Government Next Tase PhaseGP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652016-10-01T04:00:00Z, Mark Tarallo<p>​Tasers may pose some health risks, depending on how they are used, and on whom. But in many cases, they can be used as an effective enforcement tool that may ultimately reduce the number of violent assaults, and sometimes even save lives.</p><p>Both of these assertions are supported by recent studies, and together they form what may be the consensus view of Tasers—a useful tool with some risk attached. And the view naturally suggests a follow-up question: Given the usefulness and the risks, when are Tasers best used? </p><p>A new landmark study, released by the state of Connecticut, begins to explore that question through an extensive examination of how Tasers were used over the course of one full year. </p><p>The study, Electronic Defense Weapon Analysis and Findings 2015, was issued a few months ago by the Central Connecticut State University's Institute for Municipal and Regional Policy. Connecticut was the first state to require law enforcement to document Taser use, and the report represents </p><p>the first statewide study on how police use them. </p><p>According to the new report, police in Connecticut used Tasers 650 times last year. In an interview with Security Management, Ken Barone, project manager and coauthor of the report, says "two big interesting findings" stood out to him after the study was completed. </p><p>One was that one-third (33 percent) of the persons involved in Taser incidents were described in police reports as "emotionally disturbed." </p><p>The second finding that Barone flagged was that nearly half (49 percent) of those involved in Taser incidents were identified as either possibly intoxicated, or clearly under the influence of alcohol or drugs.</p><p>These findings touch on the potential health issues of Tasers, which are electroshock weapons manufactured and sold by the Scottsdale, Arizona–based TASER International, Inc. The electrical probes that shoot out of a Taser deliver a pulsing 50,000-volt shock, which causes skeletal muscle contractions and pain. </p><p>TASER International cautions that Taser use may be ineffective against those under the influence of certain drugs. For example, in the last few years there have been various news reports of incidents where Tasers were unsuccessful in incapacitating someone who was high on a drug like PCP and virtually oblivious to pain.</p><p>In addition, medical research cautions that using the weapon on someone experiencing a psychiatric crisis may pose a heightened risk of injury. </p><p>However, the report also notes that "at the same time, circumstances may exist in which a Taser is the most appropriate option for gaining control of people experiencing psychiatric crisis and getting them into treatment."</p><p>For example, tasing a person who is carrying a gun and appears suicidal could ultimately save his or her life, Barone says. (Thirteen percent of Taser incidents in the report involved those described as suicidal.) </p><p>The report also concludes that females were much less likely to be involved in Taser incidents, which involved men 94 percent of the time. Black and Hispanic males were more likely to be tased (as opposed to simply warned) than white males. About 30 percent of those who were tased received more than one shock.  </p><p>Given their findings, the report's authors are calling for further research to aid in the development of evidence-based Taser use policy. </p><p>In particular, the authors are calling for studies aimed at answering the following questions: In which circumstances might Tasers pose health risks for those experiencing an apparent psychiatric crisis? In which circumstances might Taser use be a safe option for the officer, the person in crisis, and other people involved? </p><p>"We're trying to understand—for people in psychiatric crisis, is this the best tool to be using?" Barone says. </p><p>Report authors are also calling for a review of the existing model Taser Use policy that was developed by the state's Police Officer Standards and Training Council. The council's current policy is in many ways less precise than both the Taser use guidelines released by the U.S. Department of Justice a few years ago and the use recommendations that TASER International has made.</p><p>Barone also acknowledges that developing specific Taser policy is tricky; it is likely not possible to have a series of hard-and-fast rules that can be followed in every situation. </p><p>"It can't always be black and white. Each incident is unique and complex," he says.</p><p>However, there does seem to be room in the middle that is more specific than current model policy, but not overly simplistic. The Institute for Municipal and Regional Policy plans on conducting a multi-year study that can track how Taser use in Connecticut is changing year over year, which could be a helpful tool in future policy development efforts, Barone says. </p>

Government Next Tase Phase Vote for Biometrics the Public Interest Head Start on Insider Threats Lessons of Flint News October 2015 Military Heroes to Security Assets Navy Yard On Lockdown After Reports of Shooter Tries to Cage Corruption Lab Safety New Point of View Lab Manual States Charges China in First Criminal Cyber Espionage Case National Infrastructure Protection Plan Released Are Security Clearances Necessary? Really Needs A Security Clearance? Evidence Federal Responses to Data Breaches security. Inspector General Nominee Testifies Before Senate Committee

 You May Also Like... Disorder<p>​Mexico, sometimes maligned during political campaigns, nonetheless remains vital to the economic interests of many nations. For the many companies doing business there, security remains a crucial concern.      </p><p>And that security landscape is becoming more complicated, due in large part to the dynamics of the drug trade, experts say. The homicide rate in Mexico increased by 15 percent during the first six months of 2016 compared with the previous year, with approximately 9,400 people murdered across the country in that time period, according to a recent study, iJET's Quarterly Report: Organized Crime and Drug-Related Violence in Mexico.</p><p>Underlying this rise is a resurgence of activity by drug-trafficking organizations (DTOs), with dozens of DTOs fighting pitched battles for territory. </p><p>“They are engaged in turf wars on multiple fronts,” said Justin Kersey, intelligence manager for iJet’s Americas team, at a recent briefing on Mexico’s security situation.</p><p>Some DTOs are expanding into new territories in Mexico, so that a majority of Mexican states are now seeing organized drug-related crime. Increased demand for methamphetamine and heroin in the United States is another driver for DTO activity. Mexico’s Sinaloa cartel has been particularly successful in penetrating the U.S. drug market, with a significant presence in places like Chicago, Philadelphia, southern California, the Ohio Valley, and portions of West Virginia and Kentucky, Kersey said.</p><p>With their resurgence, DTOs have now become more integrated with legitimate political and business activity in Mexico, iJet Americas expert Sean Wolinsky said at the briefing. Along with this integration comes rising levels of impunity for DTO criminals; roughly 90 percent of DTO crime goes unreported to police, Wolinsky added.  </p><p>While most DTO-related crimes involve gang members rather than expatriates or unaffiliated business people, “that doesn’t mean that larger multinational corporations are completely immune,” Wolinsky said. Those doing business in Mexico for an extended period of time face some degree of elevated risk, especially regarding four major forms of crime: kidnapping, assault, robbery, and extortion. </p><p>“Anyone operating in Mexico is at risk of becoming collateral damage in these crimes,” Wolinsky said. Mining companies have been recently beset by kidnappings, he added, citing the example of several Goldcorp employees who were abducted and later found dead in Mexico’s Guerrero state last year.</p><p>Two more specialized types of abductions—virtual kidnapping and express kidnapping—have become more common in Mexico recently, experts say. In a virtual kidnapping, a kidnapper will use social media to select a “victim” online by looking for someone with an extended virtual network. The criminal will contact the victim’s friends and family and, claiming to hold the victim hostage, threaten to harm him or her if no ransom is provided.  </p><p>In an express kidnapping, the victim is held for only a short time, anywhere from a few hours to a couple of days. Often, the abductors will force the victim to make as many ATM withdrawals as possible during that short period, then let the victim go.</p><p>Whatever form kidnappings take, they are crimes that can affect victims in ways that employers should be aware of, says Rachel Briggs, executive director of Hostage US, a nonprofit organization that supports hostages and their families during and after kidnappings. </p><p>Briggs has personal experience in these matters; in 1996, her uncle was kidnapped while he was working as an engineer in Colombia, and “for seven-and-a-half months, she and her family were thrown into an alien world of fear, isolation and helplessness as others negotiated for his release,” according to her organization’s website.</p><p>When working on a case, Briggs’ group assigns a team member to be the contact person for the victim’s family members, who are often thrust into the daunting situation of trying to deal with authorities, journalists looking for news, and a host of other parties. </p><p>“You’re suddenly dealing with governments and private security companies, and they speak a different language,” she says. </p><p>Later, if the victim is released and returns to work, his or her employer should be aware of various issues that may arise. Take, for example, an employee working in Mexico who is kidnapped and held in captivity in a windowless room for many months. Returning to work in a small windowless office or cubicle may be problematic for the victim, and could potentially trigger traumatic memories. Even commuting in closed-off spaces, such as a crowded underground train, could be difficult for that individual, Briggs says.</p><p>Similarly, a victim who was held for an extended period of time in solitary confinement may have trouble concentrating in a busy office environment or one with an open floor plan, she adds. </p><p>In addition, there is a common mis­perception that the shorter the time a victim is held in captivity, the less traumatic impact there will be on him or her. </p><p>“In my experience, the reverse tends to be true,” Briggs says. That’s because a hostage who was held for a long period has time to mentally come to terms with what is happening, she explains. In small but important ways, the victim can take control of some of his or her actions, such as deciding to walk around the room every hour, or exercise twice a day, or even whether to eat. This helps them adjust. </p><p>In contrast, a 48-hour “express” kidnapping may seem like a violently disruptive experience that was chaotically terrifying from beginning to end. “The prolonged trauma from that can be much greater,” she says. </p><p>Overall, kidnappings do seem to be on the rise, and not only in Mexico, Briggs adds. For example, more terrorists are using short-term hostage situations as a tactic: the Pulse nightclub attack in Orlando, the Bataclan Theater attack in Paris, and the Raddison Hotel attack in Bamako, Mali, all featured short-term hostage taking.</p><p>As tragic as those events were, the less sorrowful news is that the majority of kidnappings end with the victim being released. “Thankfully, most hostages do come back alive,” Briggs says.</p>GP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 Vote for Biometrics<p>​<span style="line-height:1.5em;">“The face is the mirror of the mind, and eyes without speaking confess the secrets of the heart.” When St. Jerome expressed these sentiments centuries ago, he couldn’t have imagined that his words would apply to iris identification, and in such a profound way. </span></p><p>St. Jerome’s sentiments were universal, and now so are the biometric tech­nologies that his words foreshadowed. Once the province of first-world countries, recognition technologies are becoming commonplace solutions in less developed parts of the world.</p><p>Consider developing countries, where the challenge of registering voters can be immense. Limited infrastructure, illiterate populations, and lack of government-issued identification are just a few of the obstacles. In addition, underlying fears of corruption, and voters who attempt to register more than once, can plague the democratic process. </p><p>To overcome these obstacles, some nation- states are turning to biometrics for fairer, more transparent elections. Fingerprints have been used for elections in developing countries the world over, including in Brazil, Tanzania, and Uganda. </p><p>But fingerprints have certain limitations when it comes to biometric identifiers, including that the ridges on a person’s fingers can be worn down over time, and there are a limited number of unique “points” to map on each individual’s prints. The iris, however, contains more data that can be used to identify a person, including nuanced flecks, rings, and pigmented spots. </p><p>Somaliland is a self-declared state that separated from Somalia in May of 1991. While internationally recognized as an autonomous region of Somalia, it is not legally a separate country. With the help of a nongovernmental organi­zation, In­terpeace, and a number of technology partners, Somaliland is using iris identification technology to register voters. Until this project, deploying the neces­sary technology to capture iris scans across a population for democratic voting had never been attempted. ​</p><h4>Public-private partnership</h4><p>Originally known as the War-torn Societies Project, Interpeace was established in 1994 as a peacekeeping body of the United Nations (UN). The organization eventually broke off from the UN and was renamed, but it continued its mission to help build peace in societies around the world.   </p><p>Jerry McCann, deputy director general for operations at Interpeace, says that his organization’s involvement in Somaliland elections began in 2004. Somaliland had been working toward democratic elections since the late 1990s, and it had established its first election commission in 2002. Rather than come in with outside expertise to advise the commission on how to act, McCann says Interpeace wanted to empower the country’s stakeholders from within to succeed in the electoral process. </p><p>“It’s really letting a society build on its capacities,” he notes. “That’s the kind of patience that you need, because these things can’t happen quickly, they have to happen over iterations and incremental steps toward greater capacities.”</p><p>In 2005 the country held its first parliamentary elections, despite rudimentary voter registration technology, McCann says. “That’s the interesting thing about homegrown democracy,” he notes. “To begin with it was just, ‘get the ballots out there and let people vote,’ but then it quickly started to become vulnerable to corruption of stuffing ballot boxes and double voting, and all the things that can creep into these kinds of processes.” ​</p><h4>Biometric registration</h4><p>To harden the elections against corruption and voter confusion, the Somali­land National Electoral Commission (NEC) determined that fingerprints were the most logical method for registering voters. </p><p>The governing electoral body rolled out this system in 2008 and 2009 in preparation for the 2010 presidential elections. But, as McCann explains, this approach faced challenges. </p><p>“In this case, you have people that are herders of livestock, and people that work the land, so fingerprints can become weak or completely worn off, and we had a lot of problems with that kind of situation,” he says.</p><p>In addition, many voters tried to double-register by removing the ink from their fingers and registering to vote again under a different name. McCann adds that internal challenges also plagued the NEC, which changes membership every five years. “So it was a rocky start to a more technical approach to registration,” he says. </p><p>Presidential elections were held in 2010 using fingerprinting technology, but the NEC wanted to further improve the voter registration system and prevent duplicate registrations. It commissioned a field study in 2013 with several biometric technologies. Iris recognition ultimately triumphed as the most efficient and reliable voter registration method. </p><p>“The field study proved to the donors, the NEC, and Somaliland public at large that iris recognition could prevent the multiple registrations that had plagued the previous voter registration,” notes elections specialist Roy Dalle Vedove, who helped conduct the study. Dalle Vedove, a forensic data analysis expert by profession, has been assisting developing countries in elections since he was called to help investigate alleged electoral fraud in Guyana in 2001. </p><p>One of the many biometric vendors surveyed during the study was Iris ID. During the field study, its iris-recognition camera and software application helped to register thousands of voters in a test phase. After the study, the NEC identified the product as the most effective technology for registration, and, in March 2015, Iris ID was awarded the contract. </p><p>The iris, the colored part around the pupil of the eye, contains unique characteristics that make it nearly impossible to confuse with that of another individual.  </p><p> According to research published in the International Journal of Electronics, Communication & Instrumentation Engineering Research and Development, there are three main reasons that the iris is a reliable form of identification. The eye is a “naturally protected internal organ that is visible from the exterior,” its round shape is easy to segment and measure, and its texture has random, identifiable characteristics that are present throughout a person’s life, the journal explained in an October 2013 paper. Those random characteristics can actually be recorded point by point, which is what the iris recognition software captures. </p><p>A template for each iris is built when the photo is taken, and an algorithm within Iris ID’s software is used to determine whether there is a match to the sample or whether there is a duplicate re­cord from a voter who is attempting to register twice. </p><p>In addition, the false positive rate, also known as the false rejection rate, is almost zero for iris data compared to about 3 percent for fingerprints. These false positives occur when the system incorrectly rejects an eligible person’s biometric data as a duplicate. A 3 percent false positive rate out of 500,000 registrants (about 500,000 votes were recorded in the 2010 Somaliland presidential elections) would amount to 15,000 false positives.</p><p>The program is a now a point of pride in the country. “This sets Somaliland on the forefront. Initially there was some criticism from other electoral management bodies that the technology was unsuitable,” Dalle Vedove says, citing a study by the Center for Global Development in 2013 that outlined the huge amounts of taxpayer dollars that went into fingerprinting systems in other countries, but that largely proved to be unsuccessful. </p><p>(These findings are outlined in the study, titled Identification for Development: The Biometrics Revolution. For more on this study, see the article “Biometrics in Developing Regions” in the June 2013 issue of Security Management.)</p><p>But thanks to the success of the field study, the field tests, and the registration itself in Somaliland so far, “the criticism has become less voluble,” Dalle Vedove notes.</p><p>In addition to Iris ID, there were other technology partners in the process. IT infrastructure provider Atea won the contract to deliver fully designed and operational kits with the Iris ID cameras, and Daon, another biometrics technology firm, provided all of the software design. </p><p>Each kit is made up of the carrying case, a laptop, a printer, an iris scanner, a webcam for photos, a light for photos, and a tripod. The NEC bought 350 kits, which allow for sequential rollout of voter registration by region. It plans to carry out registration in all six of its regions over a consecutive five-month period. </p><p>The entire process of registering one voter takes about 10 minutes. The individual registrant doesn’t need to be literate, because an interviewer is present to take down demographic information. The person then puts on a pair of goggles, which have a high-resolution camera inside. A screen in front of the individual displays the camera image of the eyes, increasing the transparency of the process. An infrared light shines on the eyes, the photo is taken, and biometric data is captured.  </p><p>“You get to see what’s being captured, but you’re not feeling anything. It’s not invasive in any way, which is also quite nice,” McCann adds. </p><p>Once voters are entered into the system, they are issued a temporary certificate until their voter card is produced. Each day, each record is checked against all existing records to ensure there is no duplication.​</p><h4>elections</h4><p>The NEC rules say that elections must take place no sooner than six months after the voter list is published, and they are projected to take place in April 2017. This is the first time Somaliland is holding combined elections—parliamentary and presidential—at the same time.</p><p>The first registrants were captured in January of this year, and registration will end in June, when the final voter list must be produced.  The final voter list will be published in September in advance of the elections.</p><p>“Once we have the provisional voter registry, meaning that all of the people are registered, we have to display the provisional lists so that people can see if they are on the list or not, and then are able to dispute or contest if they’re not happy with the situation,” McCann says. </p><p>Once the final voter list is set, each registrant gets a voter identification card that he or she will need to bring to vote. “So at least there’s a means by which they can ensure that a person is only voting in the place they registered, and only voting once,” he says. The registration also helps the NEC send the proper number of ballots to each location so there aren’t too many or too few materials at any given site. </p><p>So far there haven’t been attempts by local leaders to foster mistrust of the technology or the registration process, which McCann says can sometimes happen in more rural areas. </p><p>“This is largely because [the process] was identified by the electoral commission, it was tested with the population, there was good awareness-raising…and they got the buy-in that they needed in advance of launching the process,” McCann explains.</p><p>Spreading awareness about the elections and the registration process has been tackled in creative ways. “The literacy rates are quite low, especially when you get out into the rural communities,” McCann says. “This is one thing they’ve done over the years quite nicely, they’ve found ways of cartooning the process and using other visual means of spreading awareness.” </p><p>When the registration centers are set up in the field, the NEC provides cartoon depictions that explain the process so people queuing up can gain a deeper understanding of the system and how the elections will work. </p><p>Mohamoud Wais, one of the NEC’s seven commissioners and vice chairman of the commission, has been involved in the first round of registering voters in the field. From what he’s seen so far, he says he is hopeful about the registration system. “The people are excited…the process is much smoother and the system we use is more sophisticated [than before],” Wais says. </p><p>He explains that the level of community involvement and engagement by the NEC and other partners is breeding success for the registration process. </p><p>“It will be more systematic and organized, and we are hoping for better elections, that we can call them credible and acceptable…I think this is the key to Somaliland’s future.”   ​</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 to Build a Culture of Security<p>​<span style="line-height:1.5em;">“</span><span style="line-height:1.5em;">Security is everyone’s business” may be a popular truism in the industry, but how many security managers can honestly say this philosophy is practiced by their companies? Some organizations have regular incidents in which employees simply disregard security rules and regulations. Sometimes, even the leaders of a company will disobey security and safety rules out of a sense of entitlement—these rules are for employees, not executives.</span></p><p>These lapses can be costly. It is only when everyone associated with the company adheres to and executes security rules and practices on a daily basis that a firm can credibly claim that it maintains a true culture of security.    </p><p>To determine whether a company encourages an effective security culture, company leaders should start by determining whether it adheres to the appropriate best practices. The security department should develop and communicate security rules, practices, and procedures to employees, contractors, visitors, and vendors. Executives must lead by example and follow all security practices and procedures. Employees must take care of their security responsibilities at work, such as locking their work spaces and computers or asking to see a badge of a person in a secure work area instead of simply holding open an outer perimeter door for a stranger to be polite.   </p><p>If an organization follows most of these procedures, it maintains a robust culture of security. If not, the best practice advice and solutions stated below can be used by security leaders to strengthen security awareness in their companies and develop a culture of security. ​</p><h4>The Assessment</h4><p>A culture of security can only be built on a solid foundation. And that foundation is an effective security program. </p><p>However, if the security program is perceived as inconsistent or unprofessional, an initiative to build a culture of security around it will be doomed from the start. Thus, it is imperative to conduct an initial assessment of the security program to evaluate past security practices and present security operations. </p><p>The assessment must include, but should not be limited to, the following methodology:</p><ul><li><span style="line-height:1.5em;">Conduct interviews with security staff to determine past practices and to engage them in the assessment process.</span><br></li><li><span style="line-height:1.5em;">Review and evaluate existing documents regarding past security missions.</span><br></li><li><span style="line-height:1.5em;">Review and evaluate security staff job descriptions.</span><br></li><li><span style="line-height:1.5em;">Review and evaluate security current procedures, processes, and guidelines. </span><br></li><li><span style="line-height:1.5em;">Review and evaluate the security budget to ensure that it is in line with the mission, and that funded programs are not obsolete.</span><br></li><li><span style="line-height:1.5em;">Spend time working directly with all security staff to obtain first-hand knowledge regarding daily duties. Get to know your people.</span><br></li><li><span style="line-height:1.5em;">Review and evaluate any compliance tasks that have been assigned to security.</span><br></li><li><span style="line-height:1.5em;">Review, evaluate, and coordinate security requirements with heads of departments with security cross-functionality. Conduct collaborative meetings with other department heads and staff on their opinions of security.</span><br></li><li><span style="line-height:1.5em;">Obtain input from executive management on its vision of security.</span><br></li><li><span style="line-height:1.5em;">Define and document your company-specific security missions.</span><br></li><li><span style="line-height:1.5em;">Review the security requirements within these missions and analyze them for potential mission creep.<br></span><span style="line-height:1.5em;"> </span></li></ul><h4>The Blueprint</h4><p>Once past and present security operations have been assessed, organization leaders can plan for the future by improving and refining, based upon the factual analysis that has already been completed.</p><p>The first part of the blueprint process is to develop missions and objectives. This includes enlisting management for direction and involvement and establishing security goals and engaging security team members in ways to accomplish them. This part of the process also includes documenting security mission statements and assigning a leader to each one. These leaders must be capable and willing.</p><p>The second part of the blueprint pro­cess is to standardize operations and document these procedures in a manual of operations. This manual will serve as a central repository of security standard operating procedures and processes that cover core duties and responsibilities throughout the company. </p><p>Once the assessment is completed and the blueprint is in place, security managers must ensure that key attributes of the program are successfully maintained. These attributes include consistent pro­fessionalism, first-rate training and com­munications, a commitment to the program from upper management, and procedures designed to address violations.​</p><h4>Professionalism</h4><p>Professionalism is a crucial component of a strong security culture. The professional security staff and security officers should be a model for the organization’s general population. High standards of conduct should be set; staff and officers should be evaluated; and problems should be weeded out. Most important, security department leaders should live those high standards to set an example for others to follow. </p><p>Specific best practices can ensure that staff members and officers consistently project a strong level of professionalism to other company personnel. One of these is presence. Uniforms, if worn, should be consistent. Officers should engage all persons entering the facility with eye contact. Officers should not be texting or talking on their cell phones, or congregating in an area to smoke and joke.             </p><p>Security leaders must also be careful to prevent “mission creep,” or assigning nonsecurity duties to security personnel. This may distract security staffers from their core duties, to the detriment of the organization’s security culture.  </p><p>For example, one company used the security department to conduct security training as well as training in legal issues, compliance, and ethics. Security’s training duties also included tracking of annual requirements for all of the compliance-based training, for both employees and nonemployees. The two training avenues, employee and nonemployee, were not standardized between departments. Because of the lack of standardization, there were two completely different methods of administering, developing, and tracking training.   </p><p>In this case, the solution was to clearly define the security and human resources missions at the company. Once defined, human resources assumed control of the entire company training program and standardized the administration of training. Security was responsible only for content of any security-related training.​</p><h4>Training</h4><p>A strong security culture requires an effective training program for both existing and future security personnel. In addition, the process should ensure that security personnel are cross-trained in security position responsibilities and missions, to eliminate the potential for gaps in coverage should a critical team member be unavailable. </p><p>For example, if a company’s security missions are asset protection, compliance, and physical access control, the manual of operations would contain a section of step-by-step procedures and guidelines for each. This would allow the asset protection specialist to cover for the physical access control specialist for certain tasks, such as issuing badges, instead of waiting for the access control specialist to return. </p><p>In addition, companies should pay close attention to the processes and standards for granting and tracking access that are documented in the manual of operations. This can be an issue if companies have manual, cumbersome, or archaic methods for granting access. At many companies, this is an area that needs to be addressed. The granting of physical access should be automated to an electronic format.​</p><h4>Communication</h4><p>Communication is one of the critical keys to success in any security program, and it will be part of every component of the program. From the initial assessment of the program to the final phases of the implementation of blueprint plans, all affected parties should be kept informed and aware of the security program and how it will impact their operations at work.  </p><p>One company initiated a report that was sent twice a month via e-mail with the facts of any security incidents, so executives could track important issues. This communication also allowed security to remain within the scope of the executives while maintaining a successful program. As security expanded and implemented new initiatives, these were included in the bimonthly report. </p><p>For their part, the executives of the firm should be involved and engaged early on in the communications effort. Security should offer concise presentations, such as a PowerPoint presentation, that explain how the company benefits from the security program, be it through incident prevention or the preparedness to react and minimize negative impact to the company’s operations. Security goals, objectives, operations, procedures, and mission statements should be effectively communicated across the corporate footprint. Executives should understand the security role in their company and communicate their support for security programs to all company employees.  </p><p>Within the chain of command, the security leader must develop a system of communication to keep executives aware of the challenges faced by the security department and of the programs currently being used to protect the company’s physical assets. For example, at one company I worked at, security mandated monthly luncheon meetings with staff.</p><p>Company executives were also invited to these meetings, which they attended periodically. I documented each of these meetings in formal memoranda, including progress made on issues from the prior month, issues resolved, and problems currently being addressed. These memos were sent up the chain of command for executive review.  </p><p>Annual security awareness training is another effective communications tool. By delivering accurate, updated, and simple instructions regarding security rules, policies, and procedures, the company can effectively ensure that its workforce has been periodically exposed to security standards and the roles and responsibilities in daily operations. Security awareness posters that are updated quarterly can also help in communication efforts.   </p><p> Finally, do not underestimate the power of word of mouth. For any company, there is no stronger security tool than having a workforce that is security- minded and well informed of current security policies, procedures, and daily practices. ​</p><h4>Violations</h4><p>Even with a well-established culture of security, violations of an organization’s security policies will occur.   </p><p>There are slips and breaches even in the most secure environments—some caused by intentional acts; some unintentionally, through malaise or misfortune. And while the people who work for an organization are its greatest asset, they also can be its greatest vulnerability if they decide to inflict harm. They know how the organization operates, and they can circumvent the most sophisticated security systems.  </p><p>For private industry, the enforcement of security program policies requires a company to be fair, firm, and consistent. Take, for example, a company that has a clear security rule that all visitors must be escorted by the company representative who is responsible for the visitor while on premises. If a visitor is found roaming around by himself in a secure area, the employee who brought the visitor to the property should be disciplined.  </p><p>And the discipline should be consistent, whether the employee is the CEO or the janitor. The enforcement should be documented and tracked, to monitor patterns of behavior. If the violation is severe enough that it results in a loss of property or affects employee safety, the matter should be referred to the violator’s manager for evaluation and possible further action. </p><p>Consistent and fair enforcement of the rules across the entire organization will further solidify a culture of security. It will demonstrate that security matters to the organization, and that it plans to ensure that the rules are followed. To expand on an earlier example, if the CEO forgets his or her access badge and either goes home and gets it or signs for a temporary one, the standard is set at the highest level of the company.  </p><p>In the end, success in developing a culture of security at your company will mean the organization has established a robust, comprehensively assessed, and documented security program across the enterprise. Executive leaders are meaningfully engaged, and everyone is educated in the program’s components and follows them. </p><p>--<br></p><p><em><strong>Thomas Trier</strong> served for 25 years as a special agent of the FBI, where he attained the rank of assistant special agent in charge in the intelligence branch of the FBI’s Washington Field Office. Trier has also served as the leader of corporate security for a Midwestern electrical transmission-only utility company. He now provides advisory services through Security Intelligence Consulting L.L.C.</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465