easy to follow, and he explains concepts and theories without confusing the reader. When concepts become overly technical, he incorporates scenarios to explain what these technical terms mean. Students, IT professionals, and novices would benefit from this book. They will learn that everyone must be aware of cybersecurity and stay on top of evolving trends.</p><p>--</p><p><em><strong>Reviewer: Kevin Cassidy</strong> is a professor in the security, fire, and emergency management department at John Jay College of Criminal Justice. He is a member of ASIS.</em><br></p>

 

 

https://sm.asisonline.org/Pages/Seminar-Sneak-Peek---Moving-to-the-Cloud-Repositions-Security.aspx2016-08-16T04:00:00ZSeminar Sneak Peek: Moving to the Cloud Repositions Security
https://sm.asisonline.org/Pages/New-Data-Rules.aspx2016-08-01T04:00:00ZNew Data Rules
https://sm.asisonline.org/Pages/Operating-Blind.aspx2016-03-01T05:00:00ZOperating Blind

 

 

https://sm.asisonline.org/Pages/No-One-at-the-Wheel.aspx2017-02-01T05:00:00ZNo One at the Wheel
https://sm.asisonline.org/Pages/Book-Review---Secrets.aspx2017-01-01T05:00:00ZBook Review: Secrets
https://sm.asisonline.org/Pages/Pesky-Passwords.aspx2017-01-01T05:00:00ZPesky Passwords

 

 

https://sm.asisonline.org/Pages/Book-Review---Social-Media-Risk-and-Governance.aspx2016-11-01T04:00:00ZBook Review: Social Media Risk and Governance
https://sm.asisonline.org/Pages/Top-5-Hacks-From-Mr.-Robot.aspx2016-10-21T04:00:00ZThe Top Five Hacks From Mr. Robot—And How You Can Prevent Them
https://sm.asisonline.org/Pages/Spoofing-the-CEO.aspx2016-10-01T04:00:00ZSpoofing the CEO

 

 

https://sm.asisonline.org/Pages/Hacked-Again.aspx2017-02-01T05:00:00ZBook Review: Hacked Again
https://sm.asisonline.org/Pages/Rise-of-the-IoT-Botnets.aspx2017-02-01T05:00:00ZRise of the IoT Botnets
https://sm.asisonline.org/Pages/Top-5-Hacks-From-Mr.-Robot.aspx2016-10-21T04:00:00ZThe Top Five Hacks From Mr. Robot—And How You Can Prevent Them

 

 

https://sm.asisonline.org/Pages/Book-Review---Secrets.aspx2017-01-01T05:00:00ZBook Review: Secrets
https://sm.asisonline.org/Pages/Security-Spotlight---Internet-of-Things.aspx2016-01-04T05:00:00ZSecurity Spotlight: Internet of Things
https://sm.asisonline.org/Pages/Driving-Toward-Disaster.aspx2015-06-15T04:00:00ZDriving Toward Disaster

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Trade-Secrets-2.0.aspxTrade Secrets 2.0<p>​The enactment of the Defend Trade Secrets Act (DTSA) of 2016 in the United States creates a new paradigm and is a watershed event in intellectual property law. U.S. President Barack Obama signed the bill into law on May 11, 2016, and the DTSA now applies to any misappropriation that occurred on or after that date.</p><p>A trade secret is any technical or nontechnical information that can be used in the operation of a business or other enterprise and that is sufficiently valuable and secret to afford an actual or potential economic advantage over others.</p><p>The law allows trade secret owners to file a civil action in a U.S. district court for trade secret misappropriation related to a product or service in interstate or foreign commerce. The term “owner” is a defined statutory term. It means “the person or entity in whom or in which rightful legal or equitable title to, or license in, the trade secret is reposed,” according to the DTSA.</p><p>Under the DTSA, in extraordinary circumstances, a trade secret owner can apply for and a court may grant an ex parte seizure order (allowing property to be seized, such as a computer that a stolen trade secret might be saved on) to prevent a stolen trade secret from being disseminated.</p><p>With this development in the law, trade secret assets are no longer stepchild intellectual property rights. Trade secret assets are now on the same playing field as patents, copyrights, and trademarks. The DTSA reinforces that a trade secret asset is a property asset by creating this new federal civil cause of action.</p><p>And there is no preemption. The U.S. district courts have original jurisdiction over a DTSA civil cause of action, which coexists with a private civil cause of action under the Uniform Trade Secrets Act (UTSA). The UTSA—most recently amended in 1985—codified common law standards and remedies for trade secret misappropriation at the state level.</p><p>The DTSA also coexists with criminal prosecutions under the U.S. Economic Espionage Act of 1996 (EEA), which makes it a federal crime to steal or misappropriate commercial trade secrets with the intention to benefit a foreign power.​</p><h4>What the DTSA Means</h4><p>A trade secret asset must be managed like other property assets. However, trade secret asset management differs because it first requires the identification of the alleged trade secret asset. Because millions of bits of information within a company can qualify as proprietary trade secrets, it is critical to classify and rank trade secret assets.</p><p>Most companies focus on the protection phase of trade secret asset management without first identifying and classifying their trade secrets. This approach is doomed to fail without a thorough analysis. Unless the company knows what it’s protecting, there can be no effective protection. And all three phases—identification, classification, and protection—must occur before an accurate valuation of trade secret assets can be determined.</p><p><strong>Proof. </strong>Additionally, information assets must be validated in a court of law as statutory trade secret assets. There is no public registry for trade secret assets. The courts require proof of four things: existence, ownership, notice, and access. </p><p>The first element requires proof of existence of the trade secret asset. The litmus test for proving the existence of a trade secret has six factors: the extent to which the information is known outside the business; the extent to which the information is known inside the business; the extent of measures taken to guard the secrecy of the information; the value of the information to the business and to competitors; the amount of time, effort, and money expended to develop the information; and the ease or difficulty with which the information could be properly acquired or duplicated by others.</p><p>The plaintiff must show that he or she owns the trade secret. A misappropriator cannot be the owner of a trade secret.</p><p>However, a person who independently develops or independently reverse engineers the trade secret can be the owner of the trade secret. By using reverse engineering, an employee who has not been granted intellectual property rights in the trade secret asset may also be the lawful owner—instead of the employer.</p><p>For proof of notice, the plaintiff must show that the defendants had actual, constructive, or implied notice of the alleged trade secret. A former employee may use his or her general knowledge, skills, and experience. However, a former employee may not disclose or use the trade secrets of the former employer. Also, the former employer is prohibited from claiming that “everything we do is a trade secret.”</p><p>The court will take judicial notice that there is both unprotected and protected trade secret information in every company. If the line is unclear, the court will draw the line in favor of the former employee. </p><p>For proof of access, the plaintiff must prove that the defendant had access to the alleged trade secret. If the evidence shows that the defendant never had direct or indirect access to the trade secret, and there is no conspiracy claim, there cannot be misappropriation. This is because misappropriation requires proof of unauthorized acquisition, disclosure, or use of the trade secret by the alleged trade secret thief.</p><p><strong>Protection. </strong>The DTSA also requires that the trade secret owner take reasonable measures to protect the secrecy of trade secret assets. This is a much more challenging task today because trade secret assets are no longer at rest in a locked file cabinet in an engineer’s office. Today, trade secrets are in motion and in use via computer systems and networks with access points all over the world.</p><p>Companies must actively monitor the access and movement of critical trade secret assets throughout the corporate enterprise, or risk the serious consequences of forfeiting trade secret assets by failing to take the reasonable efforts necessary to protect these assets.</p><p>The point is illustrated by U.S. v. Lee (U.S. District Court for the Northern District of Illinois, 2009). A 52-year-old senior scientist, David Yen Lee, suddenly resigned from his job at Valspar on March 19, 2009, and bought a one-way ticket to Shanghai, scheduled to leave on March 27.</p><p>One of Lee’s coworkers discovered irregularities in Lee’s work computer. Upon further investigation, an unauthorized program called “Sync Toy” was uncovered in invisible Windows files. It showed that Lee downloaded 44 gigabytes of paint and coating formulas, product and raw material data, sales and cost data, and product development and test information.</p><p>The FBI was informed and brought in to investigate. The bureau raided Lee’s apartment and recovered the stolen trade secret assets before Lee’s flight left for Shanghai. Valspar’s security readiness was directed to protection against outside intrusions. However, there was little security in place to guard against trade secret theft by insiders and trusted employees. </p><p>To mitigate against future insider theft, Valspar set up an internal identification and classification system for trade secrets called the CPR (classify, protect, report) model. Valspar now tracks the movement of all critical trade secret assets within the various computer environments with triggers that are activated if unauthorized activities are detected.</p><p>The reasonable measures necessary for the protection of trade secret assets continues to grow as the risk of sensitive data loss increases by various means: unauthorized uploading of trade secret assets to an insecure cloud or Web application; unauthorized email communications disclosing trade secret information; unauthorized acquisition of highly classified trade secret assets onto USB drives; and undetected incoming malware, phishing emails, and corrupted Web software all facilitate foreign economic espionage and theft of corporate trade secret assets.</p><p><strong>Seizures. </strong>Companies cannot take advantage of the DTSA’s powerful seizure provisions unless effective trade secret asset management protocols are in place before the actual or threatened misappropriation occurs.</p><p>First, the owner must demonstrate, in a sworn affidavit or a verified complaint, that the ex parte seizure order is necessary and that a temporary restraining order is inadequate. Second, that immediate and irreparable injury will occur if the seizure is not ordered. Third, that the person the seizure would be ordered against has possession of the trade secret and property that is to be seized.</p><p>Once the ex parte seizure order is granted, the court must take custody of and secure the seized property and hold a seizure hearing within seven days. Individuals can also file a motion to have the seized material encrypted.</p><p>A court can issue an ex parte seizure order, according to the DTSA, “in extraordinary circumstances” to “prevent the propagation or dissemination of the trade secret” or to “preserve evidence.”</p><p>These circumstances exist when a trade secret thief is attempting to flee the country, if he or she is planning to disclose the trade secret to a third party, or if it can be shown that he or she will not comply with court orders. </p><p>The Valspar case is an excellent example of the necessity for ex parte seizure orders. However, the FBI will not always be there, and the window of time to protect against the loss of trade secret assets and destruction of the evidence will often be shorter than the eight-day period in the Valspar case. This is why a DTSA civil cause of action and an ex parte seizure order are so important to protect U.S. trade secret assets.</p><p>The protection of trade secret assets in these circumstances requires emergency actions. Once lost, a trade secret is lost forever. The DTSA requires that the trade secret Owner file suit, and provide verified pleadings and affidavits to successfully obtain a DTSA ex parte seizure order before the de­f­en­dants know the suit has been filed. </p><p>Otherwise, without the element of surprise, the defendants—often with several clicks of a computer mouse—can transfer the trade secrets outside the country and destroy the evidence of trade secret theft by running data and file destruction software.</p><p>Therefore, to take advantage of the robust provisions of the DTSA, the trade secret owner must be able to move faster than the trade secret thief. This will require that companies develop internal trade secret asset management policies, practices, and procedures. </p><p>The DTSA creates a new paradigm. If management waits until the trade secret theft occurs to identify what the trade secret is and investigate the evidence of misappropriation, the actual trade secret assets will be long gone before counsel can provide the U.S. district court with the proof necessary to obtain an ex parte seizure order.</p><p>The result: if the losses from the trade secret theft are severe, both the board of directors and senior executives of the company can be charged with malfeasance, including the willful failure to take reasonable measures to protect the corporate trade secret assets from insider theft or foreign economic espionage.​</p><h4>DTSA Application</h4><p>What are the next steps in view of the DTSA? Every organization is different. There are no one-size-fits-all solutions. Each trade secret asset manager must audit existing approaches to protecting trade secret assets, the resource allocations within the organization, and any budgeting issues with protecting trade secrets.</p><p>A fundamental first step should be the creation of An internal trade secret control committee (TSCC). The TSCC should be charged with the responsibility to adopt policies and procedures for the identification, classification, protection, and valuation of the company’s trade secret assets.</p><p>The next step should be the creation of an internal trade secret registry (TSR). This is a trade secret asset management system that can be deployed as a cloud-based solution, on a corporate server, or on a standalone work station. </p><p>The TSR should operate like a library card catalog storing necessary trade secret asset information with hash codes and block chaining (a database that sequences bits of encrypted information—blocks—with a key that applies to the entire database) to ensure the authenticity of the data stored in the TSR and to meet the required evidentiary standards in a trade secret misappropriation lawsuit.</p><p>Another necessary step is trade secret asset classification, the foundation of a successful trade secret asset management program. Asset classification allows trade secret assets to be identified and ranked, so that the level of security matches the level of importance of the trade secret asset. There are now automated trade secret asset management tools available to assist companies with the classification and ranking of trade secret assets.</p><p>Security, without identification and classification, is doomed to fail. In contrast, securing data after identification and classification of the trade secret assets makes it much easier for the internal security ecosystem to enforce trade secret protection policies and to prohibit unauthorized access, disclosure, or use.</p><p>Today, software tools can protect the company from mistakes that lead to the forfeiture of classified trade secret assets. If a user attempts to email a trade secret document to unauthorized recipients, the software program will immediately alert the user so the mistake can be corrected. Further, classified trade secret assets can be monitored. Administrators can track abnormal or risky behavior that otherwise cannot be tracked until the trade secret is compromised.</p><p>Developing a trade secret incident response plan (TSIRP) is another critical requirement. The flow of trade secret assets throughout the corporate enterprise should be tracked with built-in red flags, designed to trigger the TSIRP and notify outside counsel to proceed immediately to the courthouse to seek a DTSA ex parte seizure order before the bad actors can destroy the evidence or transfer the stolen trade secret assets outside the court’s jurisdiction.​</p><h4>Employee Management</h4><p>There are other best practices for trade secret assets now that companies are focusing on the various stages of identification, classification, protection, and valuation.</p><p>Building a trade secret culture from the top down, with required training and compliance with TSCC policies, practices, and procedures, is at the top of the list. Companies must promote a trade secret culture by prompting employees and users to stop, think, and consider the business value of proprietary, internal information they are creating, handling, and reviewing.</p><p>The new employee hiring process should include an investigation and certification by the new employee that no proprietary trade secret information of any previous employer is being brought to the company or is being stored electronically in his or her personal email system or other electronic storage locations.</p><p>The prospective new employee should sign an employment agreement with patent and trade secret assignment provisions. He or she should also receive and review the company’s required trade secret policies and procedures.</p><p>When an employee leaves the company, off-boarding procedures should include a mandatory trade secret exit interview. The interview should be conducted under strict procedures adopted by the TSCC, including execution of a trade secret acknowledgement at the conclusion of the interview certifying that all company devices, documents, and materials, including electronic copies, paper copies, and physical embodiments have been returned. It should also certify that all proprietary and confidential information, stored on any personal computer or mobile device, has been identified and preserved, returned, or deleted under the company’s instructions.</p><p>The enactment of the DTSA will usher in a new era. It requires trade secret owners to identify, classify, and protect trade secret assets as property assets. In time, the DTSA will become a precursor for new accounting systems that will provide valuations for trade secret property assets.  </p><p>--<br></p><p><em><strong>R. Mark Halligan</strong>, partner at FisherBroyles LLP, is recognized as one of the leading lawyers in trade secrets litigation in the United States by Legal 500 and Chambers USA: America’s Leading Lawyers for Business. He is also the lead author of the Defend Trade Secrets Act of 2016 Handbook and coauthor of Trade Secret Asset Management 2016: A Guide to Information Asset Management Including the Defend Trade Secrets Act of 2016.  ​</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Industry-News-February-2017.aspxIndustry News February 2017<h4>​CAMPUS SURVEILLANCE</h4><p>Two universities in Utah partnered with Stone Security to upgrade their existing surveillance systems. Utah State University and Salt Lake Community College both had standalone analog systems with few cameras that could be monitored from only one location. Both schools chose to implement open platform, IP-based solutions built with Milestone XProtect VMS and network cameras from Axis Communications. Axis encoders integrate older analog cameras into the system, allowing the schools to continue using them.</p><p>Utah State University has campuses in every county in the state, and nine of those locations are integrated with the Milestone system. Video data is fed to the main campus in Logan, Utah.</p><p>Better video monitoring has improved coordination with campus police, reducing the time for incident response, as well as mitigating theft in the campus bookstores. The video system has also been leveraged to include watching over livestock in an animal science department, so researchers can respond when a birth is imminent, for example. Another innovative way officials are using the video is to prioritize snow removal based on the accumulations seen in the images.​</p><h4>PARTNERSHIPS AND DEALS</h4><p>ADT announced a new affiliation with MetLife Auto & Home for small business customers in New Jersey and California.</p><p>Dell EMC chose BlueTalon to deliver data security and governance for the newly announced Dell EMC Analytic Insights Module. </p><p>G4S will deploy ThruVis from Digital Barriers at major events in the United Kingdom.</p><p>Federal Signal Corporation’s Safety and Security Systems Group formed a strategic partnership with Edesix Ltd. to offer IndiCue products that collect, distribute, and manage video evidence. </p><p>FinalCode, Inc., appointed DNA Connect as its distributor for Australia.</p><p>Genetec and Point Blank announced a direct integration between the IRIS CAM body-worn camera and the Genetec Clearance case management system.</p><p>Hanwha Techwin America formed a partnership with Security-Net Inc., allowing Security-Net’s partners to source the full line of Hanwha Techwin’s surveillance solutions as a gold level dealer.</p><p>ISONAS Inc. selected two new manufacturers’ representatives: Wilens Professional Sales, Inc., in New York and The Tronex Group in Florida.</p><p>Kwikset formed a partnership with Horizon Global to expand its SmartKey security to the automotive accessories industry, including hitches, fifth wheels, ball mounts, bike racks, cargo management products, and more.</p><p>Louroe Electronics signed with Tech Sales & Marketing and expanded its partnership with Thomasson Marketing Group to strengthen its presence across the United States.</p><p>Oceanscan is using iland’s DRaaS with Veeam to reduce incident response time.</p><p>OnSSI integrated its Ocularis 5 Video Management System with Vidsys’s Converged Security and Information Management software. </p><p>OnX Enterprise Solutions and Splunk collaborated on the new OnX Security Intelligence Appliance that implements both the hardware and software needed to combat attackers.</p><p>Open Options partnered with Mercury Security to offer two new bridge technology integrations with Software House iSTAR Pro and Vanderbilt SMS. </p><p>Red Hawk Fire & Security U.S. announced that Affiliated Monitoring will manage central station monitoring for Red Hawk customers. </p><p>SeQent has been accepted into the Schneider Electric/Wonderware Technology Partner program. </p><p>FC TecNrgy will market SFC Energy’s defense and industry portfolio of off-grid power sources to the Indian defense, homeland security, and oil and gas markets. </p><p>ZKAccess retained manufacturers’ rep firm ISM Southeast.​</p><h4>GOVERNMENT CONTRACTS</h4><p>The U.S. Federal Trade Commission selected AMAG Technology and its Symmetry Homeland Access Control System to secure its Office of the Executive Director.</p><p>Convergint Technologies and BriefCam announced that Austin-Bergstrom International Airport in Texas expanded its use of BriefCam Syndex.</p><p>For the Las Vegas presidential debate, the Las Vegas Metropolitan Police Department deployed a drone detection and counter-drone solution from Dedrone. Dedrone also joined forces with Nassau County Police and Hofstra University to protect the first presidential debate in New York.</p><p>The Payne County Sheriff’s Office in Oklahoma selected Digi Security Systems to design and install a new video system for its jail and courthouse.</p><p>Electronic Control Security, Inc., received an award from prime contractor Hudson Valley EC&M Inc. for an entry control system and support services for the Sullivan County and Eastern Correctional Facilities in New York.</p><p>Exiger was chosen by the University of Cincinnati to act as the independent monitor of its police department.</p><p>Port St. Lucie, Florida, worked with SecurPoint to install a wireless, IP-based video surveillance system from FLIR.</p><p>Johnson Controls announced a Cooperative Research and Development Agreement with the U.S. Department of Homeland Security to help secure critical infrastructure.</p><p>Leidos won a prime contract from U.S. Customs and Border Protection to provide systems administration and maintenance services for x-ray and imaging technology.</p><p>MacDonald, Dettwiler and Associates Ltd. will provide space-based synthetic aperture radar capabilities for the Canadian Department of National Defence.</p><p>NAPCO Security Technologies, Inc., announced that the San Diego Unified School District will use NAPCO’s Continental Access control system.</p><p>NC4 announced that the Fulton County Police Department in California chose NC4 Street Smart to help fight crime.</p><p>Palo Alto Networks signed a memorandum of collaboration with the Cyber Security Agency of Singapore to exchange ideas, insights, and expertise on cybersecurity. </p><p>Saab announced that its Airport Surface Surveillance Capability is operational for the U.S. Federal Aviation Administration at San Francisco International Airport.</p><p>Salient CRGT, Inc., won a contract from the U.S. Department of Homeland Security Science and Technology Directorate to provide development, integration, and evaluation in support of BorderRITE.</p><p>SDI Presence LLC is a key subcontractor to Saab Sensis in deploying an advanced event management system for Phoenix Sky Harbor International Airport.</p><p>TASER International received an order for 900 TASER X2 Smart Weapons from the Kentucky State Police.</p><p>Unisys Corporation won a contract from U.S. Customs and Border Protection to modernize the agency’s technology for identifying people and vehicles entering and exiting the country.</p><p>Veridos is providing the Republic of Kosovo with ePassports in addition to a solution to personalize the ePassports. Veridos is responsible for data management, as well as service and maintenance for the software and</p><p>hardware infrastructure.</p><p>Veteran Corps of America will perform contractor logistics support for the Joint United States Forces Korea Portal and Integrated Threat Recognition (JUPITR) system.​</p><h4>AWARDS AND CERTIFICATIONS</h4><p>AMAG Technology announced that its Federal Identity, Credential, and Access Management (FICAM)/FIPS 201–compliant solution was approved by the U.S. General Services Administration.</p><p>Legrand North America achieved Excellence within the Industry Data Exchange Association’s data certification program.</p><p>Middle Atlantic Products secured a patent from the U.S. Patent and Trademark Office for its Essex QAR Series Rack.</p><p>Passport Systems, Inc., received the Security Innovation Award from Massachusetts Port Authority for helping to revitalize the Port of Boston with state-of-the-art detection systems.</p><p>Qognify received Lenel Factory Certification Under Lenel’s OpenAccess Alliance Program.</p><p>Safran Identity & Security announced that its Airpass mobile payment solution, with a cryptographic security component, was certified by Visa and Mastercard.</p><p>SecurityScorecard received the Most Promising Company Award for its sophisticated technology and strategic implementation during PricewaterhouseCoopers’ Inaugural Cyber Security Day.</p><p>Tosibox won the Finnish Security Company of the Year award. The Turvallisuus ja Riskienhallinta magazine annual award was presented at the Finnish Security Awards. ​</p><h4>ANNOUNCEMENTS</h4><p>As part of its product rebranding, 3xLOGIC launched an updated website.</p><p>Aite Group’s report, Biometrics: The Time Has Come, examines biometrics capabilities that are deployed across the globe. </p><p>Allied Universal announced the purchase of FJC Security Services of Floral Park, New York.</p><p>Anixter International Inc. is opening a customized flagship facility in Houston, Texas.</p><p>Illinois Joining Forces, a public-private network of veteran and military service organizations, received a $125,000 grant for veteran outreach from Boeing.</p><p>CGL Electronic Security, Inc., moved its corporate headquarters to Westwood, Massachusetts. The new facility includes a customer training area, demonstration space, warehouse, and testing area.</p><p>CNL Software expanded its U.S. operations with new regional offices and a demonstration area in Ashburn, Virginia.</p><p>College Choice published its 2016 ranking of the safest large colleges in America.</p><p>The Financial Services Information Sharing and Analysis Center established the Financial Systemic Analysis & Resilience Center to mitigate risk to the U.S. financial system.</p><p>Modern Tools To Achieve Excellence In Video Security is a new white paper from Geutebrück.</p><p>Implant Sciences will sell its explosives trace detection assets to L-3 Communications where they will be integrated into L-3’s Security & Detection Systems Division.</p><p>Milestone Systems is making its XProtect Essential 2016 R3 available as a free download to users worldwide.</p><p>The National Electrical Manufacturers Association published NEMA WD 7-2011 (R2016) Occupancy Motion Sensors Standard.</p><p>Safran Identity & Security opened a location in the Silicon Valley that features an innovation center with a specific focus on digital payment, digital identity, and the Internet of Things.</p><p>Nonprofit SecureTheVillage (STV) launched a weekly news podcast, SecureTheVillage’s Cybersecurity News of the Week, available on the STV website, iTunes, SoundCloud, and other podcast sites. </p><p>SightLogix published a new design guide to assist integrators, architects, and engineers in planning, selecting, and installing video-based security systems. Securing Outdoor Assets with Trusted Alerts offers practical advice about using outdoor video.</p><p>The Smart Card Alliance released a mobile payments workshop video for understanding mobile wallets.</p><p>The Tyco Security Products Cyber Protection Team is offering security advisories on its website. The team generates a security notification about which products might be vulnerable, along with mitigation steps. </p><p>The U.S. Office of Management and Budget will create a new privacy office to oversee the development and implementation of new federal privacy policies, strategies, and practices across the federal government. ​</p>GP0|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Crime-of-Opportunity.aspxCrime of Opportunity<p>​Over the past decade, retail and grocery stores have been turning to self-service checkout lanes to create a better shopping experience: making purchases will be easier and quicker, while store staff can be mobilized away from checkouts and into more customer-focused roles. However, self-checkouts and mobile shop-and-pay programs generate significantly higher rates of loss, a new report finds. </p><p>Developments in Retail Mobile Scanning Technologies: Understanding the Potential Impact on Shrinkage & Loss Prevention, a report by professors Adrian Beck and Dr. Matt Hopkins of the University of Leicester, analyzed data from nearly 12 million shopping trips from four major British retailers between 2013 and 2015. The researchers found that using self-checkouts in stores increased the rate of loss by 122 percent to an average of 3.9 percent of turnover.​​</p><p><img src="/ASIS%20SM%20Article%20Images/1216-asis-security-management-retail.jpg" alt="" style="margin:5px;" /><br></p><p>​<br></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465