Manufacturing

 

 

https://sm.asisonline.org/Pages/Maturity--Model-101.aspxMaturity Model 101GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652016-12-01T05:00:00Zhttps://adminsm.asisonline.org/pages/mark-tarallo.aspx, Mark Tarallo<div><p>​</p><p><img src="/ASIS%20SM%20Documents/1216%20Sidebar%20Graphic%202a.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:356px;" /><br></p><p>Maturity models are a tool used a range of business sectors, including​ manufacturing, software engineering, operations, and logistics. The model is often used to help set process improvement objectives and priorities, and it can provide a method for appraising the state of an organization’s current practices. </p></div><p>Researchers at Carnegie Mellon University (CMU) have been developing early maturity model prototypes since the 1980s. In 2002, CMU released the first version of the Capability Maturity Model Integration (CMMI) tool, which was developed by a group of experts from industry, govern­ment, and CMU’s Software Engineering Institute. Updated versions of the tool were released in 2006 and 2010. </p><p>The Ernst & Young (EY) physical security maturity model developed with Caterpillar is based on this CMMI tool, and also on EY’s cybersecurity maturity model.</p><p>This tool uses a level 1 through 5 rating scale to define maturity levels: (1) Initial, (2) Repeatable, (3) Defined, (4) Managed, and (5) Optimized. For a hypothetical example, take the compliance component of a security department. In the Initial stage of a maturity model, processes are unpredictable, poorly controlled, and reactive. Thus, in that initial stage, the security department is conducting its compliance activities in a haphazard way—putting out fires when they flare, with no real established process for doing so. ​</p><p>When compliance reaches level 3, Defined, the compliance process is established and proactive—perhaps with guidelines enforced by a compliance officer. At level 5, Optimized, the process is so well-established, managed, and defined, that the focus is now on process improvements.  </p><p>​​</p>

Manufacturing

 

 

https://sm.asisonline.org/Pages/Maturity--Model-101.aspx2016-12-01T05:00:00ZMaturity Model 101
https://sm.asisonline.org/Pages/Bottleneck-at-the-Border.aspx2016-03-01T05:00:00ZBottleneck at the Border
https://sm.asisonline.org/Pages/Book-Review---Port-Security-Management.aspx2015-08-01T04:00:00ZBook Review: Port Security Management
https://sm.asisonline.org/Pages/June-2015-Industry-News.aspx2015-06-01T04:00:00ZJune 2015 Industry News
https://sm.asisonline.org/Pages/Watching-The-Port.aspx2014-09-01T04:00:00ZIndustry News September 2014
https://sm.asisonline.org/Pages/A-Diverting-Practice.aspx2005-08-01T04:00:00ZA Diverting Practice

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Maturity--Model-101.aspxMaturity Model 101<div><p>​</p><p><img src="/ASIS%20SM%20Documents/1216%20Sidebar%20Graphic%202a.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:356px;" /><br></p><p>Maturity models are a tool used a range of business sectors, including​ manufacturing, software engineering, operations, and logistics. The model is often used to help set process improvement objectives and priorities, and it can provide a method for appraising the state of an organization’s current practices. </p></div><p>Researchers at Carnegie Mellon University (CMU) have been developing early maturity model prototypes since the 1980s. In 2002, CMU released the first version of the Capability Maturity Model Integration (CMMI) tool, which was developed by a group of experts from industry, govern­ment, and CMU’s Software Engineering Institute. Updated versions of the tool were released in 2006 and 2010. </p><p>The Ernst & Young (EY) physical security maturity model developed with Caterpillar is based on this CMMI tool, and also on EY’s cybersecurity maturity model.</p><p>This tool uses a level 1 through 5 rating scale to define maturity levels: (1) Initial, (2) Repeatable, (3) Defined, (4) Managed, and (5) Optimized. For a hypothetical example, take the compliance component of a security department. In the Initial stage of a maturity model, processes are unpredictable, poorly controlled, and reactive. Thus, in that initial stage, the security department is conducting its compliance activities in a haphazard way—putting out fires when they flare, with no real established process for doing so. ​</p><p>When compliance reaches level 3, Defined, the compliance process is established and proactive—perhaps with guidelines enforced by a compliance officer. At level 5, Optimized, the process is so well-established, managed, and defined, that the focus is now on process improvements.  </p><p>​​</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Checking-Out-Security-Solutions.aspxChecking Out Security Solutions<p>​</p><p>SEASONED RETAIL LOSS PREVENTION VETERANS CAN recall the days of checking credit card slips, examining cash-deposit line items, conducting spot audits, and physically counting marked-down items to stay on top of shrinkage and loss challenges. Today, loss prevention specialists rely on increasingly sophisticated technology, especially in the area of point of sale (POS). Among the technologies bringing benefits are cloud computing, video analytics, radio frequency identification (RFID), automated cash management systems, and access control via smart keys.</p><p>Point of Sale<br>Several technologies are helping retailers catch problems at the checkout counter. Chief among these are the cloud and video analytics. To take advantage of new technology, almost all large retailers tie their POS systems to a surveillance camera system. Cameras play a critical role when deployed to monitor cash transactions at the point of sale. When tied to POS data, this video technology becomes even more powerful.</p><p>There are two ways in which this video can be helpful. First, the footage is married to the register’s own data records. In comparing the two, it is possible to catch discrepancies that may indicate accidental loss or intentional theft.</p><p>For example, the video would reveal instances when items on the bottom shelf of a shopper’s cart passed through a checkout lane without being rung up. That could be an honest oversight or theft. The video might also reveal possible “sweethearting”—when a cashier gives items to customers for free by pretending to scan bar codes or by using other tricks.</p><p>An investigation can determine whether the cashier legitimately tried to scan the item but didn’t notice that either a technical error occurred or the scan was incorrectly performed. If the case involves an honest mistake, not malfeasance, the cashier can be given additional training.</p><p>At some retailers, the loss prevention team is small and doesn’t have time to review suspicious transactions. A solution in this case is to outsource the review task, but the solution itself can create security exposures because to do the task, third-party providers must have access to the retailer’s proprietary customer data and to its network.</p><p>Another problem with the concept of having a system that captures all POS transactions and marries video to data is the demand this places on IT infrastructure. Most retailers do not have the capital to invest in building an adequate IT infrastructure. The advent of the cloud, however, offers another option. The cloud makes computing capacity a service to be rented, rather than a product that has to be purchased at a high up-front cost.</p><p>The cloud also means that retailers can now store their POS and camera system data with an off-site host that is completely removed from the company’s private IT network. The retailer only transmits to the cloud the information that it wants to divulge.</p><p>It can also be useful to combine POS video footage with analytics. For example, ScanItALL by StopLift Checkout Vision Systems of Cambridge, Massachusetts, runs video of the cashiers’ and customers’ body motions through an analytic process. Mathematically analyzing the pixels of digitized video, the system studies how a cashier handles each item to determine whether it was properly scanned. It can interpret fraudulent behaviors, such as when a cashier covers up a bar code, for example.</p><p>Some POS systems can also be set to look for items that are left in the cart as they proceed through the checkout line. This can be especially important in self-checkout lanes.</p><p>LaneHawk by Evolution Robotics Retail, Inc., of Pasadena, California, uses cameras tied to the POS system to spot items in the bottom of the basket. The system also links the products it sees at the bottom of the cart to its database, which sends the UPC bar code of the item to the cash register, adding it to the transaction. LaneHawk is currently in use at more than 1,000 individual grocery stores in the United States. Evolution Robotics also has another version of the product for similarly identifying items left in the main section of the cart.</p><p>Carttronics of San Diego offers special modified shopping carts that cannot be removed from the retailer’s property and are automatically disabled if they have not traveled through the checkouts, putting a stop to full-cart walk-outs and bottom-of-the-basket theft attempts.</p><p>Alarms<br>Another area where cloud computing is emerging as a benefit to retailers is in the real-time monitoring of video and alarm systems. In this case, alarm data is transmitted through the cloud to the vendor that responds to the alarms.</p><p>In this area, the change over to the cloud may be inevitable. Every day, voice over IP gains ground, and as the company AlarmCLOUD notes on its Web site, “The clock is ticking on landlines. The security industry has accepted that telcos will be pulling the plug on public switched telephone networks.” Alarm monitoring companies are faced with having to run IP receivers in house to accept IP signaling and are themselves turning to cloud services. For a monthly fee, companies such as AlarmCLOUD offer to save the alarm company the cost of equipment, labor, upgrades, and servicing.</p><p>Store Shelves <br>Some theft occurs in the aisles and can’t be caught at the POS. There are systems to address this threat also.</p><p>For example, Evolution Robotics has a product called ShelfHawk that is meant to combat the growing organized crime tactic of shelf sweeping in which whole shelves of items highly valued for resale, such as diabetic test strips, are stolen in bulk by being swept into a booster bag (a bag commonly used by retail thieves), leaving the shelf bare.</p><p>The ShelfHawk system uses strategically placed cameras to watch selected shelves and to report on suspicious activities such as dwell time—the length of time a person spends in front of shelved items. A longer dwell time indicates that the customer may be waiting for a chance to steal what is there. When the cameras pick up someone spending too long in a particular area, the analytics recognize this and sound an alert so that staff can check on the situation.</p><p>The system has the added benefit to the retailer of recognizing when a shelf needs to be restocked, sending an alert when, for example, the last box of teeth whitening strips in a row is removed, leaving only an empty space.</p><p>To deal with theft of individual items, there are also tags. Traditionally, retailers worldwide made a large investment in tags that used electronic article surveillance (EAS) technology, the components of which include the hard tags seen clipped to merchandise, the detector/pedestals placed at shop egress points, and the deactivators and detachers used at the checkout counters.</p><p>While EAS systems have proven their worth in stopping thefts, or at least alerting staff that a theft is occurring, they cannot tell retailers what has been taken. For example, an EAS system will set off an alarm indicating that something is being stolen. By contrast, an RFID tag can tell the retailer that a black silk woman’s blouse selling at $125.99 was the item that slipped out the door. This ability to know which item was taken reclassifies losses from “shrink,” which is defined as unknown loss, to known losses that can help retailers pinpoint the items that are vulnerable and need additional protection within a store.</p><p>The system can also help identify vulnerabilities by department or store location. For example, if reports generated by the system’s database indicate that a number of watches have been stolen in store locations in a particular geographic area, these items can be moved to a locked case. In other regions where there has been no watch theft, the increased protection may not be needed.</p><p>The components of most RFID inventory control systems are the tags, the readers, and the software that usually runs on a standard PC, which is Windows based. Because RFID tags are contactless, their information can be captured by readers that are placed to cover an entire environment, unlike bar-code inventory management systems, in which a scanning beam must pass over the tag. They are also less susceptible to damage or wear that can destroy bar codes.</p><p>One example of RFID loss prevention systems newly introduced to retailers is the OPI Loss Prevention System by Optical Phusion, Inc. (OPI). The system combines wireless communications capabilities with passive RFID technology and software. Hand-held scanning terminals can be configured to scan retail products and return a product description and current retail price, making it simple and fast for a manager to walk through a store and create a complete inventory of items.</p><p>To catch shoplifters, each RFID chip returns a unique identifier when it passes through the zone covered by the RFID readers and antennas that are placed in the front doors of each store. When the RFID reader detects a tagged item, it passes the information to the OPI Loss Prevention Controller software, which then transmits a command to alarm. Jamison, another RFID development company based in Hagerstown, Maryland, has developed a converged RFID/EAS technology that is able to bring the technologies together for the retail platform.</p><p>Not far away are the days when this same technology will allow customers to merely push a shopping cart past a reader and swipe a debit or credit card to make payment without waiting for each item to be scanned. Inventories will be automatically updated and any items secreted on individuals buying other items will be read automatically and added to the bill.</p><p>Entrance<br>Technology is also making it possible for stores to have some advance warning when trouble walks in the front door. For example, a facial recognition software system from T-Mobile scans the faces of incoming customers to see if any match a database of known previous shoplifters, bad-check writers, wanted criminals, and members of organized retail crime flash mobs.</p><p>Accounting<br>The back office is another area where technology is being put to good use by security. For example, retailers are beginning to take full advantage of cash recycling systems that not only reduce staff time for certain tasks in the accounting office but also increase cashier accountability. These systems typically reduce the cash on hand in a retail store, create instant deposits, and can be tied to banks and armored car services for immediate provisional cash credit. The systems also limit cash access by employees, creating a deterrent to theft and armed robbery.</p><p>One cash managing system, The Revolution by Tidel of Carrollton, Texas, is now being used by a number of retailers including Whole Foods, Hy-Vee, and United Groceries. (Security Management looked at this system in depth in its February 2010 “Case Study” column.) The Tidel product employs a unit about the size of a large photocopier that combines a drop vault, touchscreen user interface, cash and coin counters and dispensers, and a biometric palm scanner.</p><p>When cashiers arrive, they don’t need to collect their day’s tills from supervisors who received them from bookkeepers who prepared them in the predawn hours. A cashier goes to the machine and places his or her palm on the reader. Once the unit recognizes the cashier, he or she picks up an empty till with an attached bar code, and the machine scans it, linking the till to the cashier for that shift. The till is then inserted into a slot and the unit automatically dispenses the correct amount of bills and coins. The cashier removes the till and scans the bar code off a canvas bag in which he or she will place all of the checks, coupons, rain checks, and any other “media” that are collected in the course of the day. The process takes less than a minute to complete.</p><p>Access Control<br>Access control solutions for retail have recently seen the coming of intelligent key systems. Resembling key fobs with a metal cylinder at the head, these keys are programmable in a way similar to standard access control cards, allowing the system administrator to set parameters such as times the key is active and store doors or display cases on which it can be used, all based on an employee’s duties. For example, the smart key may let a store clerk assigned to the jewelry department open the display cases there but not let that employee open a case in electronics.</p><p>Developed by Medeco of Salem Virginia, a division of ASSA ABLOY, the system also collects data on use and use attempts, so if an employee tries to use his or her key to gain access to a proscribed area, that attempt will be recorded and flagged when the data is downloaded from the key at the end of the employee’s shift. Data from the keys can also help managers pinpoint areas where employee training may have been lax. It can, for instance, note when a display case was incorrectly relocked.</p><p>Some retailers are also employing smart key systems on their truck fleet to prevent dishonest truckers from picking the locks on trucks, removing goods, and reselling them.</p><p>Enterprise Management<br>Some providers are offering Web-based analytic management tools. Such systems help companies make the most of their physical security data. The platform may be built to integrate and manage security, safety, and operational systems such as surveillance, access control, alarms, and exception reporting.</p><p>These solutions pull from several applications—video, access control systems, and internal assessment processes—for better decision-making. One example is the Encapsulon Control platform by Wren Solutions of Jefferson City, Missouri.</p><p>Today’s retailers exist in an era with fiscal constraints and persistent criminal threats. The challenges are great, but targeted use of technology can help retailers manage risk and preserve profits.</p><p>Keith Aubele, CPP, is president and CEO of Retail Loss Prevention Group, Inc., of Bentonville, Arkansas. He was previously the corporate vice president of loss prevention for Home Depot and divisional director of loss prevention for Wal-Mart. He serves as the vice chair of the ASIS International Loss Prevention Council.<br></p>GP0|#3795b40d-c591-4b06-959c-9e277b38585e;L0|#03795b40d-c591-4b06-959c-9e277b38585e|Security by Industry;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Security-Beyond-Sunday.aspxSecurity Beyond Sunday<p>​<span style="line-height:1.5em;">Christ Com</span><span style="line-height:1.5em;">munity Church (CCC) in St. Charles, Illinois, about 45 miles west of Chicago, doesn’t just open its doors in time for Sunday morning services. Thousands of people traverse its campus each week to participate in a variety of activities. “There’s always something going on here,” says Bryan Ferguson, safety and security manager at CCC.</span></p><p>That open environment makes pro­­viding security a challenge, says Ferguson. On any given Sunday, anywhere from 3,000 to 4,000 people may be in attendance at CCC services. In addition, Ferguson heads up security at three other campuses where live video streams of the CCC service are broadcast. An additional 4,000 to 5,000 congregants attend those simulcast services. </p><p>Recently, during a ladies’ group meeting at church, some of the women noticed a stranger wandering around the building. After that incident, the church made the decision to seal off some of the external doors on the main campus. Of the church’s approximately 22 doors, about one-third of them are open during church services on Sunday. Only two remain open during regular business hours. If there is a special meeting, someone from the facilities department goes into the church’s software that controls the locking mechanisms on the doors and remotely sets the schedule for more doors to be open.</p><p>Despite the incident with the stranger, CCC has never experienced any major security events. “We’ve had some troubled people who have caused incidents, and we’ve had the normal domestic type incidents, husband and wife arguing, stuff like that–but fortunately nothing to the extent of an active shooter,” Ferguson notes. </p><p>Still, Ferguson is always looking for ways to better protect the church and its people, especially from an active shooter threat. Ferguson, who recently retired after two decades in law enforcement, says the active shooter threat is a bigger reality than ever for churches. “Obviously [the active shooter threat] has become the forefront of everyone’s attention,” notes Ferguson, who adds that all the church’s employees have undergone active shooter training. </p><p>​Ferguson saw an opportunity to address this threat when he was approached by John McNutt, founder of BluePoint Alert Technologies, in January 2015 about its alert system at CCC. The BluePoint system operates like a fire alarm and notifies law enforcement of emergencies.</p><p>BluePoint was so appealing, Ferguson says, because it cuts down on the time it takes to inform law enforcement if an active shooter is in the building.  </p><p>The pull stations are small blue boxes mounted on the wall that look like fire alarms with a clear hard plastic covering. Anyone can lift the casing to pull the lever. In the event a station is pulled, a call automatically goes to law enforcement dispatch. The system communicates over commercial-grade wireless communication technology and equipment to ensure the call doesn’t fail. </p><p>CCC put in 16 pull stations, strategically locating them throughout the church. “We tried to put them wherever the largest congregation of people were going to be, and then general throughways, intersections of hallways, especially by main doors,” Ferguson notes.  </p><p>Ferguson made the decision to use BluePoint only in the event of an active shooter. “If you pull the pull station, there’s an [automated voice] alarm that goes off on campus that says we’re in a lockdown situation,” Ferguson explains. The message goes out over the public address system and informs everyone of lockdown procedures. “If they hear that, I want everyone to know it is…an active shooter.” </p><p> Ferguson says he piggybacked on what the local schools had done, which was input the e-mails and cell phone numbers of the first line supervisors from the sheriff’s office into to the system so that law enforcement automatically receives updates when an incident occurs. “They’ll get all of it first, and that will also improve the response time,” he adds. Ferguson says he keeps in close contact with the sheriff’s office, with updates on a weekly basis.</p><p>CCC’s security strategy stretches beyond the BluePoint technology. Ferguson heads up the church’s volunteer safety team, which is made up of approximately 30 people. Between six and eight of those members normally canvass the church on Sunday mornings. Because these volunteers typically receive their only security training from the church, “they’re supposed to be the eyes and ears,” says Ferguson, “not really react if something happens.” That job is left to Ferguson and a few others who have law enforcement training. While on duty, team members wear headsets and have portable radios for ease of communication.</p><p>The church also has a pastor protection team made up of either off-duty or retired law enforcement that guards the lead pastor on Sundays, says Ferguson. That team is also available to travel with a pastor if there are any safety concerns about a trip itself, though he says deploying that team has not been necessary in recent years. </p><p>The safety team is signed up for text message and e-mail alerts generated by BluePoint. Ferguson controls this through his administrative account on the BluePoint Web portal. Ferguson decided not to reserve the text and e-mail alerts only for active shooter events, electing to send them out during other incidents including severe weather, medical emergencies, or a missing child. Signing in with a username and password, Ferguson can clear alarms in the system, add more people to the mass notification list, and customize incident automated messages. </p><p>The church wants to allow everyone in the congregation to sign up for the mass notification alerts. “We would put up a link or a spot on our website, or our church’s mobile app, to allow them to sign up themselves, but that’s not implemented yet,” says Ferguson. He says he hopes the sign-up process will be underway by the summer of 2016. </p><p>The congregation has been informed about the technology through various announcements and word of mouth, and attendees have responded positively. “Everyone’s been extremely happy that we’re taking proactive measures to keep them safe,” says Ferguson. </p><p>He adds that events like the shooting in Charleston only highlighted the difficulties of protecting a church, making BluePoint an obvious choice for them. “Unfortunately security is one of those things that people really don’t put a lot of emphasis on until after the fact,” he says. “Everybody is vulnerable to active shooters, and if you can cut down the response time by even a minute, that’s countless lives that you could be saving.”    </p><p><em>For more information: BluePoint Alert Solutions, johnmcnutt@bluepointalert.com, www.bluepointalert.com; 888.258.3706 x701.</em><br></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465